ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 0.037s ok github.com/google/syzkaller/pkg/ast 0.858s ok github.com/google/syzkaller/pkg/bisect 3.047s ok github.com/google/syzkaller/pkg/build 0.771s ? github.com/google/syzkaller/pkg/cmdprof [no test files] ok github.com/google/syzkaller/pkg/compiler 2.394s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/cover 0.963s --- FAIL: TestGenerate (1.72s) --- FAIL: TestGenerate/linux/386 (1.04s) csource_test.go:66: seed=1597946322777822294 --- FAIL: TestGenerate/linux/386/4 (0.23s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:10 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (; iter < 10; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\xec\x2e\x7b\xc7\x2e\xa2\x42\xf6\xab\xc3\x2e\xc7\xa5\x13\xc2\xb3\xb3\xfc\x9f\xa5\xe4\x08\x68\x35\xe4\x7b\x30\xab\x60\x2d\x39\xfb\xfc\xa5\x4a\xd3\x43\x8e\x3d\xa0\x34\x5c\x29\xf8\x74\x76\x99\x04\x7e\x06\xc4\x68\x79\xa9\x4b\xef\x8f\xaa\x1b\x93\xde\xdb\xf8\xaa\xf7\x7e\x11\xda\x64\x96\x1b\x42\x92\xbd\x9e\x5b\xca\xe7\x7d\x1a\x4d\xd0\xa3\x71\x11\x49\x6b\x41\xa7\x91\x1a\x28\x6f\x1e\x80\xc8\x37\x42\x0d\x41\x62\x66\xe0\x5a\xaa\x11\x4d\x03\x1b\x68\xc1\xa7\xc7\x15\x37\x86\x9d\x6a\xd2\xad\x7c\x0d\x7d\x5c\xc8\xcc\x72\xc0\x54\x56\x9e\x15\x3d\x41\xd6\x0d\xd7\x49\xe0\x8e\x9c\x07\xb5\xc6\xf0\xdf\xd1\xe3\x9c\x03\xd7\xc0\xd4\xfa\x67\xe2\x8f\x32\x65\x67\xdf\x09\xbf\xdc\xd2\xff\xe2\x0d\x6b\xe1\x7c\xa0\xae\x00\x15\x57\xbf\xda\xf4\x11\x41\x0b\x45\x19\x74\x69\x6a\x32\xad\x65\x6a\x85\xf5\x01\x1f\xad\x89\x1e\xc4\xdd\x2a\xd2\xfa\x76\xeb\x91\x74\x92\xf6\x63\x50\xca\xaa\xe8\xdb\xb7\x62\xa0\xde\x4f\xfa\x4c\x35\xa6\x5f\x1e\xf5\x38\x8b\xeb\x9d\x30\x31\x3e\xb1\x20\x73\xbf\x69\xc5\x1b\x1e\xf1\x26\x97\x1f\x7b\xf2\x52\x51\xb2\x3c\xcd\x12\xb5\x9e\xa1\xde\x15\xe5\x2b\x90\x5e\x61\x46\x10\x40\x89\xd3\x73\x5a\xd0\x0e\x70\xc8\x8e\xb6\x57\x0a\x21\xdb\xa1\x6d\x05\xc8\xd8\x8a\xab\x82\xb9\x93\x3d\xec\x5b\xf6\xc5\x03\xa1\x4f\x1a\xf3\x33\x0e\x9b\xfd\x8e\x9a\xe7\x45\xf0\x46\x90\x53\xae\x9a\xb6\xe4\x6e\x8d\xda\x7c\x7c\x5c\xcc\xe8\x47\xd2\x8e\xf6\x8a\xd5\xd9\xbe\x21\xf2\x6a\xbf\xd6\x78\xfd\x60\x43\xa0\x72\x76\x8c\x0a\xb2\xf3\x18\x02\xc5\xd2\xee\x54\xa4\x26\x05\x3c\xd7\x74\xf7\xa1\x00\x53\x48\x7b\x56\x75\x02\xa4\x26\x2d\x63\xf0\x6f\xf9\x74\x92\xba\xc2\x70\x3c\xef\x66\x47\xc1\x91\x17\xd5\x84\x42\x84\xca\xe7\x94\x00\xe0\xc3\x67\x0d\x51\x75\xf9\x50\x49\x4c\x23\x30\x66\x13\x86\xf1\x0b\x57\xcb\x4b\x6e\xd2\xaa\x81\x12\x0a\x84\x26\x4f\xc9\x6e\xe2\xbf\x81\xd3\x80\xdc\x1c\x1b\xa7\x0d\xe9\x7a\x7f\xcc\x91\xdc\xcc\x42\xec\x90\xb2\x13\xcc\x3d\xb4\xf0\x88\x87\xdf\x8f\xa8\x0c\xb6\x48\x5a\xe8\x9b\x1a\x7d\x77\xb5\xc3\x9d\xcd\xf6\x2d\x79\x3a\x18\xf2\x9b\x5a\xc7\x35\xc0\x7b\x06\xe8\xf0\x09\x8b\xd9\x47\x40\x28\x49\x69\x52\x85\x91\x71\x35\xd2\xf6\x89\x16\x6b\x42\xcd\x14\x59\x9e\xe9\x17\x72\x56\xe7\xe4\x00\xc4\xed\xf7\x31\x7b\x6b\x30\xca\x6d\x9c\x2b\x7f\x28\x39\xf0\x96\xbd\x67\xd3\x34\x3f\xbe\x6c\xaa\x34\xdb\xd4\xb5\xcd\x33\x94\xb7\x07\xb6\x01\x79\x4b\x53\x11\xb2\xbb\x8e\xa8\xf7\x4e\x59\xfb\x66\x78\xa1\xde\x2e\xd8\xde\x44\x3a\x49\xf5\x31\x82\x99\xaa\x8a\x96\xd3\x4b\xa7\x53\xd7\xa8\xf9\xf9\x42\x95\xa4\xb7\xc4\x21\x9b\x5a\x1e\x11\x24\x6e\xbc\x65\x21\xc8\xe1\x86\xdf\x99\x3b\x9d\xa7\x9f\xa2\x39\x4b\x36\xa4\x53\xb0\xc5\xb5\xcc\xb6\xc2\x72\x93\x38\xac\x8e\x3a\x21\x53\xa4\xa3\x01\x2e\x8c\x43\x78\xfc\xbf\xd5\xe8\xb5\x6b\x04\x25\xcc\x23\x6c\x07\x31\x5c\x75\xba\xf6\x2b\xaf\x3b\x3b\x62\xc4\x13\xed\x9f\x5e\xc6\x6f\xf9\x8b\xbb\xe6\x1f\x2b\xda\x90\x6c\x8b\xde\xe0\xce\xc2\xde\x6d\x6e\x25\xa4\x9c\xef\xdf\xe3\xf3\xed\x53\xb1\x15\x41\x78\x39\x8c\x62\x87\xb8\x15\x8e\x1d\x7f\x81\x87\x68\x93\x8c\xcd\xcf\xad\x45\x8e\xe9\xb3\xa6\xea\x9a\x69\xa7\x86\x9d\x05\x95\x5d\xec\x71\xd8\x29\x09\xaf\x3e\x39\x30\xba\xb9\x8c\xd1\x75\x17\xd6\xbb\x16\x41\xce\xb9", 8192); *(uint32_t*)0x20004f00 = 0x20002200; *(uint32_t*)0x20002200 = 0x50; *(uint32_t*)0x20002204 = 0x48262fad; *(uint64_t*)0x20002208 = 0x1000; *(uint32_t*)0x20002210 = 7; *(uint32_t*)0x20002214 = 0x1f; *(uint32_t*)0x20002218 = 9; *(uint32_t*)0x2000221c = 0x200; *(uint16_t*)0x20002220 = 8; *(uint16_t*)0x20002222 = 0x1ff; *(uint32_t*)0x20002224 = 0xbb; *(uint32_t*)0x20002228 = 0xa; *(uint16_t*)0x2000222c = 0; *(uint16_t*)0x2000222e = 0; *(uint32_t*)0x20002230 = 0; *(uint32_t*)0x20002234 = 0; *(uint32_t*)0x20002238 = 0; *(uint32_t*)0x2000223c = 0; *(uint32_t*)0x20002240 = 0; *(uint32_t*)0x20002244 = 0; *(uint32_t*)0x20002248 = 0; *(uint32_t*)0x2000224c = 0; *(uint32_t*)0x20004f04 = 0x20002280; *(uint32_t*)0x20002280 = 0x18; *(uint32_t*)0x20002284 = 0xfffffff5; *(uint64_t*)0x20002288 = 2; *(uint64_t*)0x20002290 = 1; *(uint32_t*)0x20004f08 = 0x200022c0; *(uint32_t*)0x200022c0 = 0x18; *(uint32_t*)0x200022c4 = 0; *(uint64_t*)0x200022c8 = 4; *(uint64_t*)0x200022d0 = 7; *(uint32_t*)0x20004f0c = 0x20002300; *(uint32_t*)0x20002300 = 0x18; *(uint32_t*)0x20002304 = 0; *(uint64_t*)0x20002308 = 6; *(uint32_t*)0x20002310 = 0xfffffffb; *(uint32_t*)0x20002314 = 0; *(uint32_t*)0x20004f10 = 0x20002340; *(uint32_t*)0x20002340 = 0x18; *(uint32_t*)0x20002344 = 0xfffffffe; *(uint64_t*)0x20002348 = 0x401; *(uint32_t*)0x20002350 = 0x101; *(uint32_t*)0x20002354 = 0; *(uint32_t*)0x20004f14 = 0x200043c0; *(uint32_t*)0x200043c0 = 0x28; *(uint32_t*)0x200043c4 = 0xfffffffe; *(uint64_t*)0x200043c8 = 0xffffffffffff8000; *(uint64_t*)0x200043d0 = 0x1000; *(uint64_t*)0x200043d8 = 4; *(uint32_t*)0x200043e0 = 0; *(uint32_t*)0x200043e4 = r[6]; *(uint32_t*)0x20004f18 = 0x20004400; *(uint32_t*)0x20004400 = 0x60; *(uint32_t*)0x20004404 = 0; *(uint64_t*)0x20004408 = 0x8000; *(uint64_t*)0x20004410 = 0x19; *(uint64_t*)0x20004418 = 0; *(uint64_t*)0x20004420 = 0x4b; *(uint64_t*)0x20004428 = 3; *(uint64_t*)0x20004430 = 1; *(uint32_t*)0x20004438 = -1; *(uint32_t*)0x2000443c = 0x10001; *(uint32_t*)0x20004440 = 0x7fff; *(uint32_t*)0x20004444 = 0; *(uint32_t*)0x20004448 = 0; *(uint32_t*)0x2000444c = 0; *(uint32_t*)0x20004450 = 0; *(uint32_t*)0x20004454 = 0; *(uint32_t*)0x20004458 = 0; *(uint32_t*)0x2000445c = 0; *(uint32_t*)0x20004f1c = 0x20004480; *(uint32_t*)0x20004480 = 0x18; *(uint32_t*)0x20004484 = 0; *(uint64_t*)0x20004488 = 0xfffffffffffffffe; *(uint32_t*)0x20004490 = 1; *(uint32_t*)0x20004494 = 0; *(uint32_t*)0x20004f20 = 0x200044c0; *(uint32_t*)0x200044c0 = 0x2a; *(uint32_t*)0x200044c4 = 0; *(uint64_t*)0x200044c8 = 0; memcpy((void*)0x200044d0, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f24 = 0x20004500; *(uint32_t*)0x20004500 = 0x20; *(uint32_t*)0x20004504 = 0; *(uint64_t*)0x20004508 = 0xffffffff; *(uint64_t*)0x20004510 = 0; *(uint32_t*)0x20004518 = 5; *(uint32_t*)0x2000451c = 0; *(uint32_t*)0x20004f28 = 0x200047c0; *(uint32_t*)0x200047c0 = 0x78; *(uint32_t*)0x200047c4 = 0; *(uint64_t*)0x200047c8 = 0xfff; *(uint64_t*)0x200047d0 = 5; *(uint32_t*)0x200047d8 = 0; *(uint32_t*)0x200047dc = 0; *(uint64_t*)0x200047e0 = 0; *(uint64_t*)0x200047e8 = 0xfffffffffffffffb; *(uint64_t*)0x200047f0 = 5; *(uint64_t*)0x200047f8 = 0xfffffffffffffff9; *(uint64_t*)0x20004800 = 1; *(uint64_t*)0x20004808 = 9; *(uint32_t*)0x20004810 = 8; *(uint32_t*)0x20004814 = 0xff; *(uint32_t*)0x20004818 = 5; *(uint32_t*)0x2000481c = 0xc000; *(uint32_t*)0x20004820 = 0x7cc8; *(uint32_t*)0x20004824 = r[7]; *(uint32_t*)0x20004828 = r[8]; *(uint32_t*)0x2000482c = 0xf4a5; *(uint32_t*)0x20004830 = 9; *(uint32_t*)0x20004834 = 0; *(uint32_t*)0x20004f2c = 0x200048c0; *(uint32_t*)0x200048c0 = 0x90; *(uint32_t*)0x200048c4 = 0; *(uint64_t*)0x200048c8 = 0x100000001; *(uint64_t*)0x200048d0 = 5; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0x80000001; *(uint64_t*)0x200048e8 = 1; *(uint32_t*)0x200048f0 = 7; *(uint32_t*)0x200048f4 = 0x100; *(uint64_t*)0x200048f8 = 0; *(uint64_t*)0x20004900 = 0x3ff; *(uint64_t*)0x20004908 = 7; *(uint64_t*)0x20004910 = 6; *(uint64_t*)0x20004918 = 2; *(uint64_t*)0x20004920 = 0x200; *(uint32_t*)0x20004928 = 0x20; *(uint32_t*)0x2000492c = 6; *(uint32_t*)0x20004930 = 0xe07fd01; *(uint32_t*)0x20004934 = 0xc000; *(uint32_t*)0x20004938 = 9; *(uint32_t*)0x2000493c = r[9]; *(uint32_t*)0x20004940 = r[10]; *(uint32_t*)0x20004944 = 8; *(uint32_t*)0x20004948 = 1; *(uint32_t*)0x2000494c = 0; *(uint32_t*)0x20004f30 = 0x20004980; *(uint32_t*)0x20004980 = 0xa8; *(uint32_t*)0x20004984 = 0; *(uint64_t*)0x20004988 = 1; *(uint64_t*)0x20004990 = 0; *(uint64_t*)0x20004998 = 4; *(uint32_t*)0x200049a0 = 0x1a; *(uint32_t*)0x200049a4 = 0x3ff; memcpy((void*)0x200049a8, "bpf_lsm_post_notification\000", 26); *(uint64_t*)0x200049c8 = 2; *(uint64_t*)0x200049d0 = 0x80000000; *(uint32_t*)0x200049d8 = 4; *(uint32_t*)0x200049dc = 2; memcpy((void*)0x200049e0, "#(\\!", 4); *(uint64_t*)0x200049e8 = 2; *(uint64_t*)0x200049f0 = 0x80000001; *(uint32_t*)0x200049f8 = 1; *(uint32_t*)0x200049fc = 0x1ff; memcpy((void*)0x20004a00, "%", 1); *(uint64_t*)0x20004a08 = 2; *(uint64_t*)0x20004a10 = 0xff; *(uint32_t*)0x20004a18 = 1; *(uint32_t*)0x20004a1c = 0x8001; memcpy((void*)0x20004a20, "&", 1); *(uint32_t*)0x20004f34 = 0x20004bc0; *(uint32_t*)0x20004bc0 = 0xc8; *(uint32_t*)0x20004bc4 = 0; *(uint64_t*)0x20004bc8 = 0; *(uint64_t*)0x20004bd0 = 4; *(uint64_t*)0x20004bd8 = 3; *(uint64_t*)0x20004be0 = 9; *(uint64_t*)0x20004be8 = 4; *(uint32_t*)0x20004bf0 = 8; *(uint32_t*)0x20004bf4 = 5; *(uint64_t*)0x20004bf8 = 3; *(uint64_t*)0x20004c00 = 0x800; *(uint64_t*)0x20004c08 = 1; *(uint64_t*)0x20004c10 = 0x10001; *(uint64_t*)0x20004c18 = 8; *(uint64_t*)0x20004c20 = 1; *(uint32_t*)0x20004c28 = 0; *(uint32_t*)0x20004c2c = 0x401; *(uint32_t*)0x20004c30 = 0xfffffff7; *(uint32_t*)0x20004c34 = 0x6000; *(uint32_t*)0x20004c38 = 0x10001; *(uint32_t*)0x20004c3c = r[11]; *(uint32_t*)0x20004c40 = r[12]; *(uint32_t*)0x20004c44 = 6; *(uint32_t*)0x20004c48 = 0xf8; *(uint32_t*)0x20004c4c = 0; *(uint64_t*)0x20004c50 = 3; *(uint64_t*)0x20004c58 = 2; *(uint32_t*)0x20004c60 = 0x1a; *(uint32_t*)0x20004c64 = 9; memcpy((void*)0x20004c68, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f38 = 0x20004e00; *(uint32_t*)0x20004e00 = 0xa0; *(uint32_t*)0x20004e04 = 0xfffffffe; *(uint64_t*)0x20004e08 = 9; *(uint64_t*)0x20004e10 = 4; *(uint64_t*)0x20004e18 = 0; *(uint64_t*)0x20004e20 = 0x3ff; *(uint64_t*)0x20004e28 = 0x80000000; *(uint32_t*)0x20004e30 = 0xfffffffd; *(uint32_t*)0x20004e34 = 8; *(uint64_t*)0x20004e38 = 1; *(uint64_t*)0x20004e40 = 7; *(uint64_t*)0x20004e48 = 0x401; *(uint64_t*)0x20004e50 = 7; *(uint64_t*)0x20004e58 = 0; *(uint64_t*)0x20004e60 = 5; *(uint32_t*)0x20004e68 = 7; *(uint32_t*)0x20004e6c = 6; *(uint32_t*)0x20004e70 = 0x40; *(uint32_t*)0x20004e74 = 0xa000; *(uint32_t*)0x20004e78 = 0x800; *(uint32_t*)0x20004e7c = r[13]; *(uint32_t*)0x20004e80 = r[14]; *(uint32_t*)0x20004e84 = 0x8001; *(uint32_t*)0x20004e88 = 0; *(uint32_t*)0x20004e8c = 0; *(uint64_t*)0x20004e90 = 0; *(uint32_t*)0x20004e98 = 0; *(uint32_t*)0x20004e9c = 0; *(uint32_t*)0x20004f3c = 0x20004ec0; *(uint32_t*)0x20004ec0 = 0x20; *(uint32_t*)0x20004ec4 = 0xfffffffe; *(uint64_t*)0x20004ec8 = 1; *(uint32_t*)0x20004ed0 = 5; *(uint32_t*)0x20004ed4 = 4; *(uint32_t*)0x20004ed8 = 5; *(uint32_t*)0x20004edc = 1; syz_fuse_handle_req(r[5], 0x20000200, 0x2000, 0x20004f00); break; case 26: memcpy((void*)0x20004f40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20004f40); break; case 27: syz_init_net_socket(3, 3, 0xca); break; case 28: res = -1; res = syz_io_uring_complete(0); if (res != -1) r[15] = res; break; case 29: *(uint32_t*)0x20004f84 = 0x2b11; *(uint32_t*)0x20004f88 = 1; *(uint32_t*)0x20004f8c = 1; *(uint32_t*)0x20004f90 = 0x5b; *(uint32_t*)0x20004f98 = r[5]; *(uint32_t*)0x20004f9c = 0; *(uint32_t*)0x20004fa0 = 0; *(uint32_t*)0x20004fa4 = 0; res = syscall(__NR_io_uring_setup, 0x19b4, 0x20004f80); if (res != -1) r[16] = res; break; case 30: *(uint32_t*)0x20005004 = 0x208b; *(uint32_t*)0x20005008 = 4; *(uint32_t*)0x2000500c = 0; *(uint32_t*)0x20005010 = 0x355; *(uint32_t*)0x20005018 = r[16]; *(uint32_t*)0x2000501c = 0; *(uint32_t*)0x20005020 = 0; *(uint32_t*)0x20005024 = 0; syz_io_uring_setup(0xf44, 0x20005000, 0x20ffa000, 0x20ffb000, 0x20005080, 0x200050c0); break; case 31: *(uint32_t*)0x20005104 = 0x7b7; *(uint32_t*)0x20005108 = 2; *(uint32_t*)0x2000510c = 3; *(uint32_t*)0x20005110 = 0x202; *(uint32_t*)0x20005118 = -1; *(uint32_t*)0x2000511c = 0; *(uint32_t*)0x20005120 = 0; *(uint32_t*)0x20005124 = 0; res = -1; res = syz_io_uring_setup(0x22f7, 0x20005100, 0x20ffb000, 0x20ff8000, 0x20005180, 0x200051c0); if (res != -1) r[17] = *(uint64_t*)0x20005180; break; case 32: *(uint8_t*)0x20005240 = 0xb; *(uint8_t*)0x20005241 = 1; *(uint16_t*)0x20005242 = 0; *(uint32_t*)0x20005244 = 0; *(uint64_t*)0x20005248 = 6; *(uint32_t*)0x20005250 = 0x20005200; *(uint32_t*)0x20005200 = 0; *(uint32_t*)0x20005204 = 0x3938700; *(uint32_t*)0x20005254 = 1; *(uint32_t*)0x20005258 = 1; *(uint64_t*)0x2000525c = 1; *(uint16_t*)0x20005264 = 0; *(uint16_t*)0x20005266 = 0; *(uint8_t*)0x20005268 = 0; *(uint8_t*)0x20005269 = 0; *(uint8_t*)0x2000526a = 0; *(uint8_t*)0x2000526b = 0; *(uint8_t*)0x2000526c = 0; *(uint8_t*)0x2000526d = 0; *(uint8_t*)0x2000526e = 0; *(uint8_t*)0x2000526f = 0; *(uint8_t*)0x20005270 = 0; *(uint8_t*)0x20005271 = 0; *(uint8_t*)0x20005272 = 0; *(uint8_t*)0x20005273 = 0; *(uint8_t*)0x20005274 = 0; *(uint8_t*)0x20005275 = 0; *(uint8_t*)0x20005276 = 0; *(uint8_t*)0x20005277 = 0; *(uint8_t*)0x20005278 = 0; *(uint8_t*)0x20005279 = 0; *(uint8_t*)0x2000527a = 0; *(uint8_t*)0x2000527b = 0; syz_io_uring_submit(r[17], 0, 0x20005240, 7); break; case 33: memcpy((void*)0x20005280, "/dev/btrfs-control\000", 19); res = syscall(__NR_openat, 0xffffff9c, 0x20005280, 0x2100, 0); if (res != -1) r[18] = res; break; case 34: *(uint32_t*)0x20005300 = 0; *(uint32_t*)0x20005304 = 0x200052c0; memcpy((void*)0x200052c0, "\x35\xac\x4c\x65\xd5\xd9\x24\x44\x3c\x56\xd3\xcd\xca\xcf\xf7\x45\xb9\xdf\x2c\x8d\x85\x5f\x77\xc7\xe8\xfb\x87\x5f\xc4\xc8\x39\x83\xf4\xec\x40\x4e\x6a\xd2\x10\xd7\x4b\x41\xfc\x04\xcd\x89\xa8\x8b\xc3\xb3", 50); *(uint32_t*)0x20005308 = 0x32; *(uint64_t*)0x20005340 = 1; *(uint64_t*)0x20005348 = 0; syz_kvm_setup_cpu(r[18], r[15], 0x20fe8000, 0x20005300, 1, 0, 0x20005340, 1); break; case 35: *(uint32_t*)0x20005384 = 0x8a2; *(uint32_t*)0x20005388 = 4; *(uint32_t*)0x2000538c = 0; *(uint32_t*)0x20005390 = 0x30f; *(uint32_t*)0x20005398 = -1; *(uint32_t*)0x2000539c = 0; *(uint32_t*)0x200053a0 = 0; *(uint32_t*)0x200053a4 = 0; res = -1; res = syz_io_uring_setup(0x2a84, 0x20005380, 0x20ffc000, 0x20feb000, 0x20005400, 0x20005440); if (res != -1) r[19] = *(uint64_t*)0x20005400; break; case 36: *(uint32_t*)0x20005480 = 1; syz_memcpy_off(r[19], 0x114, 0x20005480, 0, 4); break; case 37: memcpy((void*)0x20006580, "./file0\000", 8); res = syscall(__NR_stat, 0x20006580, 0x200065c0); if (res != -1) r[20] = *(uint32_t*)0x200065d0; break; case 38: memcpy((void*)0x200054c0, "afs\000", 4); memcpy((void*)0x20005500, "./file0\000", 8); *(uint32_t*)0x20006540 = 0x20005540; memcpy((void*)0x20005540, "\xd2\xc8\x4e\x32\xfc\xd2\x5d\x6d\x0c\x83\x4d\xb2\x19\x8a\x08\xcf\x7b\xf0\x74\xc8\x96\xdf\x4f\x91\xd7\xd7\x89\x08\x93\x10\xa8\x83\xa2\x32\xfe\x7e\x05\x8e\x17\x5a\xb0\x04\xde\xc5\x36\xa4\xe1\xd5\x8f\xdc\x29\x54\xa5\xc2\x6e\x70\x2e\xb2\xfb\x50\xfc\x05\x8d\x18\xcb\x90\xbb\xda\xdc\xc9\xfd\xa0\x26\x22\x81\xbb\x9f\xb6\x99\x6f\x60\x89\xe3\x36\xed\xea\xf5\xfb\x57\x28\x44\x7a\xf3\xd6\x5c\xc0\x3e\xb9\x4b\x3d\xc3\xeb\x1e\x24\xdc\x78\x41\x32\xc9\xd0\x36\xe4\x6f\xc3\x14\x6c\xdf\x58\xc1\x75\xe6\x5d\xcc\x7f\x39\x81\x44\x35\x7d\xd2\x5c\x15\x67\x11\x32\x17\xeb\x9b\x2a\xbd\xff\x8c\xb8\x21\x15\xea\x31\xf8\x41\xa3\x77\xb7\x75\xf7\x9f\xa8\x9a\x60\x47\x95\xf4\x87\x60\x5d\x74\x0e\xc6\x46\xd1\x4f\x9b\x80\x80\xf5\x1b\x8e\x24\xea\x8d\x62\x1e\x25\xf3\xcf\xc2\xd9\x27\x9b\x47\xfe\x3e\xa7\xe4\xd2\xb3\x07\x16\xa1\x8f\x68\x44\x3b\x23\x7e\x6b\x15\x2a\xba\xa0\x9d\xc6\xbf\x3b\x13\x01\xad\xfc\xd3\x7b\x9a\x8c\x06\x3c\x83\x0e\x37\x9a\x72\xbd\xb3\x82\x5b\x32\xf5\x3f\xfe\x10\xc7\xda\x81\xc3\x44\xd8\xe9\x8b\x62\x36\x37\x27\xdc\x41\xf0\x50\xfb\x6f\x44\x0d\x3a\x4b\x44\xe8\x49\xa7\x06\xae\xad\x91\x91\x85\x86\x5e\x74\xf9\x4d\x13\xe7\x38\x44\x80\x75\x4a\x1d\x69\x50\x22\xfd\xc2\x16\xe4\x13\xb1\x36\x2a\xdd\x89\x47\xe0\x9f\x4b\x87\xc0\xfa\x05\xd9\x68\x65\xe5\x4d\xf5\x74\x65\x10\x2f\x90\x49\xa0\xb3\x8f\x48\x0f\xd6\x23\xee\x12\x1c\xd6\x35\xc7\x20\xf5\xce\x66\x07\x20\x9d\x0a\x3b\x39\x42\x65\x4e\x73\x81\xc9\x41\xe5\x6e\x7a\x74\xf4\xe0\x36\xe3\xed\xce\x82\xb5\x59\x3a\xed\xab\xf8\x6d\xca\x3e\x49\x25\x33\x36\xc8\x06\xbf\xec\xec\x26\x94\x29\x4d\x19\xc9\x59\xc3\x86\xef\xb8\x38\xab\xdf\x2b\x43\x78\x6c\x09\xbe\xec\xfa\xbf\x72\x3e\x0b\x24\x3a\x8e\xa4\x72\xf6\x3d\xf6\x2e\xd1\x73\x87\x59\x03\x29\x19\xac\x09\xa1\xc1\xcf\x7d\x8f\xe3\x37\x65\x0c\x37\xbb\xec\x02\xb5\x8a\x30\x98\xd1\x47\x8a\x5d\x3a\xbb\x8e\xda\x06\x90\xc8\xa5\x34\x7e\x86\x0b\x57\xd0\x27\x7e\x64\x24\x81\x3e\x06\xf7\x08\x3f\xe3\x25\x3c\x08\x60\x53\x7c\x76\x68\x8c\x88\x77\x79\x51\x38\xe0\xf9\xb2\xe5\x57\xa6\xec\xc9\x98\x60\x24\xc4\xbb\x77\x21\xec\xca\x04\xbc\x92\x2b\x87\xb3\x0c\x1e\x54\x6b\x09\x40\x80\xfb\x15\x94\x64\x2a\x4e\x08\x8c\x3b\x65\xad\xb3\x65\x5f\xcc\x92\x52\xf7\x53\x21\x21\x01\xf4\x17\x30\xad\x16\x42\x78\x7e\x7f\xbe\x39\xe5\xfb\x4f\x91\xcf\x2c\x0d\x84\xd0\xec\x80\x11\x2a\x97\x41\xc0\xfc\x9c\x4b\xfe\x1c\x41\x3e\x0a\x23\x71\x4d\xe7\xeb\x4b\xa7\xe9\x8c\x1c\x25\xed\x3b\xd4\x1b\xa2\xf3\x2f\xa0\xb6\x7f\xd6\x42\xa0\x0e\x13\x4d\x02\x72\x2f\x26\x80\x56\xce\x1c\x62\xf6\x82\xf0\x90\x9b\xbd\x6f\xd3\x89\x6c\x3e\x37\xac\xe1\x8d\x4d\x8e\x97\x88\x05\x7d\xc4\x5b\x27\x57\xb6\x64\x62\x05\xea\x11\xc4\x35\x01\x00\xda\xe7\xcc\xc8\x65\x35\x47\x0b\x4d\x03\x47\xd6\x99\x08\x12\x50\x6e\x3a\x98\x16\xcb\xe2\x8c\x50\xa2\x9a\xb3\xa7\x1e\x05\x0e\xe8\xff\x4c\x8a\x0a\x9c\xdf\x14\x6b\x6e\x6f\x97\x64\x18\xb0\x8d\x12\x3e\xf3\x72\x8a\xa2\x8f\x40\x8f\xab\xc5\x78\xe6\x0c\x7b\xdf\xff\x0d\x18\xad\x41\x6e\xd6\x6d\x5b\xbc\x66\xae\x3a\xb2\xfd\xc0\xa4\xd7\xc7\xac\x14\xf7\x92\xf2\xeb\xaf\x91\x9c\x65\xc1\xf1\x01\x77\x88\x3c\x3d\xbd\xb5\x81\x52\x6f\x72\x86\x93\x62\x03\xb6\x46\x77\x06\x0a\x5a\xf5\xe3\xe3\xdd\x98\x49\x64\x80\x0d\x58\xc4\x6c\x55\xd8\x68\x81\xbe\x8c\x1d\xef\x9f\x95\x79\x53\xf0\xa4\x07\x8a\xc1\x76\x16\xa3\xb9\x4e\xb7\xb0\x26\xb1\x2e\x34\x6f\x8d\x8c\xfb\x13\x91\x91\x9e\x38\xf4\xd5\x09\x0a\xb9\xbf\x15\x5b\x7d\x9c\xfd\xeb\xd3\x63\xa0\x9c\xed\x58\x8f\x68\x21\x86\x7e\xe8\x53\x8d\xc4\x23\x47\xfd\x7f\xaa\x82\x99\x8f\xff\xf2\x8d\x7f\xa3\x43\x26\xea\x5c\x6e\xc3\x0e\xdf\x69\xc6\x24\x60\x7d\xd8\x2a\x56\x7d\xf7\x6f\x27\x3d\x10\x52\x20\x88\x4d\xb7\x18\x70\x28\x5d\x7d\xc9\xf4\x88\x07\x77\xee\x0f\xb6\xbc\xe6\x71\xa5\x83\xb8\x21\x2b\xab\xb7\xdf\xba\x86\xc7\x93\xa8\x6f\xd8\x8e\xe0\x42\xeb\x4d\xca\xb1\x0f\xbd\xc2\xfb\xdf\xc0\x35\x2d\x4b\x82\x3c\x80\xb3\x14\x76\x66\xe3\xa8\xc6\xe0\xb7\x4a\x6e\x39\xba\xf5\xa9\x26\xd8\x61\xd3\x9c\xed\x6c\x15\x09\x9d\x57\xc6\x44\xde\x45\x63\xde\xef\x39\xd8\x49\x86\x2a\x02\x07\x1f\x29\x56\x78\x71\x12\xf6\xe8\xe6\xb3\x24\xdf\x79\x45\x1e\x48\x33\x4c\xe3\x09\x74\x95\x59\x48\xe2\xfa\xd7\x87\xcc\xc6\x1a\x67\x5d\xb6\x65\x4d\xa2\x72\x1d\x2e\x27\xfd\xa6\x23\xae\xec\xc0\xe9\xc6\x47\x62\xf7\x44\x26\xc5\x66\xaf\x7c\xc2\x34\x77\x3e\x9f\x7b\x30\x24\x06\xff\x85\xa4\xad\x15\xd9\x48\xb7\x73\x64\xfb\x27\x42\xdb\x1d\x0c\xee\x24\xef\x37\x29\xf3\xb4\x0e\x7f\x7f\x0e\x1a\x89\x1c\x4a\x21\x3f\x59\x0e\x80\x4d\x30\x93\x58\xf1\xcb\x93\xf2\x1c\xd1\x74\xc3\x74\xfc\x35\x5d\x87\x30\x28\xa2\xe4\xf5\x16\x4f\x24\xb3\x5c\x52\x81\x44\xfe\x7c\x32\xb9\xe6\xa2\xac\x0f\x04\xe6\x0f\x11\x01\x3c\x3c\xae\x20\x42\x0b\x11\xe2\xeb\xad\x83\xa7\xe5\x71\x02\x27\x38\x2d\x72\x52\x5f\xc5\x2a\x8c\x8f\xb6\x49\x8a\xc2\x1e\x91\x31\x74\x22\x7c\x65\xe8\xc5\x87\x6a\xd6\xfc\x49\xb2\xc1\xed\x73\x3e\xa1\x86\xe9\xf4\xf5\x76\x6f\x39\x32\x56\x42\xf8\xa0\xb7\x22\x12\x92\xc5\xb0\x17\x99\x04\xb3\x39\x34\xb6\xfc\xb7\xa6\x4f\x17\x05\xad\x70\x02\x66\x24\x2f\xaf\x54\xcb\xf6\x3d\x25\x49\xd4\xf3\x05\x4c\xe1\x68\xe1\x75\x00\xf5\xf5\xc3\xca\x1e\xde\xfd\xb0\xc6\x0c\x2b\x4f\xb0\x1d\x7d\x0f\xc0\x7d\x86\x67\xe1\x0f\x2f\x80\xcc\x7b\x50\xae\x2e\xd5\x74\xfc\xd3\xf7\x77\x5a\xe1\x7a\x20\x05\x14\xfb\xb2\x19\x51\x80\xe3\x5d\x90\xb8\x94\xdf\x9a\x1c\x35\x54\x00\x73\x82\x47\xda\xf3\x15\xb7\xe1\xcf\x1c\xac\x31\x97\xec\x0d\x74\xd1\xe4\x41\x0c\xaf\x94\x35\xfd\x14\x95\x72\xc1\x8a\x7d\x92\xee\xbb\xc7\x96\x3f\x14\x50\x73\x8e\xc0\x54\x32\x52\x64\x09\x40\xef\x1c\x8c\xe2\x5c\x80\xab\x9e\xd7\x2e\x67\x0b\x40\x23\xe5\xe1\x36\x31\x42\xb4\x31\x44\xbe\x12\xe9\x95\x55\x4a\xf2\x43\x1b\x2e\x5a\x8e\x2a\x45\xc7\x6c\xa7\xe3\x1a\x92\x2c\x59\x2a\x6d\x1c\x5a\x7e\xa9\x40\x36\x5f\xdc\x48\xe1\xb2\xc7\x3f\x66\x18\x65\xdc\x4e\x90\xd0\x8d\x5a\x2c\x4d\xb6\xbc\x5e\x01\x86\xf2\x37\x45\x1d\xfc\x14\xbc\x76\xf0\xdd\x98\x04\x8e\xf9\x9a\x1a\x1c\xb1\x5c\x1b\x53\xbc\xc9\x25\x49\x2b\x87\x1f\xa7\xdb\xe2\xe8\x72\xf9\x35\x85\x24\x8d\x0f\x2b\xf9\x15\x52\x15\x7b\xf5\x57\x8c\xbf\x1b\x65\x3f\x9d\x36\xcc\x95\x2b\x54\xb0\x09\x26\x83\x57\x7c\x5b\xa1\x59\x26\x6a\x5d\xf6\x6e\x74\x94\x62\xe4\xfc\x5a\x06\xd1\xc2\x65\x64\x63\x59\x26\x13\x8d\x9a\x99\x80\x51\x9e\x5d\x73\xbf\xb8\x52\x26\x55\xeb\xc0\x7c\xc8\x11\xc0\x56\xa0\x35\x31\xeb\x29\x3d\x47\x9c\x95\xf7\x13\x75\xea\x29\x3c\x0f\x18\x60\x49\x9e\xa9\x87\x18\xa3\x75\x00\xc5\x4a\x29\xfd\x9b\x8d\x01\x97\x71\x06\x1f\x77\x87\x60\xfd\xec\x9e\x6f\xac\x3d\x3c\x83\x1a\xee\x19\xb5\x6c\x0a\x19\x47\xa0\x89\x65\x3a\x15\xc2\x87\x70\x8e\x84\x6e\xd6\x5e\x1c\x9d\xc4\x92\x9c\xbb\x44\x33\x38\xa9\x36\xfd\x37\x26\xb3\xa0\xce\x78\x71\xac\x3c\x8c\xd3\x26\x00\x77\xb5\xc9\x8d\x98\xaf\xb5\x33\xd2\x5a\x8b\x42\x98\x9b\x7e\xe5\x27\x4f\x72\xe6\x10\x90\xb9\x04\x36\xb3\x2d\xe2\x76\xbc\x86\x6e\x6b\x8c\xd2\x57\x60\xdd\xc6\xa4\x97\xc9\xe8\x4d\x7e\x85\xa8\xc5\xdb\x0d\xf2\x22\x29\x6a\x3a\xa3\x62\x40\xa7\xb7\x6b\x9d\xbf\xb2\x49\x64\x77\xa9\x71\x6d\x80\x05\x00\x52\xce\x3a\x47\x36\xfb\xcf\xff\x5e\xe6\x34\x22\x52\x8b\xe6\xb0\xa4\x78\xec\xc7\x80\x3e\x22\x7f\x88\x0e\x4f\xd0\x7d\xc6\xde\x88\x48\x5a\x39\x81\xe0\x91\x70\xf8\x91\x84\xcf\x62\x97\x04\x9c\xc3\x01\x75\x51\x9f\x73\x09\x43\x4b\x96\xbc\x1b\x09\x6e\x05\xff\x02\x87\xca\x29\x92\x96\x24\xe1\xc6\xf4\x27\x0e\x89\xe9\xbc\x1b\x4c\x27\x82\xf5\x8b\x9a\x36\x0a\x00\x81\x45\xd8\x08\x33\x70\x08\x6a\x13\x14\xc9\x2a\x61\x03\xb2\x06\xb6\xcd\x0f\x6e\x63\x41\x6b\x35\xe7\x53\xb7\x09\xa6\x3a\x9a\x41\xd6\x13\xcb\x99\x7e\x55\xa6\x3f\xbf\xf2\x8c\x05\x73\xba\x2b\x64\xbf\xbc\xb0\xec\x3d\xfc\x5c\x9d\xd1\x34\xf0\xf2\xeb\x51\x15\x1e\xb2\x83\x10\xe3\xdd\x7f\x8a\xe8\x16\xf8\x66\x95\x90\x8a\xc6\xdf\x04\x80\x4e\x01\xf5\x3e\x40\x2b\xcc\x44\x5e\x17\x0c\xf2\x61\x0e\x1e\x32\xd0\x2f\x9e\x0d\x81\x49\x98\x76\xc1\x38\x3e\xec\x77\x81\x5b\x13\x59\x46\x2d\x8f\x4f\x50\x08\xaf\x8b\xb6\x1a\xe3\x58\xd8\x3c\x07\x54\xb5\x2d\x3c\xeb\x9b\x22\xc0\xa1\xb3\x5a\xfd\x92\x1e\x00\xc1\xd0\x6c\xf5\x4f\x88\x2e\x14\x5b\xd6\x08\x45\x1c\xe8\xda\x2c\x80\x81\xe2\x7e\x9c\x8d\x08\x6b\x80\x97\xd4\xf7\x7f\x1c\x33\xf5\x02\x4e\xd7\xd8\x78\xc1\x29\xe5\x34\x05\x6b\x89\xea\x2d\x14\xbd\x70\xd0\xca\x78\x9c\x7e\x29\xcc\xd3\xd2\x7a\xf1\xc6\x05\x8e\x26\x6c\x29\xe2\xfc\xd6\xf0\x4b\xa5\xa3\xd9\xe2\xc1\x16\xf0\x4c\x40\x73\x37\x96\xa1\xfe\x1c\x01\xa0\x4f\x06\x22\x2c\xce\x35\x90\x01\x53\x1b\x1c\x8f\x61\x3d\x45\x20\x83\xde\xe5\x08\x86\x01\x7a\xca\x82\x21\xa9\xa3\x06\x6e\x77\x68\x7b\x3f\xbe\xb0\xe4\x61\x92\x1f\x29\x21\xba\xf1\xa6\x69\x3e\xf0\x37\xa1\xd8\x56\x5a\x18\x04\x1b\x31\xc2\x66\xfb\x22\x5d\xd1\x74\x84\x8a\x84\x9f\xd1\x8e\x4b\x4b\xfd\x97\x23\x15\xd9\xf6\xff\x65\x29\x4f\x83\x74\xe7\x4f\x8d\x48\xbc\x17\xb6\xbe\xff\x62\xc1\x01\x2b\x5b\x04\x7f\x85\xea\x95\x6f\x50\xe1\x84\xa2\x95\xd1\xb1\x3e\x02\xb8\xe3\x5e\xa2\x4a\x1c\x80\x3a\xb1\x3a\x2a\x32\x85\xdd\xc0\xc3\x58\xd3\x01\x36\x2f\x70\x26\x7e\x7c\x6f\xd8\x25\x25\x24\xbe\x99\x3c\x0b\x61\x3c\x88\x05\x82\xf2\x85\x5f\x66\xa5\x17\xaf\x4d\xf5\x4e\xfa\x63\x58\x1f\xdb\xf3\x2b\x21\x0a\x21\x37\x55\x32\x3c\xab\x26\xdb\xc9\x1d\x85\x03\xac\x84\x2f\xa7\xca\x11\xec\x4d\xc0\xb0\x17\x1a\x3b\x7d\xc5\x1e\xd7\x63\xa7\x34\x82\x4d\x15\xfe\xb4\xa8\x0d\x6b\xfa\xf8\xf7\xd2\xfc\x82\x9b\xfe\x8d\x0b\x4b\x1b\xb4\x28\xcd\xa0\xe9\x6e\x11\x7c\x87\xa3\x81\x60\x83\x7c\xd2\x31\x56\xaf\x49\x8e\x00\x60\x31\x91\x61\x7e\xcc\x06\xa9\xa1\x6e\xb9\x33\xf2\x21\x5e\x8a\x86\xf2\xfe\x3f\x62\x9c\xa1\xd1\x45\x61\x5d\xa9\x57\xbb\xa3\xe1\xdf\x17\x9a\x07\xab\xc4\x88\x9d\x95\x61\x8f\x14\x5a\xca\x14\xe0\xd8\x85\x5f\x60\xff\xa5\x73\x34\x89\xb7\x12\xf0\x54\x42\xc0\xfd\xd2\x63\xea\xa0\x6e\xfa\x9e\x81\xcf\x2e\xb2\x98\x29\xb8\x82\x69\xc6\x53\xaa\x89\xeb\x93\x5a\x6b\x98\xe6\x5e\x46\xc6\x23\xfe\x8d\xe2\x1c\x25\x07\x66\x06\x05\x29\x15\xdc\x7d\xc9\x8e\xbc\xe6\xa7\x55\xae\x43\xb5\x57\x46\x00\x73\xd9\x4c\x8a\x44\xf6\xb6\xf6\x3a\x8a\x86\x6c\xdb\x47\x59\x15\xf4\xab\x00\xe5\xc5\x07\x2c\x1a\xe6\x10\xa8\x00\xea\x8f\xa8\x14\x7c\x96\x68\x6c\x30\x77\xcd\xfe\x0d\x9c\x77\x05\x84\xf2\x17\xfa\xc4\x7e\x64\xe5\x17\x4b\x9e\xb0\xc6\x8c\xa1\x47\xc2\x33\xde\xc2\x5c\xc2\x42\xe8\xe4\x3e\xe7\x39\x4c\x78\x76\xd2\x5e\x04\x0f\xfe\x89\xac\x1f\x6b\x2a\xa2\x40\xb6\x66\x8f\xfc\x89\x83\xfb\x86\x24\xe6\x0b\x3c\xb9\x91\x1f\xc8\x24\x0d\x9d\x8c\xe3\x50\xa8\x92\x45\x42\x04\x96\xae\x75\x76\xe1\x4b\x57\x72\x7a\x52\xe5\x55\xc9\xc8\x8d\xdd\x5c\x53\xca\x3f\xde\xe8\x83\x41\x46\x4e\x83\xdc\x59\xae\x9d\x6e\x17\xf5\xf2\xf7\x63\xa3\x8c\x93\x7e\x32\x53\x32\xea\xc2\x56\x31\xcf\x83\x15\x0a\xfa\x67\x7a\x72\x61\x1e\x7f\xc1\x45\x1b\x3e\x5f\x4d\xcd\xdd\x40\x2c\xb3\x22\xfd\x12\x0d\x9d\x56\x83\x9c\x01\x5e\xbe\x47\xc4\x19\xc5\x53\xff\x0d\xed\x43\xd0\x30\xca\x1d\x10\xb3\xb3\x83\xe6\xc3\xcf\x34\x86\x02\x61\x8a\x56\xca\x51\xf7\x75\x72\x1b\xd3\x55\x71\x0b\x7a\x99\x5a\x13\x93\x1d\xc0\x82\x35\x58\x87\x99\x86\xae\x4c\xe8\x50\xcc\xc3\x73\x1e\x78\x22\x83\x96\x66\x66\x5a\xfc\x00\xa8\x73\xc5\x6c\xa9\xcf\x79\xc6\xd6\x00\xe9\x07\xe1\x50\xb4\x06\x83\xb5\x67\xda\x9c\x1c\xa5\x96\xfc\x02\x4a\xbb\x5e\xea\xf0\x1c\x67\xe0\x83\x75\xff\x15\xc4\x32\xad\xf6\xa4\x37\xd9\x67\xdd\xf1\xbb\xfc\x6c\xcf\x9c\xe7\xc2\x02\x1b\x15\x2c\xd4\xba\x7e\xca\x0e\x67\xcf\x12\x97\x15\x1a\xea\x04\xd9\xea\x9d\xc2\xbf\x84\x44\x13\x3f\x43\x66\xbf\x36\x0e\xe5\x22\x40\x88\xb1\x94\x5b\x5e\x5d\x6d\xe3\x86\x9f\x59\xb1\xac\x7c\xc3\x35\x35\xb1\x57\x6b\xe8\xfd\x7d\xe9\xf2\xca\x5a\x3c\x0e\xb2\x61\xcc\x18\x6b\x6b\x68\x28\x55\x47\xb2\x82\x42\x88\xdf\x77\xfd\x45\x6a\xb5\x2f\x6e\xa4\x8d\xa9\x48\x19\x3a\x42\x40\xa3\x1d\x3a\x7a\xa4\xe6\x7b\xe5\xf2\xa1\x53\xa0\x18\xd3\x2c\xc0\x11\x96\x2b\xb6\x82\xda\xb5\xd3\x43\x7e\x90\x34\x2c\x24\x36\xe5\x40\x91\x38\x82\x26\xf5\xc7\x68\x53\x5e\x02\x75\xeb\xac\x26\xab\x19\xd0\x0e\x90\x38\x55\x10\xa8\x4c\x7a\x72\x6f\x91\xba\xae\xc1\x11\x8a\x74\xe6\x51\x91\x4d\x99\xe3\xe5\x09\x32\x2f\x51\xd0\x95\xb8\x94\xc2\x09\x23\xd0\xfa\x98\xe4\x2c\x4e\xc6\x77\xd0\x95\x00\x8b\x59\x53\xf6\xba\x61\x53\x7a\xba\xe5\x43\xde\x69\xef\xca\x30\xe4\x5d\x7b\xc9\x3c\xaa\x20\x2c\xc8\xf6\x6e\x57\xca\xbd\x54\x9e\xf1\x09\x2f\x79\x6b\x4a\x35\x73\xbe\xf4\x41\x09\x48\x44\xb2\x3a\x3d\x86\xbd\x14\x90\x9b\x84\x1a\xea\x10\x82\x19\xd5\xea\x4a\x49\xc8\xa9\x9e\xaf\xc5\x07\x61\x3c\x1e\x37\xae\xa3\x15\xba\x89\x4f\xec\xc1\xef\x28\x09\x21\x3e\x42\xb1\x37\x48\x58\xcb\x4d\x77\x68\x46\x58\xcf\x41\x4a\xda\x5e\x76\x0f\x4a\xc8\x3b\xc9\x35\x7e\xf1\x45\xa3\xe9\x2d\x7c\x55\x7c\x5d\x94\x40\x24\x65\x9a\xfd\x6c\xaf\x01\xb2\x96\x0c\x6c\x4a\xb1\x47\xc0\xd8\x19\x75\x4b\xe8\x00\x66\xd1\x41\x92\xa4\x79\xc7\xdc\xea\xd0\x4d\x3f\xa1\xe6\x62\x48\xcf\x29\x27\x39\x31\x24\x2d\x12\xf2\xb0\x8c\x71\xe8\x2f\x52\x86\xba\xb6\x76\x7c\x3e\x89\xa3\x6f\x27\x04\x5e\xcc\xf6\xe1\xcf\x3a\xbb\xbd\x9b\x1a\x26\x3d\xa7\xc0\xc0\x10\xfc\x10\xaf\xfc\x50\x32\xd4\x71\x23\xe1\xe1\x14\x6b\x38\xcb\xff\x01\xd4\x78\x56\x36\x04\x99\x26\x6c\xb5\x64\x59\x01\xe2\xed\x04\x9f\x45\xb2\x4e\x79\x3e\xf0\x08\x5f\x0e\x50\x40\xff\x2e\xbc\xb1\xd8\xd7\x01\x96\xd3\xde\x63\x14\xea\xe7\xf4\xf3\xe5\x26\x2c\x67\x67\x41\x59\xc1\xde\x4a\x08\x61\xaa\xd8\x14\x3b\xd5\x9f\xb3\xc8\x87\xc3\x84\x0b\x1c\x12\xc7\x42\xf1\xfa\xd2\x4c\xd9\xac\x7f\xea\x0f\xba\x87\x1c\x1e\xbc\x62\x8b\x34\xd9\x60\x43\x88\x5a\xe8\x26\x42\xda\x04\xd8\x7d\xca\xb5\x9b\xc8\xdd\x87\x65\x87\x11\xf6\x35\xbd\x66\xf4\x25\x4f\x83\xa4\x5d\x5b\xc7\x5e\x31\xfb\x60\xe9\xd6\xa5\xe6\xfb\x8b\x66\x86\x4c\xc3\x0b\x39\x11\xab\x9f\x87\xa5\x9c\xad\x38\xf0\xcc\x91\xb9\x20\x37\xbf\x1e\xa6\x42\x34\xe1\x3f\xc7\xc4\x50\x4c\xf0\x30\x0f\x1a\x0d\xeb\x39\xe6\x30\xc7\x10\xda\x48\x85\x5d\x8c\x45\x1d\x72\x6c\xc4\xc6\xe4\x43\x02\x11\x81\x8a\xaf\x9d\xca\xd5\x71\xb8\xb8\x9c\x4e\x94\x44\xae\xba\xa6\x9b\x97\x68\x9a\x5c\xa6\x70\xf8\xfa\x5e\xea\x13\x2c\x12\x1c\xc1\xef\xd2\x76\xf5\xa0\xb0\x2b\x96\x12\xbd\xc9\x9c\x99\xbc\xc6\x3b\x37\xcb\x86\x62\xcc\xaf\x7c\x80\x28\xeb\x67\x3a\x5f\x4f\x5b\xee\xff\x2c\xa9\x0d\x7a\xfa\xa1\xc6\xab\x6e\xe2\x23\x85\xae\xf9\x80\xd6\xa0\xf4\x54\x49\x86\xfb\x99\xbf\xe4\x10\x23\xb2\x20\x19\x89\x6f\x87\x7a\xae\xe7\x5e\xec\x90\xba\xe1\x0d\x43\xda\xb3\x36\xbb\xe5\x21\x5d\x05\x78\xf0\xd5\xc2\x94\xf0\xfa\x3f\xa1\x6a\xcf\xa9\xb8\x69\xaa\xf7\x9b\x6e\x7e\xf8\xc3\x8b\x9a\x9a\x2c\xfe\x0a\x02\x3e\xf3\x11\xca\xfd\xae\x30\x31\xc8\x2c\x97\x51\x81\x33\x27\x5d\x81\xf8\xfa\x5d\x7e\x4c\x42\xcb\xdf\xcd\xec\xff\x1b\x2b\xf2\x91\x22\x3d\xcd\x30\x75\x0a\x56\xa8\x12\x82\x4a\x5d\xd1\x00\x58\x5f\x1f\xf5\x22\x84\x84\xde\xc4\xbb\x50\x0e\xfd\xb0\x51\x82\xc0\x85\x75\x1a\xce\x19\x84\x4f\xeb\x55\x96\x6b\xaa\x3e\xd4\x76\xbc\xcc\xcb\x50\x9b\x0a\x05\x03\xad\x20\x2f\xab\x29\x67\x38\x8a\xf0\x78\xa7\xa0\x34\x08\xcd\x99\x90\xa3\x6a\x4d\xa1\xca\xff\xc9\x81\xb4\xe1\xfa\xeb\xca\x9f\x33\x76\x8f\x67\x3a\x16\x63\x76\xaa\x4a\x64\x4e\x9f\xc2\x5e\x41\xe0\x8f\xfa\x08\xa5\x5e\x3d\xbc\x4d\xcf\xf9\xe8\x4c\xcf\xb0\xf2\x27\xf3\xe7\x61\x40\xb6\xb9\x55\x77\xec\x7a\x37\xfe\x1c\x3f\x30\x6a\xe6\xa9\x87\x57\x60\xb3\xca\x15\x11\x42\x99\xcc\x0b\xaa\xc7\x66\xad\xe9\x30\x2a\x9d\xfe\x47\xcc\x99\x0d\x36\xbf\x04\xc2\x83\xc6\xe3\xa2\x2d\x7c\xaf\x75\xc8\xff\x75\xd6\x6a\xa7\xed\x34\xf5\x2f\xe8\x44\x69\xe8\x0b\x49\x54\xd7\x4d\x2c\x7c\x20\x14\xec\x97\x17\xb0\x73\x4b\x70\x58\x89\x81\x63\x56\xa6\xe2\xea\x80\x29\xfb\x59\xc0\x0f\x7e\x51\x8b\x14\x65\xde\x12\x8f\x6a\xc9\x66\xbb\xa6\x98\xbe\xb0\xcc\x35\xae\x7b\x7c\x41\x6a\x42\xce\x3e\xf5\xe6\x43\x54\xe5\x34\xca\xee\x98\x4d\xb5\xdb\x34\x0a\x4b\x86\x97\x3f\x0f\xcd\xc6\x80\xbb\xe8\x2d\xfa\x4f\x5b\x2b\x20\x4d\xd3\x15\xa5\x31\x0b\xdd\x34\x0c\x26\x6d\x32\x52\xc5\xe5\x7e\x8b\x87\x5c\x63\xdd\x45\xbc\x0f\xc3\xb2\xb9\xd6\xc5\x8d\x58\x60\x39\x3e\xa1\x91\x9d\x8f\x6c\xfd\x1d\xd9\x5d\xa5\x11\x21\x4f\x68\x4c\xb6\x5f\x55\x92\x22\x21\x69\x82\xba\xe0\x03\xc8\x7b\x12\x4a\x61\xce\xe2\x0e\x0d\xa6\x17\x5b\x59\x06\x15\x7f\x52\x65\x51\x92\xaa\x17\xb8\x52\xbf\xc4\x82\xf9\x34\xc4\x96\xdd\xc2\xa7\xa5\xab\x4d\x24\x45\xa8\x59\xcd\x46\x15\x47\xcb\xb0\x98\x4f\x68\xec\x57\x9e\x84\xfa\x07\xa1\xbf\xb8\xad\x07\x99\xff\xd5\x5f\x98\xab\xce\xba\xff\xc2\x6d\x8b\x20\x9a\xf5\xc4\x94\x42\x99\x99\xfa\xdc\x21\x1d\xe1\x52\x69\x36\x0c\x84\x20\x55\xf5\xf0\x81\x42\x49\xdd\x1b\x97\xe6\x5c\xcf\x97\xf4\x7e\x9b\x3e\x7c\x11\xf3\x23\x82\xa5\x11\x6d\xd2\x41\x49\xdb\x66\x28\xe2\xa2\x54\xfc\x38\x5c\x70\x98\x3d\xfe\xf3\x15\xb4\x9d\xc2\xad\xc3\x30\x14\x0c\xf1\x45\x48\x9e\x8e\x71\x68\x4c\x4c\xd9\x78\xda\xe8\xfa\xe6\x8c\xeb\x64\xc1\xcc\x11\xbb\x13\xd7\xe1\xb5\x48\x5f\x6a\x1e\xaf\x58\x34\x2a\x76\xc1\x41\xe2\xc3\x93\x3e\x6c\x3e\xed\xa4\x18\xdb\x11\x4b\x6d\xcf\x65\xa4\x91\xc6\x35\x7f\x9d\xfc\x5d\x80\x62\xc8\x2b\x07\xad\x86\x17\x10\x42\xab\xd8\x8d\x96\x07\xcd\x71\x24\x06\x66\x0e\x9c\x21\x6e\x9e\xe8\x36\x7e\xf8\xd2\x5c\x3d\x80\x9a\x5d\x4d\xe5\xd4\xcf\x90\x96\x53\x4b\x08\x9e\x3f\xcd\xc1\x34\x29\xb5\x2a\xde\xd9\x38\x7f\xd1\x61\x46\x14\xde\xa2\xd4\xed\x01\x37\x6e\xba\xfc\x2e\xbb\x0c\x34\x87\x2f\xfe\x57\x18\x63\x4e\x2a\xdd\xa4\x64\xe7\x7f\xaa\xc4\x70\x88\xcd\x9c\x3c\x30\x83\x7f\xd3\x08\x32\x75\xe8\x5f\x82\x2d\x1b\xc5\x1b\x3e\xc9\xf8\x44\x23\xdd\x81\xf2\x0a\x84\x0e\x0c\x35\xb8\xa7\x39\x8f\xff\x0b\x4e\xdf\xe8\x58\x31\x01", 4096); *(uint32_t*)0x20006544 = 0x1000; *(uint32_t*)0x20006548 = 4; memcpy((void*)0x20006640, "autocell", 8); *(uint8_t*)0x20006648 = 0x2c; memcpy((void*)0x20006649, "flock=write", 11); *(uint8_t*)0x20006654 = 0x2c; memcpy((void*)0x20006655, "flock=write", 11); *(uint8_t*)0x20006660 = 0x2c; memcpy((void*)0x20006661, "dyn", 3); *(uint8_t*)0x20006664 = 0x2c; memcpy((void*)0x20006665, "appraise", 8); *(uint8_t*)0x2000666d = 0x2c; memcpy((void*)0x2000666e, "euid<", 5); sprintf((char*)0x20006673, "%020llu", (long long)r[20]); *(uint8_t*)0x20006687 = 0x2c; memcpy((void*)0x20006688, "fsuuid", 6); *(uint8_t*)0x2000668e = 0x3d; *(uint8_t*)0x2000668f = 0x36; *(uint8_t*)0x20006690 = 0x63; *(uint8_t*)0x20006691 = 0x33; *(uint8_t*)0x20006692 = 0x63; *(uint8_t*)0x20006693 = 0x66; *(uint8_t*)0x20006694 = 0x39; *(uint8_t*)0x20006695 = 0x38; *(uint8_t*)0x20006696 = 0x62; *(uint8_t*)0x20006697 = 0x2d; *(uint8_t*)0x20006698 = 0x63; *(uint8_t*)0x20006699 = 0x38; *(uint8_t*)0x2000669a = 0x62; *(uint8_t*)0x2000669b = 0x33; *(uint8_t*)0x2000669c = 0x2d; *(uint8_t*)0x2000669d = 0x61; *(uint8_t*)0x2000669e = 0x33; *(uint8_t*)0x2000669f = 0; *(uint8_t*)0x200066a0 = 0x30; *(uint8_t*)0x200066a1 = 0x2d; *(uint8_t*)0x200066a2 = 0x61; *(uint8_t*)0x200066a3 = 0x34; *(uint8_t*)0x200066a4 = 0x63; *(uint8_t*)0x200066a5 = 0x37; *(uint8_t*)0x200066a6 = 0x2d; *(uint8_t*)0x200066a7 = 0x37; *(uint8_t*)0x200066a8 = 0x36; *(uint8_t*)0x200066a9 = 0x31; *(uint8_t*)0x200066aa = 0x63; *(uint8_t*)0x200066ab = 0x39; *(uint8_t*)0x200066ac = 0x64; *(uint8_t*)0x200066ad = 0x61; *(uint8_t*)0x200066ae = 0x34; *(uint8_t*)0x200066af = 0x2c; *(uint8_t*)0x200066b0 = 0; syz_mount_image(0x200054c0, 0x20005500, 0x80000001, 1, 0x20006540, 0x40000, 0x20006640); break; case 39: memcpy((void*)0x200066c0, "/dev/i2c-#\000", 11); syz_open_dev(0x200066c0, 0xb6f4, 0x400202); break; case 40: memcpy((void*)0x20006700, "mounts\000", 7); syz_open_procfs(r[6], 0x20006700); break; case 41: syz_open_pts(-1, 0x13022679); break; case 42: *(uint32_t*)0x200067c0 = 0x20006740; memcpy((void*)0x20006740, "\xdb\x5a\x07\x9d\xd4\x30\x62\xf6\x98\x5b\x51\x4a\xd6\xb7\xac\x65\x29\x50\xf7\xe5\x31\x7a\x81\xed\x92\x43\x86\xc1\x08\x3a\x75\xb7\xe2\x67\x59\x67\xac\xdc\x58\x64\x42\x41\xb6\xde\x98\x1b\xa6\x5e\x75\x81\x6e\x07\x8f\x21\x21\x2c\xb8\x62\xa3\x39\x34\xc9\xb4\x72\x9a\x72\x21\x51\xfd\x15\x36\x1d\x77\x1e\x0c\x59\xe4\xb2\xa7\xb4\xae\x5a\xd6\xd4\x5a\x6b\xb5\x1f\xa6\xd0", 90); *(uint32_t*)0x200067c4 = 0x5a; *(uint32_t*)0x200067c8 = 0x10001; syz_read_part_table(1, 1, 0x200067c0); break; case 43: *(uint8_t*)0x20006800 = 0x12; *(uint8_t*)0x20006801 = 1; *(uint16_t*)0x20006802 = 0x201; *(uint8_t*)0x20006804 = 0x73; *(uint8_t*)0x20006805 = 0x54; *(uint8_t*)0x20006806 = 0x2d; *(uint8_t*)0x20006807 = 0x40; *(uint16_t*)0x20006808 = 0x572; *(uint16_t*)0x2000680a = 0x1324; *(uint16_t*)0x2000680c = 0x84d3; *(uint8_t*)0x2000680e = 1; *(uint8_t*)0x2000680f = 2; *(uint8_t*)0x20006810 = 3; *(uint8_t*)0x20006811 = 1; *(uint8_t*)0x20006812 = 9; *(uint8_t*)0x20006813 = 2; *(uint16_t*)0x20006814 = 0xdff; *(uint8_t*)0x20006816 = 4; *(uint8_t*)0x20006817 = 0; *(uint8_t*)0x20006818 = 4; *(uint8_t*)0x20006819 = 0x20; *(uint8_t*)0x2000681a = 5; *(uint8_t*)0x2000681b = 9; *(uint8_t*)0x2000681c = 4; *(uint8_t*)0x2000681d = 0x21; *(uint8_t*)0x2000681e = 6; *(uint8_t*)0x2000681f = 0xf; *(uint8_t*)0x20006820 = 0x13; *(uint8_t*)0x20006821 = 0xd5; *(uint8_t*)0x20006822 = 0xef; *(uint8_t*)0x20006823 = -1; *(uint8_t*)0x20006824 = 0x7f; *(uint8_t*)0x20006825 = 3; memcpy((void*)0x20006826, "\xff\x04\x19\x26\x1d\x95\x19\x66\xe9\x2d\x90\x6d\x4e\x26\x34\x29\x08\xf7\xc1\x48\xa2\xd9\xb1\xb9\xfe\x29\x1a\xd2\xef\x96\x37\x25\xab\x89\x5c\x81\xd7\xbb\xf8\xf9\xd4\xda\x5a\x4f\x8e\x43\x11\xa0\xbd\xfd\xab\x97\xf5\x08\x93\x9e\x62\x47\x0e\xae\x4d\xc1\x3f\x11\x32\x4f\x9b\x80\x8e\xb9\xc0\x6c\xec\x3f\x30\xa8\x6e\xf0\xfb\x2a\xb9\x0e\x7e\x04\x40\xe8\x7f\xf5\x22\x68\x87\x9d\x8a\xe0\xc9\x1a\x67\x35\x0e\x71\xaf\x1f\xb2\xd4\x90\x8d\x78\x22\x20\x08\xe8\xb6\x71\x15\x6b\x17\x90\x6f\x6a\x1e\x05\xe0\x2b\x6b\x37", 125); *(uint8_t*)0x200068a3 = 5; *(uint8_t*)0x200068a4 = 0x24; *(uint8_t*)0x200068a5 = 6; *(uint8_t*)0x200068a6 = 0; *(uint8_t*)0x200068a7 = 0; *(uint8_t*)0x200068a8 = 5; *(uint8_t*)0x200068a9 = 0x24; *(uint8_t*)0x200068aa = 0; *(uint16_t*)0x200068ab = 7; *(uint8_t*)0x200068ad = 0xd; *(uint8_t*)0x200068ae = 0x24; *(uint8_t*)0x200068af = 0xf; *(uint8_t*)0x200068b0 = 1; *(uint32_t*)0x200068b1 = 3; *(uint16_t*)0x200068b5 = 0; *(uint16_t*)0x200068b7 = 3; *(uint8_t*)0x200068b9 = 0x6a; *(uint8_t*)0x200068ba = 0xc0; *(uint8_t*)0x200068bb = 0x24; *(uint8_t*)0x200068bc = 0x13; *(uint8_t*)0x200068bd = 2; memcpy((void*)0x200068be, "\xf6\xe0\xbd\x71\x54\x25\x30\xd6\xc8\x82\xe5\x31\xf6\x0f\x2e\xef\xd0\x5d\x35\x63\x85\xc0\xa6\x22\xa1\x20\xa8\x16\x78\x85\x48\x55\xc2\x70\x40\x64\x5d\x6c\x24\x37\x27\x72\x10\x8a\xef\x34\xf2\xaf\x02\x26\xda\xa9\x9d\x3c\xec\xfe\x16\x8f\xc9\xfa\xe2\x8e\xd3\xbd\x29\x5c\x75\x43\x16\x6c\xe5\xf2\x52\xa2\x58\x4e\x73\xd2\x12\xd5\x87\x24\x5b\x8e\xbe\xfb\xae\x86\x93\xd8\x8f\x8f\xda\x2b\xbf\xbc\x96\x28\xa0\x8e\x7d\x81\xa1\x94\xb0\xc4\x9e\x82\xf6\xbc\x23\x01\x24\x57\x6b\x45\xb4\xcb\xc1\xd5\xc0\x2d\xcb\x3f\x94\x3d\xad\x75\xc6\xc2\xc5\x02\x3c\x1e\x67\x0f\xf6\x82\x5d\x8b\xa2\x3c\x20\x5a\x7e\xb9\xdc\x0b\xca\xc2\x8c\x35\x14\x07\x20\x78\xd2\xfa\x78\x2c\x31\x86\xd4\xb1\xed\x80\x40\xee\x1c\x76\x5b\xc2\x34\xaf\xcc\x52\xa9\x17\x22\x52\x7e\x5d\xbd\x90\x2d\xc2\x99\xd8", 188); *(uint8_t*)0x2000697a = 9; *(uint8_t*)0x2000697b = 5; *(uint8_t*)0x2000697c = 0; *(uint8_t*)0x2000697d = 0x10; *(uint16_t*)0x2000697e = 0; *(uint8_t*)0x20006980 = 2; *(uint8_t*)0x20006981 = 0x36; *(uint8_t*)0x20006982 = 0; *(uint8_t*)0x20006983 = 0x2a; *(uint8_t*)0x20006984 = 0x31; memcpy((void*)0x20006985, "\x71\xc3\xc3\xd6\x1b\xbd\x69\x65\xe0\xda\xb5\x13\xc1\x4e\x7d\x2a\x6d\x7d\x83\x46\x22\x8a\xf4\x6c\x61\x7a\x9c\x6f\x93\xe2\xc9\x23\x76\x7b\x9d\xcf\x1b\x1c\x65\x24", 40); *(uint8_t*)0x200069ad = 0x35; *(uint8_t*)0x200069ae = 8; memcpy((void*)0x200069af, "\x2e\xfa\xc1\x77\x7f\x97\xf0\x88\xcf\x4e\xa6\x90\x9a\x4a\xb8\x19\x54\x3a\x67\x8d\xbd\x61\x1b\xae\xbf\x76\x50\x0b\x0c\x10\xe0\x99\xa0\x98\x27\xed\xc9\x86\xbd\x1c\x1c\x58\xec\x92\x77\x82\x78\x78\x70\x0a\x60", 51); *(uint8_t*)0x200069e2 = 9; *(uint8_t*)0x200069e3 = 5; *(uint8_t*)0x200069e4 = 6; *(uint8_t*)0x200069e5 = 3; *(uint16_t*)0x200069e6 = 0x400; *(uint8_t*)0x200069e8 = 0x3f; *(uint8_t*)0x200069e9 = 2; *(uint8_t*)0x200069ea = 8; *(uint8_t*)0x200069eb = 2; *(uint8_t*)0x200069ec = 7; *(uint8_t*)0x200069ed = 7; *(uint8_t*)0x200069ee = 0x25; *(uint8_t*)0x200069ef = 1; *(uint8_t*)0x200069f0 = 0x81; *(uint8_t*)0x200069f1 = 0x40; *(uint16_t*)0x200069f2 = 4; *(uint8_t*)0x200069f4 = 9; *(uint8_t*)0x200069f5 = 5; *(uint8_t*)0x200069f6 = 8; *(uint8_t*)0x200069f7 = 0; *(uint16_t*)0x200069f8 = 0x400; *(uint8_t*)0x200069fa = 2; *(uint8_t*)0x200069fb = 8; *(uint8_t*)0x200069fc = 8; *(uint8_t*)0x200069fd = 9; *(uint8_t*)0x200069fe = 5; *(uint8_t*)0x200069ff = 0xe; *(uint8_t*)0x20006a00 = 1; *(uint16_t*)0x20006a01 = 0x200; *(uint8_t*)0x20006a03 = 2; *(uint8_t*)0x20006a04 = 4; *(uint8_t*)0x20006a05 = 9; *(uint8_t*)0x20006a06 = 9; *(uint8_t*)0x20006a07 = 5; *(uint8_t*)0x20006a08 = 0xc; *(uint8_t*)0x20006a09 = 0; *(uint16_t*)0x20006a0a = 0x400; *(uint8_t*)0x20006a0c = 0; *(uint8_t*)0x20006a0d = 4; *(uint8_t*)0x20006a0e = 0x20; *(uint8_t*)0x20006a0f = 7; *(uint8_t*)0x20006a10 = 0x25; *(uint8_t*)0x20006a11 = 1; *(uint8_t*)0x20006a12 = 0; *(uint8_t*)0x20006a13 = 0x7f; *(uint16_t*)0x20006a14 = 0x1ff; *(uint8_t*)0x20006a16 = 7; *(uint8_t*)0x20006a17 = 0x25; *(uint8_t*)0x20006a18 = 1; *(uint8_t*)0x20006a19 = 0x41; *(uint8_t*)0x20006a1a = 0xcb; *(uint16_t*)0x20006a1b = 0x102d; *(uint8_t*)0x20006a1d = 9; *(uint8_t*)0x20006a1e = 5; *(uint8_t*)0x20006a1f = 0xf; *(uint8_t*)0x20006a20 = 0x10; *(uint16_t*)0x20006a21 = 0x20; *(uint8_t*)0x20006a23 = 0x32; *(uint8_t*)0x20006a24 = 0; *(uint8_t*)0x20006a25 = 0; *(uint8_t*)0x20006a26 = 9; *(uint8_t*)0x20006a27 = 5; *(uint8_t*)0x20006a28 = 2; *(uint8_t*)0x20006a29 = 4; *(uint16_t*)0x20006a2a = 0x20; *(uint8_t*)0x20006a2c = 0x20; *(uint8_t*)0x20006a2d = 0x7f; *(uint8_t*)0x20006a2e = 0x7f; *(uint8_t*)0x20006a2f = 7; *(uint8_t*)0x20006a30 = 0x25; *(uint8_t*)0x20006a31 = 1; *(uint8_t*)0x20006a32 = 1; *(uint8_t*)0x20006a33 = 8; *(uint16_t*)0x20006a34 = 0x40; *(uint8_t*)0x20006a36 = 9; *(uint8_t*)0x20006a37 = 5; *(uint8_t*)0x20006a38 = 1; *(uint8_t*)0x20006a39 = 0; *(uint16_t*)0x20006a3a = 8; *(uint8_t*)0x20006a3c = 0xe0; *(uint8_t*)0x20006a3d = 0x80; *(uint8_t*)0x20006a3e = 1; *(uint8_t*)0x20006a3f = 9; *(uint8_t*)0x20006a40 = 5; *(uint8_t*)0x20006a41 = 0xd; *(uint8_t*)0x20006a42 = 0; *(uint16_t*)0x20006a43 = 0x7f7; *(uint8_t*)0x20006a45 = 8; *(uint8_t*)0x20006a46 = 4; *(uint8_t*)0x20006a47 = 0x20; *(uint8_t*)0x20006a48 = 7; *(uint8_t*)0x20006a49 = 0x25; *(uint8_t*)0x20006a4a = 1; *(uint8_t*)0x20006a4b = 2; *(uint8_t*)0x20006a4c = 6; *(uint16_t*)0x20006a4d = 3; *(uint8_t*)0x20006a4f = 0x5b; *(uint8_t*)0x20006a50 = 2; memcpy((void*)0x20006a51, "\xe2\x68\x16\x78\x8a\x1c\xc1\x88\x1a\x23\xc8\xf4\x1a\x67\xd7\x3b\xe6\xc2\x14\x67\xfa\x34\xc3\x2c\x9f\xb2\xf2\x08\xc2\x69\x29\xeb\x65\x27\x36\xf9\xd9\x1d\x3a\x85\xb6\x39\x1d\xdd\x8c\x23\xc3\x09\xf2\x0a\xa9\x6d\x84\xd4\x89\xfd\xc4\x25\xac\xea\x48\x48\x9f\xbd\x62\xf0\xf3\x65\x3d\x94\xee\x6b\x8e\x1d\xab\x83\xb1\x9e\xbc\xa6\xd7\x35\x78\x5a\xb9\xdd\x72\x4d\x66", 89); *(uint8_t*)0x20006aaa = 9; *(uint8_t*)0x20006aab = 5; *(uint8_t*)0x20006aac = 6; *(uint8_t*)0x20006aad = 2; *(uint16_t*)0x20006aae = 0x40; *(uint8_t*)0x20006ab0 = 0x80; *(uint8_t*)0x20006ab1 = 1; *(uint8_t*)0x20006ab2 = 0x1b; *(uint8_t*)0x20006ab3 = 7; *(uint8_t*)0x20006ab4 = 0x25; *(uint8_t*)0x20006ab5 = 1; *(uint8_t*)0x20006ab6 = 0; *(uint8_t*)0x20006ab7 = 7; *(uint16_t*)0x20006ab8 = 0x40; *(uint8_t*)0x20006aba = 9; *(uint8_t*)0x20006abb = 5; *(uint8_t*)0x20006abc = 9; *(uint8_t*)0x20006abd = 0x10; *(uint16_t*)0x20006abe = 8; *(uint8_t*)0x20006ac0 = 7; *(uint8_t*)0x20006ac1 = 4; *(uint8_t*)0x20006ac2 = 0x3f; *(uint8_t*)0x20006ac3 = 0xe8; *(uint8_t*)0x20006ac4 = 0xb; memcpy((void*)0x20006ac5, "\x8a\xfc\x39\xfa\xbf\x2e\x69\xef\xa6\x1b\x09\x26\x94\xe9\xe7\x01\x87\xbb\xd4\x34\x3a\x56\x66\xc1\xc2\xe1\xb5\xbe\xc1\x2b\xd1\xb1\x63\x32\x5b\x32\x04\x7e\x6f\xad\x04\x42\xc3\x70\x40\x7a\xd2\xdd\xd4\xeb\x56\x3a\x85\x40\x8b\xb4\x76\x2b\x8e\x46\xa4\x63\x43\xa9\xbf\x71\x84\x80\x5c\xd6\x0c\x0d\xa1\x01\x0d\xbd\x99\x5b\x1d\x79\x8e\x5b\x4a\x50\xa1\x0d\xc1\x1c\xd3\x95\x93\x2b\x5e\xd4\xf8\xe0\x6e\x56\x6a\x72\x6d\xe0\x3c\x04\x47\x58\x7e\x03\xd6\x55\xe7\x3c\x3e\x30\xe4\x3e\x8c\x21\x89\xd9\xf1\xfc\xbd\x1e\x3d\x45\x71\x2e\x92\x03\xad\x62\xe3\x4e\x8e\x27\x53\xc6\xf2\xd0\xfa\x95\x3d\x20\xdf\xd1\xbb\x42\x47\x9f\xc0\x33\x95\x9a\xac\x50\x43\x14\x9c\xed\xe9\x28\x6d\xce\x76\x3b\x3f\x20\xad\xaf\xee\x00\x5d\xc6\x83\x0d\xb8\x9c\xd5\x8f\x56\xa2\xf9\x7f\xb1\x0e\x0c\x37\xc0\xdd\x51\x63\xae\x61\x78\x38\x7a\x02\x84\xab\x98\x1a\x6c\xab\xcd\x05\xdb\x43\x14\x32\x63\x32\xe1\xd3\x2d\x69\xd9\xe5\x62\x4a\xc0\x86\x33\x32\x79\xb2\xdf\x93\xb7\x8c", 230); *(uint8_t*)0x20006bab = 9; *(uint8_t*)0x20006bac = 5; *(uint8_t*)0x20006bad = 2; *(uint8_t*)0x20006bae = 8; *(uint16_t*)0x20006baf = 0x3ff; *(uint8_t*)0x20006bb1 = 9; *(uint8_t*)0x20006bb2 = 4; *(uint8_t*)0x20006bb3 = 2; *(uint8_t*)0x20006bb4 = 0xf8; *(uint8_t*)0x20006bb5 = 3; memcpy((void*)0x20006bb6, "\xd2\xa3\x36\x68\x18\x43\xbe\xe6\x3f\x11\x81\xdd\xe5\x8c\xe1\x39\xc8\x7e\xb3\x9d\x3b\x1b\x13\xc8\x9f\x9c\x99\x42\x60\x3a\xbc\x8f\x40\x9b\x89\xed\xa8\xfb\x2c\x9c\x68\xe3\xce\xb4\x70\x7a\x75\x45\x08\x30\x06\x6c\xf2\x30\x91\x72\xcf\x06\x53\x0b\xe6\x25\x66\xc8\xc6\x28\x43\x6e\xde\x40\xb0\x63\x4b\x77\x58\xb6\x17\x7a\xb7\x9a\x5e\xf2\x50\x1a\x59\xd5\x80\xc5\x73\x29\x44\xb2\xf3\xbd\x51\x23\xfd\x15\x63\x5c\xfe\x84\x91\xa0\x3a\xb3\xd1\x0d\x42\x51\x80\x9a\xc6\xaf\x63\x5e\x91\x48\xf6\xc9\xb7\xe3\xb9\x3f\xd4\xbe\x33\x87\xd4\xce\x97\x08\xf9\x74\x1d\x7d\x24\x96\xf6\x06\x97\xdb\x79\x6d\x17\xbb\x9f\x55\xed\x9d\x12\xa4\xf5\x24\xc9\xae\x5d\xe2\x04\x4e\x86\x3c\x24\x37\x08\x2c\x82\xf7\x05\x03\x62\xb3\x8a\x90\xff\x56\x63\xe9\xa1\xca\x56\xd8\x99\xac\x46\x21\x20\x97\x09\x52\x83\x42\xac\x71\xba\xd0\x76\x61\xab\x43\x79\x99\xa7\x3a\x96\x72\x00\xb8\xbd\xc9\x75\xa7\x8f\x6e\xd6\xf8\xe6\xec\x81\xb6\x37\xbb\xde\x98\x53\x15\xc3\x2e\xaa\xea\x7d\xe9\x23\x25\xdf\xef\x74\x82\x22\x1b\x7a\x31\x21\x2a\x96\xcd", 246); *(uint8_t*)0x20006cac = 7; *(uint8_t*)0x20006cad = 0x25; *(uint8_t*)0x20006cae = 1; *(uint8_t*)0x20006caf = 0x81; *(uint8_t*)0x20006cb0 = 0x82; *(uint16_t*)0x20006cb1 = 0x7ff; *(uint8_t*)0x20006cb3 = 9; *(uint8_t*)0x20006cb4 = 5; *(uint8_t*)0x20006cb5 = 5; *(uint8_t*)0x20006cb6 = 2; *(uint16_t*)0x20006cb7 = 0x3ff; *(uint8_t*)0x20006cb9 = 0xe4; *(uint8_t*)0x20006cba = 0; *(uint8_t*)0x20006cbb = 1; *(uint8_t*)0x20006cbc = 0xab; *(uint8_t*)0x20006cbd = 9; memcpy((void*)0x20006cbe, "\xc6\xfe\x27\x36\x94\xb4\x05\x2a\x22\x09\x9e\x80\xc6\x7e\x2e\xb2\x7f\xde\xed\x48\xb1\x52\x75\x46\xe3\xa7\x40\x7a\xfc\x77\xae\x43\xbd\x82\x4d\x2f\xfd\x79\xec\x4a\x23\x13\xe6\xde\xcb\x22\x1d\x29\x55\x42\x04\x6d\x0e\x03\x11\xc0\xc0\x2e\x9f\x09\x73\xd4\x9f\x0b\x1b\xd4\x9d\xa2\x3a\xf4\xc4\x14\x49\xe8\xfd\x00\x5d\xde\xac\x5c\xb8\xc7\x3c\x95\x1a\x76\x62\x6e\xe8\x86\x0e\x18\xc8\x5c\xef\x48\xbb\x8b\x33\x50\x6f\x1a\x4f\x6b\xa4\x21\x21\x1b\xd0\x4f\x96\xdd\x24\x63\x65\x5b\x6e\xd4\x20\x6b\xcc\x04\x9e\xbc\x67\xa5\xa0\xac\xbf\xd5\xeb\x77\x05\x5f\x23\x2b\xdc\x5c\x33\xa9\x2f\xd8\x0e\xbb\xd2\xda\xd6\x7c\x47\x0a\x1e\xe4\x01\x28\x0c\x84\xbc\x45\xa2\x25\xab\xf7\xd7\xb7\xa8\xc4\xfd\xd7\x7c", 169); *(uint8_t*)0x20006d67 = 0x99; *(uint8_t*)0x20006d68 = 0x23; memcpy((void*)0x20006d69, "\x6a\xd2\x4c\x93\xae\x66\xaf\xc2\x43\xc8\x2a\x20\x22\x88\x5c\x51\x54\x35\xd3\xa6\xa8\xd0\xef\x67\x86\x6f\x48\x82\x4a\xae\x8e\x31\xc1\x3f\x45\x0c\xf1\x04\x77\xc7\xad\xd8\x14\xe0\xa2\x0d\x36\x90\xe3\x4f\x87\x60\xb7\x87\x53\x57\x60\x1e\x82\x07\x3a\x7a\x84\xd0\xf4\xb1\xe6\x4b\x33\x27\x6f\x3b\xbb\xce\x50\x4b\xdd\x2f\x2b\x38\xc1\x83\x77\x70\x87\x6e\xd0\x36\x7d\xbb\x28\x0f\xc1\x08\xa3\x8f\x3b\x1a\x38\x69\xcf\x03\x88\x71\xf5\xac\xd4\xe8\xde\xc2\xec\x99\xbf\xef\x6e\x25\x96\xdf\x56\x7f\xac\x26\xf3\x17\x37\x92\xc2\x0b\x5d\x1f\xe6\x71\x5e\xb4\xa9\xd9\x64\xaf\x6f\xcc\x73\x1d\x4a\xc6\xbe\x25\xd3\x21\x7f\x7d\x87", 151); *(uint8_t*)0x20006e00 = 9; *(uint8_t*)0x20006e01 = 5; *(uint8_t*)0x20006e02 = 0xd; *(uint8_t*)0x20006e03 = 0xc; *(uint16_t*)0x20006e04 = 0x200; *(uint8_t*)0x20006e06 = 0x3f; *(uint8_t*)0x20006e07 = 8; *(uint8_t*)0x20006e08 = 1; *(uint8_t*)0x20006e09 = 9; *(uint8_t*)0x20006e0a = 5; *(uint8_t*)0x20006e0b = 6; *(uint8_t*)0x20006e0c = 0; *(uint16_t*)0x20006e0d = 0x1df; *(uint8_t*)0x20006e0f = 4; *(uint8_t*)0x20006e10 = 0x3f; *(uint8_t*)0x20006e11 = 0xc5; *(uint8_t*)0x20006e12 = 7; *(uint8_t*)0x20006e13 = 0x25; *(uint8_t*)0x20006e14 = 1; *(uint8_t*)0x20006e15 = 0x80; *(uint8_t*)0x20006e16 = 1; *(uint16_t*)0x20006e17 = 0; *(uint8_t*)0x20006e19 = 9; *(uint8_t*)0x20006e1a = 4; *(uint8_t*)0x20006e1b = 0xb1; *(uint8_t*)0x20006e1c = -1; *(uint8_t*)0x20006e1d = 4; *(uint8_t*)0x20006e1e = 0xb0; *(uint8_t*)0x20006e1f = 0x15; *(uint8_t*)0x20006e20 = 0x7a; *(uint8_t*)0x20006e21 = 0xa9; *(uint8_t*)0x20006e22 = 7; *(uint8_t*)0x20006e23 = 0x24; *(uint8_t*)0x20006e24 = 6; *(uint8_t*)0x20006e25 = 0; *(uint8_t*)0x20006e26 = 0; memcpy((void*)0x20006e27, "\x25\x02", 2); *(uint8_t*)0x20006e29 = 5; *(uint8_t*)0x20006e2a = 0x24; *(uint8_t*)0x20006e2b = 0; *(uint16_t*)0x20006e2c = 0x96; *(uint8_t*)0x20006e2e = 0xd; *(uint8_t*)0x20006e2f = 0x24; *(uint8_t*)0x20006e30 = 0xf; *(uint8_t*)0x20006e31 = 1; *(uint32_t*)0x20006e32 = 0; *(uint16_t*)0x20006e36 = 1; *(uint16_t*)0x20006e38 = 7; *(uint8_t*)0x20006e3a = 1; *(uint8_t*)0x20006e3b = 7; *(uint8_t*)0x20006e3c = 0x24; *(uint8_t*)0x20006e3d = 0xa; *(uint8_t*)0x20006e3e = 0xde; *(uint8_t*)0x20006e3f = 1; *(uint8_t*)0x20006e40 = 3; *(uint8_t*)0x20006e41 = 0x84; *(uint8_t*)0x20006e42 = 5; *(uint8_t*)0x20006e43 = 0x24; *(uint8_t*)0x20006e44 = 1; *(uint8_t*)0x20006e45 = 1; *(uint8_t*)0x20006e46 = 0x20; *(uint8_t*)0x20006e47 = 7; *(uint8_t*)0x20006e48 = 0x24; *(uint8_t*)0x20006e49 = 0x14; *(uint16_t*)0x20006e4a = 8; *(uint16_t*)0x20006e4c = 6; *(uint8_t*)0x20006e4e = 4; *(uint8_t*)0x20006e4f = 0x24; *(uint8_t*)0x20006e50 = 2; *(uint8_t*)0x20006e51 = 7; *(uint8_t*)0x20006e52 = 0xa; *(uint8_t*)0x20006e53 = 0x24; *(uint8_t*)0x20006e54 = 7; *(uint8_t*)0x20006e55 = 0x20; *(uint16_t*)0x20006e56 = 0xd57a; *(uint16_t*)0x20006e58 = 0x3ff; *(uint16_t*)0x20006e5a = 7; *(uint8_t*)0x20006e5c = 7; *(uint8_t*)0x20006e5d = 0x24; *(uint8_t*)0x20006e5e = 0xa; *(uint8_t*)0x20006e5f = 0x80; *(uint8_t*)0x20006e60 = 0; *(uint8_t*)0x20006e61 = 0xfc; *(uint8_t*)0x20006e62 = 6; *(uint8_t*)0x20006e63 = 9; *(uint8_t*)0x20006e64 = 5; *(uint8_t*)0x20006e65 = 0xc; *(uint8_t*)0x20006e66 = 0x10; *(uint16_t*)0x20006e67 = 0x400; *(uint8_t*)0x20006e69 = 0x80; *(uint8_t*)0x20006e6a = 0x3f; *(uint8_t*)0x20006e6b = 0; *(uint8_t*)0x20006e6c = 0xc0; *(uint8_t*)0x20006e6d = 0x23; memcpy((void*)0x20006e6e, "\x2f\xa6\x21\x6f\xa5\xb3\x4b\x3c\x34\x7a\x90\xd7\xc0\x9d\xee\x9e\x3b\xad\x4c\xef\xe7\xc1\x78\xd4\xc2\x48\xc1\x75\xd6\xe2\x65\xf0\xf1\x5b\x5d\xb2\xf1\xef\xac\xfb\xb4\x75\x80\x01\xa8\x95\xf8\x29\x6a\x82\xcc\x24\x3a\x7a\x71\xe6\xcf\xa5\x9d\x27\xd6\xba\x04\x08\x6b\x13\x18\xf3\x99\x7a\xee\x66\x3f\xb0\xb1\x88\xa9\x5e\x85\x05\xf2\x75\x8d\x8b\x43\xe5\x4d\xce\x1e\x61\x31\xac\x08\xc8\xf2\x9e\x40\xfd\xf1\x8b\xbc\xb5\x70\x4b\x23\x47\x1e\x1f\xa2\xbb\xa7\x64\x58\x1c\xe7\xdc\x0a\x1f\x88\x0b\x6a\xa4\xe3\x93\x0f\x95\x24\xba\xf7\xf5\x0f\x7c\xb5\x8d\xdb\xd7\xb0\x65\xbe\x27\x02\x27\xb4\x7e\x34\xa8\x27\xa2\xf0\x9e\x87\x65\x2c\x3b\x09\x33\x94\x5d\x95\xbc\xdc\x06\x2e\x78\x95\x3c\x6f\xef\x78\x19\x97\x36\xf6\x24\x70\xac\x62\x41\x40\xad\x40\x3c\x6f\x78\x8d\x52\xe1\x0e\x11\x03", 190); *(uint8_t*)0x20006f2c = 9; *(uint8_t*)0x20006f2d = 5; *(uint8_t*)0x20006f2e = 5; *(uint8_t*)0x20006f2f = 0; *(uint16_t*)0x20006f30 = 0x20; *(uint8_t*)0x20006f32 = 0x3f; *(uint8_t*)0x20006f33 = 0x7f; *(uint8_t*)0x20006f34 = 2; *(uint8_t*)0x20006f35 = 0x1a; *(uint8_t*)0x20006f36 = 0xc; memcpy((void*)0x20006f37, "\x1c\x2b\x9b\xf9\x18\x36\xba\x9e\x59\x50\x27\x9a\xa4\x49\xab\x26\x14\xf1\x7e\xc4\x78\xa5\xa7\x00", 24); *(uint8_t*)0x20006f4f = 0xc3; *(uint8_t*)0x20006f50 = 0xc; memcpy((void*)0x20006f51, "\x31\x39\xf5\x6a\x95\xcd\x9a\xcd\x2c\xaf\x28\x74\xda\x06\x4a\xdf\x8a\x3e\xa9\x3c\xbd\x32\xe1\x4f\x79\xb6\x83\x8a\x87\x5d\x2b\x1c\x72\x86\xc6\x17\xf7\x80\xe8\x3c\xd8\xac\x69\xa4\x71\x4e\x10\x41\xcf\x11\xa6\x98\x86\x60\x63\xe4\x4d\x74\xc6\xdf\xbe\xe8\x90\x55\xed\xa3\xb7\x01\x77\xaf\x2e\x4b\x13\x8e\xdb\xeb\x82\xf3\x46\x05\xc6\x14\xb3\xa5\xcb\x77\x50\xf2\x20\xc4\xc8\xbc\x45\x0a\x30\x09\xd9\xbd\x33\x00\x56\x14\x98\xc1\x64\xcf\x3b\x38\x00\xcd\xf5\x75\xf5\xee\x94\x56\xff\xec\x5a\xcc\x96\xed\x76\xe2\x26\xc3\x6e\x52\x50\x8d\x2f\xc0\x8e\x9f\x1e\xa6\xfe\x8c\xfc\x2c\x9a\x31\xb0\x9a\xc5\x56\xd2\xe4\x8e\x88\xdb\x31\x70\x50\x50\x52\xed\x76\xa4\x75\xaa\x82\xd6\x36\xd9\x7e\x10\xe7\xe3\xdd\x77\x12\x5f\x5d\xf8\xa7\x95\x7d\x3c\x3f\x94\xf1\xc7\x6c\xbc\x01\x36\x19\x26\x39\xd1\x76\x40", 193); *(uint8_t*)0x20007012 = 9; *(uint8_t*)0x20007013 = 5; *(uint8_t*)0x20007014 = 2; *(uint8_t*)0x20007015 = 2; *(uint16_t*)0x20007016 = 0x200; *(uint8_t*)0x20007018 = 0x48; *(uint8_t*)0x20007019 = 2; *(uint8_t*)0x2000701a = 4; *(uint8_t*)0x2000701b = 9; *(uint8_t*)0x2000701c = 5; *(uint8_t*)0x2000701d = 1; *(uint8_t*)0x2000701e = 0x10; *(uint16_t*)0x2000701f = 0x20; *(uint8_t*)0x20007021 = 0x6c; *(uint8_t*)0x20007022 = 1; *(uint8_t*)0x20007023 = 3; *(uint8_t*)0x20007024 = 0xce; *(uint8_t*)0x20007025 = 0x21; memcpy((void*)0x20007026, "\x06\xc1\x68\xe4\xec\x51\x8f\xa8\x4d\xd5\x1e\xa1\x69\x50\xaf\x04\x28\x9b\x85\x63\x92\x49\xe5\xb2\x76\x19\xa0\x30\x17\x47\x9c\xb3\x14\xd2\xff\xe9\xee\x81\xbe\x9e\xb0\x17\xcf\x98\x23\x4e\x8f\x72\x36\x18\xdf\xe3\x9f\x1f\x4c\xee\x3c\xa8\x42\xdd\x87\x02\x08\xe0\x1c\xcd\x1c\x6a\xe4\xd9\xa7\x1b\x28\x14\xb6\xaa\x79\x5f\xef\xda\x45\x07\x27\xb3\xbe\xb2\x66\xf7\xf3\x56\x20\xf0\x9a\x35\x08\xc2\x9f\xd6\x0d\x98\x47\x34\x2c\x29\x5b\x2b\xa8\x67\xe4\x9b\x8f\x0b\x74\x6d\x5b\x75\x2b\xe6\x9f\x4d\xa8\x8f\x93\x8d\xcb\xfe\x16\x90\x33\x3c\x46\x7c\xb8\x90\x05\x97\xad\x4a\xa4\x34\x40\x45\x39\x24\x3f\x3a\x64\xdb\xce\xd5\x55\x45\x62\x04\x2f\xb9\x8f\xd0\xa5\x55\x3a\xb0\xbd\xf0\xac\xcf\x16\x52\x5c\x4f\x84\x63\x4a\xee\x87\x63\xdb\x10\xe7\x0e\x77\xa8\x9a\x71\x42\x21\xad\x80\x5f\x53\x8a\x0d\x1a\x82\x4d\xcb\x6a\xaa\xc6\x1d\x3e\xa4\xbf\xe9", 204); *(uint8_t*)0x200070f2 = 7; *(uint8_t*)0x200070f3 = 0x25; *(uint8_t*)0x200070f4 = 1; *(uint8_t*)0x200070f5 = 3; *(uint8_t*)0x200070f6 = 0x80; *(uint16_t*)0x200070f7 = 5; *(uint8_t*)0x200070f9 = 9; *(uint8_t*)0x200070fa = 4; *(uint8_t*)0x200070fb = 0x6b; *(uint8_t*)0x200070fc = 3; *(uint8_t*)0x200070fd = 5; *(uint8_t*)0x200070fe = 0x3d; *(uint8_t*)0x200070ff = 0x21; *(uint8_t*)0x20007100 = 0xee; *(uint8_t*)0x20007101 = 0xc0; *(uint8_t*)0x20007102 = 9; *(uint8_t*)0x20007103 = 0x21; *(uint16_t*)0x20007104 = 0x848d; *(uint8_t*)0x20007106 = 0x1f; *(uint8_t*)0x20007107 = 1; *(uint8_t*)0x20007108 = 0x22; *(uint16_t*)0x20007109 = 0x3f6; *(uint8_t*)0x2000710b = 9; *(uint8_t*)0x2000710c = 5; *(uint8_t*)0x2000710d = 0xd; *(uint8_t*)0x2000710e = 0x10; *(uint16_t*)0x2000710f = 0x40; *(uint8_t*)0x20007111 = 0x7c; *(uint8_t*)0x20007112 = 6; *(uint8_t*)0x20007113 = 4; *(uint8_t*)0x20007114 = 7; *(uint8_t*)0x20007115 = 0x25; *(uint8_t*)0x20007116 = 1; *(uint8_t*)0x20007117 = 0x82; *(uint8_t*)0x20007118 = 0x69; *(uint16_t*)0x20007119 = 0x5fa4; *(uint8_t*)0x2000711b = 9; *(uint8_t*)0x2000711c = 5; *(uint8_t*)0x2000711d = 3; *(uint8_t*)0x2000711e = 0x1c; *(uint16_t*)0x2000711f = 0x3ff; *(uint8_t*)0x20007121 = 8; *(uint8_t*)0x20007122 = 0x81; *(uint8_t*)0x20007123 = 1; *(uint8_t*)0x20007124 = 7; *(uint8_t*)0x20007125 = 0x25; *(uint8_t*)0x20007126 = 1; *(uint8_t*)0x20007127 = 0x37; *(uint8_t*)0x20007128 = 3; *(uint16_t*)0x20007129 = 0xfff; *(uint8_t*)0x2000712b = 0xba; *(uint8_t*)0x2000712c = 9; memcpy((void*)0x2000712d, "\xb8\xe7\xe6\x10\xb0\x74\x32\x5b\x28\xa3\x8b\x1b\x5f\x75\x6c\xdd\xec\xec\x90\x26\xba\xed\xfb\x15\x8c\x2c\xe4\xd0\xe3\x48\xd2\x44\x73\xf7\xa1\xee\x74\xbd\xa8\xa6\xd5\x84\x5a\xcf\x5d\xe0\x95\x71\x3b\xb0\x20\xe1\x29\x2c\xc0\x80\xd9\xc8\x97\x44\xf8\xce\xd9\x69\x16\xbb\x20\x55\xa1\xa1\x76\x9f\x6a\x7b\x4d\x13\xb9\xf7\x40\x50\xa8\x22\x0d\xdf\x0d\x09\xa9\x4c\x3b\xfb\xaa\xb0\x6f\xdd\x2b\x5e\x0b\x19\x31\xb7\x7f\x42\x6c\x18\xe3\xc8\x8d\xa2\x5c\x52\xc0\x19\xdb\xfb\xdb\xb8\xbf\x0e\x5e\xe6\x28\xb5\xa4\x6d\x95\xb5\x39\x42\xfe\xb5\xbf\x7b\xfd\x58\x1f\x93\xa9\x45\xc8\x5d\xa3\x3b\x76\x3d\x2f\x0c\x33\x45\x89\x8c\x95\xe2\xa1\x22\x8e\x5e\x08\x40\x70\xa1\xe9\x6b\xce\xf7\x23\x7f\x0a\x03\x36\xc6\x30\x91\xbe\x6b\x87\xd3\xff\x68\xde\x36\xf6\xc9\xb0\xb2", 184); *(uint8_t*)0x200071e5 = 9; *(uint8_t*)0x200071e6 = 5; *(uint8_t*)0x200071e7 = 0; *(uint8_t*)0x200071e8 = 0x10; *(uint16_t*)0x200071e9 = 0; *(uint8_t*)0x200071eb = 0x40; *(uint8_t*)0x200071ec = 7; *(uint8_t*)0x200071ed = 0x22; *(uint8_t*)0x200071ee = 0xfc; *(uint8_t*)0x200071ef = 0x11; memcpy((void*)0x200071f0, "\xfb\xb0\xdd\xc3\x40\xe0\xee\x54\x66\x41\x5b\xab\xc5\x9d\x3b\xbf\x8a\x56\x91\x09\x35\x1e\x08\x9d\xf0\x59\x09\x4e\x3c\x5a\xef\x87\xf9\xe1\x31\x20\xdc\x04\x3a\x4d\xad\x91\x93\xdb\xea\x34\xae\xff\xbe\x3c\x0d\x94\x5d\x8a\x18\xd6\xc0\x55\xb7\x9c\xe5\x1a\xdb\x09\x82\x0e\xb6\x96\x5d\x78\x22\xf5\x53\xc5\x90\xfb\x93\x5c\xc1\x58\x0e\x2b\x0e\xf0\x39\x29\x0f\x87\xad\x62\xe2\x18\x1d\xd2\xbb\x24\xa7\x78\xed\x74\x23\x3d\x39\xc6\xb0\x15\x66\x72\x3d\x38\x6a\xcd\x2f\xf2\x42\x72\x0d\xa9\x5b\xf5\x44\x94\xdb\x06\x51\x6e\x40\xd1\x92\x76\xbe\x27\xf9\xe0\x78\xc7\x62\x1a\xbe\xc7\x9a\xf9\x0b\x12\xfd\x0d\xbf\x62\x8f\xa9\xf9\xa0\x94\x93\x8f\x29\x7a\x8f\x8c\x63\xff\xe5\x7d\x00\x40\x79\x2e\x86\xe8\xd2\x42\x5b\x2a\x50\xd3\x7c\xc1\xab\x39\x75\x22\x7e\xc4\xcd\x85\xc0\x2d\x73\x4b\x8e\xce\x89\x1b\x27\x49\x62\xc1\x13\x34\x9b\x2b\x06\xf2\xea\x19\x7a\xf2\x34\x72\xe2\xd1\xce\x4d\x93\x0c\xf8\x49\xf7\x7e\x61\x9c\x77\xb2\xe9\xb1\xdb\x97\x7c\x04\x0b\x42\x89\x33\xd8\x06\x6b\x59\x31\x28\x3d\x29\x49\xea\x81\x25\xc4\x65\x37\xa3\xe2", 250); *(uint8_t*)0x200072ea = 7; *(uint8_t*)0x200072eb = 0x25; *(uint8_t*)0x200072ec = 1; *(uint8_t*)0x200072ed = 0x5d; *(uint8_t*)0x200072ee = 7; *(uint16_t*)0x200072ef = 7; *(uint8_t*)0x200072f1 = 9; *(uint8_t*)0x200072f2 = 5; *(uint8_t*)0x200072f3 = 5; *(uint8_t*)0x200072f4 = 0; *(uint16_t*)0x200072f5 = 0x400; *(uint8_t*)0x200072f7 = 5; *(uint8_t*)0x200072f8 = 5; *(uint8_t*)0x200072f9 = 0x1f; *(uint8_t*)0x200072fa = 0xb3; *(uint8_t*)0x200072fb = 0xb; memcpy((void*)0x200072fc, "\x0a\x90\x26\x86\x4d\x79\xf2\x1b\x7a\x15\x0b\x9c\xaf\xf6\xd2\x23\x28\x7b\x8c\xa6\x7d\x8d\x62\xad\x24\x44\xad\x8a\xb2\x40\x35\xf8\x7b\xea\x38\x7a\x1c\x63\x16\xcd\xa6\x1d\x7f\x3d\x15\x2b\x50\x7d\xfe\xa1\x3e\xb6\x95\x48\x67\xd2\x49\xc9\x09\xaa\x46\xa7\x31\x77\x1b\xbc\x9d\xe9\x59\xdd\x60\xac\x85\x76\x69\xab\x68\x0a\xaf\x8c\x6f\x94\xb6\x47\x95\xdc\x7e\xc6\x0d\xa5\x53\x2b\xf5\x8f\x6b\xa5\xb8\xc7\x37\x2f\xf5\xf9\x5b\x31\x08\xe2\x9b\x13\xe6\x70\x9f\x81\x50\x16\xd3\x53\xc6\xde\xdb\xf5\x45\xdf\x03\xd5\x87\x4b\xe7\x15\x51\x3c\x36\xff\xfe\xea\x5b\xc1\xdf\x7b\xef\x3b\xf1\x99\x10\xb0\x15\x92\xc2\x35\xf3\xe8\x17\x74\x90\x84\xa3\x8b\xde\x9e\x19\x6e\x27\x37\xcd\xdd\xc6\xdb\xe1\x43\x13\x67\x9a\x0b\xe3\x21\x14\xa9\x35", 177); *(uint8_t*)0x200073ad = 0xcb; *(uint8_t*)0x200073ae = 9; memcpy((void*)0x200073af, "\x0e\x30\xd9\x67\xc4\xc4\x78\x8b\x63\x96\x45\x65\x05\x54\x46\x04\x9b\xb0\x57\xff\xe7\xfa\x48\x41\x37\xed\x94\x0e\xd6\x96\xd3\xdf\x82\x2d\x7f\xda\x84\xe0\x35\xfc\x02\xf2\x79\xaa\x40\x7f\xe5\x17\x92\x45\x64\x73\x44\x0d\xfa\xf2\xf6\xcf\x45\x2e\x0d\x53\x9d\x88\x95\x3e\xfd\xfb\xdb\xea\x71\xa7\xde\xf8\xbd\xc1\x06\xb8\x1f\x32\x5b\x00\xbd\x33\x2a\x3d\xc6\x9c\xba\x43\x29\xc3\x05\xbd\x46\x89\x2b\x30\xd4\x47\xec\xe1\x71\xba\x0b\x4a\x73\xc2\xa0\x8e\x64\x30\xa8\xed\xb6\xcf\xb5\xfb\x7a\xb5\xbc\xe3\x4b\xa2\x38\x5f\xc7\xab\x6a\x5d\x60\x2c\x69\x91\x92\xd9\xa9\x67\xdc\xf2\x55\xd2\xbd\x64\x53\xff\x27\xb3\xe4\x97\x8a\x81\x69\xf8\xf8\xd9\xe1\xd7\x42\xde\xa5\x53\x6e\xe6\xb5\xb8\x41\x1f\x4a\x7e\xea\xf5\x95\x9b\xba\xd4\xa2\x03\xde\x44\xcc\x50\xc1\x5d\x54\xac\x51\x0a\xfe\x7c\x69\xe7\x9f\x40\x14\x36\xdb\xc3\x65\x11\x4c", 201); *(uint8_t*)0x20007478 = 9; *(uint8_t*)0x20007479 = 5; *(uint8_t*)0x2000747a = 0xb; *(uint8_t*)0x2000747b = 0x16; *(uint16_t*)0x2000747c = 8; *(uint8_t*)0x2000747e = 5; *(uint8_t*)0x2000747f = 0; *(uint8_t*)0x20007480 = 3; *(uint8_t*)0x20007481 = 0x5f; *(uint8_t*)0x20007482 = 0xc; memcpy((void*)0x20007483, "\x7a\x83\xaa\x84\x2e\x67\xfc\x4a\x39\x31\x27\x22\xb0\x63\xb2\x9e\xd9\xd2\x08\x58\x58\x08\xb5\xdd\x26\xd2\xc9\x04\x3a\xc3\x04\xdc\x29\x86\x86\xd0\xcd\x8a\x9d\x62\x3e\x67\x8b\x98\x41\x0d\x54\xa5\xab\x43\xa7\x09\xa1\x62\x6f\x4d\x80\x47\x33\x5b\xa6\x2f\x79\x54\x59\x99\x0e\x70\x14\xec\xdc\x10\x49\x38\x63\x80\x36\x6f\x56\xe3\xd1\x0a\xf4\x24\xe1\xef\x08\x7b\x70\x70\xab\xb8\x93", 93); *(uint8_t*)0x200074e0 = 7; *(uint8_t*)0x200074e1 = 0x25; *(uint8_t*)0x200074e2 = 1; *(uint8_t*)0x200074e3 = 3; *(uint8_t*)0x200074e4 = 7; *(uint16_t*)0x200074e5 = 0x401; *(uint8_t*)0x200074e7 = 9; *(uint8_t*)0x200074e8 = 4; *(uint8_t*)0x200074e9 = 0x9d; *(uint8_t*)0x200074ea = 0xba; *(uint8_t*)0x200074eb = 1; *(uint8_t*)0x200074ec = -1; *(uint8_t*)0x200074ed = 2; *(uint8_t*)0x200074ee = 0x73; *(uint8_t*)0x200074ef = 0x7f; *(uint8_t*)0x200074f0 = 5; *(uint8_t*)0x200074f1 = 0x24; *(uint8_t*)0x200074f2 = 6; *(uint8_t*)0x200074f3 = 0; *(uint8_t*)0x200074f4 = 1; *(uint8_t*)0x200074f5 = 5; *(uint8_t*)0x200074f6 = 0x24; *(uint8_t*)0x200074f7 = 0; *(uint16_t*)0x200074f8 = 0xff80; *(uint8_t*)0x200074fa = 0xd; *(uint8_t*)0x200074fb = 0x24; *(uint8_t*)0x200074fc = 0xf; *(uint8_t*)0x200074fd = 1; *(uint32_t*)0x200074fe = 4; *(uint16_t*)0x20007502 = 0x3f; *(uint16_t*)0x20007504 = 0xa0; *(uint8_t*)0x20007506 = 0x81; *(uint8_t*)0x20007507 = 6; *(uint8_t*)0x20007508 = 0x24; *(uint8_t*)0x20007509 = 0x1a; *(uint16_t*)0x2000750a = 0x5118; *(uint8_t*)0x2000750c = 0x30; *(uint8_t*)0x2000750d = 0x15; *(uint8_t*)0x2000750e = 0x24; *(uint8_t*)0x2000750f = 0x12; *(uint16_t*)0x20007510 = 0x200; *(uint64_t*)0x20007512 = 0x14f5e048ba817a3; *(uint64_t*)0x2000751a = 0x2a397ecbffc007a6; *(uint8_t*)0x20007522 = 0xc; *(uint8_t*)0x20007523 = 0x24; *(uint8_t*)0x20007524 = 0x1b; *(uint16_t*)0x20007525 = 0x605; *(uint16_t*)0x20007527 = 0x3ff; *(uint8_t*)0x20007529 = 0x81; *(uint8_t*)0x2000752a = 4; *(uint16_t*)0x2000752b = 0xfffb; *(uint8_t*)0x2000752d = 2; *(uint8_t*)0x2000752e = 0x15; *(uint8_t*)0x2000752f = 0x24; *(uint8_t*)0x20007530 = 0x12; *(uint16_t*)0x20007531 = 0xb9; *(uint64_t*)0x20007533 = 0x14f5e048ba817a3; *(uint64_t*)0x2000753b = 0x2a397ecbffc007a6; *(uint8_t*)0x20007543 = 0xc; *(uint8_t*)0x20007544 = 0x24; *(uint8_t*)0x20007545 = 0x1b; *(uint16_t*)0x20007546 = 0x6e5; *(uint16_t*)0x20007548 = 0x200; *(uint8_t*)0x2000754a = 4; *(uint8_t*)0x2000754b = 0x6e; *(uint16_t*)0x2000754c = 0xce; *(uint8_t*)0x2000754e = 6; *(uint8_t*)0x2000754f = 0xc; *(uint8_t*)0x20007550 = 0x24; *(uint8_t*)0x20007551 = 0x1b; *(uint16_t*)0x20007552 = 0; *(uint16_t*)0x20007554 = 1; *(uint8_t*)0x20007556 = 2; *(uint8_t*)0x20007557 = 0x80; *(uint16_t*)0x20007558 = 6; *(uint8_t*)0x2000755a = 6; *(uint8_t*)0x2000755b = 9; *(uint8_t*)0x2000755c = 5; *(uint8_t*)0x2000755d = 3; *(uint8_t*)0x2000755e = 8; *(uint16_t*)0x2000755f = 0x10; *(uint8_t*)0x20007561 = 8; *(uint8_t*)0x20007562 = 1; *(uint8_t*)0x20007563 = 0x1f; *(uint8_t*)0x20007564 = 0xad; *(uint8_t*)0x20007565 = 2; memcpy((void*)0x20007566, "\xb0\x44\x85\x4e\xe1\x75\xc5\xf2\xbc\x2f\x67\x07\x5f\xf4\xfa\x04\x9f\x4d\xba\x9c\x23\x4b\xe8\xd4\x0e\x89\x5e\x8a\x2a\x79\x19\xb4\x8c\xc6\xc3\x04\x19\x01\x15\xe9\x93\x3e\xb1\xc9\x82\x42\x8c\x3a\x0d\x53\x36\x9e\xf7\x70\x92\xd6\x08\x1a\xa2\xbd\xf5\x46\x3d\xeb\x38\x45\x7f\x1d\x67\x44\xbb\x73\x4f\x03\xeb\xdf\x50\x76\x6b\x49\x53\x5c\x5e\xd1\xb3\x4b\x2e\x12\x85\x7c\x87\xbd\x89\xef\x45\x2a\x92\xeb\x07\x20\xb3\x9c\x06\xbc\x73\x67\xeb\x39\xfc\x6a\x1a\xf3\x7a\x88\x8f\xe0\x71\x01\x14\xe8\x78\x8d\xe4\xc8\x08\xbf\xd1\x19\x32\x6c\x6d\x2c\xf4\x94\x4b\x3a\x56\x89\xd0\x35\x93\x43\x6a\xa1\x07\x7e\xff\x8d\x2c\x94\xbd\x5d\xae\xbc\x9d\x86\xe5\xbb\xef\x65\x64\x04\x38\xb8\xc4\xfa\x73\xd8\x5c\xc7\xb2", 171); *(uint32_t*)0x20007840 = 0xa; *(uint32_t*)0x20007844 = 0x20007640; *(uint8_t*)0x20007640 = 0xa; *(uint8_t*)0x20007641 = 6; *(uint16_t*)0x20007642 = 0x110; *(uint8_t*)0x20007644 = 0x80; *(uint8_t*)0x20007645 = 9; *(uint8_t*)0x20007646 = 1; *(uint8_t*)0x20007647 = 0x10; *(uint8_t*)0x20007648 = 4; *(uint8_t*)0x20007649 = 0; *(uint32_t*)0x20007848 = 0x64; *(uint32_t*)0x2000784c = 0x20007680; *(uint8_t*)0x20007680 = 5; *(uint8_t*)0x20007681 = 0xf; *(uint16_t*)0x20007682 = 0x64; *(uint8_t*)0x20007684 = 6; *(uint8_t*)0x20007685 = 0x14; *(uint8_t*)0x20007686 = 0x10; *(uint8_t*)0x20007687 = 0xa; *(uint8_t*)0x20007688 = 0; STORE_BY_BITMASK(uint32_t, , 0x20007689, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20007689, 0, 5, 27); *(uint16_t*)0x2000768d = 0xf00; *(uint16_t*)0x2000768f = 4; *(uint32_t*)0x20007691 = 0xff0000; *(uint32_t*)0x20007695 = 0xc0; *(uint8_t*)0x20007699 = 0xa; *(uint8_t*)0x2000769a = 0x10; *(uint8_t*)0x2000769b = 3; *(uint8_t*)0x2000769c = 0; *(uint16_t*)0x2000769d = 1; *(uint8_t*)0x2000769f = 0; *(uint8_t*)0x200076a0 = 0x1f; *(uint16_t*)0x200076a1 = 9; *(uint8_t*)0x200076a3 = 0x20; *(uint8_t*)0x200076a4 = 0x10; *(uint8_t*)0x200076a5 = 0xa; *(uint8_t*)0x200076a6 = 0x81; STORE_BY_BITMASK(uint32_t, , 0x200076a7, 5, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x200076a7, 7, 5, 27); *(uint16_t*)0x200076ab = 0; *(uint16_t*)0x200076ad = 0x80; *(uint32_t*)0x200076af = 0; *(uint32_t*)0x200076b3 = 0x3f00; *(uint32_t*)0x200076b7 = 0; *(uint32_t*)0x200076bb = 0xc000; *(uint32_t*)0x200076bf = 0xffc0; *(uint8_t*)0x200076c3 = 3; *(uint8_t*)0x200076c4 = 0x10; *(uint8_t*)0x200076c5 = 0xb; *(uint8_t*)0x200076c6 = 0xa; *(uint8_t*)0x200076c7 = 0x10; *(uint8_t*)0x200076c8 = 3; *(uint8_t*)0x200076c9 = 2; *(uint16_t*)0x200076ca = 0xa; *(uint8_t*)0x200076cc = 0x80; *(uint8_t*)0x200076cd = 1; *(uint16_t*)0x200076ce = 0xf07a; *(uint8_t*)0x200076d0 = 0x14; *(uint8_t*)0x200076d1 = 0x10; *(uint8_t*)0x200076d2 = 4; *(uint8_t*)0x200076d3 = 1; memcpy((void*)0x200076d4, "\x16\xfa\x0c\xbc\xaf\x6e\x45\xfe\xf8\x91\x0f\xb5\x97\xfe\xa0\xeb", 16); *(uint32_t*)0x20007850 = 3; *(uint32_t*)0x20007854 = 0x9e; *(uint32_t*)0x20007858 = 0x20007700; *(uint8_t*)0x20007700 = 0x9e; *(uint8_t*)0x20007701 = 3; memcpy((void*)0x20007702, "\x34\x30\x1c\x3d\x32\xd7\xde\xf4\x67\x07\xec\x19\xf9\xc0\x6b\xbe\xea\x89\x88\x49\xd5\x69\x18\xf2\xd0\xf1\x0b\x7b\x72\x8f\x8d\x23\x2d\xe4\xe1\x22\x3c\xe4\x2f\x7d\x08\x67\x83\xba\x31\x0b\xaa\x68\xa2\x2d\x8a\xcf\xba\x4d\x52\x37\x5a\x16\xda\xca\xc7\x76\x1a\x3c\x95\x20\x92\x9d\x62\x39\xc1\x59\xe1\xda\x18\xcf\xc7\x80\xe3\xba\xe0\xa1\xe4\x74\x40\xbb\x15\xf6\xb6\x2f\x2b\x0e\xd3\x1f\x5c\xf2\x20\x7d\x40\x6b\xf7\x1d\xd3\x0a\x08\x9d\xbd\x71\x99\xbb\xb2\x1b\xfe\xbc\x4e\x35\x5e\xb5\x68\x02\xd9\x54\x25\x1c\xa9\x27\xdd\x11\x05\x1e\x83\xad\x0b\xf0\x91\x42\xb2\x53\x2b\xe8\xb2\x94\x46\x4a\x27\xa0\x75\xc4\xcc\xca\xe1\x91\xca\x85\x10\x49", 156); *(uint32_t*)0x2000785c = 0x15; *(uint32_t*)0x20007860 = 0x200077c0; *(uint8_t*)0x200077c0 = 0x15; *(uint8_t*)0x200077c1 = 3; memcpy((void*)0x200077c2, "\xee\xb2\x63\xc0\x0c\xe5\x8f\x49\x0a\x96\x56\x1b\x62\x60\x8f\xa1\x65\x52\x05", 19); *(uint32_t*)0x20007864 = 4; *(uint32_t*)0x20007868 = 0x20007800; *(uint8_t*)0x20007800 = 4; *(uint8_t*)0x20007801 = 3; *(uint16_t*)0x20007802 = 0x3416; res = -1; res = syz_usb_connect(4, 0xe11, 0x20006800, 0x20007840); if (res != -1) r[21] = res; break; case 44: *(uint8_t*)0x20007880 = 0x12; *(uint8_t*)0x20007881 = 1; *(uint16_t*)0x20007882 = 0x200; *(uint8_t*)0x20007884 = -1; *(uint8_t*)0x20007885 = -1; *(uint8_t*)0x20007886 = -1; *(uint8_t*)0x20007887 = 0x40; *(uint16_t*)0x20007888 = 0xcf3; *(uint16_t*)0x2000788a = 0x9271; *(uint16_t*)0x2000788c = 0x108; *(uint8_t*)0x2000788e = 1; *(uint8_t*)0x2000788f = 2; *(uint8_t*)0x20007890 = 3; *(uint8_t*)0x20007891 = 1; *(uint8_t*)0x20007892 = 9; *(uint8_t*)0x20007893 = 2; *(uint16_t*)0x20007894 = 0x48; *(uint8_t*)0x20007896 = 1; *(uint8_t*)0x20007897 = 1; *(uint8_t*)0x20007898 = 0; *(uint8_t*)0x20007899 = 0x80; *(uint8_t*)0x2000789a = 0xfa; *(uint8_t*)0x2000789b = 9; *(uint8_t*)0x2000789c = 4; *(uint8_t*)0x2000789d = 0; *(uint8_t*)0x2000789e = 0; *(uint8_t*)0x2000789f = 6; *(uint8_t*)0x200078a0 = -1; *(uint8_t*)0x200078a1 = 0; *(uint8_t*)0x200078a2 = 0; *(uint8_t*)0x200078a3 = 0; *(uint8_t*)0x200078a4 = 9; *(uint8_t*)0x200078a5 = 5; *(uint8_t*)0x200078a6 = 1; *(uint8_t*)0x200078a7 = 2; *(uint16_t*)0x200078a8 = 0x200; *(uint8_t*)0x200078aa = 0; *(uint8_t*)0x200078ab = 0; *(uint8_t*)0x200078ac = 0; *(uint8_t*)0x200078ad = 9; *(uint8_t*)0x200078ae = 5; *(uint8_t*)0x200078af = 0x82; *(uint8_t*)0x200078b0 = 2; *(uint16_t*)0x200078b1 = 0x200; *(uint8_t*)0x200078b3 = 0; *(uint8_t*)0x200078b4 = 0; *(uint8_t*)0x200078b5 = 0; *(uint8_t*)0x200078b6 = 9; *(uint8_t*)0x200078b7 = 5; *(uint8_t*)0x200078b8 = 0x83; *(uint8_t*)0x200078b9 = 3; *(uint16_t*)0x200078ba = 0x40; *(uint8_t*)0x200078bc = 1; *(uint8_t*)0x200078bd = 0; *(uint8_t*)0x200078be = 0; *(uint8_t*)0x200078bf = 9; *(uint8_t*)0x200078c0 = 5; *(uint8_t*)0x200078c1 = 4; *(uint8_t*)0x200078c2 = 3; *(uint16_t*)0x200078c3 = 0x40; *(uint8_t*)0x200078c5 = 1; *(uint8_t*)0x200078c6 = 0; *(uint8_t*)0x200078c7 = 0; *(uint8_t*)0x200078c8 = 9; *(uint8_t*)0x200078c9 = 5; *(uint8_t*)0x200078ca = 5; *(uint8_t*)0x200078cb = 2; *(uint16_t*)0x200078cc = 0x200; *(uint8_t*)0x200078ce = 0; *(uint8_t*)0x200078cf = 0; *(uint8_t*)0x200078d0 = 0; *(uint8_t*)0x200078d1 = 9; *(uint8_t*)0x200078d2 = 5; *(uint8_t*)0x200078d3 = 6; *(uint8_t*)0x200078d4 = 2; *(uint16_t*)0x200078d5 = 0x200; *(uint8_t*)0x200078d7 = 0; *(uint8_t*)0x200078d8 = 0; *(uint8_t*)0x200078d9 = 0; res = -1; res = syz_usb_connect_ath9k(3, 0x5a, 0x20007880, 0); if (res != -1) r[22] = res; break; case 45: *(uint32_t*)0x20007b00 = 0x18; *(uint32_t*)0x20007b04 = 0x20007900; *(uint8_t*)0x20007900 = 0x20; *(uint8_t*)0x20007901 = 0x21; *(uint32_t*)0x20007902 = 0x9a; *(uint8_t*)0x20007906 = 0x9a; *(uint8_t*)0x20007907 = 5; memcpy((void*)0x20007908, "\x0a\x16\x8b\x3c\x55\x88\x8f\x31\xc9\x26\xba\x29\x32\xa9\xd1\x37\xd8\xb1\x9a\xc2\x17\xf0\xd2\x22\xe0\x93\x82\x4f\x4b\x30\xec\x9e\x71\xc2\x63\x4e\xe0\xfb\x8f\xc2\x24\xad\xde\xfd\xba\x18\xc2\x2f\x1b\x78\xc6\xb4\x65\x11\x4b\xd2\x24\xc2\xaf\x0a\x37\x95\x37\xea\xe8\x7e\x76\xeb\xd9\x1d\x16\x06\x3f\x2e\xcc\xaf\xd3\x00\x90\x93\x6a\xfa\x29\xeb\xaa\xcd\x35\x08\x2c\xa5\xb7\xa2\xb7\x21\x5d\x54\xc7\x25\x55\x36\xc7\x7b\xd8\xdf\xb3\x4b\xf4\x0e\xc7\x57\x50\x83\x54\x8d\x95\xc5\x67\x77\x3c\xba\xc1\x87\xae\xaa\xf9\x8a\xfe\x5f\x50\x6e\x96\x09\x48\xb7\x5e\x62\xe2\x6a\x16\x57\x25\x84\x1b\x5b\x0c\x64\x36\x4a\x8f\x09\x09\x80", 152); *(uint32_t*)0x20007b08 = 0x200079c0; *(uint8_t*)0x200079c0 = 0; *(uint8_t*)0x200079c1 = 3; *(uint32_t*)0x200079c2 = 0x6e; *(uint8_t*)0x200079c6 = 0x6e; *(uint8_t*)0x200079c7 = 3; memcpy((void*)0x200079c8, "\xb5\xd2\x6a\xf6\x3c\x75\x39\x26\x99\xac\x83\xeb\x6a\xfa\x75\xb9\x21\xd7\x7e\x3f\xcf\x43\xef\x5e\x91\x9d\xf9\xbd\xca\x82\x84\x0c\xaf\x4c\xdf\x52\xbb\x7a\x8a\x23\x93\xa8\xb1\xa2\xa1\xb1\x7f\xc9\xfa\x42\x01\x35\x69\xea\xee\xac\xe8\xc9\x77\xcc\xd3\x08\xe3\x02\x6e\xc1\x28\x87\xb9\xb8\x82\xe4\x06\x8a\xdf\xe6\x9e\x7d\x2e\x10\x48\xa4\x52\x7a\xc6\xea\xb1\x62\xbc\x67\x00\x76\x48\xca\x3d\x0f\x3d\x8c\xeb\x3a\xe6\xff\x58\x09\x38\x04\x65\x4f", 108); *(uint32_t*)0x20007b0c = 0x20007a40; *(uint8_t*)0x20007a40 = 0; *(uint8_t*)0x20007a41 = 0xf; *(uint32_t*)0x20007a42 = 5; *(uint8_t*)0x20007a46 = 5; *(uint8_t*)0x20007a47 = 0xf; *(uint16_t*)0x20007a48 = 5; *(uint8_t*)0x20007a4a = 0; *(uint32_t*)0x20007b10 = 0x20007a80; *(uint8_t*)0x20007a80 = 0x20; *(uint8_t*)0x20007a81 = 0x29; *(uint32_t*)0x20007a82 = 0xf; *(uint8_t*)0x20007a86 = 0xf; *(uint8_t*)0x20007a87 = 0x29; *(uint8_t*)0x20007a88 = 0x80; *(uint16_t*)0x20007a89 = 4; *(uint8_t*)0x20007a8b = 8; *(uint8_t*)0x20007a8c = 2; memcpy((void*)0x20007a8d, "\x01\x8a\x11\xac", 4); memcpy((void*)0x20007a91, "\x98\x3b\x66\xd4", 4); *(uint32_t*)0x20007b14 = 0x20007ac0; *(uint8_t*)0x20007ac0 = 0x20; *(uint8_t*)0x20007ac1 = 0x2a; *(uint32_t*)0x20007ac2 = 0xc; *(uint8_t*)0x20007ac6 = 0xc; *(uint8_t*)0x20007ac7 = 0x2a; *(uint8_t*)0x20007ac8 = 3; *(uint16_t*)0x20007ac9 = 0x10; *(uint8_t*)0x20007acb = 0x20; *(uint8_t*)0x20007acc = 0x1f; *(uint8_t*)0x20007acd = 0x81; *(uint16_t*)0x20007ace = 8; *(uint16_t*)0x20007ad0 = 0; *(uint32_t*)0x20007f40 = 0x44; *(uint32_t*)0x20007f44 = 0x20007b40; *(uint8_t*)0x20007b40 = 0x20; *(uint8_t*)0x20007b41 = 9; *(uint32_t*)0x20007b42 = 0x10; memcpy((void*)0x20007b46, "\xce\xc6\x41\xd8\x1e\x53\xb2\xba\x4e\x01\xec\x10\x75\x8c\x40\xaa", 16); *(uint32_t*)0x20007f48 = 0x20007b80; *(uint8_t*)0x20007b80 = 0; *(uint8_t*)0x20007b81 = 0xa; *(uint32_t*)0x20007b82 = 1; *(uint8_t*)0x20007b86 = 8; *(uint32_t*)0x20007f4c = 0x20007bc0; *(uint8_t*)0x20007bc0 = 0; *(uint8_t*)0x20007bc1 = 8; *(uint32_t*)0x20007bc2 = 1; *(uint8_t*)0x20007bc6 = 0x1f; *(uint32_t*)0x20007f50 = 0x20007c00; *(uint8_t*)0x20007c00 = 0x20; *(uint8_t*)0x20007c01 = 0; *(uint32_t*)0x20007c02 = 4; *(uint16_t*)0x20007c06 = 1; *(uint16_t*)0x20007c08 = 2; *(uint32_t*)0x20007f54 = 0x20007c40; *(uint8_t*)0x20007c40 = 0x20; *(uint8_t*)0x20007c41 = 0; *(uint32_t*)0x20007c42 = 4; *(uint16_t*)0x20007c46 = 0x200; *(uint16_t*)0x20007c48 = 0x40; *(uint32_t*)0x20007f58 = 0x20007c80; *(uint8_t*)0x20007c80 = 0x40; *(uint8_t*)0x20007c81 = 7; *(uint32_t*)0x20007c82 = 2; *(uint16_t*)0x20007c86 = 9; *(uint32_t*)0x20007f5c = 0x20007cc0; *(uint8_t*)0x20007cc0 = 0x40; *(uint8_t*)0x20007cc1 = 9; *(uint32_t*)0x20007cc2 = 1; *(uint8_t*)0x20007cc6 = 0x12; *(uint32_t*)0x20007f60 = 0x20007d00; *(uint8_t*)0x20007d00 = 0x40; *(uint8_t*)0x20007d01 = 0xb; *(uint32_t*)0x20007d02 = 2; memcpy((void*)0x20007d06, "\xd8\x47", 2); *(uint32_t*)0x20007f64 = 0x20007d40; *(uint8_t*)0x20007d40 = 0x40; *(uint8_t*)0x20007d41 = 0xf; *(uint32_t*)0x20007d42 = 2; *(uint16_t*)0x20007d46 = 0x676; *(uint32_t*)0x20007f68 = 0x20007d80; *(uint8_t*)0x20007d80 = 0x40; *(uint8_t*)0x20007d81 = 0x13; *(uint32_t*)0x20007d82 = 6; *(uint8_t*)0x20007d86 = 0xaa; *(uint8_t*)0x20007d87 = 0xaa; *(uint8_t*)0x20007d88 = 0xaa; *(uint8_t*)0x20007d89 = 0xaa; *(uint8_t*)0x20007d8a = 0xaa; *(uint8_t*)0x20007d8b = 0xbb; *(uint32_t*)0x20007f6c = 0x20007dc0; *(uint8_t*)0x20007dc0 = 0x40; *(uint8_t*)0x20007dc1 = 0x17; *(uint32_t*)0x20007dc2 = 6; *(uint8_t*)0x20007dc6 = 1; *(uint8_t*)0x20007dc7 = 0x80; *(uint8_t*)0x20007dc8 = 0xc2; *(uint8_t*)0x20007dc9 = 0; *(uint8_t*)0x20007dca = 0; *(uint8_t*)0x20007dcb = 0; *(uint32_t*)0x20007f70 = 0x20007e00; *(uint8_t*)0x20007e00 = 0x40; *(uint8_t*)0x20007e01 = 0x19; *(uint32_t*)0x20007e02 = 2; memcpy((void*)0x20007e06, "aB", 2); *(uint32_t*)0x20007f74 = 0x20007e40; *(uint8_t*)0x20007e40 = 0x40; *(uint8_t*)0x20007e41 = 0x1a; *(uint32_t*)0x20007e42 = 2; *(uint16_t*)0x20007e46 = 4; *(uint32_t*)0x20007f78 = 0x20007e80; *(uint8_t*)0x20007e80 = 0x40; *(uint8_t*)0x20007e81 = 0x1c; *(uint32_t*)0x20007e82 = 1; *(uint8_t*)0x20007e86 = 0x70; *(uint32_t*)0x20007f7c = 0x20007ec0; *(uint8_t*)0x20007ec0 = 0x40; *(uint8_t*)0x20007ec1 = 0x1e; *(uint32_t*)0x20007ec2 = 1; *(uint8_t*)0x20007ec6 = 9; *(uint32_t*)0x20007f80 = 0x20007f00; *(uint8_t*)0x20007f00 = 0x40; *(uint8_t*)0x20007f01 = 0x21; *(uint32_t*)0x20007f02 = 1; *(uint8_t*)0x20007f06 = 0; syz_usb_control_io(r[22], 0x20007b00, 0x20007f40); break; case 46: syz_usb_disconnect(r[21]); break; case 47: syz_usb_ep_read(r[21], 0x20, 0x53, 0x20007fc0); break; case 48: *(uint8_t*)0x20008040 = 0x12; *(uint8_t*)0x20008041 = 1; *(uint16_t*)0x20008042 = 0x250; *(uint8_t*)0x20008044 = 0; *(uint8_t*)0x20008045 = 0; *(uint8_t*)0x20008046 = 0; *(uint8_t*)0x20008047 = 8; *(uint16_t*)0x20008048 = 0x1130; *(uint16_t*)0x2000804a = 0x3101; *(uint16_t*)0x2000804c = 0x40; *(uint8_t*)0x2000804e = 1; *(uint8_t*)0x2000804f = 2; *(uint8_t*)0x20008050 = 3; *(uint8_t*)0x20008051 = 1; *(uint8_t*)0x20008052 = 9; *(uint8_t*)0x20008053 = 2; *(uint16_t*)0x20008054 = 0x2d; *(uint8_t*)0x20008056 = 1; *(uint8_t*)0x20008057 = 1; *(uint8_t*)0x20008058 = 1; *(uint8_t*)0x20008059 = 0; *(uint8_t*)0x2000805a = 0x20; *(uint8_t*)0x2000805b = 9; *(uint8_t*)0x2000805c = 4; *(uint8_t*)0x2000805d = 0; *(uint8_t*)0x2000805e = 8; *(uint8_t*)0x2000805f = 1; *(uint8_t*)0x20008060 = 3; *(uint8_t*)0x20008061 = 1; *(uint8_t*)0x20008062 = 2; *(uint8_t*)0x20008063 = 1; *(uint8_t*)0x20008064 = 9; *(uint8_t*)0x20008065 = 0x21; *(uint16_t*)0x20008066 = 0x3ff; *(uint8_t*)0x20008068 = 2; *(uint8_t*)0x20008069 = 1; *(uint8_t*)0x2000806a = 0x22; *(uint16_t*)0x2000806b = 0xc2c; *(uint8_t*)0x2000806d = 9; *(uint8_t*)0x2000806e = 5; *(uint8_t*)0x2000806f = 0x81; *(uint8_t*)0x20008070 = 3; *(uint16_t*)0x20008071 = 0x200; *(uint8_t*)0x20008073 = 4; *(uint8_t*)0x20008074 = 0; *(uint8_t*)0x20008075 = 9; *(uint8_t*)0x20008076 = 9; *(uint8_t*)0x20008077 = 5; *(uint8_t*)0x20008078 = 2; *(uint8_t*)0x20008079 = 3; *(uint16_t*)0x2000807a = 8; *(uint8_t*)0x2000807c = 1; *(uint8_t*)0x2000807d = 0xfa; *(uint8_t*)0x2000807e = 0; *(uint32_t*)0x200084c0 = 0xa; *(uint32_t*)0x200084c4 = 0x20008080; *(uint8_t*)0x20008080 = 0xa; *(uint8_t*)0x20008081 = 6; *(uint16_t*)0x20008082 = 0; *(uint8_t*)0x20008084 = 0x11; *(uint8_t*)0x20008085 = 0xf2; *(uint8_t*)0x20008086 = 0x20; *(uint8_t*)0x20008087 = 0xbf; *(uint8_t*)0x20008088 = 0xe3; *(uint8_t*)0x20008089 = 0; *(uint32_t*)0x200084c8 = 0x35; *(uint32_t*)0x200084cc = 0x200080c0; *(uint8_t*)0x200080c0 = 5; *(uint8_t*)0x200080c1 = 0xf; *(uint16_t*)0x200080c2 = 0x35; *(uint8_t*)0x200080c4 = 5; *(uint8_t*)0x200080c5 = 3; *(uint8_t*)0x200080c6 = 0x10; *(uint8_t*)0x200080c7 = 0xb; *(uint8_t*)0x200080c8 = 0x14; *(uint8_t*)0x200080c9 = 0x10; *(uint8_t*)0x200080ca = 4; *(uint8_t*)0x200080cb = 3; memcpy((void*)0x200080cc, "\x81\xb3\xe8\x31\xd0\x5d\x61\x72\x4e\x7e\xfe\x59\xe3\xeb\x35\xa8", 16); *(uint8_t*)0x200080dc = 3; *(uint8_t*)0x200080dd = 0x10; *(uint8_t*)0x200080de = 0xb; *(uint8_t*)0x200080df = 0xb; *(uint8_t*)0x200080e0 = 0x10; *(uint8_t*)0x200080e1 = 1; *(uint8_t*)0x200080e2 = 4; *(uint16_t*)0x200080e3 = 0x20; *(uint8_t*)0x200080e5 = 9; *(uint8_t*)0x200080e6 = 5; *(uint16_t*)0x200080e7 = 0x232; *(uint8_t*)0x200080e9 = 1; *(uint8_t*)0x200080ea = 0xb; *(uint8_t*)0x200080eb = 0x10; *(uint8_t*)0x200080ec = 1; *(uint8_t*)0x200080ed = 6; *(uint16_t*)0x200080ee = 0x40; *(uint8_t*)0x200080f0 = 0x3f; *(uint8_t*)0x200080f1 = 1; *(uint16_t*)0x200080f2 = 0x1000; *(uint8_t*)0x200080f4 = 0x95; *(uint32_t*)0x200084d0 = 0xa; *(uint32_t*)0x200084d4 = 4; *(uint32_t*)0x200084d8 = 0x20008100; *(uint8_t*)0x20008100 = 4; *(uint8_t*)0x20008101 = 3; *(uint16_t*)0x20008102 = 0x437; *(uint32_t*)0x200084dc = 0x94; *(uint32_t*)0x200084e0 = 0x20008140; *(uint8_t*)0x20008140 = 0x94; *(uint8_t*)0x20008141 = 3; memcpy((void*)0x20008142, "\x0a\x2b\x55\xe2\x4c\x1e\x43\x9b\x99\xc4\xa7\xb6\xb7\x8a\x9e\x11\x99\xaf\x0f\xe5\xc7\x7d\x11\x9c\xaa\x1a\x26\x2a\x23\x23\xee\x85\xd4\x4c\xe5\x3c\xbc\x4f\x5b\xbf\x33\x95\xb8\xfc\x42\x68\x91\xdd\x21\xc2\xf6\x97\x20\xe4\x9d\x0f\xad\xd0\x34\xca\x35\x34\xb4\xf5\x2d\xf6\x84\x0f\x02\x75\x70\x5c\x82\x69\xc7\xe7\xfe\x3b\x1f\xeb\x95\x16\xea\xc7\xe5\x87\xde\x92\xb8\x90\x29\x30\x49\x14\xa6\x7f\x5b\xcc\x9f\x23\xf6\x09\x72\xb1\xc0\x3c\x7e\x6d\xd6\x49\x58\x7e\xc7\x80\xe8\x16\xd8\x65\x78\x1d\x19\xc1\x77\x76\x71\x41\x21\xe8\x7c\x91\x73\xfd\x96\xdb\xf3\xbd\xeb\x4b\x5f\x7e\x01\x2b\xb8\x27\x9f\x38", 146); *(uint32_t*)0x200084e4 = 0x44; *(uint32_t*)0x200084e8 = 0x20008200; *(uint8_t*)0x20008200 = 0x44; *(uint8_t*)0x20008201 = 3; memcpy((void*)0x20008202, "\x13\x5e\xa6\x24\x3a\x34\x97\xb7\xeb\x5c\x6f\x4b\xa0\xc3\x8c\x06\x84\x82\x17\xb0\x74\x3b\x8e\x74\xe6\x24\x95\xdd\xd2\x93\xaa\x49\xf0\xd2\x6f\x1b\x86\xbc\xde\x62\x55\x3a\x7e\x58\x7a\xef\x8c\x1e\xf0\xd8\xc1\x2b\xa3\xde\xc7\x57\x6f\x9e\x3e\x4f\x42\xec\xb1\xa1\x75\xca", 66); *(uint32_t*)0x200084ec = 4; *(uint32_t*)0x200084f0 = 0x20008280; *(uint8_t*)0x20008280 = 4; *(uint8_t*)0x20008281 = 3; *(uint16_t*)0x20008282 = 0x2c0a; *(uint32_t*)0x200084f4 = 4; *(uint32_t*)0x200084f8 = 0x200082c0; *(uint8_t*)0x200082c0 = 4; *(uint8_t*)0x200082c1 = 3; *(uint16_t*)0x200082c2 = 0x44b; *(uint32_t*)0x200084fc = 0x31; *(uint32_t*)0x20008500 = 0x20008300; *(uint8_t*)0x20008300 = 0x31; *(uint8_t*)0x20008301 = 3; memcpy((void*)0x20008302, "\x82\xc7\x02\x29\x05\x30\x20\xa3\x24\xb9\x8d\x14\xd5\x7b\x17\xa9\xb3\x44\x0c\x05\x1f\x56\xe3\xed\xd2\xf4\x96\x7b\xa5\x6e\x07\x5a\xa6\xf9\x88\x06\x3d\xe0\x7f\x08\xad\x93\xea\x70\x9b\xa6\x13", 47); *(uint32_t*)0x20008504 = 4; *(uint32_t*)0x20008508 = 0x20008340; *(uint8_t*)0x20008340 = 4; *(uint8_t*)0x20008341 = 3; *(uint16_t*)0x20008342 = 0x423; *(uint32_t*)0x2000850c = 4; *(uint32_t*)0x20008510 = 0x20008380; *(uint8_t*)0x20008380 = 4; *(uint8_t*)0x20008381 = 3; *(uint16_t*)0x20008382 = 0x430; *(uint32_t*)0x20008514 = 0x2c; *(uint32_t*)0x20008518 = 0x200083c0; *(uint8_t*)0x200083c0 = 0x2c; *(uint8_t*)0x200083c1 = 3; memcpy((void*)0x200083c2, "\xcd\x51\x8b\x3d\x76\xf8\x28\xb8\xd2\xd9\x8e\x57\x99\xa8\x29\x49\x6a\xf1\x48\x34\xd2\x49\xdc\x1c\xca\x0a\x1e\xcc\x5e\x98\x7c\x00\x8e\x50\xa3\xde\x8f\x93\x6a\xbd\x87\x28", 42); *(uint32_t*)0x2000851c = 0xa8; *(uint32_t*)0x20008520 = 0x20008400; *(uint8_t*)0x20008400 = 0xa8; *(uint8_t*)0x20008401 = 3; memcpy((void*)0x20008402, "\x95\x7f\xa0\x06\x47\xda\x8d\xf8\x45\x74\x7d\xea\xd5\x48\x2f\x41\x16\xe0\x44\x3b\xcb\x7b\x30\x3c\x0f\xcf\x35\xfc\xd1\x36\x7d\x8a\xd5\xe0\x69\xd0\xa3\x21\x76\x22\xe4\xdb\xe2\x01\x85\x55\xe1\x50\x6d\xad\xe1\xed\x57\x30\x8b\x80\x51\xad\xe8\x15\xe9\x25\x58\x1f\x82\xd3\xf3\xc5\xfe\x1d\xf8\x07\x02\xd0\x2c\x90\x74\xce\x05\x2e\x54\x2c\xf5\xcb\xc1\x0a\x22\xa0\x97\x65\xcb\x02\xc8\x7c\x14\xaa\x57\xb1\x92\xf9\x78\xea\x1a\x60\x02\xb1\x47\x60\x12\xc8\x8c\x87\x4e\x1b\x1c\xb7\xfc\x70\x93\x53\x16\xd3\x43\x00\xdd\xae\x42\x0a\x78\xe2\xe5\x3e\xb5\x30\x02\xf3\xb0\x3c\x9c\xd2\x75\x4b\x8c\xf0\x2f\x98\x41\xf8\xfb\x0e\x16\x8d\xc4\xe0\x0e\xea\x01\x4b\x30\xfe\x68\xa7\x00\xc6\x5c\x0c", 166); res = -1; res = syz_usb_connect(4, 0x3f, 0x20008040, 0x200084c0); if (res != -1) r[23] = res; break; case 49: memcpy((void*)0x20008540, "\x43\x4d\x22\xb9\x8f\x25\x94\x64\x3d", 9); syz_usb_ep_write(r[23], 9, 9, 0x20008540); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } : In function ‘syz_io_uring_setup’: :248:33: error: ‘__NR_io_uring_setup’ undeclared (first use in this function) :248:33: note: each undeclared identifier is reported only once for each function it appears in compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor237193838 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -static -Wno-overflow] --- FAIL: TestGenerate/linux/386/12 (0.24s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define KMEMLEAK_FILE "/sys/kernel/debug/kmemleak" static void setup_leak() { if (!write_file(KMEMLEAK_FILE, "scan")) exit(1); sleep(5); if (!write_file(KMEMLEAK_FILE, "scan")) exit(1); if (!write_file(KMEMLEAK_FILE, "clear")) exit(1); } static void check_leaks(void) { int fd = open(KMEMLEAK_FILE, O_RDWR); if (fd == -1) exit(1); uint64_t start = current_time_ms(); if (write(fd, "scan", 4) != 4) exit(1); sleep(1); while (current_time_ms() - start < 4 * 1000) sleep(1); if (write(fd, "scan", 4) != 4) exit(1); static char buf[128 << 10]; ssize_t n = read(fd, buf, sizeof(buf) - 1); if (n < 0) exit(1); int nleaks = 0; if (n != 0) { sleep(1); if (write(fd, "scan", 4) != 4) exit(1); if (lseek(fd, 0, SEEK_SET) < 0) exit(1); n = read(fd, buf, sizeof(buf) - 1); if (n < 0) exit(1); buf[n] = 0; char* pos = buf; char* end = buf + n; while (pos < end) { char* next = strstr(pos + 1, "unreferenced object"); if (!next) next = end; char prev = *next; *next = 0; fprintf(stderr, "BUG: memory leak\n%s\n", pos); *next = prev; pos = next; nleaks++; } } if (write(fd, "clear", 5) != 5) exit(1); close(fd); if (nleaks) exit(1); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); check_leaks(); } } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\xec\x2e\x7b\xc7\x2e\xa2\x42\xf6\xab\xc3\x2e\xc7\xa5\x13\xc2\xb3\xb3\xfc\x9f\xa5\xe4\x08\x68\x35\xe4\x7b\x30\xab\x60\x2d\x39\xfb\xfc\xa5\x4a\xd3\x43\x8e\x3d\xa0\x34\x5c\x29\xf8\x74\x76\x99\x04\x7e\x06\xc4\x68\x79\xa9\x4b\xef\x8f\xaa\x1b\x93\xde\xdb\xf8\xaa\xf7\x7e\x11\xda\x64\x96\x1b\x42\x92\xbd\x9e\x5b\xca\xe7\x7d\x1a\x4d\xd0\xa3\x71\x11\x49\x6b\x41\xa7\x91\x1a\x28\x6f\x1e\x80\xc8\x37\x42\x0d\x41\x62\x66\xe0\x5a\xaa\x11\x4d\x03\x1b\x68\xc1\xa7\xc7\x15\x37\x86\x9d\x6a\xd2\xad\x7c\x0d\x7d\x5c\xc8\xcc\x72\xc0\x54\x56\x9e\x15\x3d\x41\xd6\x0d\xd7\x49\xe0\x8e\x9c\x07\xb5\xc6\xf0\xdf\xd1\xe3\x9c\x03\xd7\xc0\xd4\xfa\x67\xe2\x8f\x32\x65\x67\xdf\x09\xbf\xdc\xd2\xff\xe2\x0d\x6b\xe1\x7c\xa0\xae\x00\x15\x57\xbf\xda\xf4\x11\x41\x0b\x45\x19\x74\x69\x6a\x32\xad\x65\x6a\x85\xf5\x01\x1f\xad\x89\x1e\xc4\xdd\x2a\xd2\xfa\x76\xeb\x91\x74\x92\xf6\x63\x50\xca\xaa\xe8\xdb\xb7\x62\xa0\xde\x4f\xfa\x4c\x35\xa6\x5f\x1e\xf5\x38\x8b\xeb\x9d\x30\x31\x3e\xb1\x20\x73\xbf\x69\xc5\x1b\x1e\xf1\x26\x97\x1f\x7b\xf2\x52\x51\xb2\x3c\xcd\x12\xb5\x9e\xa1\xde\x15\xe5\x2b\x90\x5e\x61\x46\x10\x40\x89\xd3\x73\x5a\xd0\x0e\x70\xc8\x8e\xb6\x57\x0a\x21\xdb\xa1\x6d\x05\xc8\xd8\x8a\xab\x82\xb9\x93\x3d\xec\x5b\xf6\xc5\x03\xa1\x4f\x1a\xf3\x33\x0e\x9b\xfd\x8e\x9a\xe7\x45\xf0\x46\x90\x53\xae\x9a\xb6\xe4\x6e\x8d\xda\x7c\x7c\x5c\xcc\xe8\x47\xd2\x8e\xf6\x8a\xd5\xd9\xbe\x21\xf2\x6a\xbf\xd6\x78\xfd\x60\x43\xa0\x72\x76\x8c\x0a\xb2\xf3\x18\x02\xc5\xd2\xee\x54\xa4\x26\x05\x3c\xd7\x74\xf7\xa1\x00\x53\x48\x7b\x56\x75\x02\xa4\x26\x2d\x63\xf0\x6f\xf9\x74\x92\xba\xc2\x70\x3c\xef\x66\x47\xc1\x91\x17\xd5\x84\x42\x84\xca\xe7\x94\x00\xe0\xc3\x67\x0d\x51\x75\xf9\x50\x49\x4c\x23\x30\x66\x13\x86\xf1\x0b\x57\xcb\x4b\x6e\xd2\xaa\x81\x12\x0a\x84\x26\x4f\xc9\x6e\xe2\xbf\x81\xd3\x80\xdc\x1c\x1b\xa7\x0d\xe9\x7a\x7f\xcc\x91\xdc\xcc\x42\xec\x90\xb2\x13\xcc\x3d\xb4\xf0\x88\x87\xdf\x8f\xa8\x0c\xb6\x48\x5a\xe8\x9b\x1a\x7d\x77\xb5\xc3\x9d\xcd\xf6\x2d\x79\x3a\x18\xf2\x9b\x5a\xc7\x35\xc0\x7b\x06\xe8\xf0\x09\x8b\xd9\x47\x40\x28\x49\x69\x52\x85\x91\x71\x35\xd2\xf6\x89\x16\x6b\x42\xcd\x14\x59\x9e\xe9\x17\x72\x56\xe7\xe4\x00\xc4\xed\xf7\x31\x7b\x6b\x30\xca\x6d\x9c\x2b\x7f\x28\x39\xf0\x96\xbd\x67\xd3\x34\x3f\xbe\x6c\xaa\x34\xdb\xd4\xb5\xcd\x33\x94\xb7\x07\xb6\x01\x79\x4b\x53\x11\xb2\xbb\x8e\xa8\xf7\x4e\x59\xfb\x66\x78\xa1\xde\x2e\xd8\xde\x44\x3a\x49\xf5\x31\x82\x99\xaa\x8a\x96\xd3\x4b\xa7\x53\xd7\xa8\xf9\xf9\x42\x95\xa4\xb7\xc4\x21\x9b\x5a\x1e\x11\x24\x6e\xbc\x65\x21\xc8\xe1\x86\xdf\x99\x3b\x9d\xa7\x9f\xa2\x39\x4b\x36\xa4\x53\xb0\xc5\xb5\xcc\xb6\xc2\x72\x93\x38\xac\x8e\x3a\x21\x53\xa4\xa3\x01\x2e\x8c\x43\x78\xfc\xbf\xd5\xe8\xb5\x6b\x04\x25\xcc\x23\x6c\x07\x31\x5c\x75\xba\xf6\x2b\xaf\x3b\x3b\x62\xc4\x13\xed\x9f\x5e\xc6\x6f\xf9\x8b\xbb\xe6\x1f\x2b\xda\x90\x6c\x8b\xde\xe0\xce\xc2\xde\x6d\x6e\x25\xa4\x9c\xef\xdf\xe3\xf3\xed\x53\xb1\x15\x41\x78\x39\x8c\x62\x87\xb8\x15\x8e\x1d\x7f\x81\x87\x68\x93\x8c\xcd\xcf\xad\x45\x8e\xe9\xb3\xa6\xea\x9a\x69\xa7\x86\x9d\x05\x95\x5d\xec\x71\xd8\x29\x09\xaf\x3e\x39\x30\xba\xb9\x8c\xd1\x75\x17\xd6\xbb\x16\x41\xce\xb9", 8192); *(uint32_t*)0x20004f00 = 0x20002200; *(uint32_t*)0x20002200 = 0x50; *(uint32_t*)0x20002204 = 0x48262fad; *(uint64_t*)0x20002208 = 0x1000; *(uint32_t*)0x20002210 = 7; *(uint32_t*)0x20002214 = 0x1f; *(uint32_t*)0x20002218 = 9; *(uint32_t*)0x2000221c = 0x200; *(uint16_t*)0x20002220 = 8; *(uint16_t*)0x20002222 = 0x1ff; *(uint32_t*)0x20002224 = 0xbb; *(uint32_t*)0x20002228 = 0xa; *(uint16_t*)0x2000222c = 0; *(uint16_t*)0x2000222e = 0; *(uint32_t*)0x20002230 = 0; *(uint32_t*)0x20002234 = 0; *(uint32_t*)0x20002238 = 0; *(uint32_t*)0x2000223c = 0; *(uint32_t*)0x20002240 = 0; *(uint32_t*)0x20002244 = 0; *(uint32_t*)0x20002248 = 0; *(uint32_t*)0x2000224c = 0; *(uint32_t*)0x20004f04 = 0x20002280; *(uint32_t*)0x20002280 = 0x18; *(uint32_t*)0x20002284 = 0xfffffff5; *(uint64_t*)0x20002288 = 2; *(uint64_t*)0x20002290 = 1; *(uint32_t*)0x20004f08 = 0x200022c0; *(uint32_t*)0x200022c0 = 0x18; *(uint32_t*)0x200022c4 = 0; *(uint64_t*)0x200022c8 = 4; *(uint64_t*)0x200022d0 = 7; *(uint32_t*)0x20004f0c = 0x20002300; *(uint32_t*)0x20002300 = 0x18; *(uint32_t*)0x20002304 = 0; *(uint64_t*)0x20002308 = 6; *(uint32_t*)0x20002310 = 0xfffffffb; *(uint32_t*)0x20002314 = 0; *(uint32_t*)0x20004f10 = 0x20002340; *(uint32_t*)0x20002340 = 0x18; *(uint32_t*)0x20002344 = 0xfffffffe; *(uint64_t*)0x20002348 = 0x401; *(uint32_t*)0x20002350 = 0x101; *(uint32_t*)0x20002354 = 0; *(uint32_t*)0x20004f14 = 0x200043c0; *(uint32_t*)0x200043c0 = 0x28; *(uint32_t*)0x200043c4 = 0xfffffffe; *(uint64_t*)0x200043c8 = 0xffffffffffff8000; *(uint64_t*)0x200043d0 = 0x1000; *(uint64_t*)0x200043d8 = 4; *(uint32_t*)0x200043e0 = 0; *(uint32_t*)0x200043e4 = r[6]; *(uint32_t*)0x20004f18 = 0x20004400; *(uint32_t*)0x20004400 = 0x60; *(uint32_t*)0x20004404 = 0; *(uint64_t*)0x20004408 = 0x8000; *(uint64_t*)0x20004410 = 0x19; *(uint64_t*)0x20004418 = 0; *(uint64_t*)0x20004420 = 0x4b; *(uint64_t*)0x20004428 = 3; *(uint64_t*)0x20004430 = 1; *(uint32_t*)0x20004438 = -1; *(uint32_t*)0x2000443c = 0x10001; *(uint32_t*)0x20004440 = 0x7fff; *(uint32_t*)0x20004444 = 0; *(uint32_t*)0x20004448 = 0; *(uint32_t*)0x2000444c = 0; *(uint32_t*)0x20004450 = 0; *(uint32_t*)0x20004454 = 0; *(uint32_t*)0x20004458 = 0; *(uint32_t*)0x2000445c = 0; *(uint32_t*)0x20004f1c = 0x20004480; *(uint32_t*)0x20004480 = 0x18; *(uint32_t*)0x20004484 = 0; *(uint64_t*)0x20004488 = 0xfffffffffffffffe; *(uint32_t*)0x20004490 = 1; *(uint32_t*)0x20004494 = 0; *(uint32_t*)0x20004f20 = 0x200044c0; *(uint32_t*)0x200044c0 = 0x2a; *(uint32_t*)0x200044c4 = 0; *(uint64_t*)0x200044c8 = 0; memcpy((void*)0x200044d0, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f24 = 0x20004500; *(uint32_t*)0x20004500 = 0x20; *(uint32_t*)0x20004504 = 0; *(uint64_t*)0x20004508 = 0xffffffff; *(uint64_t*)0x20004510 = 0; *(uint32_t*)0x20004518 = 5; *(uint32_t*)0x2000451c = 0; *(uint32_t*)0x20004f28 = 0x200047c0; *(uint32_t*)0x200047c0 = 0x78; *(uint32_t*)0x200047c4 = 0; *(uint64_t*)0x200047c8 = 0xfff; *(uint64_t*)0x200047d0 = 5; *(uint32_t*)0x200047d8 = 0; *(uint32_t*)0x200047dc = 0; *(uint64_t*)0x200047e0 = 0; *(uint64_t*)0x200047e8 = 0xfffffffffffffffb; *(uint64_t*)0x200047f0 = 5; *(uint64_t*)0x200047f8 = 0xfffffffffffffff9; *(uint64_t*)0x20004800 = 1; *(uint64_t*)0x20004808 = 9; *(uint32_t*)0x20004810 = 8; *(uint32_t*)0x20004814 = 0xff; *(uint32_t*)0x20004818 = 5; *(uint32_t*)0x2000481c = 0xc000; *(uint32_t*)0x20004820 = 0x7cc8; *(uint32_t*)0x20004824 = r[7]; *(uint32_t*)0x20004828 = r[8]; *(uint32_t*)0x2000482c = 0xf4a5; *(uint32_t*)0x20004830 = 9; *(uint32_t*)0x20004834 = 0; *(uint32_t*)0x20004f2c = 0x200048c0; *(uint32_t*)0x200048c0 = 0x90; *(uint32_t*)0x200048c4 = 0; *(uint64_t*)0x200048c8 = 0x100000001; *(uint64_t*)0x200048d0 = 5; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0x80000001; *(uint64_t*)0x200048e8 = 1; *(uint32_t*)0x200048f0 = 7; *(uint32_t*)0x200048f4 = 0x100; *(uint64_t*)0x200048f8 = 0; *(uint64_t*)0x20004900 = 0x3ff; *(uint64_t*)0x20004908 = 7; *(uint64_t*)0x20004910 = 6; *(uint64_t*)0x20004918 = 2; *(uint64_t*)0x20004920 = 0x200; *(uint32_t*)0x20004928 = 0x20; *(uint32_t*)0x2000492c = 6; *(uint32_t*)0x20004930 = 0xe07fd01; *(uint32_t*)0x20004934 = 0xc000; *(uint32_t*)0x20004938 = 9; *(uint32_t*)0x2000493c = r[9]; *(uint32_t*)0x20004940 = r[10]; *(uint32_t*)0x20004944 = 8; *(uint32_t*)0x20004948 = 1; *(uint32_t*)0x2000494c = 0; *(uint32_t*)0x20004f30 = 0x20004980; *(uint32_t*)0x20004980 = 0xa8; *(uint32_t*)0x20004984 = 0; *(uint64_t*)0x20004988 = 1; *(uint64_t*)0x20004990 = 0; *(uint64_t*)0x20004998 = 4; *(uint32_t*)0x200049a0 = 0x1a; *(uint32_t*)0x200049a4 = 0x3ff; memcpy((void*)0x200049a8, "bpf_lsm_post_notification\000", 26); *(uint64_t*)0x200049c8 = 2; *(uint64_t*)0x200049d0 = 0x80000000; *(uint32_t*)0x200049d8 = 4; *(uint32_t*)0x200049dc = 2; memcpy((void*)0x200049e0, "#(\\!", 4); *(uint64_t*)0x200049e8 = 2; *(uint64_t*)0x200049f0 = 0x80000001; *(uint32_t*)0x200049f8 = 1; *(uint32_t*)0x200049fc = 0x1ff; memcpy((void*)0x20004a00, "%", 1); *(uint64_t*)0x20004a08 = 2; *(uint64_t*)0x20004a10 = 0xff; *(uint32_t*)0x20004a18 = 1; *(uint32_t*)0x20004a1c = 0x8001; memcpy((void*)0x20004a20, "&", 1); *(uint32_t*)0x20004f34 = 0x20004bc0; *(uint32_t*)0x20004bc0 = 0xc8; *(uint32_t*)0x20004bc4 = 0; *(uint64_t*)0x20004bc8 = 0; *(uint64_t*)0x20004bd0 = 4; *(uint64_t*)0x20004bd8 = 3; *(uint64_t*)0x20004be0 = 9; *(uint64_t*)0x20004be8 = 4; *(uint32_t*)0x20004bf0 = 8; *(uint32_t*)0x20004bf4 = 5; *(uint64_t*)0x20004bf8 = 3; *(uint64_t*)0x20004c00 = 0x800; *(uint64_t*)0x20004c08 = 1; *(uint64_t*)0x20004c10 = 0x10001; *(uint64_t*)0x20004c18 = 8; *(uint64_t*)0x20004c20 = 1; *(uint32_t*)0x20004c28 = 0; *(uint32_t*)0x20004c2c = 0x401; *(uint32_t*)0x20004c30 = 0xfffffff7; *(uint32_t*)0x20004c34 = 0x6000; *(uint32_t*)0x20004c38 = 0x10001; *(uint32_t*)0x20004c3c = r[11]; *(uint32_t*)0x20004c40 = r[12]; *(uint32_t*)0x20004c44 = 6; *(uint32_t*)0x20004c48 = 0xf8; *(uint32_t*)0x20004c4c = 0; *(uint64_t*)0x20004c50 = 3; *(uint64_t*)0x20004c58 = 2; *(uint32_t*)0x20004c60 = 0x1a; *(uint32_t*)0x20004c64 = 9; memcpy((void*)0x20004c68, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f38 = 0x20004e00; *(uint32_t*)0x20004e00 = 0xa0; *(uint32_t*)0x20004e04 = 0xfffffffe; *(uint64_t*)0x20004e08 = 9; *(uint64_t*)0x20004e10 = 4; *(uint64_t*)0x20004e18 = 0; *(uint64_t*)0x20004e20 = 0x3ff; *(uint64_t*)0x20004e28 = 0x80000000; *(uint32_t*)0x20004e30 = 0xfffffffd; *(uint32_t*)0x20004e34 = 8; *(uint64_t*)0x20004e38 = 1; *(uint64_t*)0x20004e40 = 7; *(uint64_t*)0x20004e48 = 0x401; *(uint64_t*)0x20004e50 = 7; *(uint64_t*)0x20004e58 = 0; *(uint64_t*)0x20004e60 = 5; *(uint32_t*)0x20004e68 = 7; *(uint32_t*)0x20004e6c = 6; *(uint32_t*)0x20004e70 = 0x40; *(uint32_t*)0x20004e74 = 0xa000; *(uint32_t*)0x20004e78 = 0x800; *(uint32_t*)0x20004e7c = r[13]; *(uint32_t*)0x20004e80 = r[14]; *(uint32_t*)0x20004e84 = 0x8001; *(uint32_t*)0x20004e88 = 0; *(uint32_t*)0x20004e8c = 0; *(uint64_t*)0x20004e90 = 0; *(uint32_t*)0x20004e98 = 0; *(uint32_t*)0x20004e9c = 0; *(uint32_t*)0x20004f3c = 0x20004ec0; *(uint32_t*)0x20004ec0 = 0x20; *(uint32_t*)0x20004ec4 = 0xfffffffe; *(uint64_t*)0x20004ec8 = 1; *(uint32_t*)0x20004ed0 = 5; *(uint32_t*)0x20004ed4 = 4; *(uint32_t*)0x20004ed8 = 5; *(uint32_t*)0x20004edc = 1; syz_fuse_handle_req(r[5], 0x20000200, 0x2000, 0x20004f00); break; case 26: memcpy((void*)0x20004f40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20004f40); break; case 27: syz_init_net_socket(3, 3, 0xca); break; case 28: res = -1; res = syz_io_uring_complete(0); if (res != -1) r[15] = res; break; case 29: *(uint32_t*)0x20004f84 = 0x2b11; *(uint32_t*)0x20004f88 = 1; *(uint32_t*)0x20004f8c = 1; *(uint32_t*)0x20004f90 = 0x5b; *(uint32_t*)0x20004f98 = r[5]; *(uint32_t*)0x20004f9c = 0; *(uint32_t*)0x20004fa0 = 0; *(uint32_t*)0x20004fa4 = 0; res = syscall(__NR_io_uring_setup, 0x19b4, 0x20004f80); if (res != -1) r[16] = res; break; case 30: *(uint32_t*)0x20005004 = 0x208b; *(uint32_t*)0x20005008 = 4; *(uint32_t*)0x2000500c = 0; *(uint32_t*)0x20005010 = 0x355; *(uint32_t*)0x20005018 = r[16]; *(uint32_t*)0x2000501c = 0; *(uint32_t*)0x20005020 = 0; *(uint32_t*)0x20005024 = 0; syz_io_uring_setup(0xf44, 0x20005000, 0x20ffa000, 0x20ffb000, 0x20005080, 0x200050c0); break; case 31: *(uint32_t*)0x20005104 = 0x7b7; *(uint32_t*)0x20005108 = 2; *(uint32_t*)0x2000510c = 3; *(uint32_t*)0x20005110 = 0x202; *(uint32_t*)0x20005118 = -1; *(uint32_t*)0x2000511c = 0; *(uint32_t*)0x20005120 = 0; *(uint32_t*)0x20005124 = 0; res = -1; res = syz_io_uring_setup(0x22f7, 0x20005100, 0x20ffb000, 0x20ff8000, 0x20005180, 0x200051c0); if (res != -1) r[17] = *(uint64_t*)0x20005180; break; case 32: *(uint8_t*)0x20005240 = 0xb; *(uint8_t*)0x20005241 = 1; *(uint16_t*)0x20005242 = 0; *(uint32_t*)0x20005244 = 0; *(uint64_t*)0x20005248 = 6; *(uint32_t*)0x20005250 = 0x20005200; *(uint32_t*)0x20005200 = 0; *(uint32_t*)0x20005204 = 0x3938700; *(uint32_t*)0x20005254 = 1; *(uint32_t*)0x20005258 = 1; *(uint64_t*)0x2000525c = 1; *(uint16_t*)0x20005264 = 0; *(uint16_t*)0x20005266 = 0; *(uint8_t*)0x20005268 = 0; *(uint8_t*)0x20005269 = 0; *(uint8_t*)0x2000526a = 0; *(uint8_t*)0x2000526b = 0; *(uint8_t*)0x2000526c = 0; *(uint8_t*)0x2000526d = 0; *(uint8_t*)0x2000526e = 0; *(uint8_t*)0x2000526f = 0; *(uint8_t*)0x20005270 = 0; *(uint8_t*)0x20005271 = 0; *(uint8_t*)0x20005272 = 0; *(uint8_t*)0x20005273 = 0; *(uint8_t*)0x20005274 = 0; *(uint8_t*)0x20005275 = 0; *(uint8_t*)0x20005276 = 0; *(uint8_t*)0x20005277 = 0; *(uint8_t*)0x20005278 = 0; *(uint8_t*)0x20005279 = 0; *(uint8_t*)0x2000527a = 0; *(uint8_t*)0x2000527b = 0; syz_io_uring_submit(r[17], 0, 0x20005240, 7); break; case 33: memcpy((void*)0x20005280, "/dev/btrfs-control\000", 19); res = syscall(__NR_openat, 0xffffff9c, 0x20005280, 0x2100, 0); if (res != -1) r[18] = res; break; case 34: *(uint32_t*)0x20005300 = 0; *(uint32_t*)0x20005304 = 0x200052c0; memcpy((void*)0x200052c0, "\x35\xac\x4c\x65\xd5\xd9\x24\x44\x3c\x56\xd3\xcd\xca\xcf\xf7\x45\xb9\xdf\x2c\x8d\x85\x5f\x77\xc7\xe8\xfb\x87\x5f\xc4\xc8\x39\x83\xf4\xec\x40\x4e\x6a\xd2\x10\xd7\x4b\x41\xfc\x04\xcd\x89\xa8\x8b\xc3\xb3", 50); *(uint32_t*)0x20005308 = 0x32; *(uint64_t*)0x20005340 = 1; *(uint64_t*)0x20005348 = 0; syz_kvm_setup_cpu(r[18], r[15], 0x20fe8000, 0x20005300, 1, 0, 0x20005340, 1); break; case 35: *(uint32_t*)0x20005384 = 0x8a2; *(uint32_t*)0x20005388 = 4; *(uint32_t*)0x2000538c = 0; *(uint32_t*)0x20005390 = 0x30f; *(uint32_t*)0x20005398 = -1; *(uint32_t*)0x2000539c = 0; *(uint32_t*)0x200053a0 = 0; *(uint32_t*)0x200053a4 = 0; res = -1; res = syz_io_uring_setup(0x2a84, 0x20005380, 0x20ffc000, 0x20feb000, 0x20005400, 0x20005440); if (res != -1) r[19] = *(uint64_t*)0x20005400; break; case 36: *(uint32_t*)0x20005480 = 1; syz_memcpy_off(r[19], 0x114, 0x20005480, 0, 4); break; case 37: memcpy((void*)0x20006580, "./file0\000", 8); res = syscall(__NR_stat, 0x20006580, 0x200065c0); if (res != -1) r[20] = *(uint32_t*)0x200065d0; break; case 38: memcpy((void*)0x200054c0, "afs\000", 4); memcpy((void*)0x20005500, "./file0\000", 8); *(uint32_t*)0x20006540 = 0x20005540; memcpy((void*)0x20005540, "\xd2\xc8\x4e\x32\xfc\xd2\x5d\x6d\x0c\x83\x4d\xb2\x19\x8a\x08\xcf\x7b\xf0\x74\xc8\x96\xdf\x4f\x91\xd7\xd7\x89\x08\x93\x10\xa8\x83\xa2\x32\xfe\x7e\x05\x8e\x17\x5a\xb0\x04\xde\xc5\x36\xa4\xe1\xd5\x8f\xdc\x29\x54\xa5\xc2\x6e\x70\x2e\xb2\xfb\x50\xfc\x05\x8d\x18\xcb\x90\xbb\xda\xdc\xc9\xfd\xa0\x26\x22\x81\xbb\x9f\xb6\x99\x6f\x60\x89\xe3\x36\xed\xea\xf5\xfb\x57\x28\x44\x7a\xf3\xd6\x5c\xc0\x3e\xb9\x4b\x3d\xc3\xeb\x1e\x24\xdc\x78\x41\x32\xc9\xd0\x36\xe4\x6f\xc3\x14\x6c\xdf\x58\xc1\x75\xe6\x5d\xcc\x7f\x39\x81\x44\x35\x7d\xd2\x5c\x15\x67\x11\x32\x17\xeb\x9b\x2a\xbd\xff\x8c\xb8\x21\x15\xea\x31\xf8\x41\xa3\x77\xb7\x75\xf7\x9f\xa8\x9a\x60\x47\x95\xf4\x87\x60\x5d\x74\x0e\xc6\x46\xd1\x4f\x9b\x80\x80\xf5\x1b\x8e\x24\xea\x8d\x62\x1e\x25\xf3\xcf\xc2\xd9\x27\x9b\x47\xfe\x3e\xa7\xe4\xd2\xb3\x07\x16\xa1\x8f\x68\x44\x3b\x23\x7e\x6b\x15\x2a\xba\xa0\x9d\xc6\xbf\x3b\x13\x01\xad\xfc\xd3\x7b\x9a\x8c\x06\x3c\x83\x0e\x37\x9a\x72\xbd\xb3\x82\x5b\x32\xf5\x3f\xfe\x10\xc7\xda\x81\xc3\x44\xd8\xe9\x8b\x62\x36\x37\x27\xdc\x41\xf0\x50\xfb\x6f\x44\x0d\x3a\x4b\x44\xe8\x49\xa7\x06\xae\xad\x91\x91\x85\x86\x5e\x74\xf9\x4d\x13\xe7\x38\x44\x80\x75\x4a\x1d\x69\x50\x22\xfd\xc2\x16\xe4\x13\xb1\x36\x2a\xdd\x89\x47\xe0\x9f\x4b\x87\xc0\xfa\x05\xd9\x68\x65\xe5\x4d\xf5\x74\x65\x10\x2f\x90\x49\xa0\xb3\x8f\x48\x0f\xd6\x23\xee\x12\x1c\xd6\x35\xc7\x20\xf5\xce\x66\x07\x20\x9d\x0a\x3b\x39\x42\x65\x4e\x73\x81\xc9\x41\xe5\x6e\x7a\x74\xf4\xe0\x36\xe3\xed\xce\x82\xb5\x59\x3a\xed\xab\xf8\x6d\xca\x3e\x49\x25\x33\x36\xc8\x06\xbf\xec\xec\x26\x94\x29\x4d\x19\xc9\x59\xc3\x86\xef\xb8\x38\xab\xdf\x2b\x43\x78\x6c\x09\xbe\xec\xfa\xbf\x72\x3e\x0b\x24\x3a\x8e\xa4\x72\xf6\x3d\xf6\x2e\xd1\x73\x87\x59\x03\x29\x19\xac\x09\xa1\xc1\xcf\x7d\x8f\xe3\x37\x65\x0c\x37\xbb\xec\x02\xb5\x8a\x30\x98\xd1\x47\x8a\x5d\x3a\xbb\x8e\xda\x06\x90\xc8\xa5\x34\x7e\x86\x0b\x57\xd0\x27\x7e\x64\x24\x81\x3e\x06\xf7\x08\x3f\xe3\x25\x3c\x08\x60\x53\x7c\x76\x68\x8c\x88\x77\x79\x51\x38\xe0\xf9\xb2\xe5\x57\xa6\xec\xc9\x98\x60\x24\xc4\xbb\x77\x21\xec\xca\x04\xbc\x92\x2b\x87\xb3\x0c\x1e\x54\x6b\x09\x40\x80\xfb\x15\x94\x64\x2a\x4e\x08\x8c\x3b\x65\xad\xb3\x65\x5f\xcc\x92\x52\xf7\x53\x21\x21\x01\xf4\x17\x30\xad\x16\x42\x78\x7e\x7f\xbe\x39\xe5\xfb\x4f\x91\xcf\x2c\x0d\x84\xd0\xec\x80\x11\x2a\x97\x41\xc0\xfc\x9c\x4b\xfe\x1c\x41\x3e\x0a\x23\x71\x4d\xe7\xeb\x4b\xa7\xe9\x8c\x1c\x25\xed\x3b\xd4\x1b\xa2\xf3\x2f\xa0\xb6\x7f\xd6\x42\xa0\x0e\x13\x4d\x02\x72\x2f\x26\x80\x56\xce\x1c\x62\xf6\x82\xf0\x90\x9b\xbd\x6f\xd3\x89\x6c\x3e\x37\xac\xe1\x8d\x4d\x8e\x97\x88\x05\x7d\xc4\x5b\x27\x57\xb6\x64\x62\x05\xea\x11\xc4\x35\x01\x00\xda\xe7\xcc\xc8\x65\x35\x47\x0b\x4d\x03\x47\xd6\x99\x08\x12\x50\x6e\x3a\x98\x16\xcb\xe2\x8c\x50\xa2\x9a\xb3\xa7\x1e\x05\x0e\xe8\xff\x4c\x8a\x0a\x9c\xdf\x14\x6b\x6e\x6f\x97\x64\x18\xb0\x8d\x12\x3e\xf3\x72\x8a\xa2\x8f\x40\x8f\xab\xc5\x78\xe6\x0c\x7b\xdf\xff\x0d\x18\xad\x41\x6e\xd6\x6d\x5b\xbc\x66\xae\x3a\xb2\xfd\xc0\xa4\xd7\xc7\xac\x14\xf7\x92\xf2\xeb\xaf\x91\x9c\x65\xc1\xf1\x01\x77\x88\x3c\x3d\xbd\xb5\x81\x52\x6f\x72\x86\x93\x62\x03\xb6\x46\x77\x06\x0a\x5a\xf5\xe3\xe3\xdd\x98\x49\x64\x80\x0d\x58\xc4\x6c\x55\xd8\x68\x81\xbe\x8c\x1d\xef\x9f\x95\x79\x53\xf0\xa4\x07\x8a\xc1\x76\x16\xa3\xb9\x4e\xb7\xb0\x26\xb1\x2e\x34\x6f\x8d\x8c\xfb\x13\x91\x91\x9e\x38\xf4\xd5\x09\x0a\xb9\xbf\x15\x5b\x7d\x9c\xfd\xeb\xd3\x63\xa0\x9c\xed\x58\x8f\x68\x21\x86\x7e\xe8\x53\x8d\xc4\x23\x47\xfd\x7f\xaa\x82\x99\x8f\xff\xf2\x8d\x7f\xa3\x43\x26\xea\x5c\x6e\xc3\x0e\xdf\x69\xc6\x24\x60\x7d\xd8\x2a\x56\x7d\xf7\x6f\x27\x3d\x10\x52\x20\x88\x4d\xb7\x18\x70\x28\x5d\x7d\xc9\xf4\x88\x07\x77\xee\x0f\xb6\xbc\xe6\x71\xa5\x83\xb8\x21\x2b\xab\xb7\xdf\xba\x86\xc7\x93\xa8\x6f\xd8\x8e\xe0\x42\xeb\x4d\xca\xb1\x0f\xbd\xc2\xfb\xdf\xc0\x35\x2d\x4b\x82\x3c\x80\xb3\x14\x76\x66\xe3\xa8\xc6\xe0\xb7\x4a\x6e\x39\xba\xf5\xa9\x26\xd8\x61\xd3\x9c\xed\x6c\x15\x09\x9d\x57\xc6\x44\xde\x45\x63\xde\xef\x39\xd8\x49\x86\x2a\x02\x07\x1f\x29\x56\x78\x71\x12\xf6\xe8\xe6\xb3\x24\xdf\x79\x45\x1e\x48\x33\x4c\xe3\x09\x74\x95\x59\x48\xe2\xfa\xd7\x87\xcc\xc6\x1a\x67\x5d\xb6\x65\x4d\xa2\x72\x1d\x2e\x27\xfd\xa6\x23\xae\xec\xc0\xe9\xc6\x47\x62\xf7\x44\x26\xc5\x66\xaf\x7c\xc2\x34\x77\x3e\x9f\x7b\x30\x24\x06\xff\x85\xa4\xad\x15\xd9\x48\xb7\x73\x64\xfb\x27\x42\xdb\x1d\x0c\xee\x24\xef\x37\x29\xf3\xb4\x0e\x7f\x7f\x0e\x1a\x89\x1c\x4a\x21\x3f\x59\x0e\x80\x4d\x30\x93\x58\xf1\xcb\x93\xf2\x1c\xd1\x74\xc3\x74\xfc\x35\x5d\x87\x30\x28\xa2\xe4\xf5\x16\x4f\x24\xb3\x5c\x52\x81\x44\xfe\x7c\x32\xb9\xe6\xa2\xac\x0f\x04\xe6\x0f\x11\x01\x3c\x3c\xae\x20\x42\x0b\x11\xe2\xeb\xad\x83\xa7\xe5\x71\x02\x27\x38\x2d\x72\x52\x5f\xc5\x2a\x8c\x8f\xb6\x49\x8a\xc2\x1e\x91\x31\x74\x22\x7c\x65\xe8\xc5\x87\x6a\xd6\xfc\x49\xb2\xc1\xed\x73\x3e\xa1\x86\xe9\xf4\xf5\x76\x6f\x39\x32\x56\x42\xf8\xa0\xb7\x22\x12\x92\xc5\xb0\x17\x99\x04\xb3\x39\x34\xb6\xfc\xb7\xa6\x4f\x17\x05\xad\x70\x02\x66\x24\x2f\xaf\x54\xcb\xf6\x3d\x25\x49\xd4\xf3\x05\x4c\xe1\x68\xe1\x75\x00\xf5\xf5\xc3\xca\x1e\xde\xfd\xb0\xc6\x0c\x2b\x4f\xb0\x1d\x7d\x0f\xc0\x7d\x86\x67\xe1\x0f\x2f\x80\xcc\x7b\x50\xae\x2e\xd5\x74\xfc\xd3\xf7\x77\x5a\xe1\x7a\x20\x05\x14\xfb\xb2\x19\x51\x80\xe3\x5d\x90\xb8\x94\xdf\x9a\x1c\x35\x54\x00\x73\x82\x47\xda\xf3\x15\xb7\xe1\xcf\x1c\xac\x31\x97\xec\x0d\x74\xd1\xe4\x41\x0c\xaf\x94\x35\xfd\x14\x95\x72\xc1\x8a\x7d\x92\xee\xbb\xc7\x96\x3f\x14\x50\x73\x8e\xc0\x54\x32\x52\x64\x09\x40\xef\x1c\x8c\xe2\x5c\x80\xab\x9e\xd7\x2e\x67\x0b\x40\x23\xe5\xe1\x36\x31\x42\xb4\x31\x44\xbe\x12\xe9\x95\x55\x4a\xf2\x43\x1b\x2e\x5a\x8e\x2a\x45\xc7\x6c\xa7\xe3\x1a\x92\x2c\x59\x2a\x6d\x1c\x5a\x7e\xa9\x40\x36\x5f\xdc\x48\xe1\xb2\xc7\x3f\x66\x18\x65\xdc\x4e\x90\xd0\x8d\x5a\x2c\x4d\xb6\xbc\x5e\x01\x86\xf2\x37\x45\x1d\xfc\x14\xbc\x76\xf0\xdd\x98\x04\x8e\xf9\x9a\x1a\x1c\xb1\x5c\x1b\x53\xbc\xc9\x25\x49\x2b\x87\x1f\xa7\xdb\xe2\xe8\x72\xf9\x35\x85\x24\x8d\x0f\x2b\xf9\x15\x52\x15\x7b\xf5\x57\x8c\xbf\x1b\x65\x3f\x9d\x36\xcc\x95\x2b\x54\xb0\x09\x26\x83\x57\x7c\x5b\xa1\x59\x26\x6a\x5d\xf6\x6e\x74\x94\x62\xe4\xfc\x5a\x06\xd1\xc2\x65\x64\x63\x59\x26\x13\x8d\x9a\x99\x80\x51\x9e\x5d\x73\xbf\xb8\x52\x26\x55\xeb\xc0\x7c\xc8\x11\xc0\x56\xa0\x35\x31\xeb\x29\x3d\x47\x9c\x95\xf7\x13\x75\xea\x29\x3c\x0f\x18\x60\x49\x9e\xa9\x87\x18\xa3\x75\x00\xc5\x4a\x29\xfd\x9b\x8d\x01\x97\x71\x06\x1f\x77\x87\x60\xfd\xec\x9e\x6f\xac\x3d\x3c\x83\x1a\xee\x19\xb5\x6c\x0a\x19\x47\xa0\x89\x65\x3a\x15\xc2\x87\x70\x8e\x84\x6e\xd6\x5e\x1c\x9d\xc4\x92\x9c\xbb\x44\x33\x38\xa9\x36\xfd\x37\x26\xb3\xa0\xce\x78\x71\xac\x3c\x8c\xd3\x26\x00\x77\xb5\xc9\x8d\x98\xaf\xb5\x33\xd2\x5a\x8b\x42\x98\x9b\x7e\xe5\x27\x4f\x72\xe6\x10\x90\xb9\x04\x36\xb3\x2d\xe2\x76\xbc\x86\x6e\x6b\x8c\xd2\x57\x60\xdd\xc6\xa4\x97\xc9\xe8\x4d\x7e\x85\xa8\xc5\xdb\x0d\xf2\x22\x29\x6a\x3a\xa3\x62\x40\xa7\xb7\x6b\x9d\xbf\xb2\x49\x64\x77\xa9\x71\x6d\x80\x05\x00\x52\xce\x3a\x47\x36\xfb\xcf\xff\x5e\xe6\x34\x22\x52\x8b\xe6\xb0\xa4\x78\xec\xc7\x80\x3e\x22\x7f\x88\x0e\x4f\xd0\x7d\xc6\xde\x88\x48\x5a\x39\x81\xe0\x91\x70\xf8\x91\x84\xcf\x62\x97\x04\x9c\xc3\x01\x75\x51\x9f\x73\x09\x43\x4b\x96\xbc\x1b\x09\x6e\x05\xff\x02\x87\xca\x29\x92\x96\x24\xe1\xc6\xf4\x27\x0e\x89\xe9\xbc\x1b\x4c\x27\x82\xf5\x8b\x9a\x36\x0a\x00\x81\x45\xd8\x08\x33\x70\x08\x6a\x13\x14\xc9\x2a\x61\x03\xb2\x06\xb6\xcd\x0f\x6e\x63\x41\x6b\x35\xe7\x53\xb7\x09\xa6\x3a\x9a\x41\xd6\x13\xcb\x99\x7e\x55\xa6\x3f\xbf\xf2\x8c\x05\x73\xba\x2b\x64\xbf\xbc\xb0\xec\x3d\xfc\x5c\x9d\xd1\x34\xf0\xf2\xeb\x51\x15\x1e\xb2\x83\x10\xe3\xdd\x7f\x8a\xe8\x16\xf8\x66\x95\x90\x8a\xc6\xdf\x04\x80\x4e\x01\xf5\x3e\x40\x2b\xcc\x44\x5e\x17\x0c\xf2\x61\x0e\x1e\x32\xd0\x2f\x9e\x0d\x81\x49\x98\x76\xc1\x38\x3e\xec\x77\x81\x5b\x13\x59\x46\x2d\x8f\x4f\x50\x08\xaf\x8b\xb6\x1a\xe3\x58\xd8\x3c\x07\x54\xb5\x2d\x3c\xeb\x9b\x22\xc0\xa1\xb3\x5a\xfd\x92\x1e\x00\xc1\xd0\x6c\xf5\x4f\x88\x2e\x14\x5b\xd6\x08\x45\x1c\xe8\xda\x2c\x80\x81\xe2\x7e\x9c\x8d\x08\x6b\x80\x97\xd4\xf7\x7f\x1c\x33\xf5\x02\x4e\xd7\xd8\x78\xc1\x29\xe5\x34\x05\x6b\x89\xea\x2d\x14\xbd\x70\xd0\xca\x78\x9c\x7e\x29\xcc\xd3\xd2\x7a\xf1\xc6\x05\x8e\x26\x6c\x29\xe2\xfc\xd6\xf0\x4b\xa5\xa3\xd9\xe2\xc1\x16\xf0\x4c\x40\x73\x37\x96\xa1\xfe\x1c\x01\xa0\x4f\x06\x22\x2c\xce\x35\x90\x01\x53\x1b\x1c\x8f\x61\x3d\x45\x20\x83\xde\xe5\x08\x86\x01\x7a\xca\x82\x21\xa9\xa3\x06\x6e\x77\x68\x7b\x3f\xbe\xb0\xe4\x61\x92\x1f\x29\x21\xba\xf1\xa6\x69\x3e\xf0\x37\xa1\xd8\x56\x5a\x18\x04\x1b\x31\xc2\x66\xfb\x22\x5d\xd1\x74\x84\x8a\x84\x9f\xd1\x8e\x4b\x4b\xfd\x97\x23\x15\xd9\xf6\xff\x65\x29\x4f\x83\x74\xe7\x4f\x8d\x48\xbc\x17\xb6\xbe\xff\x62\xc1\x01\x2b\x5b\x04\x7f\x85\xea\x95\x6f\x50\xe1\x84\xa2\x95\xd1\xb1\x3e\x02\xb8\xe3\x5e\xa2\x4a\x1c\x80\x3a\xb1\x3a\x2a\x32\x85\xdd\xc0\xc3\x58\xd3\x01\x36\x2f\x70\x26\x7e\x7c\x6f\xd8\x25\x25\x24\xbe\x99\x3c\x0b\x61\x3c\x88\x05\x82\xf2\x85\x5f\x66\xa5\x17\xaf\x4d\xf5\x4e\xfa\x63\x58\x1f\xdb\xf3\x2b\x21\x0a\x21\x37\x55\x32\x3c\xab\x26\xdb\xc9\x1d\x85\x03\xac\x84\x2f\xa7\xca\x11\xec\x4d\xc0\xb0\x17\x1a\x3b\x7d\xc5\x1e\xd7\x63\xa7\x34\x82\x4d\x15\xfe\xb4\xa8\x0d\x6b\xfa\xf8\xf7\xd2\xfc\x82\x9b\xfe\x8d\x0b\x4b\x1b\xb4\x28\xcd\xa0\xe9\x6e\x11\x7c\x87\xa3\x81\x60\x83\x7c\xd2\x31\x56\xaf\x49\x8e\x00\x60\x31\x91\x61\x7e\xcc\x06\xa9\xa1\x6e\xb9\x33\xf2\x21\x5e\x8a\x86\xf2\xfe\x3f\x62\x9c\xa1\xd1\x45\x61\x5d\xa9\x57\xbb\xa3\xe1\xdf\x17\x9a\x07\xab\xc4\x88\x9d\x95\x61\x8f\x14\x5a\xca\x14\xe0\xd8\x85\x5f\x60\xff\xa5\x73\x34\x89\xb7\x12\xf0\x54\x42\xc0\xfd\xd2\x63\xea\xa0\x6e\xfa\x9e\x81\xcf\x2e\xb2\x98\x29\xb8\x82\x69\xc6\x53\xaa\x89\xeb\x93\x5a\x6b\x98\xe6\x5e\x46\xc6\x23\xfe\x8d\xe2\x1c\x25\x07\x66\x06\x05\x29\x15\xdc\x7d\xc9\x8e\xbc\xe6\xa7\x55\xae\x43\xb5\x57\x46\x00\x73\xd9\x4c\x8a\x44\xf6\xb6\xf6\x3a\x8a\x86\x6c\xdb\x47\x59\x15\xf4\xab\x00\xe5\xc5\x07\x2c\x1a\xe6\x10\xa8\x00\xea\x8f\xa8\x14\x7c\x96\x68\x6c\x30\x77\xcd\xfe\x0d\x9c\x77\x05\x84\xf2\x17\xfa\xc4\x7e\x64\xe5\x17\x4b\x9e\xb0\xc6\x8c\xa1\x47\xc2\x33\xde\xc2\x5c\xc2\x42\xe8\xe4\x3e\xe7\x39\x4c\x78\x76\xd2\x5e\x04\x0f\xfe\x89\xac\x1f\x6b\x2a\xa2\x40\xb6\x66\x8f\xfc\x89\x83\xfb\x86\x24\xe6\x0b\x3c\xb9\x91\x1f\xc8\x24\x0d\x9d\x8c\xe3\x50\xa8\x92\x45\x42\x04\x96\xae\x75\x76\xe1\x4b\x57\x72\x7a\x52\xe5\x55\xc9\xc8\x8d\xdd\x5c\x53\xca\x3f\xde\xe8\x83\x41\x46\x4e\x83\xdc\x59\xae\x9d\x6e\x17\xf5\xf2\xf7\x63\xa3\x8c\x93\x7e\x32\x53\x32\xea\xc2\x56\x31\xcf\x83\x15\x0a\xfa\x67\x7a\x72\x61\x1e\x7f\xc1\x45\x1b\x3e\x5f\x4d\xcd\xdd\x40\x2c\xb3\x22\xfd\x12\x0d\x9d\x56\x83\x9c\x01\x5e\xbe\x47\xc4\x19\xc5\x53\xff\x0d\xed\x43\xd0\x30\xca\x1d\x10\xb3\xb3\x83\xe6\xc3\xcf\x34\x86\x02\x61\x8a\x56\xca\x51\xf7\x75\x72\x1b\xd3\x55\x71\x0b\x7a\x99\x5a\x13\x93\x1d\xc0\x82\x35\x58\x87\x99\x86\xae\x4c\xe8\x50\xcc\xc3\x73\x1e\x78\x22\x83\x96\x66\x66\x5a\xfc\x00\xa8\x73\xc5\x6c\xa9\xcf\x79\xc6\xd6\x00\xe9\x07\xe1\x50\xb4\x06\x83\xb5\x67\xda\x9c\x1c\xa5\x96\xfc\x02\x4a\xbb\x5e\xea\xf0\x1c\x67\xe0\x83\x75\xff\x15\xc4\x32\xad\xf6\xa4\x37\xd9\x67\xdd\xf1\xbb\xfc\x6c\xcf\x9c\xe7\xc2\x02\x1b\x15\x2c\xd4\xba\x7e\xca\x0e\x67\xcf\x12\x97\x15\x1a\xea\x04\xd9\xea\x9d\xc2\xbf\x84\x44\x13\x3f\x43\x66\xbf\x36\x0e\xe5\x22\x40\x88\xb1\x94\x5b\x5e\x5d\x6d\xe3\x86\x9f\x59\xb1\xac\x7c\xc3\x35\x35\xb1\x57\x6b\xe8\xfd\x7d\xe9\xf2\xca\x5a\x3c\x0e\xb2\x61\xcc\x18\x6b\x6b\x68\x28\x55\x47\xb2\x82\x42\x88\xdf\x77\xfd\x45\x6a\xb5\x2f\x6e\xa4\x8d\xa9\x48\x19\x3a\x42\x40\xa3\x1d\x3a\x7a\xa4\xe6\x7b\xe5\xf2\xa1\x53\xa0\x18\xd3\x2c\xc0\x11\x96\x2b\xb6\x82\xda\xb5\xd3\x43\x7e\x90\x34\x2c\x24\x36\xe5\x40\x91\x38\x82\x26\xf5\xc7\x68\x53\x5e\x02\x75\xeb\xac\x26\xab\x19\xd0\x0e\x90\x38\x55\x10\xa8\x4c\x7a\x72\x6f\x91\xba\xae\xc1\x11\x8a\x74\xe6\x51\x91\x4d\x99\xe3\xe5\x09\x32\x2f\x51\xd0\x95\xb8\x94\xc2\x09\x23\xd0\xfa\x98\xe4\x2c\x4e\xc6\x77\xd0\x95\x00\x8b\x59\x53\xf6\xba\x61\x53\x7a\xba\xe5\x43\xde\x69\xef\xca\x30\xe4\x5d\x7b\xc9\x3c\xaa\x20\x2c\xc8\xf6\x6e\x57\xca\xbd\x54\x9e\xf1\x09\x2f\x79\x6b\x4a\x35\x73\xbe\xf4\x41\x09\x48\x44\xb2\x3a\x3d\x86\xbd\x14\x90\x9b\x84\x1a\xea\x10\x82\x19\xd5\xea\x4a\x49\xc8\xa9\x9e\xaf\xc5\x07\x61\x3c\x1e\x37\xae\xa3\x15\xba\x89\x4f\xec\xc1\xef\x28\x09\x21\x3e\x42\xb1\x37\x48\x58\xcb\x4d\x77\x68\x46\x58\xcf\x41\x4a\xda\x5e\x76\x0f\x4a\xc8\x3b\xc9\x35\x7e\xf1\x45\xa3\xe9\x2d\x7c\x55\x7c\x5d\x94\x40\x24\x65\x9a\xfd\x6c\xaf\x01\xb2\x96\x0c\x6c\x4a\xb1\x47\xc0\xd8\x19\x75\x4b\xe8\x00\x66\xd1\x41\x92\xa4\x79\xc7\xdc\xea\xd0\x4d\x3f\xa1\xe6\x62\x48\xcf\x29\x27\x39\x31\x24\x2d\x12\xf2\xb0\x8c\x71\xe8\x2f\x52\x86\xba\xb6\x76\x7c\x3e\x89\xa3\x6f\x27\x04\x5e\xcc\xf6\xe1\xcf\x3a\xbb\xbd\x9b\x1a\x26\x3d\xa7\xc0\xc0\x10\xfc\x10\xaf\xfc\x50\x32\xd4\x71\x23\xe1\xe1\x14\x6b\x38\xcb\xff\x01\xd4\x78\x56\x36\x04\x99\x26\x6c\xb5\x64\x59\x01\xe2\xed\x04\x9f\x45\xb2\x4e\x79\x3e\xf0\x08\x5f\x0e\x50\x40\xff\x2e\xbc\xb1\xd8\xd7\x01\x96\xd3\xde\x63\x14\xea\xe7\xf4\xf3\xe5\x26\x2c\x67\x67\x41\x59\xc1\xde\x4a\x08\x61\xaa\xd8\x14\x3b\xd5\x9f\xb3\xc8\x87\xc3\x84\x0b\x1c\x12\xc7\x42\xf1\xfa\xd2\x4c\xd9\xac\x7f\xea\x0f\xba\x87\x1c\x1e\xbc\x62\x8b\x34\xd9\x60\x43\x88\x5a\xe8\x26\x42\xda\x04\xd8\x7d\xca\xb5\x9b\xc8\xdd\x87\x65\x87\x11\xf6\x35\xbd\x66\xf4\x25\x4f\x83\xa4\x5d\x5b\xc7\x5e\x31\xfb\x60\xe9\xd6\xa5\xe6\xfb\x8b\x66\x86\x4c\xc3\x0b\x39\x11\xab\x9f\x87\xa5\x9c\xad\x38\xf0\xcc\x91\xb9\x20\x37\xbf\x1e\xa6\x42\x34\xe1\x3f\xc7\xc4\x50\x4c\xf0\x30\x0f\x1a\x0d\xeb\x39\xe6\x30\xc7\x10\xda\x48\x85\x5d\x8c\x45\x1d\x72\x6c\xc4\xc6\xe4\x43\x02\x11\x81\x8a\xaf\x9d\xca\xd5\x71\xb8\xb8\x9c\x4e\x94\x44\xae\xba\xa6\x9b\x97\x68\x9a\x5c\xa6\x70\xf8\xfa\x5e\xea\x13\x2c\x12\x1c\xc1\xef\xd2\x76\xf5\xa0\xb0\x2b\x96\x12\xbd\xc9\x9c\x99\xbc\xc6\x3b\x37\xcb\x86\x62\xcc\xaf\x7c\x80\x28\xeb\x67\x3a\x5f\x4f\x5b\xee\xff\x2c\xa9\x0d\x7a\xfa\xa1\xc6\xab\x6e\xe2\x23\x85\xae\xf9\x80\xd6\xa0\xf4\x54\x49\x86\xfb\x99\xbf\xe4\x10\x23\xb2\x20\x19\x89\x6f\x87\x7a\xae\xe7\x5e\xec\x90\xba\xe1\x0d\x43\xda\xb3\x36\xbb\xe5\x21\x5d\x05\x78\xf0\xd5\xc2\x94\xf0\xfa\x3f\xa1\x6a\xcf\xa9\xb8\x69\xaa\xf7\x9b\x6e\x7e\xf8\xc3\x8b\x9a\x9a\x2c\xfe\x0a\x02\x3e\xf3\x11\xca\xfd\xae\x30\x31\xc8\x2c\x97\x51\x81\x33\x27\x5d\x81\xf8\xfa\x5d\x7e\x4c\x42\xcb\xdf\xcd\xec\xff\x1b\x2b\xf2\x91\x22\x3d\xcd\x30\x75\x0a\x56\xa8\x12\x82\x4a\x5d\xd1\x00\x58\x5f\x1f\xf5\x22\x84\x84\xde\xc4\xbb\x50\x0e\xfd\xb0\x51\x82\xc0\x85\x75\x1a\xce\x19\x84\x4f\xeb\x55\x96\x6b\xaa\x3e\xd4\x76\xbc\xcc\xcb\x50\x9b\x0a\x05\x03\xad\x20\x2f\xab\x29\x67\x38\x8a\xf0\x78\xa7\xa0\x34\x08\xcd\x99\x90\xa3\x6a\x4d\xa1\xca\xff\xc9\x81\xb4\xe1\xfa\xeb\xca\x9f\x33\x76\x8f\x67\x3a\x16\x63\x76\xaa\x4a\x64\x4e\x9f\xc2\x5e\x41\xe0\x8f\xfa\x08\xa5\x5e\x3d\xbc\x4d\xcf\xf9\xe8\x4c\xcf\xb0\xf2\x27\xf3\xe7\x61\x40\xb6\xb9\x55\x77\xec\x7a\x37\xfe\x1c\x3f\x30\x6a\xe6\xa9\x87\x57\x60\xb3\xca\x15\x11\x42\x99\xcc\x0b\xaa\xc7\x66\xad\xe9\x30\x2a\x9d\xfe\x47\xcc\x99\x0d\x36\xbf\x04\xc2\x83\xc6\xe3\xa2\x2d\x7c\xaf\x75\xc8\xff\x75\xd6\x6a\xa7\xed\x34\xf5\x2f\xe8\x44\x69\xe8\x0b\x49\x54\xd7\x4d\x2c\x7c\x20\x14\xec\x97\x17\xb0\x73\x4b\x70\x58\x89\x81\x63\x56\xa6\xe2\xea\x80\x29\xfb\x59\xc0\x0f\x7e\x51\x8b\x14\x65\xde\x12\x8f\x6a\xc9\x66\xbb\xa6\x98\xbe\xb0\xcc\x35\xae\x7b\x7c\x41\x6a\x42\xce\x3e\xf5\xe6\x43\x54\xe5\x34\xca\xee\x98\x4d\xb5\xdb\x34\x0a\x4b\x86\x97\x3f\x0f\xcd\xc6\x80\xbb\xe8\x2d\xfa\x4f\x5b\x2b\x20\x4d\xd3\x15\xa5\x31\x0b\xdd\x34\x0c\x26\x6d\x32\x52\xc5\xe5\x7e\x8b\x87\x5c\x63\xdd\x45\xbc\x0f\xc3\xb2\xb9\xd6\xc5\x8d\x58\x60\x39\x3e\xa1\x91\x9d\x8f\x6c\xfd\x1d\xd9\x5d\xa5\x11\x21\x4f\x68\x4c\xb6\x5f\x55\x92\x22\x21\x69\x82\xba\xe0\x03\xc8\x7b\x12\x4a\x61\xce\xe2\x0e\x0d\xa6\x17\x5b\x59\x06\x15\x7f\x52\x65\x51\x92\xaa\x17\xb8\x52\xbf\xc4\x82\xf9\x34\xc4\x96\xdd\xc2\xa7\xa5\xab\x4d\x24\x45\xa8\x59\xcd\x46\x15\x47\xcb\xb0\x98\x4f\x68\xec\x57\x9e\x84\xfa\x07\xa1\xbf\xb8\xad\x07\x99\xff\xd5\x5f\x98\xab\xce\xba\xff\xc2\x6d\x8b\x20\x9a\xf5\xc4\x94\x42\x99\x99\xfa\xdc\x21\x1d\xe1\x52\x69\x36\x0c\x84\x20\x55\xf5\xf0\x81\x42\x49\xdd\x1b\x97\xe6\x5c\xcf\x97\xf4\x7e\x9b\x3e\x7c\x11\xf3\x23\x82\xa5\x11\x6d\xd2\x41\x49\xdb\x66\x28\xe2\xa2\x54\xfc\x38\x5c\x70\x98\x3d\xfe\xf3\x15\xb4\x9d\xc2\xad\xc3\x30\x14\x0c\xf1\x45\x48\x9e\x8e\x71\x68\x4c\x4c\xd9\x78\xda\xe8\xfa\xe6\x8c\xeb\x64\xc1\xcc\x11\xbb\x13\xd7\xe1\xb5\x48\x5f\x6a\x1e\xaf\x58\x34\x2a\x76\xc1\x41\xe2\xc3\x93\x3e\x6c\x3e\xed\xa4\x18\xdb\x11\x4b\x6d\xcf\x65\xa4\x91\xc6\x35\x7f\x9d\xfc\x5d\x80\x62\xc8\x2b\x07\xad\x86\x17\x10\x42\xab\xd8\x8d\x96\x07\xcd\x71\x24\x06\x66\x0e\x9c\x21\x6e\x9e\xe8\x36\x7e\xf8\xd2\x5c\x3d\x80\x9a\x5d\x4d\xe5\xd4\xcf\x90\x96\x53\x4b\x08\x9e\x3f\xcd\xc1\x34\x29\xb5\x2a\xde\xd9\x38\x7f\xd1\x61\x46\x14\xde\xa2\xd4\xed\x01\x37\x6e\xba\xfc\x2e\xbb\x0c\x34\x87\x2f\xfe\x57\x18\x63\x4e\x2a\xdd\xa4\x64\xe7\x7f\xaa\xc4\x70\x88\xcd\x9c\x3c\x30\x83\x7f\xd3\x08\x32\x75\xe8\x5f\x82\x2d\x1b\xc5\x1b\x3e\xc9\xf8\x44\x23\xdd\x81\xf2\x0a\x84\x0e\x0c\x35\xb8\xa7\x39\x8f\xff\x0b\x4e\xdf\xe8\x58\x31\x01", 4096); *(uint32_t*)0x20006544 = 0x1000; *(uint32_t*)0x20006548 = 4; memcpy((void*)0x20006640, "autocell", 8); *(uint8_t*)0x20006648 = 0x2c; memcpy((void*)0x20006649, "flock=write", 11); *(uint8_t*)0x20006654 = 0x2c; memcpy((void*)0x20006655, "flock=write", 11); *(uint8_t*)0x20006660 = 0x2c; memcpy((void*)0x20006661, "dyn", 3); *(uint8_t*)0x20006664 = 0x2c; memcpy((void*)0x20006665, "appraise", 8); *(uint8_t*)0x2000666d = 0x2c; memcpy((void*)0x2000666e, "euid<", 5); sprintf((char*)0x20006673, "%020llu", (long long)r[20]); *(uint8_t*)0x20006687 = 0x2c; memcpy((void*)0x20006688, "fsuuid", 6); *(uint8_t*)0x2000668e = 0x3d; *(uint8_t*)0x2000668f = 0x36; *(uint8_t*)0x20006690 = 0x63; *(uint8_t*)0x20006691 = 0x33; *(uint8_t*)0x20006692 = 0x63; *(uint8_t*)0x20006693 = 0x66; *(uint8_t*)0x20006694 = 0x39; *(uint8_t*)0x20006695 = 0x38; *(uint8_t*)0x20006696 = 0x62; *(uint8_t*)0x20006697 = 0x2d; *(uint8_t*)0x20006698 = 0x63; *(uint8_t*)0x20006699 = 0x38; *(uint8_t*)0x2000669a = 0x62; *(uint8_t*)0x2000669b = 0x33; *(uint8_t*)0x2000669c = 0x2d; *(uint8_t*)0x2000669d = 0x61; *(uint8_t*)0x2000669e = 0x33; *(uint8_t*)0x2000669f = 0; *(uint8_t*)0x200066a0 = 0x30; *(uint8_t*)0x200066a1 = 0x2d; *(uint8_t*)0x200066a2 = 0x61; *(uint8_t*)0x200066a3 = 0x34; *(uint8_t*)0x200066a4 = 0x63; *(uint8_t*)0x200066a5 = 0x37; *(uint8_t*)0x200066a6 = 0x2d; *(uint8_t*)0x200066a7 = 0x37; *(uint8_t*)0x200066a8 = 0x36; *(uint8_t*)0x200066a9 = 0x31; *(uint8_t*)0x200066aa = 0x63; *(uint8_t*)0x200066ab = 0x39; *(uint8_t*)0x200066ac = 0x64; *(uint8_t*)0x200066ad = 0x61; *(uint8_t*)0x200066ae = 0x34; *(uint8_t*)0x200066af = 0x2c; *(uint8_t*)0x200066b0 = 0; syz_mount_image(0x200054c0, 0x20005500, 0x80000001, 1, 0x20006540, 0x40000, 0x20006640); break; case 39: memcpy((void*)0x200066c0, "/dev/i2c-#\000", 11); syz_open_dev(0x200066c0, 0xb6f4, 0x400202); break; case 40: memcpy((void*)0x20006700, "mounts\000", 7); syz_open_procfs(r[6], 0x20006700); break; case 41: syz_open_pts(-1, 0x13022679); break; case 42: *(uint32_t*)0x200067c0 = 0x20006740; memcpy((void*)0x20006740, "\xdb\x5a\x07\x9d\xd4\x30\x62\xf6\x98\x5b\x51\x4a\xd6\xb7\xac\x65\x29\x50\xf7\xe5\x31\x7a\x81\xed\x92\x43\x86\xc1\x08\x3a\x75\xb7\xe2\x67\x59\x67\xac\xdc\x58\x64\x42\x41\xb6\xde\x98\x1b\xa6\x5e\x75\x81\x6e\x07\x8f\x21\x21\x2c\xb8\x62\xa3\x39\x34\xc9\xb4\x72\x9a\x72\x21\x51\xfd\x15\x36\x1d\x77\x1e\x0c\x59\xe4\xb2\xa7\xb4\xae\x5a\xd6\xd4\x5a\x6b\xb5\x1f\xa6\xd0", 90); *(uint32_t*)0x200067c4 = 0x5a; *(uint32_t*)0x200067c8 = 0x10001; syz_read_part_table(1, 1, 0x200067c0); break; case 43: *(uint8_t*)0x20006800 = 0x12; *(uint8_t*)0x20006801 = 1; *(uint16_t*)0x20006802 = 0x201; *(uint8_t*)0x20006804 = 0x73; *(uint8_t*)0x20006805 = 0x54; *(uint8_t*)0x20006806 = 0x2d; *(uint8_t*)0x20006807 = 0x40; *(uint16_t*)0x20006808 = 0x572; *(uint16_t*)0x2000680a = 0x1324; *(uint16_t*)0x2000680c = 0x84d3; *(uint8_t*)0x2000680e = 1; *(uint8_t*)0x2000680f = 2; *(uint8_t*)0x20006810 = 3; *(uint8_t*)0x20006811 = 1; *(uint8_t*)0x20006812 = 9; *(uint8_t*)0x20006813 = 2; *(uint16_t*)0x20006814 = 0xdff; *(uint8_t*)0x20006816 = 4; *(uint8_t*)0x20006817 = 0; *(uint8_t*)0x20006818 = 4; *(uint8_t*)0x20006819 = 0x20; *(uint8_t*)0x2000681a = 5; *(uint8_t*)0x2000681b = 9; *(uint8_t*)0x2000681c = 4; *(uint8_t*)0x2000681d = 0x21; *(uint8_t*)0x2000681e = 6; *(uint8_t*)0x2000681f = 0xf; *(uint8_t*)0x20006820 = 0x13; *(uint8_t*)0x20006821 = 0xd5; *(uint8_t*)0x20006822 = 0xef; *(uint8_t*)0x20006823 = -1; *(uint8_t*)0x20006824 = 0x7f; *(uint8_t*)0x20006825 = 3; memcpy((void*)0x20006826, "\xff\x04\x19\x26\x1d\x95\x19\x66\xe9\x2d\x90\x6d\x4e\x26\x34\x29\x08\xf7\xc1\x48\xa2\xd9\xb1\xb9\xfe\x29\x1a\xd2\xef\x96\x37\x25\xab\x89\x5c\x81\xd7\xbb\xf8\xf9\xd4\xda\x5a\x4f\x8e\x43\x11\xa0\xbd\xfd\xab\x97\xf5\x08\x93\x9e\x62\x47\x0e\xae\x4d\xc1\x3f\x11\x32\x4f\x9b\x80\x8e\xb9\xc0\x6c\xec\x3f\x30\xa8\x6e\xf0\xfb\x2a\xb9\x0e\x7e\x04\x40\xe8\x7f\xf5\x22\x68\x87\x9d\x8a\xe0\xc9\x1a\x67\x35\x0e\x71\xaf\x1f\xb2\xd4\x90\x8d\x78\x22\x20\x08\xe8\xb6\x71\x15\x6b\x17\x90\x6f\x6a\x1e\x05\xe0\x2b\x6b\x37", 125); *(uint8_t*)0x200068a3 = 5; *(uint8_t*)0x200068a4 = 0x24; *(uint8_t*)0x200068a5 = 6; *(uint8_t*)0x200068a6 = 0; *(uint8_t*)0x200068a7 = 0; *(uint8_t*)0x200068a8 = 5; *(uint8_t*)0x200068a9 = 0x24; *(uint8_t*)0x200068aa = 0; *(uint16_t*)0x200068ab = 7; *(uint8_t*)0x200068ad = 0xd; *(uint8_t*)0x200068ae = 0x24; *(uint8_t*)0x200068af = 0xf; *(uint8_t*)0x200068b0 = 1; *(uint32_t*)0x200068b1 = 3; *(uint16_t*)0x200068b5 = 0; *(uint16_t*)0x200068b7 = 3; *(uint8_t*)0x200068b9 = 0x6a; *(uint8_t*)0x200068ba = 0xc0; *(uint8_t*)0x200068bb = 0x24; *(uint8_t*)0x200068bc = 0x13; *(uint8_t*)0x200068bd = 2; memcpy((void*)0x200068be, "\xf6\xe0\xbd\x71\x54\x25\x30\xd6\xc8\x82\xe5\x31\xf6\x0f\x2e\xef\xd0\x5d\x35\x63\x85\xc0\xa6\x22\xa1\x20\xa8\x16\x78\x85\x48\x55\xc2\x70\x40\x64\x5d\x6c\x24\x37\x27\x72\x10\x8a\xef\x34\xf2\xaf\x02\x26\xda\xa9\x9d\x3c\xec\xfe\x16\x8f\xc9\xfa\xe2\x8e\xd3\xbd\x29\x5c\x75\x43\x16\x6c\xe5\xf2\x52\xa2\x58\x4e\x73\xd2\x12\xd5\x87\x24\x5b\x8e\xbe\xfb\xae\x86\x93\xd8\x8f\x8f\xda\x2b\xbf\xbc\x96\x28\xa0\x8e\x7d\x81\xa1\x94\xb0\xc4\x9e\x82\xf6\xbc\x23\x01\x24\x57\x6b\x45\xb4\xcb\xc1\xd5\xc0\x2d\xcb\x3f\x94\x3d\xad\x75\xc6\xc2\xc5\x02\x3c\x1e\x67\x0f\xf6\x82\x5d\x8b\xa2\x3c\x20\x5a\x7e\xb9\xdc\x0b\xca\xc2\x8c\x35\x14\x07\x20\x78\xd2\xfa\x78\x2c\x31\x86\xd4\xb1\xed\x80\x40\xee\x1c\x76\x5b\xc2\x34\xaf\xcc\x52\xa9\x17\x22\x52\x7e\x5d\xbd\x90\x2d\xc2\x99\xd8", 188); *(uint8_t*)0x2000697a = 9; *(uint8_t*)0x2000697b = 5; *(uint8_t*)0x2000697c = 0; *(uint8_t*)0x2000697d = 0x10; *(uint16_t*)0x2000697e = 0; *(uint8_t*)0x20006980 = 2; *(uint8_t*)0x20006981 = 0x36; *(uint8_t*)0x20006982 = 0; *(uint8_t*)0x20006983 = 0x2a; *(uint8_t*)0x20006984 = 0x31; memcpy((void*)0x20006985, "\x71\xc3\xc3\xd6\x1b\xbd\x69\x65\xe0\xda\xb5\x13\xc1\x4e\x7d\x2a\x6d\x7d\x83\x46\x22\x8a\xf4\x6c\x61\x7a\x9c\x6f\x93\xe2\xc9\x23\x76\x7b\x9d\xcf\x1b\x1c\x65\x24", 40); *(uint8_t*)0x200069ad = 0x35; *(uint8_t*)0x200069ae = 8; memcpy((void*)0x200069af, "\x2e\xfa\xc1\x77\x7f\x97\xf0\x88\xcf\x4e\xa6\x90\x9a\x4a\xb8\x19\x54\x3a\x67\x8d\xbd\x61\x1b\xae\xbf\x76\x50\x0b\x0c\x10\xe0\x99\xa0\x98\x27\xed\xc9\x86\xbd\x1c\x1c\x58\xec\x92\x77\x82\x78\x78\x70\x0a\x60", 51); *(uint8_t*)0x200069e2 = 9; *(uint8_t*)0x200069e3 = 5; *(uint8_t*)0x200069e4 = 6; *(uint8_t*)0x200069e5 = 3; *(uint16_t*)0x200069e6 = 0x400; *(uint8_t*)0x200069e8 = 0x3f; *(uint8_t*)0x200069e9 = 2; *(uint8_t*)0x200069ea = 8; *(uint8_t*)0x200069eb = 2; *(uint8_t*)0x200069ec = 7; *(uint8_t*)0x200069ed = 7; *(uint8_t*)0x200069ee = 0x25; *(uint8_t*)0x200069ef = 1; *(uint8_t*)0x200069f0 = 0x81; *(uint8_t*)0x200069f1 = 0x40; *(uint16_t*)0x200069f2 = 4; *(uint8_t*)0x200069f4 = 9; *(uint8_t*)0x200069f5 = 5; *(uint8_t*)0x200069f6 = 8; *(uint8_t*)0x200069f7 = 0; *(uint16_t*)0x200069f8 = 0x400; *(uint8_t*)0x200069fa = 2; *(uint8_t*)0x200069fb = 8; *(uint8_t*)0x200069fc = 8; *(uint8_t*)0x200069fd = 9; *(uint8_t*)0x200069fe = 5; *(uint8_t*)0x200069ff = 0xe; *(uint8_t*)0x20006a00 = 1; *(uint16_t*)0x20006a01 = 0x200; *(uint8_t*)0x20006a03 = 2; *(uint8_t*)0x20006a04 = 4; *(uint8_t*)0x20006a05 = 9; *(uint8_t*)0x20006a06 = 9; *(uint8_t*)0x20006a07 = 5; *(uint8_t*)0x20006a08 = 0xc; *(uint8_t*)0x20006a09 = 0; *(uint16_t*)0x20006a0a = 0x400; *(uint8_t*)0x20006a0c = 0; *(uint8_t*)0x20006a0d = 4; *(uint8_t*)0x20006a0e = 0x20; *(uint8_t*)0x20006a0f = 7; *(uint8_t*)0x20006a10 = 0x25; *(uint8_t*)0x20006a11 = 1; *(uint8_t*)0x20006a12 = 0; *(uint8_t*)0x20006a13 = 0x7f; *(uint16_t*)0x20006a14 = 0x1ff; *(uint8_t*)0x20006a16 = 7; *(uint8_t*)0x20006a17 = 0x25; *(uint8_t*)0x20006a18 = 1; *(uint8_t*)0x20006a19 = 0x41; *(uint8_t*)0x20006a1a = 0xcb; *(uint16_t*)0x20006a1b = 0x102d; *(uint8_t*)0x20006a1d = 9; *(uint8_t*)0x20006a1e = 5; *(uint8_t*)0x20006a1f = 0xf; *(uint8_t*)0x20006a20 = 0x10; *(uint16_t*)0x20006a21 = 0x20; *(uint8_t*)0x20006a23 = 0x32; *(uint8_t*)0x20006a24 = 0; *(uint8_t*)0x20006a25 = 0; *(uint8_t*)0x20006a26 = 9; *(uint8_t*)0x20006a27 = 5; *(uint8_t*)0x20006a28 = 2; *(uint8_t*)0x20006a29 = 4; *(uint16_t*)0x20006a2a = 0x20; *(uint8_t*)0x20006a2c = 0x20; *(uint8_t*)0x20006a2d = 0x7f; *(uint8_t*)0x20006a2e = 0x7f; *(uint8_t*)0x20006a2f = 7; *(uint8_t*)0x20006a30 = 0x25; *(uint8_t*)0x20006a31 = 1; *(uint8_t*)0x20006a32 = 1; *(uint8_t*)0x20006a33 = 8; *(uint16_t*)0x20006a34 = 0x40; *(uint8_t*)0x20006a36 = 9; *(uint8_t*)0x20006a37 = 5; *(uint8_t*)0x20006a38 = 1; *(uint8_t*)0x20006a39 = 0; *(uint16_t*)0x20006a3a = 8; *(uint8_t*)0x20006a3c = 0xe0; *(uint8_t*)0x20006a3d = 0x80; *(uint8_t*)0x20006a3e = 1; *(uint8_t*)0x20006a3f = 9; *(uint8_t*)0x20006a40 = 5; *(uint8_t*)0x20006a41 = 0xd; *(uint8_t*)0x20006a42 = 0; *(uint16_t*)0x20006a43 = 0x7f7; *(uint8_t*)0x20006a45 = 8; *(uint8_t*)0x20006a46 = 4; *(uint8_t*)0x20006a47 = 0x20; *(uint8_t*)0x20006a48 = 7; *(uint8_t*)0x20006a49 = 0x25; *(uint8_t*)0x20006a4a = 1; *(uint8_t*)0x20006a4b = 2; *(uint8_t*)0x20006a4c = 6; *(uint16_t*)0x20006a4d = 3; *(uint8_t*)0x20006a4f = 0x5b; *(uint8_t*)0x20006a50 = 2; memcpy((void*)0x20006a51, "\xe2\x68\x16\x78\x8a\x1c\xc1\x88\x1a\x23\xc8\xf4\x1a\x67\xd7\x3b\xe6\xc2\x14\x67\xfa\x34\xc3\x2c\x9f\xb2\xf2\x08\xc2\x69\x29\xeb\x65\x27\x36\xf9\xd9\x1d\x3a\x85\xb6\x39\x1d\xdd\x8c\x23\xc3\x09\xf2\x0a\xa9\x6d\x84\xd4\x89\xfd\xc4\x25\xac\xea\x48\x48\x9f\xbd\x62\xf0\xf3\x65\x3d\x94\xee\x6b\x8e\x1d\xab\x83\xb1\x9e\xbc\xa6\xd7\x35\x78\x5a\xb9\xdd\x72\x4d\x66", 89); *(uint8_t*)0x20006aaa = 9; *(uint8_t*)0x20006aab = 5; *(uint8_t*)0x20006aac = 6; *(uint8_t*)0x20006aad = 2; *(uint16_t*)0x20006aae = 0x40; *(uint8_t*)0x20006ab0 = 0x80; *(uint8_t*)0x20006ab1 = 1; *(uint8_t*)0x20006ab2 = 0x1b; *(uint8_t*)0x20006ab3 = 7; *(uint8_t*)0x20006ab4 = 0x25; *(uint8_t*)0x20006ab5 = 1; *(uint8_t*)0x20006ab6 = 0; *(uint8_t*)0x20006ab7 = 7; *(uint16_t*)0x20006ab8 = 0x40; *(uint8_t*)0x20006aba = 9; *(uint8_t*)0x20006abb = 5; *(uint8_t*)0x20006abc = 9; *(uint8_t*)0x20006abd = 0x10; *(uint16_t*)0x20006abe = 8; *(uint8_t*)0x20006ac0 = 7; *(uint8_t*)0x20006ac1 = 4; *(uint8_t*)0x20006ac2 = 0x3f; *(uint8_t*)0x20006ac3 = 0xe8; *(uint8_t*)0x20006ac4 = 0xb; memcpy((void*)0x20006ac5, "\x8a\xfc\x39\xfa\xbf\x2e\x69\xef\xa6\x1b\x09\x26\x94\xe9\xe7\x01\x87\xbb\xd4\x34\x3a\x56\x66\xc1\xc2\xe1\xb5\xbe\xc1\x2b\xd1\xb1\x63\x32\x5b\x32\x04\x7e\x6f\xad\x04\x42\xc3\x70\x40\x7a\xd2\xdd\xd4\xeb\x56\x3a\x85\x40\x8b\xb4\x76\x2b\x8e\x46\xa4\x63\x43\xa9\xbf\x71\x84\x80\x5c\xd6\x0c\x0d\xa1\x01\x0d\xbd\x99\x5b\x1d\x79\x8e\x5b\x4a\x50\xa1\x0d\xc1\x1c\xd3\x95\x93\x2b\x5e\xd4\xf8\xe0\x6e\x56\x6a\x72\x6d\xe0\x3c\x04\x47\x58\x7e\x03\xd6\x55\xe7\x3c\x3e\x30\xe4\x3e\x8c\x21\x89\xd9\xf1\xfc\xbd\x1e\x3d\x45\x71\x2e\x92\x03\xad\x62\xe3\x4e\x8e\x27\x53\xc6\xf2\xd0\xfa\x95\x3d\x20\xdf\xd1\xbb\x42\x47\x9f\xc0\x33\x95\x9a\xac\x50\x43\x14\x9c\xed\xe9\x28\x6d\xce\x76\x3b\x3f\x20\xad\xaf\xee\x00\x5d\xc6\x83\x0d\xb8\x9c\xd5\x8f\x56\xa2\xf9\x7f\xb1\x0e\x0c\x37\xc0\xdd\x51\x63\xae\x61\x78\x38\x7a\x02\x84\xab\x98\x1a\x6c\xab\xcd\x05\xdb\x43\x14\x32\x63\x32\xe1\xd3\x2d\x69\xd9\xe5\x62\x4a\xc0\x86\x33\x32\x79\xb2\xdf\x93\xb7\x8c", 230); *(uint8_t*)0x20006bab = 9; *(uint8_t*)0x20006bac = 5; *(uint8_t*)0x20006bad = 2; *(uint8_t*)0x20006bae = 8; *(uint16_t*)0x20006baf = 0x3ff; *(uint8_t*)0x20006bb1 = 9; *(uint8_t*)0x20006bb2 = 4; *(uint8_t*)0x20006bb3 = 2; *(uint8_t*)0x20006bb4 = 0xf8; *(uint8_t*)0x20006bb5 = 3; memcpy((void*)0x20006bb6, "\xd2\xa3\x36\x68\x18\x43\xbe\xe6\x3f\x11\x81\xdd\xe5\x8c\xe1\x39\xc8\x7e\xb3\x9d\x3b\x1b\x13\xc8\x9f\x9c\x99\x42\x60\x3a\xbc\x8f\x40\x9b\x89\xed\xa8\xfb\x2c\x9c\x68\xe3\xce\xb4\x70\x7a\x75\x45\x08\x30\x06\x6c\xf2\x30\x91\x72\xcf\x06\x53\x0b\xe6\x25\x66\xc8\xc6\x28\x43\x6e\xde\x40\xb0\x63\x4b\x77\x58\xb6\x17\x7a\xb7\x9a\x5e\xf2\x50\x1a\x59\xd5\x80\xc5\x73\x29\x44\xb2\xf3\xbd\x51\x23\xfd\x15\x63\x5c\xfe\x84\x91\xa0\x3a\xb3\xd1\x0d\x42\x51\x80\x9a\xc6\xaf\x63\x5e\x91\x48\xf6\xc9\xb7\xe3\xb9\x3f\xd4\xbe\x33\x87\xd4\xce\x97\x08\xf9\x74\x1d\x7d\x24\x96\xf6\x06\x97\xdb\x79\x6d\x17\xbb\x9f\x55\xed\x9d\x12\xa4\xf5\x24\xc9\xae\x5d\xe2\x04\x4e\x86\x3c\x24\x37\x08\x2c\x82\xf7\x05\x03\x62\xb3\x8a\x90\xff\x56\x63\xe9\xa1\xca\x56\xd8\x99\xac\x46\x21\x20\x97\x09\x52\x83\x42\xac\x71\xba\xd0\x76\x61\xab\x43\x79\x99\xa7\x3a\x96\x72\x00\xb8\xbd\xc9\x75\xa7\x8f\x6e\xd6\xf8\xe6\xec\x81\xb6\x37\xbb\xde\x98\x53\x15\xc3\x2e\xaa\xea\x7d\xe9\x23\x25\xdf\xef\x74\x82\x22\x1b\x7a\x31\x21\x2a\x96\xcd", 246); *(uint8_t*)0x20006cac = 7; *(uint8_t*)0x20006cad = 0x25; *(uint8_t*)0x20006cae = 1; *(uint8_t*)0x20006caf = 0x81; *(uint8_t*)0x20006cb0 = 0x82; *(uint16_t*)0x20006cb1 = 0x7ff; *(uint8_t*)0x20006cb3 = 9; *(uint8_t*)0x20006cb4 = 5; *(uint8_t*)0x20006cb5 = 5; *(uint8_t*)0x20006cb6 = 2; *(uint16_t*)0x20006cb7 = 0x3ff; *(uint8_t*)0x20006cb9 = 0xe4; *(uint8_t*)0x20006cba = 0; *(uint8_t*)0x20006cbb = 1; *(uint8_t*)0x20006cbc = 0xab; *(uint8_t*)0x20006cbd = 9; memcpy((void*)0x20006cbe, "\xc6\xfe\x27\x36\x94\xb4\x05\x2a\x22\x09\x9e\x80\xc6\x7e\x2e\xb2\x7f\xde\xed\x48\xb1\x52\x75\x46\xe3\xa7\x40\x7a\xfc\x77\xae\x43\xbd\x82\x4d\x2f\xfd\x79\xec\x4a\x23\x13\xe6\xde\xcb\x22\x1d\x29\x55\x42\x04\x6d\x0e\x03\x11\xc0\xc0\x2e\x9f\x09\x73\xd4\x9f\x0b\x1b\xd4\x9d\xa2\x3a\xf4\xc4\x14\x49\xe8\xfd\x00\x5d\xde\xac\x5c\xb8\xc7\x3c\x95\x1a\x76\x62\x6e\xe8\x86\x0e\x18\xc8\x5c\xef\x48\xbb\x8b\x33\x50\x6f\x1a\x4f\x6b\xa4\x21\x21\x1b\xd0\x4f\x96\xdd\x24\x63\x65\x5b\x6e\xd4\x20\x6b\xcc\x04\x9e\xbc\x67\xa5\xa0\xac\xbf\xd5\xeb\x77\x05\x5f\x23\x2b\xdc\x5c\x33\xa9\x2f\xd8\x0e\xbb\xd2\xda\xd6\x7c\x47\x0a\x1e\xe4\x01\x28\x0c\x84\xbc\x45\xa2\x25\xab\xf7\xd7\xb7\xa8\xc4\xfd\xd7\x7c", 169); *(uint8_t*)0x20006d67 = 0x99; *(uint8_t*)0x20006d68 = 0x23; memcpy((void*)0x20006d69, "\x6a\xd2\x4c\x93\xae\x66\xaf\xc2\x43\xc8\x2a\x20\x22\x88\x5c\x51\x54\x35\xd3\xa6\xa8\xd0\xef\x67\x86\x6f\x48\x82\x4a\xae\x8e\x31\xc1\x3f\x45\x0c\xf1\x04\x77\xc7\xad\xd8\x14\xe0\xa2\x0d\x36\x90\xe3\x4f\x87\x60\xb7\x87\x53\x57\x60\x1e\x82\x07\x3a\x7a\x84\xd0\xf4\xb1\xe6\x4b\x33\x27\x6f\x3b\xbb\xce\x50\x4b\xdd\x2f\x2b\x38\xc1\x83\x77\x70\x87\x6e\xd0\x36\x7d\xbb\x28\x0f\xc1\x08\xa3\x8f\x3b\x1a\x38\x69\xcf\x03\x88\x71\xf5\xac\xd4\xe8\xde\xc2\xec\x99\xbf\xef\x6e\x25\x96\xdf\x56\x7f\xac\x26\xf3\x17\x37\x92\xc2\x0b\x5d\x1f\xe6\x71\x5e\xb4\xa9\xd9\x64\xaf\x6f\xcc\x73\x1d\x4a\xc6\xbe\x25\xd3\x21\x7f\x7d\x87", 151); *(uint8_t*)0x20006e00 = 9; *(uint8_t*)0x20006e01 = 5; *(uint8_t*)0x20006e02 = 0xd; *(uint8_t*)0x20006e03 = 0xc; *(uint16_t*)0x20006e04 = 0x200; *(uint8_t*)0x20006e06 = 0x3f; *(uint8_t*)0x20006e07 = 8; *(uint8_t*)0x20006e08 = 1; *(uint8_t*)0x20006e09 = 9; *(uint8_t*)0x20006e0a = 5; *(uint8_t*)0x20006e0b = 6; *(uint8_t*)0x20006e0c = 0; *(uint16_t*)0x20006e0d = 0x1df; *(uint8_t*)0x20006e0f = 4; *(uint8_t*)0x20006e10 = 0x3f; *(uint8_t*)0x20006e11 = 0xc5; *(uint8_t*)0x20006e12 = 7; *(uint8_t*)0x20006e13 = 0x25; *(uint8_t*)0x20006e14 = 1; *(uint8_t*)0x20006e15 = 0x80; *(uint8_t*)0x20006e16 = 1; *(uint16_t*)0x20006e17 = 0; *(uint8_t*)0x20006e19 = 9; *(uint8_t*)0x20006e1a = 4; *(uint8_t*)0x20006e1b = 0xb1; *(uint8_t*)0x20006e1c = -1; *(uint8_t*)0x20006e1d = 4; *(uint8_t*)0x20006e1e = 0xb0; *(uint8_t*)0x20006e1f = 0x15; *(uint8_t*)0x20006e20 = 0x7a; *(uint8_t*)0x20006e21 = 0xa9; *(uint8_t*)0x20006e22 = 7; *(uint8_t*)0x20006e23 = 0x24; *(uint8_t*)0x20006e24 = 6; *(uint8_t*)0x20006e25 = 0; *(uint8_t*)0x20006e26 = 0; memcpy((void*)0x20006e27, "\x25\x02", 2); *(uint8_t*)0x20006e29 = 5; *(uint8_t*)0x20006e2a = 0x24; *(uint8_t*)0x20006e2b = 0; *(uint16_t*)0x20006e2c = 0x96; *(uint8_t*)0x20006e2e = 0xd; *(uint8_t*)0x20006e2f = 0x24; *(uint8_t*)0x20006e30 = 0xf; *(uint8_t*)0x20006e31 = 1; *(uint32_t*)0x20006e32 = 0; *(uint16_t*)0x20006e36 = 1; *(uint16_t*)0x20006e38 = 7; *(uint8_t*)0x20006e3a = 1; *(uint8_t*)0x20006e3b = 7; *(uint8_t*)0x20006e3c = 0x24; *(uint8_t*)0x20006e3d = 0xa; *(uint8_t*)0x20006e3e = 0xde; *(uint8_t*)0x20006e3f = 1; *(uint8_t*)0x20006e40 = 3; *(uint8_t*)0x20006e41 = 0x84; *(uint8_t*)0x20006e42 = 5; *(uint8_t*)0x20006e43 = 0x24; *(uint8_t*)0x20006e44 = 1; *(uint8_t*)0x20006e45 = 1; *(uint8_t*)0x20006e46 = 0x20; *(uint8_t*)0x20006e47 = 7; *(uint8_t*)0x20006e48 = 0x24; *(uint8_t*)0x20006e49 = 0x14; *(uint16_t*)0x20006e4a = 8; *(uint16_t*)0x20006e4c = 6; *(uint8_t*)0x20006e4e = 4; *(uint8_t*)0x20006e4f = 0x24; *(uint8_t*)0x20006e50 = 2; *(uint8_t*)0x20006e51 = 7; *(uint8_t*)0x20006e52 = 0xa; *(uint8_t*)0x20006e53 = 0x24; *(uint8_t*)0x20006e54 = 7; *(uint8_t*)0x20006e55 = 0x20; *(uint16_t*)0x20006e56 = 0xd57a; *(uint16_t*)0x20006e58 = 0x3ff; *(uint16_t*)0x20006e5a = 7; *(uint8_t*)0x20006e5c = 7; *(uint8_t*)0x20006e5d = 0x24; *(uint8_t*)0x20006e5e = 0xa; *(uint8_t*)0x20006e5f = 0x80; *(uint8_t*)0x20006e60 = 0; *(uint8_t*)0x20006e61 = 0xfc; *(uint8_t*)0x20006e62 = 6; *(uint8_t*)0x20006e63 = 9; *(uint8_t*)0x20006e64 = 5; *(uint8_t*)0x20006e65 = 0xc; *(uint8_t*)0x20006e66 = 0x10; *(uint16_t*)0x20006e67 = 0x400; *(uint8_t*)0x20006e69 = 0x80; *(uint8_t*)0x20006e6a = 0x3f; *(uint8_t*)0x20006e6b = 0; *(uint8_t*)0x20006e6c = 0xc0; *(uint8_t*)0x20006e6d = 0x23; memcpy((void*)0x20006e6e, "\x2f\xa6\x21\x6f\xa5\xb3\x4b\x3c\x34\x7a\x90\xd7\xc0\x9d\xee\x9e\x3b\xad\x4c\xef\xe7\xc1\x78\xd4\xc2\x48\xc1\x75\xd6\xe2\x65\xf0\xf1\x5b\x5d\xb2\xf1\xef\xac\xfb\xb4\x75\x80\x01\xa8\x95\xf8\x29\x6a\x82\xcc\x24\x3a\x7a\x71\xe6\xcf\xa5\x9d\x27\xd6\xba\x04\x08\x6b\x13\x18\xf3\x99\x7a\xee\x66\x3f\xb0\xb1\x88\xa9\x5e\x85\x05\xf2\x75\x8d\x8b\x43\xe5\x4d\xce\x1e\x61\x31\xac\x08\xc8\xf2\x9e\x40\xfd\xf1\x8b\xbc\xb5\x70\x4b\x23\x47\x1e\x1f\xa2\xbb\xa7\x64\x58\x1c\xe7\xdc\x0a\x1f\x88\x0b\x6a\xa4\xe3\x93\x0f\x95\x24\xba\xf7\xf5\x0f\x7c\xb5\x8d\xdb\xd7\xb0\x65\xbe\x27\x02\x27\xb4\x7e\x34\xa8\x27\xa2\xf0\x9e\x87\x65\x2c\x3b\x09\x33\x94\x5d\x95\xbc\xdc\x06\x2e\x78\x95\x3c\x6f\xef\x78\x19\x97\x36\xf6\x24\x70\xac\x62\x41\x40\xad\x40\x3c\x6f\x78\x8d\x52\xe1\x0e\x11\x03", 190); *(uint8_t*)0x20006f2c = 9; *(uint8_t*)0x20006f2d = 5; *(uint8_t*)0x20006f2e = 5; *(uint8_t*)0x20006f2f = 0; *(uint16_t*)0x20006f30 = 0x20; *(uint8_t*)0x20006f32 = 0x3f; *(uint8_t*)0x20006f33 = 0x7f; *(uint8_t*)0x20006f34 = 2; *(uint8_t*)0x20006f35 = 0x1a; *(uint8_t*)0x20006f36 = 0xc; memcpy((void*)0x20006f37, "\x1c\x2b\x9b\xf9\x18\x36\xba\x9e\x59\x50\x27\x9a\xa4\x49\xab\x26\x14\xf1\x7e\xc4\x78\xa5\xa7\x00", 24); *(uint8_t*)0x20006f4f = 0xc3; *(uint8_t*)0x20006f50 = 0xc; memcpy((void*)0x20006f51, "\x31\x39\xf5\x6a\x95\xcd\x9a\xcd\x2c\xaf\x28\x74\xda\x06\x4a\xdf\x8a\x3e\xa9\x3c\xbd\x32\xe1\x4f\x79\xb6\x83\x8a\x87\x5d\x2b\x1c\x72\x86\xc6\x17\xf7\x80\xe8\x3c\xd8\xac\x69\xa4\x71\x4e\x10\x41\xcf\x11\xa6\x98\x86\x60\x63\xe4\x4d\x74\xc6\xdf\xbe\xe8\x90\x55\xed\xa3\xb7\x01\x77\xaf\x2e\x4b\x13\x8e\xdb\xeb\x82\xf3\x46\x05\xc6\x14\xb3\xa5\xcb\x77\x50\xf2\x20\xc4\xc8\xbc\x45\x0a\x30\x09\xd9\xbd\x33\x00\x56\x14\x98\xc1\x64\xcf\x3b\x38\x00\xcd\xf5\x75\xf5\xee\x94\x56\xff\xec\x5a\xcc\x96\xed\x76\xe2\x26\xc3\x6e\x52\x50\x8d\x2f\xc0\x8e\x9f\x1e\xa6\xfe\x8c\xfc\x2c\x9a\x31\xb0\x9a\xc5\x56\xd2\xe4\x8e\x88\xdb\x31\x70\x50\x50\x52\xed\x76\xa4\x75\xaa\x82\xd6\x36\xd9\x7e\x10\xe7\xe3\xdd\x77\x12\x5f\x5d\xf8\xa7\x95\x7d\x3c\x3f\x94\xf1\xc7\x6c\xbc\x01\x36\x19\x26\x39\xd1\x76\x40", 193); *(uint8_t*)0x20007012 = 9; *(uint8_t*)0x20007013 = 5; *(uint8_t*)0x20007014 = 2; *(uint8_t*)0x20007015 = 2; *(uint16_t*)0x20007016 = 0x200; *(uint8_t*)0x20007018 = 0x48; *(uint8_t*)0x20007019 = 2; *(uint8_t*)0x2000701a = 4; *(uint8_t*)0x2000701b = 9; *(uint8_t*)0x2000701c = 5; *(uint8_t*)0x2000701d = 1; *(uint8_t*)0x2000701e = 0x10; *(uint16_t*)0x2000701f = 0x20; *(uint8_t*)0x20007021 = 0x6c; *(uint8_t*)0x20007022 = 1; *(uint8_t*)0x20007023 = 3; *(uint8_t*)0x20007024 = 0xce; *(uint8_t*)0x20007025 = 0x21; memcpy((void*)0x20007026, "\x06\xc1\x68\xe4\xec\x51\x8f\xa8\x4d\xd5\x1e\xa1\x69\x50\xaf\x04\x28\x9b\x85\x63\x92\x49\xe5\xb2\x76\x19\xa0\x30\x17\x47\x9c\xb3\x14\xd2\xff\xe9\xee\x81\xbe\x9e\xb0\x17\xcf\x98\x23\x4e\x8f\x72\x36\x18\xdf\xe3\x9f\x1f\x4c\xee\x3c\xa8\x42\xdd\x87\x02\x08\xe0\x1c\xcd\x1c\x6a\xe4\xd9\xa7\x1b\x28\x14\xb6\xaa\x79\x5f\xef\xda\x45\x07\x27\xb3\xbe\xb2\x66\xf7\xf3\x56\x20\xf0\x9a\x35\x08\xc2\x9f\xd6\x0d\x98\x47\x34\x2c\x29\x5b\x2b\xa8\x67\xe4\x9b\x8f\x0b\x74\x6d\x5b\x75\x2b\xe6\x9f\x4d\xa8\x8f\x93\x8d\xcb\xfe\x16\x90\x33\x3c\x46\x7c\xb8\x90\x05\x97\xad\x4a\xa4\x34\x40\x45\x39\x24\x3f\x3a\x64\xdb\xce\xd5\x55\x45\x62\x04\x2f\xb9\x8f\xd0\xa5\x55\x3a\xb0\xbd\xf0\xac\xcf\x16\x52\x5c\x4f\x84\x63\x4a\xee\x87\x63\xdb\x10\xe7\x0e\x77\xa8\x9a\x71\x42\x21\xad\x80\x5f\x53\x8a\x0d\x1a\x82\x4d\xcb\x6a\xaa\xc6\x1d\x3e\xa4\xbf\xe9", 204); *(uint8_t*)0x200070f2 = 7; *(uint8_t*)0x200070f3 = 0x25; *(uint8_t*)0x200070f4 = 1; *(uint8_t*)0x200070f5 = 3; *(uint8_t*)0x200070f6 = 0x80; *(uint16_t*)0x200070f7 = 5; *(uint8_t*)0x200070f9 = 9; *(uint8_t*)0x200070fa = 4; *(uint8_t*)0x200070fb = 0x6b; *(uint8_t*)0x200070fc = 3; *(uint8_t*)0x200070fd = 5; *(uint8_t*)0x200070fe = 0x3d; *(uint8_t*)0x200070ff = 0x21; *(uint8_t*)0x20007100 = 0xee; *(uint8_t*)0x20007101 = 0xc0; *(uint8_t*)0x20007102 = 9; *(uint8_t*)0x20007103 = 0x21; *(uint16_t*)0x20007104 = 0x848d; *(uint8_t*)0x20007106 = 0x1f; *(uint8_t*)0x20007107 = 1; *(uint8_t*)0x20007108 = 0x22; *(uint16_t*)0x20007109 = 0x3f6; *(uint8_t*)0x2000710b = 9; *(uint8_t*)0x2000710c = 5; *(uint8_t*)0x2000710d = 0xd; *(uint8_t*)0x2000710e = 0x10; *(uint16_t*)0x2000710f = 0x40; *(uint8_t*)0x20007111 = 0x7c; *(uint8_t*)0x20007112 = 6; *(uint8_t*)0x20007113 = 4; *(uint8_t*)0x20007114 = 7; *(uint8_t*)0x20007115 = 0x25; *(uint8_t*)0x20007116 = 1; *(uint8_t*)0x20007117 = 0x82; *(uint8_t*)0x20007118 = 0x69; *(uint16_t*)0x20007119 = 0x5fa4; *(uint8_t*)0x2000711b = 9; *(uint8_t*)0x2000711c = 5; *(uint8_t*)0x2000711d = 3; *(uint8_t*)0x2000711e = 0x1c; *(uint16_t*)0x2000711f = 0x3ff; *(uint8_t*)0x20007121 = 8; *(uint8_t*)0x20007122 = 0x81; *(uint8_t*)0x20007123 = 1; *(uint8_t*)0x20007124 = 7; *(uint8_t*)0x20007125 = 0x25; *(uint8_t*)0x20007126 = 1; *(uint8_t*)0x20007127 = 0x37; *(uint8_t*)0x20007128 = 3; *(uint16_t*)0x20007129 = 0xfff; *(uint8_t*)0x2000712b = 0xba; *(uint8_t*)0x2000712c = 9; memcpy((void*)0x2000712d, "\xb8\xe7\xe6\x10\xb0\x74\x32\x5b\x28\xa3\x8b\x1b\x5f\x75\x6c\xdd\xec\xec\x90\x26\xba\xed\xfb\x15\x8c\x2c\xe4\xd0\xe3\x48\xd2\x44\x73\xf7\xa1\xee\x74\xbd\xa8\xa6\xd5\x84\x5a\xcf\x5d\xe0\x95\x71\x3b\xb0\x20\xe1\x29\x2c\xc0\x80\xd9\xc8\x97\x44\xf8\xce\xd9\x69\x16\xbb\x20\x55\xa1\xa1\x76\x9f\x6a\x7b\x4d\x13\xb9\xf7\x40\x50\xa8\x22\x0d\xdf\x0d\x09\xa9\x4c\x3b\xfb\xaa\xb0\x6f\xdd\x2b\x5e\x0b\x19\x31\xb7\x7f\x42\x6c\x18\xe3\xc8\x8d\xa2\x5c\x52\xc0\x19\xdb\xfb\xdb\xb8\xbf\x0e\x5e\xe6\x28\xb5\xa4\x6d\x95\xb5\x39\x42\xfe\xb5\xbf\x7b\xfd\x58\x1f\x93\xa9\x45\xc8\x5d\xa3\x3b\x76\x3d\x2f\x0c\x33\x45\x89\x8c\x95\xe2\xa1\x22\x8e\x5e\x08\x40\x70\xa1\xe9\x6b\xce\xf7\x23\x7f\x0a\x03\x36\xc6\x30\x91\xbe\x6b\x87\xd3\xff\x68\xde\x36\xf6\xc9\xb0\xb2", 184); *(uint8_t*)0x200071e5 = 9; *(uint8_t*)0x200071e6 = 5; *(uint8_t*)0x200071e7 = 0; *(uint8_t*)0x200071e8 = 0x10; *(uint16_t*)0x200071e9 = 0; *(uint8_t*)0x200071eb = 0x40; *(uint8_t*)0x200071ec = 7; *(uint8_t*)0x200071ed = 0x22; *(uint8_t*)0x200071ee = 0xfc; *(uint8_t*)0x200071ef = 0x11; memcpy((void*)0x200071f0, "\xfb\xb0\xdd\xc3\x40\xe0\xee\x54\x66\x41\x5b\xab\xc5\x9d\x3b\xbf\x8a\x56\x91\x09\x35\x1e\x08\x9d\xf0\x59\x09\x4e\x3c\x5a\xef\x87\xf9\xe1\x31\x20\xdc\x04\x3a\x4d\xad\x91\x93\xdb\xea\x34\xae\xff\xbe\x3c\x0d\x94\x5d\x8a\x18\xd6\xc0\x55\xb7\x9c\xe5\x1a\xdb\x09\x82\x0e\xb6\x96\x5d\x78\x22\xf5\x53\xc5\x90\xfb\x93\x5c\xc1\x58\x0e\x2b\x0e\xf0\x39\x29\x0f\x87\xad\x62\xe2\x18\x1d\xd2\xbb\x24\xa7\x78\xed\x74\x23\x3d\x39\xc6\xb0\x15\x66\x72\x3d\x38\x6a\xcd\x2f\xf2\x42\x72\x0d\xa9\x5b\xf5\x44\x94\xdb\x06\x51\x6e\x40\xd1\x92\x76\xbe\x27\xf9\xe0\x78\xc7\x62\x1a\xbe\xc7\x9a\xf9\x0b\x12\xfd\x0d\xbf\x62\x8f\xa9\xf9\xa0\x94\x93\x8f\x29\x7a\x8f\x8c\x63\xff\xe5\x7d\x00\x40\x79\x2e\x86\xe8\xd2\x42\x5b\x2a\x50\xd3\x7c\xc1\xab\x39\x75\x22\x7e\xc4\xcd\x85\xc0\x2d\x73\x4b\x8e\xce\x89\x1b\x27\x49\x62\xc1\x13\x34\x9b\x2b\x06\xf2\xea\x19\x7a\xf2\x34\x72\xe2\xd1\xce\x4d\x93\x0c\xf8\x49\xf7\x7e\x61\x9c\x77\xb2\xe9\xb1\xdb\x97\x7c\x04\x0b\x42\x89\x33\xd8\x06\x6b\x59\x31\x28\x3d\x29\x49\xea\x81\x25\xc4\x65\x37\xa3\xe2", 250); *(uint8_t*)0x200072ea = 7; *(uint8_t*)0x200072eb = 0x25; *(uint8_t*)0x200072ec = 1; *(uint8_t*)0x200072ed = 0x5d; *(uint8_t*)0x200072ee = 7; *(uint16_t*)0x200072ef = 7; *(uint8_t*)0x200072f1 = 9; *(uint8_t*)0x200072f2 = 5; *(uint8_t*)0x200072f3 = 5; *(uint8_t*)0x200072f4 = 0; *(uint16_t*)0x200072f5 = 0x400; *(uint8_t*)0x200072f7 = 5; *(uint8_t*)0x200072f8 = 5; *(uint8_t*)0x200072f9 = 0x1f; *(uint8_t*)0x200072fa = 0xb3; *(uint8_t*)0x200072fb = 0xb; memcpy((void*)0x200072fc, "\x0a\x90\x26\x86\x4d\x79\xf2\x1b\x7a\x15\x0b\x9c\xaf\xf6\xd2\x23\x28\x7b\x8c\xa6\x7d\x8d\x62\xad\x24\x44\xad\x8a\xb2\x40\x35\xf8\x7b\xea\x38\x7a\x1c\x63\x16\xcd\xa6\x1d\x7f\x3d\x15\x2b\x50\x7d\xfe\xa1\x3e\xb6\x95\x48\x67\xd2\x49\xc9\x09\xaa\x46\xa7\x31\x77\x1b\xbc\x9d\xe9\x59\xdd\x60\xac\x85\x76\x69\xab\x68\x0a\xaf\x8c\x6f\x94\xb6\x47\x95\xdc\x7e\xc6\x0d\xa5\x53\x2b\xf5\x8f\x6b\xa5\xb8\xc7\x37\x2f\xf5\xf9\x5b\x31\x08\xe2\x9b\x13\xe6\x70\x9f\x81\x50\x16\xd3\x53\xc6\xde\xdb\xf5\x45\xdf\x03\xd5\x87\x4b\xe7\x15\x51\x3c\x36\xff\xfe\xea\x5b\xc1\xdf\x7b\xef\x3b\xf1\x99\x10\xb0\x15\x92\xc2\x35\xf3\xe8\x17\x74\x90\x84\xa3\x8b\xde\x9e\x19\x6e\x27\x37\xcd\xdd\xc6\xdb\xe1\x43\x13\x67\x9a\x0b\xe3\x21\x14\xa9\x35", 177); *(uint8_t*)0x200073ad = 0xcb; *(uint8_t*)0x200073ae = 9; memcpy((void*)0x200073af, "\x0e\x30\xd9\x67\xc4\xc4\x78\x8b\x63\x96\x45\x65\x05\x54\x46\x04\x9b\xb0\x57\xff\xe7\xfa\x48\x41\x37\xed\x94\x0e\xd6\x96\xd3\xdf\x82\x2d\x7f\xda\x84\xe0\x35\xfc\x02\xf2\x79\xaa\x40\x7f\xe5\x17\x92\x45\x64\x73\x44\x0d\xfa\xf2\xf6\xcf\x45\x2e\x0d\x53\x9d\x88\x95\x3e\xfd\xfb\xdb\xea\x71\xa7\xde\xf8\xbd\xc1\x06\xb8\x1f\x32\x5b\x00\xbd\x33\x2a\x3d\xc6\x9c\xba\x43\x29\xc3\x05\xbd\x46\x89\x2b\x30\xd4\x47\xec\xe1\x71\xba\x0b\x4a\x73\xc2\xa0\x8e\x64\x30\xa8\xed\xb6\xcf\xb5\xfb\x7a\xb5\xbc\xe3\x4b\xa2\x38\x5f\xc7\xab\x6a\x5d\x60\x2c\x69\x91\x92\xd9\xa9\x67\xdc\xf2\x55\xd2\xbd\x64\x53\xff\x27\xb3\xe4\x97\x8a\x81\x69\xf8\xf8\xd9\xe1\xd7\x42\xde\xa5\x53\x6e\xe6\xb5\xb8\x41\x1f\x4a\x7e\xea\xf5\x95\x9b\xba\xd4\xa2\x03\xde\x44\xcc\x50\xc1\x5d\x54\xac\x51\x0a\xfe\x7c\x69\xe7\x9f\x40\x14\x36\xdb\xc3\x65\x11\x4c", 201); *(uint8_t*)0x20007478 = 9; *(uint8_t*)0x20007479 = 5; *(uint8_t*)0x2000747a = 0xb; *(uint8_t*)0x2000747b = 0x16; *(uint16_t*)0x2000747c = 8; *(uint8_t*)0x2000747e = 5; *(uint8_t*)0x2000747f = 0; *(uint8_t*)0x20007480 = 3; *(uint8_t*)0x20007481 = 0x5f; *(uint8_t*)0x20007482 = 0xc; memcpy((void*)0x20007483, "\x7a\x83\xaa\x84\x2e\x67\xfc\x4a\x39\x31\x27\x22\xb0\x63\xb2\x9e\xd9\xd2\x08\x58\x58\x08\xb5\xdd\x26\xd2\xc9\x04\x3a\xc3\x04\xdc\x29\x86\x86\xd0\xcd\x8a\x9d\x62\x3e\x67\x8b\x98\x41\x0d\x54\xa5\xab\x43\xa7\x09\xa1\x62\x6f\x4d\x80\x47\x33\x5b\xa6\x2f\x79\x54\x59\x99\x0e\x70\x14\xec\xdc\x10\x49\x38\x63\x80\x36\x6f\x56\xe3\xd1\x0a\xf4\x24\xe1\xef\x08\x7b\x70\x70\xab\xb8\x93", 93); *(uint8_t*)0x200074e0 = 7; *(uint8_t*)0x200074e1 = 0x25; *(uint8_t*)0x200074e2 = 1; *(uint8_t*)0x200074e3 = 3; *(uint8_t*)0x200074e4 = 7; *(uint16_t*)0x200074e5 = 0x401; *(uint8_t*)0x200074e7 = 9; *(uint8_t*)0x200074e8 = 4; *(uint8_t*)0x200074e9 = 0x9d; *(uint8_t*)0x200074ea = 0xba; *(uint8_t*)0x200074eb = 1; *(uint8_t*)0x200074ec = -1; *(uint8_t*)0x200074ed = 2; *(uint8_t*)0x200074ee = 0x73; *(uint8_t*)0x200074ef = 0x7f; *(uint8_t*)0x200074f0 = 5; *(uint8_t*)0x200074f1 = 0x24; *(uint8_t*)0x200074f2 = 6; *(uint8_t*)0x200074f3 = 0; *(uint8_t*)0x200074f4 = 1; *(uint8_t*)0x200074f5 = 5; *(uint8_t*)0x200074f6 = 0x24; *(uint8_t*)0x200074f7 = 0; *(uint16_t*)0x200074f8 = 0xff80; *(uint8_t*)0x200074fa = 0xd; *(uint8_t*)0x200074fb = 0x24; *(uint8_t*)0x200074fc = 0xf; *(uint8_t*)0x200074fd = 1; *(uint32_t*)0x200074fe = 4; *(uint16_t*)0x20007502 = 0x3f; *(uint16_t*)0x20007504 = 0xa0; *(uint8_t*)0x20007506 = 0x81; *(uint8_t*)0x20007507 = 6; *(uint8_t*)0x20007508 = 0x24; *(uint8_t*)0x20007509 = 0x1a; *(uint16_t*)0x2000750a = 0x5118; *(uint8_t*)0x2000750c = 0x30; *(uint8_t*)0x2000750d = 0x15; *(uint8_t*)0x2000750e = 0x24; *(uint8_t*)0x2000750f = 0x12; *(uint16_t*)0x20007510 = 0x200; *(uint64_t*)0x20007512 = 0x14f5e048ba817a3; *(uint64_t*)0x2000751a = 0x2a397ecbffc007a6; *(uint8_t*)0x20007522 = 0xc; *(uint8_t*)0x20007523 = 0x24; *(uint8_t*)0x20007524 = 0x1b; *(uint16_t*)0x20007525 = 0x605; *(uint16_t*)0x20007527 = 0x3ff; *(uint8_t*)0x20007529 = 0x81; *(uint8_t*)0x2000752a = 4; *(uint16_t*)0x2000752b = 0xfffb; *(uint8_t*)0x2000752d = 2; *(uint8_t*)0x2000752e = 0x15; *(uint8_t*)0x2000752f = 0x24; *(uint8_t*)0x20007530 = 0x12; *(uint16_t*)0x20007531 = 0xb9; *(uint64_t*)0x20007533 = 0x14f5e048ba817a3; *(uint64_t*)0x2000753b = 0x2a397ecbffc007a6; *(uint8_t*)0x20007543 = 0xc; *(uint8_t*)0x20007544 = 0x24; *(uint8_t*)0x20007545 = 0x1b; *(uint16_t*)0x20007546 = 0x6e5; *(uint16_t*)0x20007548 = 0x200; *(uint8_t*)0x2000754a = 4; *(uint8_t*)0x2000754b = 0x6e; *(uint16_t*)0x2000754c = 0xce; *(uint8_t*)0x2000754e = 6; *(uint8_t*)0x2000754f = 0xc; *(uint8_t*)0x20007550 = 0x24; *(uint8_t*)0x20007551 = 0x1b; *(uint16_t*)0x20007552 = 0; *(uint16_t*)0x20007554 = 1; *(uint8_t*)0x20007556 = 2; *(uint8_t*)0x20007557 = 0x80; *(uint16_t*)0x20007558 = 6; *(uint8_t*)0x2000755a = 6; *(uint8_t*)0x2000755b = 9; *(uint8_t*)0x2000755c = 5; *(uint8_t*)0x2000755d = 3; *(uint8_t*)0x2000755e = 8; *(uint16_t*)0x2000755f = 0x10; *(uint8_t*)0x20007561 = 8; *(uint8_t*)0x20007562 = 1; *(uint8_t*)0x20007563 = 0x1f; *(uint8_t*)0x20007564 = 0xad; *(uint8_t*)0x20007565 = 2; memcpy((void*)0x20007566, "\xb0\x44\x85\x4e\xe1\x75\xc5\xf2\xbc\x2f\x67\x07\x5f\xf4\xfa\x04\x9f\x4d\xba\x9c\x23\x4b\xe8\xd4\x0e\x89\x5e\x8a\x2a\x79\x19\xb4\x8c\xc6\xc3\x04\x19\x01\x15\xe9\x93\x3e\xb1\xc9\x82\x42\x8c\x3a\x0d\x53\x36\x9e\xf7\x70\x92\xd6\x08\x1a\xa2\xbd\xf5\x46\x3d\xeb\x38\x45\x7f\x1d\x67\x44\xbb\x73\x4f\x03\xeb\xdf\x50\x76\x6b\x49\x53\x5c\x5e\xd1\xb3\x4b\x2e\x12\x85\x7c\x87\xbd\x89\xef\x45\x2a\x92\xeb\x07\x20\xb3\x9c\x06\xbc\x73\x67\xeb\x39\xfc\x6a\x1a\xf3\x7a\x88\x8f\xe0\x71\x01\x14\xe8\x78\x8d\xe4\xc8\x08\xbf\xd1\x19\x32\x6c\x6d\x2c\xf4\x94\x4b\x3a\x56\x89\xd0\x35\x93\x43\x6a\xa1\x07\x7e\xff\x8d\x2c\x94\xbd\x5d\xae\xbc\x9d\x86\xe5\xbb\xef\x65\x64\x04\x38\xb8\xc4\xfa\x73\xd8\x5c\xc7\xb2", 171); *(uint32_t*)0x20007840 = 0xa; *(uint32_t*)0x20007844 = 0x20007640; *(uint8_t*)0x20007640 = 0xa; *(uint8_t*)0x20007641 = 6; *(uint16_t*)0x20007642 = 0x110; *(uint8_t*)0x20007644 = 0x80; *(uint8_t*)0x20007645 = 9; *(uint8_t*)0x20007646 = 1; *(uint8_t*)0x20007647 = 0x10; *(uint8_t*)0x20007648 = 4; *(uint8_t*)0x20007649 = 0; *(uint32_t*)0x20007848 = 0x64; *(uint32_t*)0x2000784c = 0x20007680; *(uint8_t*)0x20007680 = 5; *(uint8_t*)0x20007681 = 0xf; *(uint16_t*)0x20007682 = 0x64; *(uint8_t*)0x20007684 = 6; *(uint8_t*)0x20007685 = 0x14; *(uint8_t*)0x20007686 = 0x10; *(uint8_t*)0x20007687 = 0xa; *(uint8_t*)0x20007688 = 0; STORE_BY_BITMASK(uint32_t, , 0x20007689, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20007689, 0, 5, 27); *(uint16_t*)0x2000768d = 0xf00; *(uint16_t*)0x2000768f = 4; *(uint32_t*)0x20007691 = 0xff0000; *(uint32_t*)0x20007695 = 0xc0; *(uint8_t*)0x20007699 = 0xa; *(uint8_t*)0x2000769a = 0x10; *(uint8_t*)0x2000769b = 3; *(uint8_t*)0x2000769c = 0; *(uint16_t*)0x2000769d = 1; *(uint8_t*)0x2000769f = 0; *(uint8_t*)0x200076a0 = 0x1f; *(uint16_t*)0x200076a1 = 9; *(uint8_t*)0x200076a3 = 0x20; *(uint8_t*)0x200076a4 = 0x10; *(uint8_t*)0x200076a5 = 0xa; *(uint8_t*)0x200076a6 = 0x81; STORE_BY_BITMASK(uint32_t, , 0x200076a7, 5, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x200076a7, 7, 5, 27); *(uint16_t*)0x200076ab = 0; *(uint16_t*)0x200076ad = 0x80; *(uint32_t*)0x200076af = 0; *(uint32_t*)0x200076b3 = 0x3f00; *(uint32_t*)0x200076b7 = 0; *(uint32_t*)0x200076bb = 0xc000; *(uint32_t*)0x200076bf = 0xffc0; *(uint8_t*)0x200076c3 = 3; *(uint8_t*)0x200076c4 = 0x10; *(uint8_t*)0x200076c5 = 0xb; *(uint8_t*)0x200076c6 = 0xa; *(uint8_t*)0x200076c7 = 0x10; *(uint8_t*)0x200076c8 = 3; *(uint8_t*)0x200076c9 = 2; *(uint16_t*)0x200076ca = 0xa; *(uint8_t*)0x200076cc = 0x80; *(uint8_t*)0x200076cd = 1; *(uint16_t*)0x200076ce = 0xf07a; *(uint8_t*)0x200076d0 = 0x14; *(uint8_t*)0x200076d1 = 0x10; *(uint8_t*)0x200076d2 = 4; *(uint8_t*)0x200076d3 = 1; memcpy((void*)0x200076d4, "\x16\xfa\x0c\xbc\xaf\x6e\x45\xfe\xf8\x91\x0f\xb5\x97\xfe\xa0\xeb", 16); *(uint32_t*)0x20007850 = 3; *(uint32_t*)0x20007854 = 0x9e; *(uint32_t*)0x20007858 = 0x20007700; *(uint8_t*)0x20007700 = 0x9e; *(uint8_t*)0x20007701 = 3; memcpy((void*)0x20007702, "\x34\x30\x1c\x3d\x32\xd7\xde\xf4\x67\x07\xec\x19\xf9\xc0\x6b\xbe\xea\x89\x88\x49\xd5\x69\x18\xf2\xd0\xf1\x0b\x7b\x72\x8f\x8d\x23\x2d\xe4\xe1\x22\x3c\xe4\x2f\x7d\x08\x67\x83\xba\x31\x0b\xaa\x68\xa2\x2d\x8a\xcf\xba\x4d\x52\x37\x5a\x16\xda\xca\xc7\x76\x1a\x3c\x95\x20\x92\x9d\x62\x39\xc1\x59\xe1\xda\x18\xcf\xc7\x80\xe3\xba\xe0\xa1\xe4\x74\x40\xbb\x15\xf6\xb6\x2f\x2b\x0e\xd3\x1f\x5c\xf2\x20\x7d\x40\x6b\xf7\x1d\xd3\x0a\x08\x9d\xbd\x71\x99\xbb\xb2\x1b\xfe\xbc\x4e\x35\x5e\xb5\x68\x02\xd9\x54\x25\x1c\xa9\x27\xdd\x11\x05\x1e\x83\xad\x0b\xf0\x91\x42\xb2\x53\x2b\xe8\xb2\x94\x46\x4a\x27\xa0\x75\xc4\xcc\xca\xe1\x91\xca\x85\x10\x49", 156); *(uint32_t*)0x2000785c = 0x15; *(uint32_t*)0x20007860 = 0x200077c0; *(uint8_t*)0x200077c0 = 0x15; *(uint8_t*)0x200077c1 = 3; memcpy((void*)0x200077c2, "\xee\xb2\x63\xc0\x0c\xe5\x8f\x49\x0a\x96\x56\x1b\x62\x60\x8f\xa1\x65\x52\x05", 19); *(uint32_t*)0x20007864 = 4; *(uint32_t*)0x20007868 = 0x20007800; *(uint8_t*)0x20007800 = 4; *(uint8_t*)0x20007801 = 3; *(uint16_t*)0x20007802 = 0x3416; res = -1; res = syz_usb_connect(4, 0xe11, 0x20006800, 0x20007840); if (res != -1) r[21] = res; break; case 44: *(uint8_t*)0x20007880 = 0x12; *(uint8_t*)0x20007881 = 1; *(uint16_t*)0x20007882 = 0x200; *(uint8_t*)0x20007884 = -1; *(uint8_t*)0x20007885 = -1; *(uint8_t*)0x20007886 = -1; *(uint8_t*)0x20007887 = 0x40; *(uint16_t*)0x20007888 = 0xcf3; *(uint16_t*)0x2000788a = 0x9271; *(uint16_t*)0x2000788c = 0x108; *(uint8_t*)0x2000788e = 1; *(uint8_t*)0x2000788f = 2; *(uint8_t*)0x20007890 = 3; *(uint8_t*)0x20007891 = 1; *(uint8_t*)0x20007892 = 9; *(uint8_t*)0x20007893 = 2; *(uint16_t*)0x20007894 = 0x48; *(uint8_t*)0x20007896 = 1; *(uint8_t*)0x20007897 = 1; *(uint8_t*)0x20007898 = 0; *(uint8_t*)0x20007899 = 0x80; *(uint8_t*)0x2000789a = 0xfa; *(uint8_t*)0x2000789b = 9; *(uint8_t*)0x2000789c = 4; *(uint8_t*)0x2000789d = 0; *(uint8_t*)0x2000789e = 0; *(uint8_t*)0x2000789f = 6; *(uint8_t*)0x200078a0 = -1; *(uint8_t*)0x200078a1 = 0; *(uint8_t*)0x200078a2 = 0; *(uint8_t*)0x200078a3 = 0; *(uint8_t*)0x200078a4 = 9; *(uint8_t*)0x200078a5 = 5; *(uint8_t*)0x200078a6 = 1; *(uint8_t*)0x200078a7 = 2; *(uint16_t*)0x200078a8 = 0x200; *(uint8_t*)0x200078aa = 0; *(uint8_t*)0x200078ab = 0; *(uint8_t*)0x200078ac = 0; *(uint8_t*)0x200078ad = 9; *(uint8_t*)0x200078ae = 5; *(uint8_t*)0x200078af = 0x82; *(uint8_t*)0x200078b0 = 2; *(uint16_t*)0x200078b1 = 0x200; *(uint8_t*)0x200078b3 = 0; *(uint8_t*)0x200078b4 = 0; *(uint8_t*)0x200078b5 = 0; *(uint8_t*)0x200078b6 = 9; *(uint8_t*)0x200078b7 = 5; *(uint8_t*)0x200078b8 = 0x83; *(uint8_t*)0x200078b9 = 3; *(uint16_t*)0x200078ba = 0x40; *(uint8_t*)0x200078bc = 1; *(uint8_t*)0x200078bd = 0; *(uint8_t*)0x200078be = 0; *(uint8_t*)0x200078bf = 9; *(uint8_t*)0x200078c0 = 5; *(uint8_t*)0x200078c1 = 4; *(uint8_t*)0x200078c2 = 3; *(uint16_t*)0x200078c3 = 0x40; *(uint8_t*)0x200078c5 = 1; *(uint8_t*)0x200078c6 = 0; *(uint8_t*)0x200078c7 = 0; *(uint8_t*)0x200078c8 = 9; *(uint8_t*)0x200078c9 = 5; *(uint8_t*)0x200078ca = 5; *(uint8_t*)0x200078cb = 2; *(uint16_t*)0x200078cc = 0x200; *(uint8_t*)0x200078ce = 0; *(uint8_t*)0x200078cf = 0; *(uint8_t*)0x200078d0 = 0; *(uint8_t*)0x200078d1 = 9; *(uint8_t*)0x200078d2 = 5; *(uint8_t*)0x200078d3 = 6; *(uint8_t*)0x200078d4 = 2; *(uint16_t*)0x200078d5 = 0x200; *(uint8_t*)0x200078d7 = 0; *(uint8_t*)0x200078d8 = 0; *(uint8_t*)0x200078d9 = 0; res = -1; res = syz_usb_connect_ath9k(3, 0x5a, 0x20007880, 0); if (res != -1) r[22] = res; break; case 45: *(uint32_t*)0x20007b00 = 0x18; *(uint32_t*)0x20007b04 = 0x20007900; *(uint8_t*)0x20007900 = 0x20; *(uint8_t*)0x20007901 = 0x21; *(uint32_t*)0x20007902 = 0x9a; *(uint8_t*)0x20007906 = 0x9a; *(uint8_t*)0x20007907 = 5; memcpy((void*)0x20007908, "\x0a\x16\x8b\x3c\x55\x88\x8f\x31\xc9\x26\xba\x29\x32\xa9\xd1\x37\xd8\xb1\x9a\xc2\x17\xf0\xd2\x22\xe0\x93\x82\x4f\x4b\x30\xec\x9e\x71\xc2\x63\x4e\xe0\xfb\x8f\xc2\x24\xad\xde\xfd\xba\x18\xc2\x2f\x1b\x78\xc6\xb4\x65\x11\x4b\xd2\x24\xc2\xaf\x0a\x37\x95\x37\xea\xe8\x7e\x76\xeb\xd9\x1d\x16\x06\x3f\x2e\xcc\xaf\xd3\x00\x90\x93\x6a\xfa\x29\xeb\xaa\xcd\x35\x08\x2c\xa5\xb7\xa2\xb7\x21\x5d\x54\xc7\x25\x55\x36\xc7\x7b\xd8\xdf\xb3\x4b\xf4\x0e\xc7\x57\x50\x83\x54\x8d\x95\xc5\x67\x77\x3c\xba\xc1\x87\xae\xaa\xf9\x8a\xfe\x5f\x50\x6e\x96\x09\x48\xb7\x5e\x62\xe2\x6a\x16\x57\x25\x84\x1b\x5b\x0c\x64\x36\x4a\x8f\x09\x09\x80", 152); *(uint32_t*)0x20007b08 = 0x200079c0; *(uint8_t*)0x200079c0 = 0; *(uint8_t*)0x200079c1 = 3; *(uint32_t*)0x200079c2 = 0x6e; *(uint8_t*)0x200079c6 = 0x6e; *(uint8_t*)0x200079c7 = 3; memcpy((void*)0x200079c8, "\xb5\xd2\x6a\xf6\x3c\x75\x39\x26\x99\xac\x83\xeb\x6a\xfa\x75\xb9\x21\xd7\x7e\x3f\xcf\x43\xef\x5e\x91\x9d\xf9\xbd\xca\x82\x84\x0c\xaf\x4c\xdf\x52\xbb\x7a\x8a\x23\x93\xa8\xb1\xa2\xa1\xb1\x7f\xc9\xfa\x42\x01\x35\x69\xea\xee\xac\xe8\xc9\x77\xcc\xd3\x08\xe3\x02\x6e\xc1\x28\x87\xb9\xb8\x82\xe4\x06\x8a\xdf\xe6\x9e\x7d\x2e\x10\x48\xa4\x52\x7a\xc6\xea\xb1\x62\xbc\x67\x00\x76\x48\xca\x3d\x0f\x3d\x8c\xeb\x3a\xe6\xff\x58\x09\x38\x04\x65\x4f", 108); *(uint32_t*)0x20007b0c = 0x20007a40; *(uint8_t*)0x20007a40 = 0; *(uint8_t*)0x20007a41 = 0xf; *(uint32_t*)0x20007a42 = 5; *(uint8_t*)0x20007a46 = 5; *(uint8_t*)0x20007a47 = 0xf; *(uint16_t*)0x20007a48 = 5; *(uint8_t*)0x20007a4a = 0; *(uint32_t*)0x20007b10 = 0x20007a80; *(uint8_t*)0x20007a80 = 0x20; *(uint8_t*)0x20007a81 = 0x29; *(uint32_t*)0x20007a82 = 0xf; *(uint8_t*)0x20007a86 = 0xf; *(uint8_t*)0x20007a87 = 0x29; *(uint8_t*)0x20007a88 = 0x80; *(uint16_t*)0x20007a89 = 4; *(uint8_t*)0x20007a8b = 8; *(uint8_t*)0x20007a8c = 2; memcpy((void*)0x20007a8d, "\x01\x8a\x11\xac", 4); memcpy((void*)0x20007a91, "\x98\x3b\x66\xd4", 4); *(uint32_t*)0x20007b14 = 0x20007ac0; *(uint8_t*)0x20007ac0 = 0x20; *(uint8_t*)0x20007ac1 = 0x2a; *(uint32_t*)0x20007ac2 = 0xc; *(uint8_t*)0x20007ac6 = 0xc; *(uint8_t*)0x20007ac7 = 0x2a; *(uint8_t*)0x20007ac8 = 3; *(uint16_t*)0x20007ac9 = 0x10; *(uint8_t*)0x20007acb = 0x20; *(uint8_t*)0x20007acc = 0x1f; *(uint8_t*)0x20007acd = 0x81; *(uint16_t*)0x20007ace = 8; *(uint16_t*)0x20007ad0 = 0; *(uint32_t*)0x20007f40 = 0x44; *(uint32_t*)0x20007f44 = 0x20007b40; *(uint8_t*)0x20007b40 = 0x20; *(uint8_t*)0x20007b41 = 9; *(uint32_t*)0x20007b42 = 0x10; memcpy((void*)0x20007b46, "\xce\xc6\x41\xd8\x1e\x53\xb2\xba\x4e\x01\xec\x10\x75\x8c\x40\xaa", 16); *(uint32_t*)0x20007f48 = 0x20007b80; *(uint8_t*)0x20007b80 = 0; *(uint8_t*)0x20007b81 = 0xa; *(uint32_t*)0x20007b82 = 1; *(uint8_t*)0x20007b86 = 8; *(uint32_t*)0x20007f4c = 0x20007bc0; *(uint8_t*)0x20007bc0 = 0; *(uint8_t*)0x20007bc1 = 8; *(uint32_t*)0x20007bc2 = 1; *(uint8_t*)0x20007bc6 = 0x1f; *(uint32_t*)0x20007f50 = 0x20007c00; *(uint8_t*)0x20007c00 = 0x20; *(uint8_t*)0x20007c01 = 0; *(uint32_t*)0x20007c02 = 4; *(uint16_t*)0x20007c06 = 1; *(uint16_t*)0x20007c08 = 2; *(uint32_t*)0x20007f54 = 0x20007c40; *(uint8_t*)0x20007c40 = 0x20; *(uint8_t*)0x20007c41 = 0; *(uint32_t*)0x20007c42 = 4; *(uint16_t*)0x20007c46 = 0x200; *(uint16_t*)0x20007c48 = 0x40; *(uint32_t*)0x20007f58 = 0x20007c80; *(uint8_t*)0x20007c80 = 0x40; *(uint8_t*)0x20007c81 = 7; *(uint32_t*)0x20007c82 = 2; *(uint16_t*)0x20007c86 = 9; *(uint32_t*)0x20007f5c = 0x20007cc0; *(uint8_t*)0x20007cc0 = 0x40; *(uint8_t*)0x20007cc1 = 9; *(uint32_t*)0x20007cc2 = 1; *(uint8_t*)0x20007cc6 = 0x12; *(uint32_t*)0x20007f60 = 0x20007d00; *(uint8_t*)0x20007d00 = 0x40; *(uint8_t*)0x20007d01 = 0xb; *(uint32_t*)0x20007d02 = 2; memcpy((void*)0x20007d06, "\xd8\x47", 2); *(uint32_t*)0x20007f64 = 0x20007d40; *(uint8_t*)0x20007d40 = 0x40; *(uint8_t*)0x20007d41 = 0xf; *(uint32_t*)0x20007d42 = 2; *(uint16_t*)0x20007d46 = 0x676; *(uint32_t*)0x20007f68 = 0x20007d80; *(uint8_t*)0x20007d80 = 0x40; *(uint8_t*)0x20007d81 = 0x13; *(uint32_t*)0x20007d82 = 6; *(uint8_t*)0x20007d86 = 0xaa; *(uint8_t*)0x20007d87 = 0xaa; *(uint8_t*)0x20007d88 = 0xaa; *(uint8_t*)0x20007d89 = 0xaa; *(uint8_t*)0x20007d8a = 0xaa; *(uint8_t*)0x20007d8b = 0xbb; *(uint32_t*)0x20007f6c = 0x20007dc0; *(uint8_t*)0x20007dc0 = 0x40; *(uint8_t*)0x20007dc1 = 0x17; *(uint32_t*)0x20007dc2 = 6; *(uint8_t*)0x20007dc6 = 1; *(uint8_t*)0x20007dc7 = 0x80; *(uint8_t*)0x20007dc8 = 0xc2; *(uint8_t*)0x20007dc9 = 0; *(uint8_t*)0x20007dca = 0; *(uint8_t*)0x20007dcb = 0; *(uint32_t*)0x20007f70 = 0x20007e00; *(uint8_t*)0x20007e00 = 0x40; *(uint8_t*)0x20007e01 = 0x19; *(uint32_t*)0x20007e02 = 2; memcpy((void*)0x20007e06, "aB", 2); *(uint32_t*)0x20007f74 = 0x20007e40; *(uint8_t*)0x20007e40 = 0x40; *(uint8_t*)0x20007e41 = 0x1a; *(uint32_t*)0x20007e42 = 2; *(uint16_t*)0x20007e46 = 4; *(uint32_t*)0x20007f78 = 0x20007e80; *(uint8_t*)0x20007e80 = 0x40; *(uint8_t*)0x20007e81 = 0x1c; *(uint32_t*)0x20007e82 = 1; *(uint8_t*)0x20007e86 = 0x70; *(uint32_t*)0x20007f7c = 0x20007ec0; *(uint8_t*)0x20007ec0 = 0x40; *(uint8_t*)0x20007ec1 = 0x1e; *(uint32_t*)0x20007ec2 = 1; *(uint8_t*)0x20007ec6 = 9; *(uint32_t*)0x20007f80 = 0x20007f00; *(uint8_t*)0x20007f00 = 0x40; *(uint8_t*)0x20007f01 = 0x21; *(uint32_t*)0x20007f02 = 1; *(uint8_t*)0x20007f06 = 0; syz_usb_control_io(r[22], 0x20007b00, 0x20007f40); break; case 46: syz_usb_disconnect(r[21]); break; case 47: syz_usb_ep_read(r[21], 0x20, 0x53, 0x20007fc0); break; case 48: *(uint8_t*)0x20008040 = 0x12; *(uint8_t*)0x20008041 = 1; *(uint16_t*)0x20008042 = 0x250; *(uint8_t*)0x20008044 = 0; *(uint8_t*)0x20008045 = 0; *(uint8_t*)0x20008046 = 0; *(uint8_t*)0x20008047 = 8; *(uint16_t*)0x20008048 = 0x1130; *(uint16_t*)0x2000804a = 0x3101; *(uint16_t*)0x2000804c = 0x40; *(uint8_t*)0x2000804e = 1; *(uint8_t*)0x2000804f = 2; *(uint8_t*)0x20008050 = 3; *(uint8_t*)0x20008051 = 1; *(uint8_t*)0x20008052 = 9; *(uint8_t*)0x20008053 = 2; *(uint16_t*)0x20008054 = 0x2d; *(uint8_t*)0x20008056 = 1; *(uint8_t*)0x20008057 = 1; *(uint8_t*)0x20008058 = 1; *(uint8_t*)0x20008059 = 0; *(uint8_t*)0x2000805a = 0x20; *(uint8_t*)0x2000805b = 9; *(uint8_t*)0x2000805c = 4; *(uint8_t*)0x2000805d = 0; *(uint8_t*)0x2000805e = 8; *(uint8_t*)0x2000805f = 1; *(uint8_t*)0x20008060 = 3; *(uint8_t*)0x20008061 = 1; *(uint8_t*)0x20008062 = 2; *(uint8_t*)0x20008063 = 1; *(uint8_t*)0x20008064 = 9; *(uint8_t*)0x20008065 = 0x21; *(uint16_t*)0x20008066 = 0x3ff; *(uint8_t*)0x20008068 = 2; *(uint8_t*)0x20008069 = 1; *(uint8_t*)0x2000806a = 0x22; *(uint16_t*)0x2000806b = 0xc2c; *(uint8_t*)0x2000806d = 9; *(uint8_t*)0x2000806e = 5; *(uint8_t*)0x2000806f = 0x81; *(uint8_t*)0x20008070 = 3; *(uint16_t*)0x20008071 = 0x200; *(uint8_t*)0x20008073 = 4; *(uint8_t*)0x20008074 = 0; *(uint8_t*)0x20008075 = 9; *(uint8_t*)0x20008076 = 9; *(uint8_t*)0x20008077 = 5; *(uint8_t*)0x20008078 = 2; *(uint8_t*)0x20008079 = 3; *(uint16_t*)0x2000807a = 8; *(uint8_t*)0x2000807c = 1; *(uint8_t*)0x2000807d = 0xfa; *(uint8_t*)0x2000807e = 0; *(uint32_t*)0x200084c0 = 0xa; *(uint32_t*)0x200084c4 = 0x20008080; *(uint8_t*)0x20008080 = 0xa; *(uint8_t*)0x20008081 = 6; *(uint16_t*)0x20008082 = 0; *(uint8_t*)0x20008084 = 0x11; *(uint8_t*)0x20008085 = 0xf2; *(uint8_t*)0x20008086 = 0x20; *(uint8_t*)0x20008087 = 0xbf; *(uint8_t*)0x20008088 = 0xe3; *(uint8_t*)0x20008089 = 0; *(uint32_t*)0x200084c8 = 0x35; *(uint32_t*)0x200084cc = 0x200080c0; *(uint8_t*)0x200080c0 = 5; *(uint8_t*)0x200080c1 = 0xf; *(uint16_t*)0x200080c2 = 0x35; *(uint8_t*)0x200080c4 = 5; *(uint8_t*)0x200080c5 = 3; *(uint8_t*)0x200080c6 = 0x10; *(uint8_t*)0x200080c7 = 0xb; *(uint8_t*)0x200080c8 = 0x14; *(uint8_t*)0x200080c9 = 0x10; *(uint8_t*)0x200080ca = 4; *(uint8_t*)0x200080cb = 3; memcpy((void*)0x200080cc, "\x81\xb3\xe8\x31\xd0\x5d\x61\x72\x4e\x7e\xfe\x59\xe3\xeb\x35\xa8", 16); *(uint8_t*)0x200080dc = 3; *(uint8_t*)0x200080dd = 0x10; *(uint8_t*)0x200080de = 0xb; *(uint8_t*)0x200080df = 0xb; *(uint8_t*)0x200080e0 = 0x10; *(uint8_t*)0x200080e1 = 1; *(uint8_t*)0x200080e2 = 4; *(uint16_t*)0x200080e3 = 0x20; *(uint8_t*)0x200080e5 = 9; *(uint8_t*)0x200080e6 = 5; *(uint16_t*)0x200080e7 = 0x232; *(uint8_t*)0x200080e9 = 1; *(uint8_t*)0x200080ea = 0xb; *(uint8_t*)0x200080eb = 0x10; *(uint8_t*)0x200080ec = 1; *(uint8_t*)0x200080ed = 6; *(uint16_t*)0x200080ee = 0x40; *(uint8_t*)0x200080f0 = 0x3f; *(uint8_t*)0x200080f1 = 1; *(uint16_t*)0x200080f2 = 0x1000; *(uint8_t*)0x200080f4 = 0x95; *(uint32_t*)0x200084d0 = 0xa; *(uint32_t*)0x200084d4 = 4; *(uint32_t*)0x200084d8 = 0x20008100; *(uint8_t*)0x20008100 = 4; *(uint8_t*)0x20008101 = 3; *(uint16_t*)0x20008102 = 0x437; *(uint32_t*)0x200084dc = 0x94; *(uint32_t*)0x200084e0 = 0x20008140; *(uint8_t*)0x20008140 = 0x94; *(uint8_t*)0x20008141 = 3; memcpy((void*)0x20008142, "\x0a\x2b\x55\xe2\x4c\x1e\x43\x9b\x99\xc4\xa7\xb6\xb7\x8a\x9e\x11\x99\xaf\x0f\xe5\xc7\x7d\x11\x9c\xaa\x1a\x26\x2a\x23\x23\xee\x85\xd4\x4c\xe5\x3c\xbc\x4f\x5b\xbf\x33\x95\xb8\xfc\x42\x68\x91\xdd\x21\xc2\xf6\x97\x20\xe4\x9d\x0f\xad\xd0\x34\xca\x35\x34\xb4\xf5\x2d\xf6\x84\x0f\x02\x75\x70\x5c\x82\x69\xc7\xe7\xfe\x3b\x1f\xeb\x95\x16\xea\xc7\xe5\x87\xde\x92\xb8\x90\x29\x30\x49\x14\xa6\x7f\x5b\xcc\x9f\x23\xf6\x09\x72\xb1\xc0\x3c\x7e\x6d\xd6\x49\x58\x7e\xc7\x80\xe8\x16\xd8\x65\x78\x1d\x19\xc1\x77\x76\x71\x41\x21\xe8\x7c\x91\x73\xfd\x96\xdb\xf3\xbd\xeb\x4b\x5f\x7e\x01\x2b\xb8\x27\x9f\x38", 146); *(uint32_t*)0x200084e4 = 0x44; *(uint32_t*)0x200084e8 = 0x20008200; *(uint8_t*)0x20008200 = 0x44; *(uint8_t*)0x20008201 = 3; memcpy((void*)0x20008202, "\x13\x5e\xa6\x24\x3a\x34\x97\xb7\xeb\x5c\x6f\x4b\xa0\xc3\x8c\x06\x84\x82\x17\xb0\x74\x3b\x8e\x74\xe6\x24\x95\xdd\xd2\x93\xaa\x49\xf0\xd2\x6f\x1b\x86\xbc\xde\x62\x55\x3a\x7e\x58\x7a\xef\x8c\x1e\xf0\xd8\xc1\x2b\xa3\xde\xc7\x57\x6f\x9e\x3e\x4f\x42\xec\xb1\xa1\x75\xca", 66); *(uint32_t*)0x200084ec = 4; *(uint32_t*)0x200084f0 = 0x20008280; *(uint8_t*)0x20008280 = 4; *(uint8_t*)0x20008281 = 3; *(uint16_t*)0x20008282 = 0x2c0a; *(uint32_t*)0x200084f4 = 4; *(uint32_t*)0x200084f8 = 0x200082c0; *(uint8_t*)0x200082c0 = 4; *(uint8_t*)0x200082c1 = 3; *(uint16_t*)0x200082c2 = 0x44b; *(uint32_t*)0x200084fc = 0x31; *(uint32_t*)0x20008500 = 0x20008300; *(uint8_t*)0x20008300 = 0x31; *(uint8_t*)0x20008301 = 3; memcpy((void*)0x20008302, "\x82\xc7\x02\x29\x05\x30\x20\xa3\x24\xb9\x8d\x14\xd5\x7b\x17\xa9\xb3\x44\x0c\x05\x1f\x56\xe3\xed\xd2\xf4\x96\x7b\xa5\x6e\x07\x5a\xa6\xf9\x88\x06\x3d\xe0\x7f\x08\xad\x93\xea\x70\x9b\xa6\x13", 47); *(uint32_t*)0x20008504 = 4; *(uint32_t*)0x20008508 = 0x20008340; *(uint8_t*)0x20008340 = 4; *(uint8_t*)0x20008341 = 3; *(uint16_t*)0x20008342 = 0x423; *(uint32_t*)0x2000850c = 4; *(uint32_t*)0x20008510 = 0x20008380; *(uint8_t*)0x20008380 = 4; *(uint8_t*)0x20008381 = 3; *(uint16_t*)0x20008382 = 0x430; *(uint32_t*)0x20008514 = 0x2c; *(uint32_t*)0x20008518 = 0x200083c0; *(uint8_t*)0x200083c0 = 0x2c; *(uint8_t*)0x200083c1 = 3; memcpy((void*)0x200083c2, "\xcd\x51\x8b\x3d\x76\xf8\x28\xb8\xd2\xd9\x8e\x57\x99\xa8\x29\x49\x6a\xf1\x48\x34\xd2\x49\xdc\x1c\xca\x0a\x1e\xcc\x5e\x98\x7c\x00\x8e\x50\xa3\xde\x8f\x93\x6a\xbd\x87\x28", 42); *(uint32_t*)0x2000851c = 0xa8; *(uint32_t*)0x20008520 = 0x20008400; *(uint8_t*)0x20008400 = 0xa8; *(uint8_t*)0x20008401 = 3; memcpy((void*)0x20008402, "\x95\x7f\xa0\x06\x47\xda\x8d\xf8\x45\x74\x7d\xea\xd5\x48\x2f\x41\x16\xe0\x44\x3b\xcb\x7b\x30\x3c\x0f\xcf\x35\xfc\xd1\x36\x7d\x8a\xd5\xe0\x69\xd0\xa3\x21\x76\x22\xe4\xdb\xe2\x01\x85\x55\xe1\x50\x6d\xad\xe1\xed\x57\x30\x8b\x80\x51\xad\xe8\x15\xe9\x25\x58\x1f\x82\xd3\xf3\xc5\xfe\x1d\xf8\x07\x02\xd0\x2c\x90\x74\xce\x05\x2e\x54\x2c\xf5\xcb\xc1\x0a\x22\xa0\x97\x65\xcb\x02\xc8\x7c\x14\xaa\x57\xb1\x92\xf9\x78\xea\x1a\x60\x02\xb1\x47\x60\x12\xc8\x8c\x87\x4e\x1b\x1c\xb7\xfc\x70\x93\x53\x16\xd3\x43\x00\xdd\xae\x42\x0a\x78\xe2\xe5\x3e\xb5\x30\x02\xf3\xb0\x3c\x9c\xd2\x75\x4b\x8c\xf0\x2f\x98\x41\xf8\xfb\x0e\x16\x8d\xc4\xe0\x0e\xea\x01\x4b\x30\xfe\x68\xa7\x00\xc6\x5c\x0c", 166); res = -1; res = syz_usb_connect(4, 0x3f, 0x20008040, 0x200084c0); if (res != -1) r[23] = res; break; case 49: memcpy((void*)0x20008540, "\x43\x4d\x22\xb9\x8f\x25\x94\x64\x3d", 9); syz_usb_ep_write(r[23], 9, 9, 0x20008540); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_leak(); use_temporary_dir(); do_sandbox_none(); return 0; } : In function ‘syz_io_uring_setup’: :248:33: error: ‘__NR_io_uring_setup’ undeclared (first use in this function) :248:33: note: each undeclared identifier is reported only once for each function it appears in compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor134647545 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -static -Wno-overflow] --- FAIL: TestGenerate/linux/386/25 (0.24s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\xec\x2e\x7b\xc7\x2e\xa2\x42\xf6\xab\xc3\x2e\xc7\xa5\x13\xc2\xb3\xb3\xfc\x9f\xa5\xe4\x08\x68\x35\xe4\x7b\x30\xab\x60\x2d\x39\xfb\xfc\xa5\x4a\xd3\x43\x8e\x3d\xa0\x34\x5c\x29\xf8\x74\x76\x99\x04\x7e\x06\xc4\x68\x79\xa9\x4b\xef\x8f\xaa\x1b\x93\xde\xdb\xf8\xaa\xf7\x7e\x11\xda\x64\x96\x1b\x42\x92\xbd\x9e\x5b\xca\xe7\x7d\x1a\x4d\xd0\xa3\x71\x11\x49\x6b\x41\xa7\x91\x1a\x28\x6f\x1e\x80\xc8\x37\x42\x0d\x41\x62\x66\xe0\x5a\xaa\x11\x4d\x03\x1b\x68\xc1\xa7\xc7\x15\x37\x86\x9d\x6a\xd2\xad\x7c\x0d\x7d\x5c\xc8\xcc\x72\xc0\x54\x56\x9e\x15\x3d\x41\xd6\x0d\xd7\x49\xe0\x8e\x9c\x07\xb5\xc6\xf0\xdf\xd1\xe3\x9c\x03\xd7\xc0\xd4\xfa\x67\xe2\x8f\x32\x65\x67\xdf\x09\xbf\xdc\xd2\xff\xe2\x0d\x6b\xe1\x7c\xa0\xae\x00\x15\x57\xbf\xda\xf4\x11\x41\x0b\x45\x19\x74\x69\x6a\x32\xad\x65\x6a\x85\xf5\x01\x1f\xad\x89\x1e\xc4\xdd\x2a\xd2\xfa\x76\xeb\x91\x74\x92\xf6\x63\x50\xca\xaa\xe8\xdb\xb7\x62\xa0\xde\x4f\xfa\x4c\x35\xa6\x5f\x1e\xf5\x38\x8b\xeb\x9d\x30\x31\x3e\xb1\x20\x73\xbf\x69\xc5\x1b\x1e\xf1\x26\x97\x1f\x7b\xf2\x52\x51\xb2\x3c\xcd\x12\xb5\x9e\xa1\xde\x15\xe5\x2b\x90\x5e\x61\x46\x10\x40\x89\xd3\x73\x5a\xd0\x0e\x70\xc8\x8e\xb6\x57\x0a\x21\xdb\xa1\x6d\x05\xc8\xd8\x8a\xab\x82\xb9\x93\x3d\xec\x5b\xf6\xc5\x03\xa1\x4f\x1a\xf3\x33\x0e\x9b\xfd\x8e\x9a\xe7\x45\xf0\x46\x90\x53\xae\x9a\xb6\xe4\x6e\x8d\xda\x7c\x7c\x5c\xcc\xe8\x47\xd2\x8e\xf6\x8a\xd5\xd9\xbe\x21\xf2\x6a\xbf\xd6\x78\xfd\x60\x43\xa0\x72\x76\x8c\x0a\xb2\xf3\x18\x02\xc5\xd2\xee\x54\xa4\x26\x05\x3c\xd7\x74\xf7\xa1\x00\x53\x48\x7b\x56\x75\x02\xa4\x26\x2d\x63\xf0\x6f\xf9\x74\x92\xba\xc2\x70\x3c\xef\x66\x47\xc1\x91\x17\xd5\x84\x42\x84\xca\xe7\x94\x00\xe0\xc3\x67\x0d\x51\x75\xf9\x50\x49\x4c\x23\x30\x66\x13\x86\xf1\x0b\x57\xcb\x4b\x6e\xd2\xaa\x81\x12\x0a\x84\x26\x4f\xc9\x6e\xe2\xbf\x81\xd3\x80\xdc\x1c\x1b\xa7\x0d\xe9\x7a\x7f\xcc\x91\xdc\xcc\x42\xec\x90\xb2\x13\xcc\x3d\xb4\xf0\x88\x87\xdf\x8f\xa8\x0c\xb6\x48\x5a\xe8\x9b\x1a\x7d\x77\xb5\xc3\x9d\xcd\xf6\x2d\x79\x3a\x18\xf2\x9b\x5a\xc7\x35\xc0\x7b\x06\xe8\xf0\x09\x8b\xd9\x47\x40\x28\x49\x69\x52\x85\x91\x71\x35\xd2\xf6\x89\x16\x6b\x42\xcd\x14\x59\x9e\xe9\x17\x72\x56\xe7\xe4\x00\xc4\xed\xf7\x31\x7b\x6b\x30\xca\x6d\x9c\x2b\x7f\x28\x39\xf0\x96\xbd\x67\xd3\x34\x3f\xbe\x6c\xaa\x34\xdb\xd4\xb5\xcd\x33\x94\xb7\x07\xb6\x01\x79\x4b\x53\x11\xb2\xbb\x8e\xa8\xf7\x4e\x59\xfb\x66\x78\xa1\xde\x2e\xd8\xde\x44\x3a\x49\xf5\x31\x82\x99\xaa\x8a\x96\xd3\x4b\xa7\x53\xd7\xa8\xf9\xf9\x42\x95\xa4\xb7\xc4\x21\x9b\x5a\x1e\x11\x24\x6e\xbc\x65\x21\xc8\xe1\x86\xdf\x99\x3b\x9d\xa7\x9f\xa2\x39\x4b\x36\xa4\x53\xb0\xc5\xb5\xcc\xb6\xc2\x72\x93\x38\xac\x8e\x3a\x21\x53\xa4\xa3\x01\x2e\x8c\x43\x78\xfc\xbf\xd5\xe8\xb5\x6b\x04\x25\xcc\x23\x6c\x07\x31\x5c\x75\xba\xf6\x2b\xaf\x3b\x3b\x62\xc4\x13\xed\x9f\x5e\xc6\x6f\xf9\x8b\xbb\xe6\x1f\x2b\xda\x90\x6c\x8b\xde\xe0\xce\xc2\xde\x6d\x6e\x25\xa4\x9c\xef\xdf\xe3\xf3\xed\x53\xb1\x15\x41\x78\x39\x8c\x62\x87\xb8\x15\x8e\x1d\x7f\x81\x87\x68\x93\x8c\xcd\xcf\xad\x45\x8e\xe9\xb3\xa6\xea\x9a\x69\xa7\x86\x9d\x05\x95\x5d\xec\x71\xd8\x29\x09\xaf\x3e\x39\x30\xba\xb9\x8c\xd1\x75\x17\xd6\xbb\x16\x41\xce\xb9", 8192); *(uint32_t*)0x20004f00 = 0x20002200; *(uint32_t*)0x20002200 = 0x50; *(uint32_t*)0x20002204 = 0x48262fad; *(uint64_t*)0x20002208 = 0x1000; *(uint32_t*)0x20002210 = 7; *(uint32_t*)0x20002214 = 0x1f; *(uint32_t*)0x20002218 = 9; *(uint32_t*)0x2000221c = 0x200; *(uint16_t*)0x20002220 = 8; *(uint16_t*)0x20002222 = 0x1ff; *(uint32_t*)0x20002224 = 0xbb; *(uint32_t*)0x20002228 = 0xa; *(uint16_t*)0x2000222c = 0; *(uint16_t*)0x2000222e = 0; *(uint32_t*)0x20002230 = 0; *(uint32_t*)0x20002234 = 0; *(uint32_t*)0x20002238 = 0; *(uint32_t*)0x2000223c = 0; *(uint32_t*)0x20002240 = 0; *(uint32_t*)0x20002244 = 0; *(uint32_t*)0x20002248 = 0; *(uint32_t*)0x2000224c = 0; *(uint32_t*)0x20004f04 = 0x20002280; *(uint32_t*)0x20002280 = 0x18; *(uint32_t*)0x20002284 = 0xfffffff5; *(uint64_t*)0x20002288 = 2; *(uint64_t*)0x20002290 = 1; *(uint32_t*)0x20004f08 = 0x200022c0; *(uint32_t*)0x200022c0 = 0x18; *(uint32_t*)0x200022c4 = 0; *(uint64_t*)0x200022c8 = 4; *(uint64_t*)0x200022d0 = 7; *(uint32_t*)0x20004f0c = 0x20002300; *(uint32_t*)0x20002300 = 0x18; *(uint32_t*)0x20002304 = 0; *(uint64_t*)0x20002308 = 6; *(uint32_t*)0x20002310 = 0xfffffffb; *(uint32_t*)0x20002314 = 0; *(uint32_t*)0x20004f10 = 0x20002340; *(uint32_t*)0x20002340 = 0x18; *(uint32_t*)0x20002344 = 0xfffffffe; *(uint64_t*)0x20002348 = 0x401; *(uint32_t*)0x20002350 = 0x101; *(uint32_t*)0x20002354 = 0; *(uint32_t*)0x20004f14 = 0x200043c0; *(uint32_t*)0x200043c0 = 0x28; *(uint32_t*)0x200043c4 = 0xfffffffe; *(uint64_t*)0x200043c8 = 0xffffffffffff8000; *(uint64_t*)0x200043d0 = 0x1000; *(uint64_t*)0x200043d8 = 4; *(uint32_t*)0x200043e0 = 0; *(uint32_t*)0x200043e4 = r[6]; *(uint32_t*)0x20004f18 = 0x20004400; *(uint32_t*)0x20004400 = 0x60; *(uint32_t*)0x20004404 = 0; *(uint64_t*)0x20004408 = 0x8000; *(uint64_t*)0x20004410 = 0x19; *(uint64_t*)0x20004418 = 0; *(uint64_t*)0x20004420 = 0x4b; *(uint64_t*)0x20004428 = 3; *(uint64_t*)0x20004430 = 1; *(uint32_t*)0x20004438 = -1; *(uint32_t*)0x2000443c = 0x10001; *(uint32_t*)0x20004440 = 0x7fff; *(uint32_t*)0x20004444 = 0; *(uint32_t*)0x20004448 = 0; *(uint32_t*)0x2000444c = 0; *(uint32_t*)0x20004450 = 0; *(uint32_t*)0x20004454 = 0; *(uint32_t*)0x20004458 = 0; *(uint32_t*)0x2000445c = 0; *(uint32_t*)0x20004f1c = 0x20004480; *(uint32_t*)0x20004480 = 0x18; *(uint32_t*)0x20004484 = 0; *(uint64_t*)0x20004488 = 0xfffffffffffffffe; *(uint32_t*)0x20004490 = 1; *(uint32_t*)0x20004494 = 0; *(uint32_t*)0x20004f20 = 0x200044c0; *(uint32_t*)0x200044c0 = 0x2a; *(uint32_t*)0x200044c4 = 0; *(uint64_t*)0x200044c8 = 0; memcpy((void*)0x200044d0, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f24 = 0x20004500; *(uint32_t*)0x20004500 = 0x20; *(uint32_t*)0x20004504 = 0; *(uint64_t*)0x20004508 = 0xffffffff; *(uint64_t*)0x20004510 = 0; *(uint32_t*)0x20004518 = 5; *(uint32_t*)0x2000451c = 0; *(uint32_t*)0x20004f28 = 0x200047c0; *(uint32_t*)0x200047c0 = 0x78; *(uint32_t*)0x200047c4 = 0; *(uint64_t*)0x200047c8 = 0xfff; *(uint64_t*)0x200047d0 = 5; *(uint32_t*)0x200047d8 = 0; *(uint32_t*)0x200047dc = 0; *(uint64_t*)0x200047e0 = 0; *(uint64_t*)0x200047e8 = 0xfffffffffffffffb; *(uint64_t*)0x200047f0 = 5; *(uint64_t*)0x200047f8 = 0xfffffffffffffff9; *(uint64_t*)0x20004800 = 1; *(uint64_t*)0x20004808 = 9; *(uint32_t*)0x20004810 = 8; *(uint32_t*)0x20004814 = 0xff; *(uint32_t*)0x20004818 = 5; *(uint32_t*)0x2000481c = 0xc000; *(uint32_t*)0x20004820 = 0x7cc8; *(uint32_t*)0x20004824 = r[7]; *(uint32_t*)0x20004828 = r[8]; *(uint32_t*)0x2000482c = 0xf4a5; *(uint32_t*)0x20004830 = 9; *(uint32_t*)0x20004834 = 0; *(uint32_t*)0x20004f2c = 0x200048c0; *(uint32_t*)0x200048c0 = 0x90; *(uint32_t*)0x200048c4 = 0; *(uint64_t*)0x200048c8 = 0x100000001; *(uint64_t*)0x200048d0 = 5; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0x80000001; *(uint64_t*)0x200048e8 = 1; *(uint32_t*)0x200048f0 = 7; *(uint32_t*)0x200048f4 = 0x100; *(uint64_t*)0x200048f8 = 0; *(uint64_t*)0x20004900 = 0x3ff; *(uint64_t*)0x20004908 = 7; *(uint64_t*)0x20004910 = 6; *(uint64_t*)0x20004918 = 2; *(uint64_t*)0x20004920 = 0x200; *(uint32_t*)0x20004928 = 0x20; *(uint32_t*)0x2000492c = 6; *(uint32_t*)0x20004930 = 0xe07fd01; *(uint32_t*)0x20004934 = 0xc000; *(uint32_t*)0x20004938 = 9; *(uint32_t*)0x2000493c = r[9]; *(uint32_t*)0x20004940 = r[10]; *(uint32_t*)0x20004944 = 8; *(uint32_t*)0x20004948 = 1; *(uint32_t*)0x2000494c = 0; *(uint32_t*)0x20004f30 = 0x20004980; *(uint32_t*)0x20004980 = 0xa8; *(uint32_t*)0x20004984 = 0; *(uint64_t*)0x20004988 = 1; *(uint64_t*)0x20004990 = 0; *(uint64_t*)0x20004998 = 4; *(uint32_t*)0x200049a0 = 0x1a; *(uint32_t*)0x200049a4 = 0x3ff; memcpy((void*)0x200049a8, "bpf_lsm_post_notification\000", 26); *(uint64_t*)0x200049c8 = 2; *(uint64_t*)0x200049d0 = 0x80000000; *(uint32_t*)0x200049d8 = 4; *(uint32_t*)0x200049dc = 2; memcpy((void*)0x200049e0, "#(\\!", 4); *(uint64_t*)0x200049e8 = 2; *(uint64_t*)0x200049f0 = 0x80000001; *(uint32_t*)0x200049f8 = 1; *(uint32_t*)0x200049fc = 0x1ff; memcpy((void*)0x20004a00, "%", 1); *(uint64_t*)0x20004a08 = 2; *(uint64_t*)0x20004a10 = 0xff; *(uint32_t*)0x20004a18 = 1; *(uint32_t*)0x20004a1c = 0x8001; memcpy((void*)0x20004a20, "&", 1); *(uint32_t*)0x20004f34 = 0x20004bc0; *(uint32_t*)0x20004bc0 = 0xc8; *(uint32_t*)0x20004bc4 = 0; *(uint64_t*)0x20004bc8 = 0; *(uint64_t*)0x20004bd0 = 4; *(uint64_t*)0x20004bd8 = 3; *(uint64_t*)0x20004be0 = 9; *(uint64_t*)0x20004be8 = 4; *(uint32_t*)0x20004bf0 = 8; *(uint32_t*)0x20004bf4 = 5; *(uint64_t*)0x20004bf8 = 3; *(uint64_t*)0x20004c00 = 0x800; *(uint64_t*)0x20004c08 = 1; *(uint64_t*)0x20004c10 = 0x10001; *(uint64_t*)0x20004c18 = 8; *(uint64_t*)0x20004c20 = 1; *(uint32_t*)0x20004c28 = 0; *(uint32_t*)0x20004c2c = 0x401; *(uint32_t*)0x20004c30 = 0xfffffff7; *(uint32_t*)0x20004c34 = 0x6000; *(uint32_t*)0x20004c38 = 0x10001; *(uint32_t*)0x20004c3c = r[11]; *(uint32_t*)0x20004c40 = r[12]; *(uint32_t*)0x20004c44 = 6; *(uint32_t*)0x20004c48 = 0xf8; *(uint32_t*)0x20004c4c = 0; *(uint64_t*)0x20004c50 = 3; *(uint64_t*)0x20004c58 = 2; *(uint32_t*)0x20004c60 = 0x1a; *(uint32_t*)0x20004c64 = 9; memcpy((void*)0x20004c68, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f38 = 0x20004e00; *(uint32_t*)0x20004e00 = 0xa0; *(uint32_t*)0x20004e04 = 0xfffffffe; *(uint64_t*)0x20004e08 = 9; *(uint64_t*)0x20004e10 = 4; *(uint64_t*)0x20004e18 = 0; *(uint64_t*)0x20004e20 = 0x3ff; *(uint64_t*)0x20004e28 = 0x80000000; *(uint32_t*)0x20004e30 = 0xfffffffd; *(uint32_t*)0x20004e34 = 8; *(uint64_t*)0x20004e38 = 1; *(uint64_t*)0x20004e40 = 7; *(uint64_t*)0x20004e48 = 0x401; *(uint64_t*)0x20004e50 = 7; *(uint64_t*)0x20004e58 = 0; *(uint64_t*)0x20004e60 = 5; *(uint32_t*)0x20004e68 = 7; *(uint32_t*)0x20004e6c = 6; *(uint32_t*)0x20004e70 = 0x40; *(uint32_t*)0x20004e74 = 0xa000; *(uint32_t*)0x20004e78 = 0x800; *(uint32_t*)0x20004e7c = r[13]; *(uint32_t*)0x20004e80 = r[14]; *(uint32_t*)0x20004e84 = 0x8001; *(uint32_t*)0x20004e88 = 0; *(uint32_t*)0x20004e8c = 0; *(uint64_t*)0x20004e90 = 0; *(uint32_t*)0x20004e98 = 0; *(uint32_t*)0x20004e9c = 0; *(uint32_t*)0x20004f3c = 0x20004ec0; *(uint32_t*)0x20004ec0 = 0x20; *(uint32_t*)0x20004ec4 = 0xfffffffe; *(uint64_t*)0x20004ec8 = 1; *(uint32_t*)0x20004ed0 = 5; *(uint32_t*)0x20004ed4 = 4; *(uint32_t*)0x20004ed8 = 5; *(uint32_t*)0x20004edc = 1; syz_fuse_handle_req(r[5], 0x20000200, 0x2000, 0x20004f00); break; case 26: memcpy((void*)0x20004f40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20004f40); break; case 27: syz_init_net_socket(3, 3, 0xca); break; case 28: res = -1; res = syz_io_uring_complete(0); if (res != -1) r[15] = res; break; case 29: *(uint32_t*)0x20004f84 = 0x2b11; *(uint32_t*)0x20004f88 = 1; *(uint32_t*)0x20004f8c = 1; *(uint32_t*)0x20004f90 = 0x5b; *(uint32_t*)0x20004f98 = r[5]; *(uint32_t*)0x20004f9c = 0; *(uint32_t*)0x20004fa0 = 0; *(uint32_t*)0x20004fa4 = 0; res = syscall(__NR_io_uring_setup, 0x19b4, 0x20004f80); if (res != -1) r[16] = res; break; case 30: *(uint32_t*)0x20005004 = 0x208b; *(uint32_t*)0x20005008 = 4; *(uint32_t*)0x2000500c = 0; *(uint32_t*)0x20005010 = 0x355; *(uint32_t*)0x20005018 = r[16]; *(uint32_t*)0x2000501c = 0; *(uint32_t*)0x20005020 = 0; *(uint32_t*)0x20005024 = 0; syz_io_uring_setup(0xf44, 0x20005000, 0x20ffa000, 0x20ffb000, 0x20005080, 0x200050c0); break; case 31: *(uint32_t*)0x20005104 = 0x7b7; *(uint32_t*)0x20005108 = 2; *(uint32_t*)0x2000510c = 3; *(uint32_t*)0x20005110 = 0x202; *(uint32_t*)0x20005118 = -1; *(uint32_t*)0x2000511c = 0; *(uint32_t*)0x20005120 = 0; *(uint32_t*)0x20005124 = 0; res = -1; res = syz_io_uring_setup(0x22f7, 0x20005100, 0x20ffb000, 0x20ff8000, 0x20005180, 0x200051c0); if (res != -1) r[17] = *(uint64_t*)0x20005180; break; case 32: *(uint8_t*)0x20005240 = 0xb; *(uint8_t*)0x20005241 = 1; *(uint16_t*)0x20005242 = 0; *(uint32_t*)0x20005244 = 0; *(uint64_t*)0x20005248 = 6; *(uint32_t*)0x20005250 = 0x20005200; *(uint32_t*)0x20005200 = 0; *(uint32_t*)0x20005204 = 0x3938700; *(uint32_t*)0x20005254 = 1; *(uint32_t*)0x20005258 = 1; *(uint64_t*)0x2000525c = 1; *(uint16_t*)0x20005264 = 0; *(uint16_t*)0x20005266 = 0; *(uint8_t*)0x20005268 = 0; *(uint8_t*)0x20005269 = 0; *(uint8_t*)0x2000526a = 0; *(uint8_t*)0x2000526b = 0; *(uint8_t*)0x2000526c = 0; *(uint8_t*)0x2000526d = 0; *(uint8_t*)0x2000526e = 0; *(uint8_t*)0x2000526f = 0; *(uint8_t*)0x20005270 = 0; *(uint8_t*)0x20005271 = 0; *(uint8_t*)0x20005272 = 0; *(uint8_t*)0x20005273 = 0; *(uint8_t*)0x20005274 = 0; *(uint8_t*)0x20005275 = 0; *(uint8_t*)0x20005276 = 0; *(uint8_t*)0x20005277 = 0; *(uint8_t*)0x20005278 = 0; *(uint8_t*)0x20005279 = 0; *(uint8_t*)0x2000527a = 0; *(uint8_t*)0x2000527b = 0; syz_io_uring_submit(r[17], 0, 0x20005240, 7); break; case 33: memcpy((void*)0x20005280, "/dev/btrfs-control\000", 19); res = syscall(__NR_openat, 0xffffff9c, 0x20005280, 0x2100, 0); if (res != -1) r[18] = res; break; case 34: *(uint32_t*)0x20005300 = 0; *(uint32_t*)0x20005304 = 0x200052c0; memcpy((void*)0x200052c0, "\x35\xac\x4c\x65\xd5\xd9\x24\x44\x3c\x56\xd3\xcd\xca\xcf\xf7\x45\xb9\xdf\x2c\x8d\x85\x5f\x77\xc7\xe8\xfb\x87\x5f\xc4\xc8\x39\x83\xf4\xec\x40\x4e\x6a\xd2\x10\xd7\x4b\x41\xfc\x04\xcd\x89\xa8\x8b\xc3\xb3", 50); *(uint32_t*)0x20005308 = 0x32; *(uint64_t*)0x20005340 = 1; *(uint64_t*)0x20005348 = 0; syz_kvm_setup_cpu(r[18], r[15], 0x20fe8000, 0x20005300, 1, 0, 0x20005340, 1); break; case 35: *(uint32_t*)0x20005384 = 0x8a2; *(uint32_t*)0x20005388 = 4; *(uint32_t*)0x2000538c = 0; *(uint32_t*)0x20005390 = 0x30f; *(uint32_t*)0x20005398 = -1; *(uint32_t*)0x2000539c = 0; *(uint32_t*)0x200053a0 = 0; *(uint32_t*)0x200053a4 = 0; res = -1; res = syz_io_uring_setup(0x2a84, 0x20005380, 0x20ffc000, 0x20feb000, 0x20005400, 0x20005440); if (res != -1) r[19] = *(uint64_t*)0x20005400; break; case 36: *(uint32_t*)0x20005480 = 1; syz_memcpy_off(r[19], 0x114, 0x20005480, 0, 4); break; case 37: memcpy((void*)0x20006580, "./file0\000", 8); res = syscall(__NR_stat, 0x20006580, 0x200065c0); if (res != -1) r[20] = *(uint32_t*)0x200065d0; break; case 38: memcpy((void*)0x200054c0, "afs\000", 4); memcpy((void*)0x20005500, "./file0\000", 8); *(uint32_t*)0x20006540 = 0x20005540; memcpy((void*)0x20005540, "\xd2\xc8\x4e\x32\xfc\xd2\x5d\x6d\x0c\x83\x4d\xb2\x19\x8a\x08\xcf\x7b\xf0\x74\xc8\x96\xdf\x4f\x91\xd7\xd7\x89\x08\x93\x10\xa8\x83\xa2\x32\xfe\x7e\x05\x8e\x17\x5a\xb0\x04\xde\xc5\x36\xa4\xe1\xd5\x8f\xdc\x29\x54\xa5\xc2\x6e\x70\x2e\xb2\xfb\x50\xfc\x05\x8d\x18\xcb\x90\xbb\xda\xdc\xc9\xfd\xa0\x26\x22\x81\xbb\x9f\xb6\x99\x6f\x60\x89\xe3\x36\xed\xea\xf5\xfb\x57\x28\x44\x7a\xf3\xd6\x5c\xc0\x3e\xb9\x4b\x3d\xc3\xeb\x1e\x24\xdc\x78\x41\x32\xc9\xd0\x36\xe4\x6f\xc3\x14\x6c\xdf\x58\xc1\x75\xe6\x5d\xcc\x7f\x39\x81\x44\x35\x7d\xd2\x5c\x15\x67\x11\x32\x17\xeb\x9b\x2a\xbd\xff\x8c\xb8\x21\x15\xea\x31\xf8\x41\xa3\x77\xb7\x75\xf7\x9f\xa8\x9a\x60\x47\x95\xf4\x87\x60\x5d\x74\x0e\xc6\x46\xd1\x4f\x9b\x80\x80\xf5\x1b\x8e\x24\xea\x8d\x62\x1e\x25\xf3\xcf\xc2\xd9\x27\x9b\x47\xfe\x3e\xa7\xe4\xd2\xb3\x07\x16\xa1\x8f\x68\x44\x3b\x23\x7e\x6b\x15\x2a\xba\xa0\x9d\xc6\xbf\x3b\x13\x01\xad\xfc\xd3\x7b\x9a\x8c\x06\x3c\x83\x0e\x37\x9a\x72\xbd\xb3\x82\x5b\x32\xf5\x3f\xfe\x10\xc7\xda\x81\xc3\x44\xd8\xe9\x8b\x62\x36\x37\x27\xdc\x41\xf0\x50\xfb\x6f\x44\x0d\x3a\x4b\x44\xe8\x49\xa7\x06\xae\xad\x91\x91\x85\x86\x5e\x74\xf9\x4d\x13\xe7\x38\x44\x80\x75\x4a\x1d\x69\x50\x22\xfd\xc2\x16\xe4\x13\xb1\x36\x2a\xdd\x89\x47\xe0\x9f\x4b\x87\xc0\xfa\x05\xd9\x68\x65\xe5\x4d\xf5\x74\x65\x10\x2f\x90\x49\xa0\xb3\x8f\x48\x0f\xd6\x23\xee\x12\x1c\xd6\x35\xc7\x20\xf5\xce\x66\x07\x20\x9d\x0a\x3b\x39\x42\x65\x4e\x73\x81\xc9\x41\xe5\x6e\x7a\x74\xf4\xe0\x36\xe3\xed\xce\x82\xb5\x59\x3a\xed\xab\xf8\x6d\xca\x3e\x49\x25\x33\x36\xc8\x06\xbf\xec\xec\x26\x94\x29\x4d\x19\xc9\x59\xc3\x86\xef\xb8\x38\xab\xdf\x2b\x43\x78\x6c\x09\xbe\xec\xfa\xbf\x72\x3e\x0b\x24\x3a\x8e\xa4\x72\xf6\x3d\xf6\x2e\xd1\x73\x87\x59\x03\x29\x19\xac\x09\xa1\xc1\xcf\x7d\x8f\xe3\x37\x65\x0c\x37\xbb\xec\x02\xb5\x8a\x30\x98\xd1\x47\x8a\x5d\x3a\xbb\x8e\xda\x06\x90\xc8\xa5\x34\x7e\x86\x0b\x57\xd0\x27\x7e\x64\x24\x81\x3e\x06\xf7\x08\x3f\xe3\x25\x3c\x08\x60\x53\x7c\x76\x68\x8c\x88\x77\x79\x51\x38\xe0\xf9\xb2\xe5\x57\xa6\xec\xc9\x98\x60\x24\xc4\xbb\x77\x21\xec\xca\x04\xbc\x92\x2b\x87\xb3\x0c\x1e\x54\x6b\x09\x40\x80\xfb\x15\x94\x64\x2a\x4e\x08\x8c\x3b\x65\xad\xb3\x65\x5f\xcc\x92\x52\xf7\x53\x21\x21\x01\xf4\x17\x30\xad\x16\x42\x78\x7e\x7f\xbe\x39\xe5\xfb\x4f\x91\xcf\x2c\x0d\x84\xd0\xec\x80\x11\x2a\x97\x41\xc0\xfc\x9c\x4b\xfe\x1c\x41\x3e\x0a\x23\x71\x4d\xe7\xeb\x4b\xa7\xe9\x8c\x1c\x25\xed\x3b\xd4\x1b\xa2\xf3\x2f\xa0\xb6\x7f\xd6\x42\xa0\x0e\x13\x4d\x02\x72\x2f\x26\x80\x56\xce\x1c\x62\xf6\x82\xf0\x90\x9b\xbd\x6f\xd3\x89\x6c\x3e\x37\xac\xe1\x8d\x4d\x8e\x97\x88\x05\x7d\xc4\x5b\x27\x57\xb6\x64\x62\x05\xea\x11\xc4\x35\x01\x00\xda\xe7\xcc\xc8\x65\x35\x47\x0b\x4d\x03\x47\xd6\x99\x08\x12\x50\x6e\x3a\x98\x16\xcb\xe2\x8c\x50\xa2\x9a\xb3\xa7\x1e\x05\x0e\xe8\xff\x4c\x8a\x0a\x9c\xdf\x14\x6b\x6e\x6f\x97\x64\x18\xb0\x8d\x12\x3e\xf3\x72\x8a\xa2\x8f\x40\x8f\xab\xc5\x78\xe6\x0c\x7b\xdf\xff\x0d\x18\xad\x41\x6e\xd6\x6d\x5b\xbc\x66\xae\x3a\xb2\xfd\xc0\xa4\xd7\xc7\xac\x14\xf7\x92\xf2\xeb\xaf\x91\x9c\x65\xc1\xf1\x01\x77\x88\x3c\x3d\xbd\xb5\x81\x52\x6f\x72\x86\x93\x62\x03\xb6\x46\x77\x06\x0a\x5a\xf5\xe3\xe3\xdd\x98\x49\x64\x80\x0d\x58\xc4\x6c\x55\xd8\x68\x81\xbe\x8c\x1d\xef\x9f\x95\x79\x53\xf0\xa4\x07\x8a\xc1\x76\x16\xa3\xb9\x4e\xb7\xb0\x26\xb1\x2e\x34\x6f\x8d\x8c\xfb\x13\x91\x91\x9e\x38\xf4\xd5\x09\x0a\xb9\xbf\x15\x5b\x7d\x9c\xfd\xeb\xd3\x63\xa0\x9c\xed\x58\x8f\x68\x21\x86\x7e\xe8\x53\x8d\xc4\x23\x47\xfd\x7f\xaa\x82\x99\x8f\xff\xf2\x8d\x7f\xa3\x43\x26\xea\x5c\x6e\xc3\x0e\xdf\x69\xc6\x24\x60\x7d\xd8\x2a\x56\x7d\xf7\x6f\x27\x3d\x10\x52\x20\x88\x4d\xb7\x18\x70\x28\x5d\x7d\xc9\xf4\x88\x07\x77\xee\x0f\xb6\xbc\xe6\x71\xa5\x83\xb8\x21\x2b\xab\xb7\xdf\xba\x86\xc7\x93\xa8\x6f\xd8\x8e\xe0\x42\xeb\x4d\xca\xb1\x0f\xbd\xc2\xfb\xdf\xc0\x35\x2d\x4b\x82\x3c\x80\xb3\x14\x76\x66\xe3\xa8\xc6\xe0\xb7\x4a\x6e\x39\xba\xf5\xa9\x26\xd8\x61\xd3\x9c\xed\x6c\x15\x09\x9d\x57\xc6\x44\xde\x45\x63\xde\xef\x39\xd8\x49\x86\x2a\x02\x07\x1f\x29\x56\x78\x71\x12\xf6\xe8\xe6\xb3\x24\xdf\x79\x45\x1e\x48\x33\x4c\xe3\x09\x74\x95\x59\x48\xe2\xfa\xd7\x87\xcc\xc6\x1a\x67\x5d\xb6\x65\x4d\xa2\x72\x1d\x2e\x27\xfd\xa6\x23\xae\xec\xc0\xe9\xc6\x47\x62\xf7\x44\x26\xc5\x66\xaf\x7c\xc2\x34\x77\x3e\x9f\x7b\x30\x24\x06\xff\x85\xa4\xad\x15\xd9\x48\xb7\x73\x64\xfb\x27\x42\xdb\x1d\x0c\xee\x24\xef\x37\x29\xf3\xb4\x0e\x7f\x7f\x0e\x1a\x89\x1c\x4a\x21\x3f\x59\x0e\x80\x4d\x30\x93\x58\xf1\xcb\x93\xf2\x1c\xd1\x74\xc3\x74\xfc\x35\x5d\x87\x30\x28\xa2\xe4\xf5\x16\x4f\x24\xb3\x5c\x52\x81\x44\xfe\x7c\x32\xb9\xe6\xa2\xac\x0f\x04\xe6\x0f\x11\x01\x3c\x3c\xae\x20\x42\x0b\x11\xe2\xeb\xad\x83\xa7\xe5\x71\x02\x27\x38\x2d\x72\x52\x5f\xc5\x2a\x8c\x8f\xb6\x49\x8a\xc2\x1e\x91\x31\x74\x22\x7c\x65\xe8\xc5\x87\x6a\xd6\xfc\x49\xb2\xc1\xed\x73\x3e\xa1\x86\xe9\xf4\xf5\x76\x6f\x39\x32\x56\x42\xf8\xa0\xb7\x22\x12\x92\xc5\xb0\x17\x99\x04\xb3\x39\x34\xb6\xfc\xb7\xa6\x4f\x17\x05\xad\x70\x02\x66\x24\x2f\xaf\x54\xcb\xf6\x3d\x25\x49\xd4\xf3\x05\x4c\xe1\x68\xe1\x75\x00\xf5\xf5\xc3\xca\x1e\xde\xfd\xb0\xc6\x0c\x2b\x4f\xb0\x1d\x7d\x0f\xc0\x7d\x86\x67\xe1\x0f\x2f\x80\xcc\x7b\x50\xae\x2e\xd5\x74\xfc\xd3\xf7\x77\x5a\xe1\x7a\x20\x05\x14\xfb\xb2\x19\x51\x80\xe3\x5d\x90\xb8\x94\xdf\x9a\x1c\x35\x54\x00\x73\x82\x47\xda\xf3\x15\xb7\xe1\xcf\x1c\xac\x31\x97\xec\x0d\x74\xd1\xe4\x41\x0c\xaf\x94\x35\xfd\x14\x95\x72\xc1\x8a\x7d\x92\xee\xbb\xc7\x96\x3f\x14\x50\x73\x8e\xc0\x54\x32\x52\x64\x09\x40\xef\x1c\x8c\xe2\x5c\x80\xab\x9e\xd7\x2e\x67\x0b\x40\x23\xe5\xe1\x36\x31\x42\xb4\x31\x44\xbe\x12\xe9\x95\x55\x4a\xf2\x43\x1b\x2e\x5a\x8e\x2a\x45\xc7\x6c\xa7\xe3\x1a\x92\x2c\x59\x2a\x6d\x1c\x5a\x7e\xa9\x40\x36\x5f\xdc\x48\xe1\xb2\xc7\x3f\x66\x18\x65\xdc\x4e\x90\xd0\x8d\x5a\x2c\x4d\xb6\xbc\x5e\x01\x86\xf2\x37\x45\x1d\xfc\x14\xbc\x76\xf0\xdd\x98\x04\x8e\xf9\x9a\x1a\x1c\xb1\x5c\x1b\x53\xbc\xc9\x25\x49\x2b\x87\x1f\xa7\xdb\xe2\xe8\x72\xf9\x35\x85\x24\x8d\x0f\x2b\xf9\x15\x52\x15\x7b\xf5\x57\x8c\xbf\x1b\x65\x3f\x9d\x36\xcc\x95\x2b\x54\xb0\x09\x26\x83\x57\x7c\x5b\xa1\x59\x26\x6a\x5d\xf6\x6e\x74\x94\x62\xe4\xfc\x5a\x06\xd1\xc2\x65\x64\x63\x59\x26\x13\x8d\x9a\x99\x80\x51\x9e\x5d\x73\xbf\xb8\x52\x26\x55\xeb\xc0\x7c\xc8\x11\xc0\x56\xa0\x35\x31\xeb\x29\x3d\x47\x9c\x95\xf7\x13\x75\xea\x29\x3c\x0f\x18\x60\x49\x9e\xa9\x87\x18\xa3\x75\x00\xc5\x4a\x29\xfd\x9b\x8d\x01\x97\x71\x06\x1f\x77\x87\x60\xfd\xec\x9e\x6f\xac\x3d\x3c\x83\x1a\xee\x19\xb5\x6c\x0a\x19\x47\xa0\x89\x65\x3a\x15\xc2\x87\x70\x8e\x84\x6e\xd6\x5e\x1c\x9d\xc4\x92\x9c\xbb\x44\x33\x38\xa9\x36\xfd\x37\x26\xb3\xa0\xce\x78\x71\xac\x3c\x8c\xd3\x26\x00\x77\xb5\xc9\x8d\x98\xaf\xb5\x33\xd2\x5a\x8b\x42\x98\x9b\x7e\xe5\x27\x4f\x72\xe6\x10\x90\xb9\x04\x36\xb3\x2d\xe2\x76\xbc\x86\x6e\x6b\x8c\xd2\x57\x60\xdd\xc6\xa4\x97\xc9\xe8\x4d\x7e\x85\xa8\xc5\xdb\x0d\xf2\x22\x29\x6a\x3a\xa3\x62\x40\xa7\xb7\x6b\x9d\xbf\xb2\x49\x64\x77\xa9\x71\x6d\x80\x05\x00\x52\xce\x3a\x47\x36\xfb\xcf\xff\x5e\xe6\x34\x22\x52\x8b\xe6\xb0\xa4\x78\xec\xc7\x80\x3e\x22\x7f\x88\x0e\x4f\xd0\x7d\xc6\xde\x88\x48\x5a\x39\x81\xe0\x91\x70\xf8\x91\x84\xcf\x62\x97\x04\x9c\xc3\x01\x75\x51\x9f\x73\x09\x43\x4b\x96\xbc\x1b\x09\x6e\x05\xff\x02\x87\xca\x29\x92\x96\x24\xe1\xc6\xf4\x27\x0e\x89\xe9\xbc\x1b\x4c\x27\x82\xf5\x8b\x9a\x36\x0a\x00\x81\x45\xd8\x08\x33\x70\x08\x6a\x13\x14\xc9\x2a\x61\x03\xb2\x06\xb6\xcd\x0f\x6e\x63\x41\x6b\x35\xe7\x53\xb7\x09\xa6\x3a\x9a\x41\xd6\x13\xcb\x99\x7e\x55\xa6\x3f\xbf\xf2\x8c\x05\x73\xba\x2b\x64\xbf\xbc\xb0\xec\x3d\xfc\x5c\x9d\xd1\x34\xf0\xf2\xeb\x51\x15\x1e\xb2\x83\x10\xe3\xdd\x7f\x8a\xe8\x16\xf8\x66\x95\x90\x8a\xc6\xdf\x04\x80\x4e\x01\xf5\x3e\x40\x2b\xcc\x44\x5e\x17\x0c\xf2\x61\x0e\x1e\x32\xd0\x2f\x9e\x0d\x81\x49\x98\x76\xc1\x38\x3e\xec\x77\x81\x5b\x13\x59\x46\x2d\x8f\x4f\x50\x08\xaf\x8b\xb6\x1a\xe3\x58\xd8\x3c\x07\x54\xb5\x2d\x3c\xeb\x9b\x22\xc0\xa1\xb3\x5a\xfd\x92\x1e\x00\xc1\xd0\x6c\xf5\x4f\x88\x2e\x14\x5b\xd6\x08\x45\x1c\xe8\xda\x2c\x80\x81\xe2\x7e\x9c\x8d\x08\x6b\x80\x97\xd4\xf7\x7f\x1c\x33\xf5\x02\x4e\xd7\xd8\x78\xc1\x29\xe5\x34\x05\x6b\x89\xea\x2d\x14\xbd\x70\xd0\xca\x78\x9c\x7e\x29\xcc\xd3\xd2\x7a\xf1\xc6\x05\x8e\x26\x6c\x29\xe2\xfc\xd6\xf0\x4b\xa5\xa3\xd9\xe2\xc1\x16\xf0\x4c\x40\x73\x37\x96\xa1\xfe\x1c\x01\xa0\x4f\x06\x22\x2c\xce\x35\x90\x01\x53\x1b\x1c\x8f\x61\x3d\x45\x20\x83\xde\xe5\x08\x86\x01\x7a\xca\x82\x21\xa9\xa3\x06\x6e\x77\x68\x7b\x3f\xbe\xb0\xe4\x61\x92\x1f\x29\x21\xba\xf1\xa6\x69\x3e\xf0\x37\xa1\xd8\x56\x5a\x18\x04\x1b\x31\xc2\x66\xfb\x22\x5d\xd1\x74\x84\x8a\x84\x9f\xd1\x8e\x4b\x4b\xfd\x97\x23\x15\xd9\xf6\xff\x65\x29\x4f\x83\x74\xe7\x4f\x8d\x48\xbc\x17\xb6\xbe\xff\x62\xc1\x01\x2b\x5b\x04\x7f\x85\xea\x95\x6f\x50\xe1\x84\xa2\x95\xd1\xb1\x3e\x02\xb8\xe3\x5e\xa2\x4a\x1c\x80\x3a\xb1\x3a\x2a\x32\x85\xdd\xc0\xc3\x58\xd3\x01\x36\x2f\x70\x26\x7e\x7c\x6f\xd8\x25\x25\x24\xbe\x99\x3c\x0b\x61\x3c\x88\x05\x82\xf2\x85\x5f\x66\xa5\x17\xaf\x4d\xf5\x4e\xfa\x63\x58\x1f\xdb\xf3\x2b\x21\x0a\x21\x37\x55\x32\x3c\xab\x26\xdb\xc9\x1d\x85\x03\xac\x84\x2f\xa7\xca\x11\xec\x4d\xc0\xb0\x17\x1a\x3b\x7d\xc5\x1e\xd7\x63\xa7\x34\x82\x4d\x15\xfe\xb4\xa8\x0d\x6b\xfa\xf8\xf7\xd2\xfc\x82\x9b\xfe\x8d\x0b\x4b\x1b\xb4\x28\xcd\xa0\xe9\x6e\x11\x7c\x87\xa3\x81\x60\x83\x7c\xd2\x31\x56\xaf\x49\x8e\x00\x60\x31\x91\x61\x7e\xcc\x06\xa9\xa1\x6e\xb9\x33\xf2\x21\x5e\x8a\x86\xf2\xfe\x3f\x62\x9c\xa1\xd1\x45\x61\x5d\xa9\x57\xbb\xa3\xe1\xdf\x17\x9a\x07\xab\xc4\x88\x9d\x95\x61\x8f\x14\x5a\xca\x14\xe0\xd8\x85\x5f\x60\xff\xa5\x73\x34\x89\xb7\x12\xf0\x54\x42\xc0\xfd\xd2\x63\xea\xa0\x6e\xfa\x9e\x81\xcf\x2e\xb2\x98\x29\xb8\x82\x69\xc6\x53\xaa\x89\xeb\x93\x5a\x6b\x98\xe6\x5e\x46\xc6\x23\xfe\x8d\xe2\x1c\x25\x07\x66\x06\x05\x29\x15\xdc\x7d\xc9\x8e\xbc\xe6\xa7\x55\xae\x43\xb5\x57\x46\x00\x73\xd9\x4c\x8a\x44\xf6\xb6\xf6\x3a\x8a\x86\x6c\xdb\x47\x59\x15\xf4\xab\x00\xe5\xc5\x07\x2c\x1a\xe6\x10\xa8\x00\xea\x8f\xa8\x14\x7c\x96\x68\x6c\x30\x77\xcd\xfe\x0d\x9c\x77\x05\x84\xf2\x17\xfa\xc4\x7e\x64\xe5\x17\x4b\x9e\xb0\xc6\x8c\xa1\x47\xc2\x33\xde\xc2\x5c\xc2\x42\xe8\xe4\x3e\xe7\x39\x4c\x78\x76\xd2\x5e\x04\x0f\xfe\x89\xac\x1f\x6b\x2a\xa2\x40\xb6\x66\x8f\xfc\x89\x83\xfb\x86\x24\xe6\x0b\x3c\xb9\x91\x1f\xc8\x24\x0d\x9d\x8c\xe3\x50\xa8\x92\x45\x42\x04\x96\xae\x75\x76\xe1\x4b\x57\x72\x7a\x52\xe5\x55\xc9\xc8\x8d\xdd\x5c\x53\xca\x3f\xde\xe8\x83\x41\x46\x4e\x83\xdc\x59\xae\x9d\x6e\x17\xf5\xf2\xf7\x63\xa3\x8c\x93\x7e\x32\x53\x32\xea\xc2\x56\x31\xcf\x83\x15\x0a\xfa\x67\x7a\x72\x61\x1e\x7f\xc1\x45\x1b\x3e\x5f\x4d\xcd\xdd\x40\x2c\xb3\x22\xfd\x12\x0d\x9d\x56\x83\x9c\x01\x5e\xbe\x47\xc4\x19\xc5\x53\xff\x0d\xed\x43\xd0\x30\xca\x1d\x10\xb3\xb3\x83\xe6\xc3\xcf\x34\x86\x02\x61\x8a\x56\xca\x51\xf7\x75\x72\x1b\xd3\x55\x71\x0b\x7a\x99\x5a\x13\x93\x1d\xc0\x82\x35\x58\x87\x99\x86\xae\x4c\xe8\x50\xcc\xc3\x73\x1e\x78\x22\x83\x96\x66\x66\x5a\xfc\x00\xa8\x73\xc5\x6c\xa9\xcf\x79\xc6\xd6\x00\xe9\x07\xe1\x50\xb4\x06\x83\xb5\x67\xda\x9c\x1c\xa5\x96\xfc\x02\x4a\xbb\x5e\xea\xf0\x1c\x67\xe0\x83\x75\xff\x15\xc4\x32\xad\xf6\xa4\x37\xd9\x67\xdd\xf1\xbb\xfc\x6c\xcf\x9c\xe7\xc2\x02\x1b\x15\x2c\xd4\xba\x7e\xca\x0e\x67\xcf\x12\x97\x15\x1a\xea\x04\xd9\xea\x9d\xc2\xbf\x84\x44\x13\x3f\x43\x66\xbf\x36\x0e\xe5\x22\x40\x88\xb1\x94\x5b\x5e\x5d\x6d\xe3\x86\x9f\x59\xb1\xac\x7c\xc3\x35\x35\xb1\x57\x6b\xe8\xfd\x7d\xe9\xf2\xca\x5a\x3c\x0e\xb2\x61\xcc\x18\x6b\x6b\x68\x28\x55\x47\xb2\x82\x42\x88\xdf\x77\xfd\x45\x6a\xb5\x2f\x6e\xa4\x8d\xa9\x48\x19\x3a\x42\x40\xa3\x1d\x3a\x7a\xa4\xe6\x7b\xe5\xf2\xa1\x53\xa0\x18\xd3\x2c\xc0\x11\x96\x2b\xb6\x82\xda\xb5\xd3\x43\x7e\x90\x34\x2c\x24\x36\xe5\x40\x91\x38\x82\x26\xf5\xc7\x68\x53\x5e\x02\x75\xeb\xac\x26\xab\x19\xd0\x0e\x90\x38\x55\x10\xa8\x4c\x7a\x72\x6f\x91\xba\xae\xc1\x11\x8a\x74\xe6\x51\x91\x4d\x99\xe3\xe5\x09\x32\x2f\x51\xd0\x95\xb8\x94\xc2\x09\x23\xd0\xfa\x98\xe4\x2c\x4e\xc6\x77\xd0\x95\x00\x8b\x59\x53\xf6\xba\x61\x53\x7a\xba\xe5\x43\xde\x69\xef\xca\x30\xe4\x5d\x7b\xc9\x3c\xaa\x20\x2c\xc8\xf6\x6e\x57\xca\xbd\x54\x9e\xf1\x09\x2f\x79\x6b\x4a\x35\x73\xbe\xf4\x41\x09\x48\x44\xb2\x3a\x3d\x86\xbd\x14\x90\x9b\x84\x1a\xea\x10\x82\x19\xd5\xea\x4a\x49\xc8\xa9\x9e\xaf\xc5\x07\x61\x3c\x1e\x37\xae\xa3\x15\xba\x89\x4f\xec\xc1\xef\x28\x09\x21\x3e\x42\xb1\x37\x48\x58\xcb\x4d\x77\x68\x46\x58\xcf\x41\x4a\xda\x5e\x76\x0f\x4a\xc8\x3b\xc9\x35\x7e\xf1\x45\xa3\xe9\x2d\x7c\x55\x7c\x5d\x94\x40\x24\x65\x9a\xfd\x6c\xaf\x01\xb2\x96\x0c\x6c\x4a\xb1\x47\xc0\xd8\x19\x75\x4b\xe8\x00\x66\xd1\x41\x92\xa4\x79\xc7\xdc\xea\xd0\x4d\x3f\xa1\xe6\x62\x48\xcf\x29\x27\x39\x31\x24\x2d\x12\xf2\xb0\x8c\x71\xe8\x2f\x52\x86\xba\xb6\x76\x7c\x3e\x89\xa3\x6f\x27\x04\x5e\xcc\xf6\xe1\xcf\x3a\xbb\xbd\x9b\x1a\x26\x3d\xa7\xc0\xc0\x10\xfc\x10\xaf\xfc\x50\x32\xd4\x71\x23\xe1\xe1\x14\x6b\x38\xcb\xff\x01\xd4\x78\x56\x36\x04\x99\x26\x6c\xb5\x64\x59\x01\xe2\xed\x04\x9f\x45\xb2\x4e\x79\x3e\xf0\x08\x5f\x0e\x50\x40\xff\x2e\xbc\xb1\xd8\xd7\x01\x96\xd3\xde\x63\x14\xea\xe7\xf4\xf3\xe5\x26\x2c\x67\x67\x41\x59\xc1\xde\x4a\x08\x61\xaa\xd8\x14\x3b\xd5\x9f\xb3\xc8\x87\xc3\x84\x0b\x1c\x12\xc7\x42\xf1\xfa\xd2\x4c\xd9\xac\x7f\xea\x0f\xba\x87\x1c\x1e\xbc\x62\x8b\x34\xd9\x60\x43\x88\x5a\xe8\x26\x42\xda\x04\xd8\x7d\xca\xb5\x9b\xc8\xdd\x87\x65\x87\x11\xf6\x35\xbd\x66\xf4\x25\x4f\x83\xa4\x5d\x5b\xc7\x5e\x31\xfb\x60\xe9\xd6\xa5\xe6\xfb\x8b\x66\x86\x4c\xc3\x0b\x39\x11\xab\x9f\x87\xa5\x9c\xad\x38\xf0\xcc\x91\xb9\x20\x37\xbf\x1e\xa6\x42\x34\xe1\x3f\xc7\xc4\x50\x4c\xf0\x30\x0f\x1a\x0d\xeb\x39\xe6\x30\xc7\x10\xda\x48\x85\x5d\x8c\x45\x1d\x72\x6c\xc4\xc6\xe4\x43\x02\x11\x81\x8a\xaf\x9d\xca\xd5\x71\xb8\xb8\x9c\x4e\x94\x44\xae\xba\xa6\x9b\x97\x68\x9a\x5c\xa6\x70\xf8\xfa\x5e\xea\x13\x2c\x12\x1c\xc1\xef\xd2\x76\xf5\xa0\xb0\x2b\x96\x12\xbd\xc9\x9c\x99\xbc\xc6\x3b\x37\xcb\x86\x62\xcc\xaf\x7c\x80\x28\xeb\x67\x3a\x5f\x4f\x5b\xee\xff\x2c\xa9\x0d\x7a\xfa\xa1\xc6\xab\x6e\xe2\x23\x85\xae\xf9\x80\xd6\xa0\xf4\x54\x49\x86\xfb\x99\xbf\xe4\x10\x23\xb2\x20\x19\x89\x6f\x87\x7a\xae\xe7\x5e\xec\x90\xba\xe1\x0d\x43\xda\xb3\x36\xbb\xe5\x21\x5d\x05\x78\xf0\xd5\xc2\x94\xf0\xfa\x3f\xa1\x6a\xcf\xa9\xb8\x69\xaa\xf7\x9b\x6e\x7e\xf8\xc3\x8b\x9a\x9a\x2c\xfe\x0a\x02\x3e\xf3\x11\xca\xfd\xae\x30\x31\xc8\x2c\x97\x51\x81\x33\x27\x5d\x81\xf8\xfa\x5d\x7e\x4c\x42\xcb\xdf\xcd\xec\xff\x1b\x2b\xf2\x91\x22\x3d\xcd\x30\x75\x0a\x56\xa8\x12\x82\x4a\x5d\xd1\x00\x58\x5f\x1f\xf5\x22\x84\x84\xde\xc4\xbb\x50\x0e\xfd\xb0\x51\x82\xc0\x85\x75\x1a\xce\x19\x84\x4f\xeb\x55\x96\x6b\xaa\x3e\xd4\x76\xbc\xcc\xcb\x50\x9b\x0a\x05\x03\xad\x20\x2f\xab\x29\x67\x38\x8a\xf0\x78\xa7\xa0\x34\x08\xcd\x99\x90\xa3\x6a\x4d\xa1\xca\xff\xc9\x81\xb4\xe1\xfa\xeb\xca\x9f\x33\x76\x8f\x67\x3a\x16\x63\x76\xaa\x4a\x64\x4e\x9f\xc2\x5e\x41\xe0\x8f\xfa\x08\xa5\x5e\x3d\xbc\x4d\xcf\xf9\xe8\x4c\xcf\xb0\xf2\x27\xf3\xe7\x61\x40\xb6\xb9\x55\x77\xec\x7a\x37\xfe\x1c\x3f\x30\x6a\xe6\xa9\x87\x57\x60\xb3\xca\x15\x11\x42\x99\xcc\x0b\xaa\xc7\x66\xad\xe9\x30\x2a\x9d\xfe\x47\xcc\x99\x0d\x36\xbf\x04\xc2\x83\xc6\xe3\xa2\x2d\x7c\xaf\x75\xc8\xff\x75\xd6\x6a\xa7\xed\x34\xf5\x2f\xe8\x44\x69\xe8\x0b\x49\x54\xd7\x4d\x2c\x7c\x20\x14\xec\x97\x17\xb0\x73\x4b\x70\x58\x89\x81\x63\x56\xa6\xe2\xea\x80\x29\xfb\x59\xc0\x0f\x7e\x51\x8b\x14\x65\xde\x12\x8f\x6a\xc9\x66\xbb\xa6\x98\xbe\xb0\xcc\x35\xae\x7b\x7c\x41\x6a\x42\xce\x3e\xf5\xe6\x43\x54\xe5\x34\xca\xee\x98\x4d\xb5\xdb\x34\x0a\x4b\x86\x97\x3f\x0f\xcd\xc6\x80\xbb\xe8\x2d\xfa\x4f\x5b\x2b\x20\x4d\xd3\x15\xa5\x31\x0b\xdd\x34\x0c\x26\x6d\x32\x52\xc5\xe5\x7e\x8b\x87\x5c\x63\xdd\x45\xbc\x0f\xc3\xb2\xb9\xd6\xc5\x8d\x58\x60\x39\x3e\xa1\x91\x9d\x8f\x6c\xfd\x1d\xd9\x5d\xa5\x11\x21\x4f\x68\x4c\xb6\x5f\x55\x92\x22\x21\x69\x82\xba\xe0\x03\xc8\x7b\x12\x4a\x61\xce\xe2\x0e\x0d\xa6\x17\x5b\x59\x06\x15\x7f\x52\x65\x51\x92\xaa\x17\xb8\x52\xbf\xc4\x82\xf9\x34\xc4\x96\xdd\xc2\xa7\xa5\xab\x4d\x24\x45\xa8\x59\xcd\x46\x15\x47\xcb\xb0\x98\x4f\x68\xec\x57\x9e\x84\xfa\x07\xa1\xbf\xb8\xad\x07\x99\xff\xd5\x5f\x98\xab\xce\xba\xff\xc2\x6d\x8b\x20\x9a\xf5\xc4\x94\x42\x99\x99\xfa\xdc\x21\x1d\xe1\x52\x69\x36\x0c\x84\x20\x55\xf5\xf0\x81\x42\x49\xdd\x1b\x97\xe6\x5c\xcf\x97\xf4\x7e\x9b\x3e\x7c\x11\xf3\x23\x82\xa5\x11\x6d\xd2\x41\x49\xdb\x66\x28\xe2\xa2\x54\xfc\x38\x5c\x70\x98\x3d\xfe\xf3\x15\xb4\x9d\xc2\xad\xc3\x30\x14\x0c\xf1\x45\x48\x9e\x8e\x71\x68\x4c\x4c\xd9\x78\xda\xe8\xfa\xe6\x8c\xeb\x64\xc1\xcc\x11\xbb\x13\xd7\xe1\xb5\x48\x5f\x6a\x1e\xaf\x58\x34\x2a\x76\xc1\x41\xe2\xc3\x93\x3e\x6c\x3e\xed\xa4\x18\xdb\x11\x4b\x6d\xcf\x65\xa4\x91\xc6\x35\x7f\x9d\xfc\x5d\x80\x62\xc8\x2b\x07\xad\x86\x17\x10\x42\xab\xd8\x8d\x96\x07\xcd\x71\x24\x06\x66\x0e\x9c\x21\x6e\x9e\xe8\x36\x7e\xf8\xd2\x5c\x3d\x80\x9a\x5d\x4d\xe5\xd4\xcf\x90\x96\x53\x4b\x08\x9e\x3f\xcd\xc1\x34\x29\xb5\x2a\xde\xd9\x38\x7f\xd1\x61\x46\x14\xde\xa2\xd4\xed\x01\x37\x6e\xba\xfc\x2e\xbb\x0c\x34\x87\x2f\xfe\x57\x18\x63\x4e\x2a\xdd\xa4\x64\xe7\x7f\xaa\xc4\x70\x88\xcd\x9c\x3c\x30\x83\x7f\xd3\x08\x32\x75\xe8\x5f\x82\x2d\x1b\xc5\x1b\x3e\xc9\xf8\x44\x23\xdd\x81\xf2\x0a\x84\x0e\x0c\x35\xb8\xa7\x39\x8f\xff\x0b\x4e\xdf\xe8\x58\x31\x01", 4096); *(uint32_t*)0x20006544 = 0x1000; *(uint32_t*)0x20006548 = 4; memcpy((void*)0x20006640, "autocell", 8); *(uint8_t*)0x20006648 = 0x2c; memcpy((void*)0x20006649, "flock=write", 11); *(uint8_t*)0x20006654 = 0x2c; memcpy((void*)0x20006655, "flock=write", 11); *(uint8_t*)0x20006660 = 0x2c; memcpy((void*)0x20006661, "dyn", 3); *(uint8_t*)0x20006664 = 0x2c; memcpy((void*)0x20006665, "appraise", 8); *(uint8_t*)0x2000666d = 0x2c; memcpy((void*)0x2000666e, "euid<", 5); sprintf((char*)0x20006673, "%020llu", (long long)r[20]); *(uint8_t*)0x20006687 = 0x2c; memcpy((void*)0x20006688, "fsuuid", 6); *(uint8_t*)0x2000668e = 0x3d; *(uint8_t*)0x2000668f = 0x36; *(uint8_t*)0x20006690 = 0x63; *(uint8_t*)0x20006691 = 0x33; *(uint8_t*)0x20006692 = 0x63; *(uint8_t*)0x20006693 = 0x66; *(uint8_t*)0x20006694 = 0x39; *(uint8_t*)0x20006695 = 0x38; *(uint8_t*)0x20006696 = 0x62; *(uint8_t*)0x20006697 = 0x2d; *(uint8_t*)0x20006698 = 0x63; *(uint8_t*)0x20006699 = 0x38; *(uint8_t*)0x2000669a = 0x62; *(uint8_t*)0x2000669b = 0x33; *(uint8_t*)0x2000669c = 0x2d; *(uint8_t*)0x2000669d = 0x61; *(uint8_t*)0x2000669e = 0x33; *(uint8_t*)0x2000669f = 0; *(uint8_t*)0x200066a0 = 0x30; *(uint8_t*)0x200066a1 = 0x2d; *(uint8_t*)0x200066a2 = 0x61; *(uint8_t*)0x200066a3 = 0x34; *(uint8_t*)0x200066a4 = 0x63; *(uint8_t*)0x200066a5 = 0x37; *(uint8_t*)0x200066a6 = 0x2d; *(uint8_t*)0x200066a7 = 0x37; *(uint8_t*)0x200066a8 = 0x36; *(uint8_t*)0x200066a9 = 0x31; *(uint8_t*)0x200066aa = 0x63; *(uint8_t*)0x200066ab = 0x39; *(uint8_t*)0x200066ac = 0x64; *(uint8_t*)0x200066ad = 0x61; *(uint8_t*)0x200066ae = 0x34; *(uint8_t*)0x200066af = 0x2c; *(uint8_t*)0x200066b0 = 0; syz_mount_image(0x200054c0, 0x20005500, 0x80000001, 1, 0x20006540, 0x40000, 0x20006640); break; case 39: memcpy((void*)0x200066c0, "/dev/i2c-#\000", 11); syz_open_dev(0x200066c0, 0xb6f4, 0x400202); break; case 40: memcpy((void*)0x20006700, "mounts\000", 7); syz_open_procfs(r[6], 0x20006700); break; case 41: syz_open_pts(-1, 0x13022679); break; case 42: *(uint32_t*)0x200067c0 = 0x20006740; memcpy((void*)0x20006740, "\xdb\x5a\x07\x9d\xd4\x30\x62\xf6\x98\x5b\x51\x4a\xd6\xb7\xac\x65\x29\x50\xf7\xe5\x31\x7a\x81\xed\x92\x43\x86\xc1\x08\x3a\x75\xb7\xe2\x67\x59\x67\xac\xdc\x58\x64\x42\x41\xb6\xde\x98\x1b\xa6\x5e\x75\x81\x6e\x07\x8f\x21\x21\x2c\xb8\x62\xa3\x39\x34\xc9\xb4\x72\x9a\x72\x21\x51\xfd\x15\x36\x1d\x77\x1e\x0c\x59\xe4\xb2\xa7\xb4\xae\x5a\xd6\xd4\x5a\x6b\xb5\x1f\xa6\xd0", 90); *(uint32_t*)0x200067c4 = 0x5a; *(uint32_t*)0x200067c8 = 0x10001; syz_read_part_table(1, 1, 0x200067c0); break; case 43: *(uint8_t*)0x20006800 = 0x12; *(uint8_t*)0x20006801 = 1; *(uint16_t*)0x20006802 = 0x201; *(uint8_t*)0x20006804 = 0x73; *(uint8_t*)0x20006805 = 0x54; *(uint8_t*)0x20006806 = 0x2d; *(uint8_t*)0x20006807 = 0x40; *(uint16_t*)0x20006808 = 0x572; *(uint16_t*)0x2000680a = 0x1324; *(uint16_t*)0x2000680c = 0x84d3; *(uint8_t*)0x2000680e = 1; *(uint8_t*)0x2000680f = 2; *(uint8_t*)0x20006810 = 3; *(uint8_t*)0x20006811 = 1; *(uint8_t*)0x20006812 = 9; *(uint8_t*)0x20006813 = 2; *(uint16_t*)0x20006814 = 0xdff; *(uint8_t*)0x20006816 = 4; *(uint8_t*)0x20006817 = 0; *(uint8_t*)0x20006818 = 4; *(uint8_t*)0x20006819 = 0x20; *(uint8_t*)0x2000681a = 5; *(uint8_t*)0x2000681b = 9; *(uint8_t*)0x2000681c = 4; *(uint8_t*)0x2000681d = 0x21; *(uint8_t*)0x2000681e = 6; *(uint8_t*)0x2000681f = 0xf; *(uint8_t*)0x20006820 = 0x13; *(uint8_t*)0x20006821 = 0xd5; *(uint8_t*)0x20006822 = 0xef; *(uint8_t*)0x20006823 = -1; *(uint8_t*)0x20006824 = 0x7f; *(uint8_t*)0x20006825 = 3; memcpy((void*)0x20006826, "\xff\x04\x19\x26\x1d\x95\x19\x66\xe9\x2d\x90\x6d\x4e\x26\x34\x29\x08\xf7\xc1\x48\xa2\xd9\xb1\xb9\xfe\x29\x1a\xd2\xef\x96\x37\x25\xab\x89\x5c\x81\xd7\xbb\xf8\xf9\xd4\xda\x5a\x4f\x8e\x43\x11\xa0\xbd\xfd\xab\x97\xf5\x08\x93\x9e\x62\x47\x0e\xae\x4d\xc1\x3f\x11\x32\x4f\x9b\x80\x8e\xb9\xc0\x6c\xec\x3f\x30\xa8\x6e\xf0\xfb\x2a\xb9\x0e\x7e\x04\x40\xe8\x7f\xf5\x22\x68\x87\x9d\x8a\xe0\xc9\x1a\x67\x35\x0e\x71\xaf\x1f\xb2\xd4\x90\x8d\x78\x22\x20\x08\xe8\xb6\x71\x15\x6b\x17\x90\x6f\x6a\x1e\x05\xe0\x2b\x6b\x37", 125); *(uint8_t*)0x200068a3 = 5; *(uint8_t*)0x200068a4 = 0x24; *(uint8_t*)0x200068a5 = 6; *(uint8_t*)0x200068a6 = 0; *(uint8_t*)0x200068a7 = 0; *(uint8_t*)0x200068a8 = 5; *(uint8_t*)0x200068a9 = 0x24; *(uint8_t*)0x200068aa = 0; *(uint16_t*)0x200068ab = 7; *(uint8_t*)0x200068ad = 0xd; *(uint8_t*)0x200068ae = 0x24; *(uint8_t*)0x200068af = 0xf; *(uint8_t*)0x200068b0 = 1; *(uint32_t*)0x200068b1 = 3; *(uint16_t*)0x200068b5 = 0; *(uint16_t*)0x200068b7 = 3; *(uint8_t*)0x200068b9 = 0x6a; *(uint8_t*)0x200068ba = 0xc0; *(uint8_t*)0x200068bb = 0x24; *(uint8_t*)0x200068bc = 0x13; *(uint8_t*)0x200068bd = 2; memcpy((void*)0x200068be, "\xf6\xe0\xbd\x71\x54\x25\x30\xd6\xc8\x82\xe5\x31\xf6\x0f\x2e\xef\xd0\x5d\x35\x63\x85\xc0\xa6\x22\xa1\x20\xa8\x16\x78\x85\x48\x55\xc2\x70\x40\x64\x5d\x6c\x24\x37\x27\x72\x10\x8a\xef\x34\xf2\xaf\x02\x26\xda\xa9\x9d\x3c\xec\xfe\x16\x8f\xc9\xfa\xe2\x8e\xd3\xbd\x29\x5c\x75\x43\x16\x6c\xe5\xf2\x52\xa2\x58\x4e\x73\xd2\x12\xd5\x87\x24\x5b\x8e\xbe\xfb\xae\x86\x93\xd8\x8f\x8f\xda\x2b\xbf\xbc\x96\x28\xa0\x8e\x7d\x81\xa1\x94\xb0\xc4\x9e\x82\xf6\xbc\x23\x01\x24\x57\x6b\x45\xb4\xcb\xc1\xd5\xc0\x2d\xcb\x3f\x94\x3d\xad\x75\xc6\xc2\xc5\x02\x3c\x1e\x67\x0f\xf6\x82\x5d\x8b\xa2\x3c\x20\x5a\x7e\xb9\xdc\x0b\xca\xc2\x8c\x35\x14\x07\x20\x78\xd2\xfa\x78\x2c\x31\x86\xd4\xb1\xed\x80\x40\xee\x1c\x76\x5b\xc2\x34\xaf\xcc\x52\xa9\x17\x22\x52\x7e\x5d\xbd\x90\x2d\xc2\x99\xd8", 188); *(uint8_t*)0x2000697a = 9; *(uint8_t*)0x2000697b = 5; *(uint8_t*)0x2000697c = 0; *(uint8_t*)0x2000697d = 0x10; *(uint16_t*)0x2000697e = 0; *(uint8_t*)0x20006980 = 2; *(uint8_t*)0x20006981 = 0x36; *(uint8_t*)0x20006982 = 0; *(uint8_t*)0x20006983 = 0x2a; *(uint8_t*)0x20006984 = 0x31; memcpy((void*)0x20006985, "\x71\xc3\xc3\xd6\x1b\xbd\x69\x65\xe0\xda\xb5\x13\xc1\x4e\x7d\x2a\x6d\x7d\x83\x46\x22\x8a\xf4\x6c\x61\x7a\x9c\x6f\x93\xe2\xc9\x23\x76\x7b\x9d\xcf\x1b\x1c\x65\x24", 40); *(uint8_t*)0x200069ad = 0x35; *(uint8_t*)0x200069ae = 8; memcpy((void*)0x200069af, "\x2e\xfa\xc1\x77\x7f\x97\xf0\x88\xcf\x4e\xa6\x90\x9a\x4a\xb8\x19\x54\x3a\x67\x8d\xbd\x61\x1b\xae\xbf\x76\x50\x0b\x0c\x10\xe0\x99\xa0\x98\x27\xed\xc9\x86\xbd\x1c\x1c\x58\xec\x92\x77\x82\x78\x78\x70\x0a\x60", 51); *(uint8_t*)0x200069e2 = 9; *(uint8_t*)0x200069e3 = 5; *(uint8_t*)0x200069e4 = 6; *(uint8_t*)0x200069e5 = 3; *(uint16_t*)0x200069e6 = 0x400; *(uint8_t*)0x200069e8 = 0x3f; *(uint8_t*)0x200069e9 = 2; *(uint8_t*)0x200069ea = 8; *(uint8_t*)0x200069eb = 2; *(uint8_t*)0x200069ec = 7; *(uint8_t*)0x200069ed = 7; *(uint8_t*)0x200069ee = 0x25; *(uint8_t*)0x200069ef = 1; *(uint8_t*)0x200069f0 = 0x81; *(uint8_t*)0x200069f1 = 0x40; *(uint16_t*)0x200069f2 = 4; *(uint8_t*)0x200069f4 = 9; *(uint8_t*)0x200069f5 = 5; *(uint8_t*)0x200069f6 = 8; *(uint8_t*)0x200069f7 = 0; *(uint16_t*)0x200069f8 = 0x400; *(uint8_t*)0x200069fa = 2; *(uint8_t*)0x200069fb = 8; *(uint8_t*)0x200069fc = 8; *(uint8_t*)0x200069fd = 9; *(uint8_t*)0x200069fe = 5; *(uint8_t*)0x200069ff = 0xe; *(uint8_t*)0x20006a00 = 1; *(uint16_t*)0x20006a01 = 0x200; *(uint8_t*)0x20006a03 = 2; *(uint8_t*)0x20006a04 = 4; *(uint8_t*)0x20006a05 = 9; *(uint8_t*)0x20006a06 = 9; *(uint8_t*)0x20006a07 = 5; *(uint8_t*)0x20006a08 = 0xc; *(uint8_t*)0x20006a09 = 0; *(uint16_t*)0x20006a0a = 0x400; *(uint8_t*)0x20006a0c = 0; *(uint8_t*)0x20006a0d = 4; *(uint8_t*)0x20006a0e = 0x20; *(uint8_t*)0x20006a0f = 7; *(uint8_t*)0x20006a10 = 0x25; *(uint8_t*)0x20006a11 = 1; *(uint8_t*)0x20006a12 = 0; *(uint8_t*)0x20006a13 = 0x7f; *(uint16_t*)0x20006a14 = 0x1ff; *(uint8_t*)0x20006a16 = 7; *(uint8_t*)0x20006a17 = 0x25; *(uint8_t*)0x20006a18 = 1; *(uint8_t*)0x20006a19 = 0x41; *(uint8_t*)0x20006a1a = 0xcb; *(uint16_t*)0x20006a1b = 0x102d; *(uint8_t*)0x20006a1d = 9; *(uint8_t*)0x20006a1e = 5; *(uint8_t*)0x20006a1f = 0xf; *(uint8_t*)0x20006a20 = 0x10; *(uint16_t*)0x20006a21 = 0x20; *(uint8_t*)0x20006a23 = 0x32; *(uint8_t*)0x20006a24 = 0; *(uint8_t*)0x20006a25 = 0; *(uint8_t*)0x20006a26 = 9; *(uint8_t*)0x20006a27 = 5; *(uint8_t*)0x20006a28 = 2; *(uint8_t*)0x20006a29 = 4; *(uint16_t*)0x20006a2a = 0x20; *(uint8_t*)0x20006a2c = 0x20; *(uint8_t*)0x20006a2d = 0x7f; *(uint8_t*)0x20006a2e = 0x7f; *(uint8_t*)0x20006a2f = 7; *(uint8_t*)0x20006a30 = 0x25; *(uint8_t*)0x20006a31 = 1; *(uint8_t*)0x20006a32 = 1; *(uint8_t*)0x20006a33 = 8; *(uint16_t*)0x20006a34 = 0x40; *(uint8_t*)0x20006a36 = 9; *(uint8_t*)0x20006a37 = 5; *(uint8_t*)0x20006a38 = 1; *(uint8_t*)0x20006a39 = 0; *(uint16_t*)0x20006a3a = 8; *(uint8_t*)0x20006a3c = 0xe0; *(uint8_t*)0x20006a3d = 0x80; *(uint8_t*)0x20006a3e = 1; *(uint8_t*)0x20006a3f = 9; *(uint8_t*)0x20006a40 = 5; *(uint8_t*)0x20006a41 = 0xd; *(uint8_t*)0x20006a42 = 0; *(uint16_t*)0x20006a43 = 0x7f7; *(uint8_t*)0x20006a45 = 8; *(uint8_t*)0x20006a46 = 4; *(uint8_t*)0x20006a47 = 0x20; *(uint8_t*)0x20006a48 = 7; *(uint8_t*)0x20006a49 = 0x25; *(uint8_t*)0x20006a4a = 1; *(uint8_t*)0x20006a4b = 2; *(uint8_t*)0x20006a4c = 6; *(uint16_t*)0x20006a4d = 3; *(uint8_t*)0x20006a4f = 0x5b; *(uint8_t*)0x20006a50 = 2; memcpy((void*)0x20006a51, "\xe2\x68\x16\x78\x8a\x1c\xc1\x88\x1a\x23\xc8\xf4\x1a\x67\xd7\x3b\xe6\xc2\x14\x67\xfa\x34\xc3\x2c\x9f\xb2\xf2\x08\xc2\x69\x29\xeb\x65\x27\x36\xf9\xd9\x1d\x3a\x85\xb6\x39\x1d\xdd\x8c\x23\xc3\x09\xf2\x0a\xa9\x6d\x84\xd4\x89\xfd\xc4\x25\xac\xea\x48\x48\x9f\xbd\x62\xf0\xf3\x65\x3d\x94\xee\x6b\x8e\x1d\xab\x83\xb1\x9e\xbc\xa6\xd7\x35\x78\x5a\xb9\xdd\x72\x4d\x66", 89); *(uint8_t*)0x20006aaa = 9; *(uint8_t*)0x20006aab = 5; *(uint8_t*)0x20006aac = 6; *(uint8_t*)0x20006aad = 2; *(uint16_t*)0x20006aae = 0x40; *(uint8_t*)0x20006ab0 = 0x80; *(uint8_t*)0x20006ab1 = 1; *(uint8_t*)0x20006ab2 = 0x1b; *(uint8_t*)0x20006ab3 = 7; *(uint8_t*)0x20006ab4 = 0x25; *(uint8_t*)0x20006ab5 = 1; *(uint8_t*)0x20006ab6 = 0; *(uint8_t*)0x20006ab7 = 7; *(uint16_t*)0x20006ab8 = 0x40; *(uint8_t*)0x20006aba = 9; *(uint8_t*)0x20006abb = 5; *(uint8_t*)0x20006abc = 9; *(uint8_t*)0x20006abd = 0x10; *(uint16_t*)0x20006abe = 8; *(uint8_t*)0x20006ac0 = 7; *(uint8_t*)0x20006ac1 = 4; *(uint8_t*)0x20006ac2 = 0x3f; *(uint8_t*)0x20006ac3 = 0xe8; *(uint8_t*)0x20006ac4 = 0xb; memcpy((void*)0x20006ac5, "\x8a\xfc\x39\xfa\xbf\x2e\x69\xef\xa6\x1b\x09\x26\x94\xe9\xe7\x01\x87\xbb\xd4\x34\x3a\x56\x66\xc1\xc2\xe1\xb5\xbe\xc1\x2b\xd1\xb1\x63\x32\x5b\x32\x04\x7e\x6f\xad\x04\x42\xc3\x70\x40\x7a\xd2\xdd\xd4\xeb\x56\x3a\x85\x40\x8b\xb4\x76\x2b\x8e\x46\xa4\x63\x43\xa9\xbf\x71\x84\x80\x5c\xd6\x0c\x0d\xa1\x01\x0d\xbd\x99\x5b\x1d\x79\x8e\x5b\x4a\x50\xa1\x0d\xc1\x1c\xd3\x95\x93\x2b\x5e\xd4\xf8\xe0\x6e\x56\x6a\x72\x6d\xe0\x3c\x04\x47\x58\x7e\x03\xd6\x55\xe7\x3c\x3e\x30\xe4\x3e\x8c\x21\x89\xd9\xf1\xfc\xbd\x1e\x3d\x45\x71\x2e\x92\x03\xad\x62\xe3\x4e\x8e\x27\x53\xc6\xf2\xd0\xfa\x95\x3d\x20\xdf\xd1\xbb\x42\x47\x9f\xc0\x33\x95\x9a\xac\x50\x43\x14\x9c\xed\xe9\x28\x6d\xce\x76\x3b\x3f\x20\xad\xaf\xee\x00\x5d\xc6\x83\x0d\xb8\x9c\xd5\x8f\x56\xa2\xf9\x7f\xb1\x0e\x0c\x37\xc0\xdd\x51\x63\xae\x61\x78\x38\x7a\x02\x84\xab\x98\x1a\x6c\xab\xcd\x05\xdb\x43\x14\x32\x63\x32\xe1\xd3\x2d\x69\xd9\xe5\x62\x4a\xc0\x86\x33\x32\x79\xb2\xdf\x93\xb7\x8c", 230); *(uint8_t*)0x20006bab = 9; *(uint8_t*)0x20006bac = 5; *(uint8_t*)0x20006bad = 2; *(uint8_t*)0x20006bae = 8; *(uint16_t*)0x20006baf = 0x3ff; *(uint8_t*)0x20006bb1 = 9; *(uint8_t*)0x20006bb2 = 4; *(uint8_t*)0x20006bb3 = 2; *(uint8_t*)0x20006bb4 = 0xf8; *(uint8_t*)0x20006bb5 = 3; memcpy((void*)0x20006bb6, "\xd2\xa3\x36\x68\x18\x43\xbe\xe6\x3f\x11\x81\xdd\xe5\x8c\xe1\x39\xc8\x7e\xb3\x9d\x3b\x1b\x13\xc8\x9f\x9c\x99\x42\x60\x3a\xbc\x8f\x40\x9b\x89\xed\xa8\xfb\x2c\x9c\x68\xe3\xce\xb4\x70\x7a\x75\x45\x08\x30\x06\x6c\xf2\x30\x91\x72\xcf\x06\x53\x0b\xe6\x25\x66\xc8\xc6\x28\x43\x6e\xde\x40\xb0\x63\x4b\x77\x58\xb6\x17\x7a\xb7\x9a\x5e\xf2\x50\x1a\x59\xd5\x80\xc5\x73\x29\x44\xb2\xf3\xbd\x51\x23\xfd\x15\x63\x5c\xfe\x84\x91\xa0\x3a\xb3\xd1\x0d\x42\x51\x80\x9a\xc6\xaf\x63\x5e\x91\x48\xf6\xc9\xb7\xe3\xb9\x3f\xd4\xbe\x33\x87\xd4\xce\x97\x08\xf9\x74\x1d\x7d\x24\x96\xf6\x06\x97\xdb\x79\x6d\x17\xbb\x9f\x55\xed\x9d\x12\xa4\xf5\x24\xc9\xae\x5d\xe2\x04\x4e\x86\x3c\x24\x37\x08\x2c\x82\xf7\x05\x03\x62\xb3\x8a\x90\xff\x56\x63\xe9\xa1\xca\x56\xd8\x99\xac\x46\x21\x20\x97\x09\x52\x83\x42\xac\x71\xba\xd0\x76\x61\xab\x43\x79\x99\xa7\x3a\x96\x72\x00\xb8\xbd\xc9\x75\xa7\x8f\x6e\xd6\xf8\xe6\xec\x81\xb6\x37\xbb\xde\x98\x53\x15\xc3\x2e\xaa\xea\x7d\xe9\x23\x25\xdf\xef\x74\x82\x22\x1b\x7a\x31\x21\x2a\x96\xcd", 246); *(uint8_t*)0x20006cac = 7; *(uint8_t*)0x20006cad = 0x25; *(uint8_t*)0x20006cae = 1; *(uint8_t*)0x20006caf = 0x81; *(uint8_t*)0x20006cb0 = 0x82; *(uint16_t*)0x20006cb1 = 0x7ff; *(uint8_t*)0x20006cb3 = 9; *(uint8_t*)0x20006cb4 = 5; *(uint8_t*)0x20006cb5 = 5; *(uint8_t*)0x20006cb6 = 2; *(uint16_t*)0x20006cb7 = 0x3ff; *(uint8_t*)0x20006cb9 = 0xe4; *(uint8_t*)0x20006cba = 0; *(uint8_t*)0x20006cbb = 1; *(uint8_t*)0x20006cbc = 0xab; *(uint8_t*)0x20006cbd = 9; memcpy((void*)0x20006cbe, "\xc6\xfe\x27\x36\x94\xb4\x05\x2a\x22\x09\x9e\x80\xc6\x7e\x2e\xb2\x7f\xde\xed\x48\xb1\x52\x75\x46\xe3\xa7\x40\x7a\xfc\x77\xae\x43\xbd\x82\x4d\x2f\xfd\x79\xec\x4a\x23\x13\xe6\xde\xcb\x22\x1d\x29\x55\x42\x04\x6d\x0e\x03\x11\xc0\xc0\x2e\x9f\x09\x73\xd4\x9f\x0b\x1b\xd4\x9d\xa2\x3a\xf4\xc4\x14\x49\xe8\xfd\x00\x5d\xde\xac\x5c\xb8\xc7\x3c\x95\x1a\x76\x62\x6e\xe8\x86\x0e\x18\xc8\x5c\xef\x48\xbb\x8b\x33\x50\x6f\x1a\x4f\x6b\xa4\x21\x21\x1b\xd0\x4f\x96\xdd\x24\x63\x65\x5b\x6e\xd4\x20\x6b\xcc\x04\x9e\xbc\x67\xa5\xa0\xac\xbf\xd5\xeb\x77\x05\x5f\x23\x2b\xdc\x5c\x33\xa9\x2f\xd8\x0e\xbb\xd2\xda\xd6\x7c\x47\x0a\x1e\xe4\x01\x28\x0c\x84\xbc\x45\xa2\x25\xab\xf7\xd7\xb7\xa8\xc4\xfd\xd7\x7c", 169); *(uint8_t*)0x20006d67 = 0x99; *(uint8_t*)0x20006d68 = 0x23; memcpy((void*)0x20006d69, "\x6a\xd2\x4c\x93\xae\x66\xaf\xc2\x43\xc8\x2a\x20\x22\x88\x5c\x51\x54\x35\xd3\xa6\xa8\xd0\xef\x67\x86\x6f\x48\x82\x4a\xae\x8e\x31\xc1\x3f\x45\x0c\xf1\x04\x77\xc7\xad\xd8\x14\xe0\xa2\x0d\x36\x90\xe3\x4f\x87\x60\xb7\x87\x53\x57\x60\x1e\x82\x07\x3a\x7a\x84\xd0\xf4\xb1\xe6\x4b\x33\x27\x6f\x3b\xbb\xce\x50\x4b\xdd\x2f\x2b\x38\xc1\x83\x77\x70\x87\x6e\xd0\x36\x7d\xbb\x28\x0f\xc1\x08\xa3\x8f\x3b\x1a\x38\x69\xcf\x03\x88\x71\xf5\xac\xd4\xe8\xde\xc2\xec\x99\xbf\xef\x6e\x25\x96\xdf\x56\x7f\xac\x26\xf3\x17\x37\x92\xc2\x0b\x5d\x1f\xe6\x71\x5e\xb4\xa9\xd9\x64\xaf\x6f\xcc\x73\x1d\x4a\xc6\xbe\x25\xd3\x21\x7f\x7d\x87", 151); *(uint8_t*)0x20006e00 = 9; *(uint8_t*)0x20006e01 = 5; *(uint8_t*)0x20006e02 = 0xd; *(uint8_t*)0x20006e03 = 0xc; *(uint16_t*)0x20006e04 = 0x200; *(uint8_t*)0x20006e06 = 0x3f; *(uint8_t*)0x20006e07 = 8; *(uint8_t*)0x20006e08 = 1; *(uint8_t*)0x20006e09 = 9; *(uint8_t*)0x20006e0a = 5; *(uint8_t*)0x20006e0b = 6; *(uint8_t*)0x20006e0c = 0; *(uint16_t*)0x20006e0d = 0x1df; *(uint8_t*)0x20006e0f = 4; *(uint8_t*)0x20006e10 = 0x3f; *(uint8_t*)0x20006e11 = 0xc5; *(uint8_t*)0x20006e12 = 7; *(uint8_t*)0x20006e13 = 0x25; *(uint8_t*)0x20006e14 = 1; *(uint8_t*)0x20006e15 = 0x80; *(uint8_t*)0x20006e16 = 1; *(uint16_t*)0x20006e17 = 0; *(uint8_t*)0x20006e19 = 9; *(uint8_t*)0x20006e1a = 4; *(uint8_t*)0x20006e1b = 0xb1; *(uint8_t*)0x20006e1c = -1; *(uint8_t*)0x20006e1d = 4; *(uint8_t*)0x20006e1e = 0xb0; *(uint8_t*)0x20006e1f = 0x15; *(uint8_t*)0x20006e20 = 0x7a; *(uint8_t*)0x20006e21 = 0xa9; *(uint8_t*)0x20006e22 = 7; *(uint8_t*)0x20006e23 = 0x24; *(uint8_t*)0x20006e24 = 6; *(uint8_t*)0x20006e25 = 0; *(uint8_t*)0x20006e26 = 0; memcpy((void*)0x20006e27, "\x25\x02", 2); *(uint8_t*)0x20006e29 = 5; *(uint8_t*)0x20006e2a = 0x24; *(uint8_t*)0x20006e2b = 0; *(uint16_t*)0x20006e2c = 0x96; *(uint8_t*)0x20006e2e = 0xd; *(uint8_t*)0x20006e2f = 0x24; *(uint8_t*)0x20006e30 = 0xf; *(uint8_t*)0x20006e31 = 1; *(uint32_t*)0x20006e32 = 0; *(uint16_t*)0x20006e36 = 1; *(uint16_t*)0x20006e38 = 7; *(uint8_t*)0x20006e3a = 1; *(uint8_t*)0x20006e3b = 7; *(uint8_t*)0x20006e3c = 0x24; *(uint8_t*)0x20006e3d = 0xa; *(uint8_t*)0x20006e3e = 0xde; *(uint8_t*)0x20006e3f = 1; *(uint8_t*)0x20006e40 = 3; *(uint8_t*)0x20006e41 = 0x84; *(uint8_t*)0x20006e42 = 5; *(uint8_t*)0x20006e43 = 0x24; *(uint8_t*)0x20006e44 = 1; *(uint8_t*)0x20006e45 = 1; *(uint8_t*)0x20006e46 = 0x20; *(uint8_t*)0x20006e47 = 7; *(uint8_t*)0x20006e48 = 0x24; *(uint8_t*)0x20006e49 = 0x14; *(uint16_t*)0x20006e4a = 8; *(uint16_t*)0x20006e4c = 6; *(uint8_t*)0x20006e4e = 4; *(uint8_t*)0x20006e4f = 0x24; *(uint8_t*)0x20006e50 = 2; *(uint8_t*)0x20006e51 = 7; *(uint8_t*)0x20006e52 = 0xa; *(uint8_t*)0x20006e53 = 0x24; *(uint8_t*)0x20006e54 = 7; *(uint8_t*)0x20006e55 = 0x20; *(uint16_t*)0x20006e56 = 0xd57a; *(uint16_t*)0x20006e58 = 0x3ff; *(uint16_t*)0x20006e5a = 7; *(uint8_t*)0x20006e5c = 7; *(uint8_t*)0x20006e5d = 0x24; *(uint8_t*)0x20006e5e = 0xa; *(uint8_t*)0x20006e5f = 0x80; *(uint8_t*)0x20006e60 = 0; *(uint8_t*)0x20006e61 = 0xfc; *(uint8_t*)0x20006e62 = 6; *(uint8_t*)0x20006e63 = 9; *(uint8_t*)0x20006e64 = 5; *(uint8_t*)0x20006e65 = 0xc; *(uint8_t*)0x20006e66 = 0x10; *(uint16_t*)0x20006e67 = 0x400; *(uint8_t*)0x20006e69 = 0x80; *(uint8_t*)0x20006e6a = 0x3f; *(uint8_t*)0x20006e6b = 0; *(uint8_t*)0x20006e6c = 0xc0; *(uint8_t*)0x20006e6d = 0x23; memcpy((void*)0x20006e6e, "\x2f\xa6\x21\x6f\xa5\xb3\x4b\x3c\x34\x7a\x90\xd7\xc0\x9d\xee\x9e\x3b\xad\x4c\xef\xe7\xc1\x78\xd4\xc2\x48\xc1\x75\xd6\xe2\x65\xf0\xf1\x5b\x5d\xb2\xf1\xef\xac\xfb\xb4\x75\x80\x01\xa8\x95\xf8\x29\x6a\x82\xcc\x24\x3a\x7a\x71\xe6\xcf\xa5\x9d\x27\xd6\xba\x04\x08\x6b\x13\x18\xf3\x99\x7a\xee\x66\x3f\xb0\xb1\x88\xa9\x5e\x85\x05\xf2\x75\x8d\x8b\x43\xe5\x4d\xce\x1e\x61\x31\xac\x08\xc8\xf2\x9e\x40\xfd\xf1\x8b\xbc\xb5\x70\x4b\x23\x47\x1e\x1f\xa2\xbb\xa7\x64\x58\x1c\xe7\xdc\x0a\x1f\x88\x0b\x6a\xa4\xe3\x93\x0f\x95\x24\xba\xf7\xf5\x0f\x7c\xb5\x8d\xdb\xd7\xb0\x65\xbe\x27\x02\x27\xb4\x7e\x34\xa8\x27\xa2\xf0\x9e\x87\x65\x2c\x3b\x09\x33\x94\x5d\x95\xbc\xdc\x06\x2e\x78\x95\x3c\x6f\xef\x78\x19\x97\x36\xf6\x24\x70\xac\x62\x41\x40\xad\x40\x3c\x6f\x78\x8d\x52\xe1\x0e\x11\x03", 190); *(uint8_t*)0x20006f2c = 9; *(uint8_t*)0x20006f2d = 5; *(uint8_t*)0x20006f2e = 5; *(uint8_t*)0x20006f2f = 0; *(uint16_t*)0x20006f30 = 0x20; *(uint8_t*)0x20006f32 = 0x3f; *(uint8_t*)0x20006f33 = 0x7f; *(uint8_t*)0x20006f34 = 2; *(uint8_t*)0x20006f35 = 0x1a; *(uint8_t*)0x20006f36 = 0xc; memcpy((void*)0x20006f37, "\x1c\x2b\x9b\xf9\x18\x36\xba\x9e\x59\x50\x27\x9a\xa4\x49\xab\x26\x14\xf1\x7e\xc4\x78\xa5\xa7\x00", 24); *(uint8_t*)0x20006f4f = 0xc3; *(uint8_t*)0x20006f50 = 0xc; memcpy((void*)0x20006f51, "\x31\x39\xf5\x6a\x95\xcd\x9a\xcd\x2c\xaf\x28\x74\xda\x06\x4a\xdf\x8a\x3e\xa9\x3c\xbd\x32\xe1\x4f\x79\xb6\x83\x8a\x87\x5d\x2b\x1c\x72\x86\xc6\x17\xf7\x80\xe8\x3c\xd8\xac\x69\xa4\x71\x4e\x10\x41\xcf\x11\xa6\x98\x86\x60\x63\xe4\x4d\x74\xc6\xdf\xbe\xe8\x90\x55\xed\xa3\xb7\x01\x77\xaf\x2e\x4b\x13\x8e\xdb\xeb\x82\xf3\x46\x05\xc6\x14\xb3\xa5\xcb\x77\x50\xf2\x20\xc4\xc8\xbc\x45\x0a\x30\x09\xd9\xbd\x33\x00\x56\x14\x98\xc1\x64\xcf\x3b\x38\x00\xcd\xf5\x75\xf5\xee\x94\x56\xff\xec\x5a\xcc\x96\xed\x76\xe2\x26\xc3\x6e\x52\x50\x8d\x2f\xc0\x8e\x9f\x1e\xa6\xfe\x8c\xfc\x2c\x9a\x31\xb0\x9a\xc5\x56\xd2\xe4\x8e\x88\xdb\x31\x70\x50\x50\x52\xed\x76\xa4\x75\xaa\x82\xd6\x36\xd9\x7e\x10\xe7\xe3\xdd\x77\x12\x5f\x5d\xf8\xa7\x95\x7d\x3c\x3f\x94\xf1\xc7\x6c\xbc\x01\x36\x19\x26\x39\xd1\x76\x40", 193); *(uint8_t*)0x20007012 = 9; *(uint8_t*)0x20007013 = 5; *(uint8_t*)0x20007014 = 2; *(uint8_t*)0x20007015 = 2; *(uint16_t*)0x20007016 = 0x200; *(uint8_t*)0x20007018 = 0x48; *(uint8_t*)0x20007019 = 2; *(uint8_t*)0x2000701a = 4; *(uint8_t*)0x2000701b = 9; *(uint8_t*)0x2000701c = 5; *(uint8_t*)0x2000701d = 1; *(uint8_t*)0x2000701e = 0x10; *(uint16_t*)0x2000701f = 0x20; *(uint8_t*)0x20007021 = 0x6c; *(uint8_t*)0x20007022 = 1; *(uint8_t*)0x20007023 = 3; *(uint8_t*)0x20007024 = 0xce; *(uint8_t*)0x20007025 = 0x21; memcpy((void*)0x20007026, "\x06\xc1\x68\xe4\xec\x51\x8f\xa8\x4d\xd5\x1e\xa1\x69\x50\xaf\x04\x28\x9b\x85\x63\x92\x49\xe5\xb2\x76\x19\xa0\x30\x17\x47\x9c\xb3\x14\xd2\xff\xe9\xee\x81\xbe\x9e\xb0\x17\xcf\x98\x23\x4e\x8f\x72\x36\x18\xdf\xe3\x9f\x1f\x4c\xee\x3c\xa8\x42\xdd\x87\x02\x08\xe0\x1c\xcd\x1c\x6a\xe4\xd9\xa7\x1b\x28\x14\xb6\xaa\x79\x5f\xef\xda\x45\x07\x27\xb3\xbe\xb2\x66\xf7\xf3\x56\x20\xf0\x9a\x35\x08\xc2\x9f\xd6\x0d\x98\x47\x34\x2c\x29\x5b\x2b\xa8\x67\xe4\x9b\x8f\x0b\x74\x6d\x5b\x75\x2b\xe6\x9f\x4d\xa8\x8f\x93\x8d\xcb\xfe\x16\x90\x33\x3c\x46\x7c\xb8\x90\x05\x97\xad\x4a\xa4\x34\x40\x45\x39\x24\x3f\x3a\x64\xdb\xce\xd5\x55\x45\x62\x04\x2f\xb9\x8f\xd0\xa5\x55\x3a\xb0\xbd\xf0\xac\xcf\x16\x52\x5c\x4f\x84\x63\x4a\xee\x87\x63\xdb\x10\xe7\x0e\x77\xa8\x9a\x71\x42\x21\xad\x80\x5f\x53\x8a\x0d\x1a\x82\x4d\xcb\x6a\xaa\xc6\x1d\x3e\xa4\xbf\xe9", 204); *(uint8_t*)0x200070f2 = 7; *(uint8_t*)0x200070f3 = 0x25; *(uint8_t*)0x200070f4 = 1; *(uint8_t*)0x200070f5 = 3; *(uint8_t*)0x200070f6 = 0x80; *(uint16_t*)0x200070f7 = 5; *(uint8_t*)0x200070f9 = 9; *(uint8_t*)0x200070fa = 4; *(uint8_t*)0x200070fb = 0x6b; *(uint8_t*)0x200070fc = 3; *(uint8_t*)0x200070fd = 5; *(uint8_t*)0x200070fe = 0x3d; *(uint8_t*)0x200070ff = 0x21; *(uint8_t*)0x20007100 = 0xee; *(uint8_t*)0x20007101 = 0xc0; *(uint8_t*)0x20007102 = 9; *(uint8_t*)0x20007103 = 0x21; *(uint16_t*)0x20007104 = 0x848d; *(uint8_t*)0x20007106 = 0x1f; *(uint8_t*)0x20007107 = 1; *(uint8_t*)0x20007108 = 0x22; *(uint16_t*)0x20007109 = 0x3f6; *(uint8_t*)0x2000710b = 9; *(uint8_t*)0x2000710c = 5; *(uint8_t*)0x2000710d = 0xd; *(uint8_t*)0x2000710e = 0x10; *(uint16_t*)0x2000710f = 0x40; *(uint8_t*)0x20007111 = 0x7c; *(uint8_t*)0x20007112 = 6; *(uint8_t*)0x20007113 = 4; *(uint8_t*)0x20007114 = 7; *(uint8_t*)0x20007115 = 0x25; *(uint8_t*)0x20007116 = 1; *(uint8_t*)0x20007117 = 0x82; *(uint8_t*)0x20007118 = 0x69; *(uint16_t*)0x20007119 = 0x5fa4; *(uint8_t*)0x2000711b = 9; *(uint8_t*)0x2000711c = 5; *(uint8_t*)0x2000711d = 3; *(uint8_t*)0x2000711e = 0x1c; *(uint16_t*)0x2000711f = 0x3ff; *(uint8_t*)0x20007121 = 8; *(uint8_t*)0x20007122 = 0x81; *(uint8_t*)0x20007123 = 1; *(uint8_t*)0x20007124 = 7; *(uint8_t*)0x20007125 = 0x25; *(uint8_t*)0x20007126 = 1; *(uint8_t*)0x20007127 = 0x37; *(uint8_t*)0x20007128 = 3; *(uint16_t*)0x20007129 = 0xfff; *(uint8_t*)0x2000712b = 0xba; *(uint8_t*)0x2000712c = 9; memcpy((void*)0x2000712d, "\xb8\xe7\xe6\x10\xb0\x74\x32\x5b\x28\xa3\x8b\x1b\x5f\x75\x6c\xdd\xec\xec\x90\x26\xba\xed\xfb\x15\x8c\x2c\xe4\xd0\xe3\x48\xd2\x44\x73\xf7\xa1\xee\x74\xbd\xa8\xa6\xd5\x84\x5a\xcf\x5d\xe0\x95\x71\x3b\xb0\x20\xe1\x29\x2c\xc0\x80\xd9\xc8\x97\x44\xf8\xce\xd9\x69\x16\xbb\x20\x55\xa1\xa1\x76\x9f\x6a\x7b\x4d\x13\xb9\xf7\x40\x50\xa8\x22\x0d\xdf\x0d\x09\xa9\x4c\x3b\xfb\xaa\xb0\x6f\xdd\x2b\x5e\x0b\x19\x31\xb7\x7f\x42\x6c\x18\xe3\xc8\x8d\xa2\x5c\x52\xc0\x19\xdb\xfb\xdb\xb8\xbf\x0e\x5e\xe6\x28\xb5\xa4\x6d\x95\xb5\x39\x42\xfe\xb5\xbf\x7b\xfd\x58\x1f\x93\xa9\x45\xc8\x5d\xa3\x3b\x76\x3d\x2f\x0c\x33\x45\x89\x8c\x95\xe2\xa1\x22\x8e\x5e\x08\x40\x70\xa1\xe9\x6b\xce\xf7\x23\x7f\x0a\x03\x36\xc6\x30\x91\xbe\x6b\x87\xd3\xff\x68\xde\x36\xf6\xc9\xb0\xb2", 184); *(uint8_t*)0x200071e5 = 9; *(uint8_t*)0x200071e6 = 5; *(uint8_t*)0x200071e7 = 0; *(uint8_t*)0x200071e8 = 0x10; *(uint16_t*)0x200071e9 = 0; *(uint8_t*)0x200071eb = 0x40; *(uint8_t*)0x200071ec = 7; *(uint8_t*)0x200071ed = 0x22; *(uint8_t*)0x200071ee = 0xfc; *(uint8_t*)0x200071ef = 0x11; memcpy((void*)0x200071f0, "\xfb\xb0\xdd\xc3\x40\xe0\xee\x54\x66\x41\x5b\xab\xc5\x9d\x3b\xbf\x8a\x56\x91\x09\x35\x1e\x08\x9d\xf0\x59\x09\x4e\x3c\x5a\xef\x87\xf9\xe1\x31\x20\xdc\x04\x3a\x4d\xad\x91\x93\xdb\xea\x34\xae\xff\xbe\x3c\x0d\x94\x5d\x8a\x18\xd6\xc0\x55\xb7\x9c\xe5\x1a\xdb\x09\x82\x0e\xb6\x96\x5d\x78\x22\xf5\x53\xc5\x90\xfb\x93\x5c\xc1\x58\x0e\x2b\x0e\xf0\x39\x29\x0f\x87\xad\x62\xe2\x18\x1d\xd2\xbb\x24\xa7\x78\xed\x74\x23\x3d\x39\xc6\xb0\x15\x66\x72\x3d\x38\x6a\xcd\x2f\xf2\x42\x72\x0d\xa9\x5b\xf5\x44\x94\xdb\x06\x51\x6e\x40\xd1\x92\x76\xbe\x27\xf9\xe0\x78\xc7\x62\x1a\xbe\xc7\x9a\xf9\x0b\x12\xfd\x0d\xbf\x62\x8f\xa9\xf9\xa0\x94\x93\x8f\x29\x7a\x8f\x8c\x63\xff\xe5\x7d\x00\x40\x79\x2e\x86\xe8\xd2\x42\x5b\x2a\x50\xd3\x7c\xc1\xab\x39\x75\x22\x7e\xc4\xcd\x85\xc0\x2d\x73\x4b\x8e\xce\x89\x1b\x27\x49\x62\xc1\x13\x34\x9b\x2b\x06\xf2\xea\x19\x7a\xf2\x34\x72\xe2\xd1\xce\x4d\x93\x0c\xf8\x49\xf7\x7e\x61\x9c\x77\xb2\xe9\xb1\xdb\x97\x7c\x04\x0b\x42\x89\x33\xd8\x06\x6b\x59\x31\x28\x3d\x29\x49\xea\x81\x25\xc4\x65\x37\xa3\xe2", 250); *(uint8_t*)0x200072ea = 7; *(uint8_t*)0x200072eb = 0x25; *(uint8_t*)0x200072ec = 1; *(uint8_t*)0x200072ed = 0x5d; *(uint8_t*)0x200072ee = 7; *(uint16_t*)0x200072ef = 7; *(uint8_t*)0x200072f1 = 9; *(uint8_t*)0x200072f2 = 5; *(uint8_t*)0x200072f3 = 5; *(uint8_t*)0x200072f4 = 0; *(uint16_t*)0x200072f5 = 0x400; *(uint8_t*)0x200072f7 = 5; *(uint8_t*)0x200072f8 = 5; *(uint8_t*)0x200072f9 = 0x1f; *(uint8_t*)0x200072fa = 0xb3; *(uint8_t*)0x200072fb = 0xb; memcpy((void*)0x200072fc, "\x0a\x90\x26\x86\x4d\x79\xf2\x1b\x7a\x15\x0b\x9c\xaf\xf6\xd2\x23\x28\x7b\x8c\xa6\x7d\x8d\x62\xad\x24\x44\xad\x8a\xb2\x40\x35\xf8\x7b\xea\x38\x7a\x1c\x63\x16\xcd\xa6\x1d\x7f\x3d\x15\x2b\x50\x7d\xfe\xa1\x3e\xb6\x95\x48\x67\xd2\x49\xc9\x09\xaa\x46\xa7\x31\x77\x1b\xbc\x9d\xe9\x59\xdd\x60\xac\x85\x76\x69\xab\x68\x0a\xaf\x8c\x6f\x94\xb6\x47\x95\xdc\x7e\xc6\x0d\xa5\x53\x2b\xf5\x8f\x6b\xa5\xb8\xc7\x37\x2f\xf5\xf9\x5b\x31\x08\xe2\x9b\x13\xe6\x70\x9f\x81\x50\x16\xd3\x53\xc6\xde\xdb\xf5\x45\xdf\x03\xd5\x87\x4b\xe7\x15\x51\x3c\x36\xff\xfe\xea\x5b\xc1\xdf\x7b\xef\x3b\xf1\x99\x10\xb0\x15\x92\xc2\x35\xf3\xe8\x17\x74\x90\x84\xa3\x8b\xde\x9e\x19\x6e\x27\x37\xcd\xdd\xc6\xdb\xe1\x43\x13\x67\x9a\x0b\xe3\x21\x14\xa9\x35", 177); *(uint8_t*)0x200073ad = 0xcb; *(uint8_t*)0x200073ae = 9; memcpy((void*)0x200073af, "\x0e\x30\xd9\x67\xc4\xc4\x78\x8b\x63\x96\x45\x65\x05\x54\x46\x04\x9b\xb0\x57\xff\xe7\xfa\x48\x41\x37\xed\x94\x0e\xd6\x96\xd3\xdf\x82\x2d\x7f\xda\x84\xe0\x35\xfc\x02\xf2\x79\xaa\x40\x7f\xe5\x17\x92\x45\x64\x73\x44\x0d\xfa\xf2\xf6\xcf\x45\x2e\x0d\x53\x9d\x88\x95\x3e\xfd\xfb\xdb\xea\x71\xa7\xde\xf8\xbd\xc1\x06\xb8\x1f\x32\x5b\x00\xbd\x33\x2a\x3d\xc6\x9c\xba\x43\x29\xc3\x05\xbd\x46\x89\x2b\x30\xd4\x47\xec\xe1\x71\xba\x0b\x4a\x73\xc2\xa0\x8e\x64\x30\xa8\xed\xb6\xcf\xb5\xfb\x7a\xb5\xbc\xe3\x4b\xa2\x38\x5f\xc7\xab\x6a\x5d\x60\x2c\x69\x91\x92\xd9\xa9\x67\xdc\xf2\x55\xd2\xbd\x64\x53\xff\x27\xb3\xe4\x97\x8a\x81\x69\xf8\xf8\xd9\xe1\xd7\x42\xde\xa5\x53\x6e\xe6\xb5\xb8\x41\x1f\x4a\x7e\xea\xf5\x95\x9b\xba\xd4\xa2\x03\xde\x44\xcc\x50\xc1\x5d\x54\xac\x51\x0a\xfe\x7c\x69\xe7\x9f\x40\x14\x36\xdb\xc3\x65\x11\x4c", 201); *(uint8_t*)0x20007478 = 9; *(uint8_t*)0x20007479 = 5; *(uint8_t*)0x2000747a = 0xb; *(uint8_t*)0x2000747b = 0x16; *(uint16_t*)0x2000747c = 8; *(uint8_t*)0x2000747e = 5; *(uint8_t*)0x2000747f = 0; *(uint8_t*)0x20007480 = 3; *(uint8_t*)0x20007481 = 0x5f; *(uint8_t*)0x20007482 = 0xc; memcpy((void*)0x20007483, "\x7a\x83\xaa\x84\x2e\x67\xfc\x4a\x39\x31\x27\x22\xb0\x63\xb2\x9e\xd9\xd2\x08\x58\x58\x08\xb5\xdd\x26\xd2\xc9\x04\x3a\xc3\x04\xdc\x29\x86\x86\xd0\xcd\x8a\x9d\x62\x3e\x67\x8b\x98\x41\x0d\x54\xa5\xab\x43\xa7\x09\xa1\x62\x6f\x4d\x80\x47\x33\x5b\xa6\x2f\x79\x54\x59\x99\x0e\x70\x14\xec\xdc\x10\x49\x38\x63\x80\x36\x6f\x56\xe3\xd1\x0a\xf4\x24\xe1\xef\x08\x7b\x70\x70\xab\xb8\x93", 93); *(uint8_t*)0x200074e0 = 7; *(uint8_t*)0x200074e1 = 0x25; *(uint8_t*)0x200074e2 = 1; *(uint8_t*)0x200074e3 = 3; *(uint8_t*)0x200074e4 = 7; *(uint16_t*)0x200074e5 = 0x401; *(uint8_t*)0x200074e7 = 9; *(uint8_t*)0x200074e8 = 4; *(uint8_t*)0x200074e9 = 0x9d; *(uint8_t*)0x200074ea = 0xba; *(uint8_t*)0x200074eb = 1; *(uint8_t*)0x200074ec = -1; *(uint8_t*)0x200074ed = 2; *(uint8_t*)0x200074ee = 0x73; *(uint8_t*)0x200074ef = 0x7f; *(uint8_t*)0x200074f0 = 5; *(uint8_t*)0x200074f1 = 0x24; *(uint8_t*)0x200074f2 = 6; *(uint8_t*)0x200074f3 = 0; *(uint8_t*)0x200074f4 = 1; *(uint8_t*)0x200074f5 = 5; *(uint8_t*)0x200074f6 = 0x24; *(uint8_t*)0x200074f7 = 0; *(uint16_t*)0x200074f8 = 0xff80; *(uint8_t*)0x200074fa = 0xd; *(uint8_t*)0x200074fb = 0x24; *(uint8_t*)0x200074fc = 0xf; *(uint8_t*)0x200074fd = 1; *(uint32_t*)0x200074fe = 4; *(uint16_t*)0x20007502 = 0x3f; *(uint16_t*)0x20007504 = 0xa0; *(uint8_t*)0x20007506 = 0x81; *(uint8_t*)0x20007507 = 6; *(uint8_t*)0x20007508 = 0x24; *(uint8_t*)0x20007509 = 0x1a; *(uint16_t*)0x2000750a = 0x5118; *(uint8_t*)0x2000750c = 0x30; *(uint8_t*)0x2000750d = 0x15; *(uint8_t*)0x2000750e = 0x24; *(uint8_t*)0x2000750f = 0x12; *(uint16_t*)0x20007510 = 0x200; *(uint64_t*)0x20007512 = 0x14f5e048ba817a3; *(uint64_t*)0x2000751a = 0x2a397ecbffc007a6; *(uint8_t*)0x20007522 = 0xc; *(uint8_t*)0x20007523 = 0x24; *(uint8_t*)0x20007524 = 0x1b; *(uint16_t*)0x20007525 = 0x605; *(uint16_t*)0x20007527 = 0x3ff; *(uint8_t*)0x20007529 = 0x81; *(uint8_t*)0x2000752a = 4; *(uint16_t*)0x2000752b = 0xfffb; *(uint8_t*)0x2000752d = 2; *(uint8_t*)0x2000752e = 0x15; *(uint8_t*)0x2000752f = 0x24; *(uint8_t*)0x20007530 = 0x12; *(uint16_t*)0x20007531 = 0xb9; *(uint64_t*)0x20007533 = 0x14f5e048ba817a3; *(uint64_t*)0x2000753b = 0x2a397ecbffc007a6; *(uint8_t*)0x20007543 = 0xc; *(uint8_t*)0x20007544 = 0x24; *(uint8_t*)0x20007545 = 0x1b; *(uint16_t*)0x20007546 = 0x6e5; *(uint16_t*)0x20007548 = 0x200; *(uint8_t*)0x2000754a = 4; *(uint8_t*)0x2000754b = 0x6e; *(uint16_t*)0x2000754c = 0xce; *(uint8_t*)0x2000754e = 6; *(uint8_t*)0x2000754f = 0xc; *(uint8_t*)0x20007550 = 0x24; *(uint8_t*)0x20007551 = 0x1b; *(uint16_t*)0x20007552 = 0; *(uint16_t*)0x20007554 = 1; *(uint8_t*)0x20007556 = 2; *(uint8_t*)0x20007557 = 0x80; *(uint16_t*)0x20007558 = 6; *(uint8_t*)0x2000755a = 6; *(uint8_t*)0x2000755b = 9; *(uint8_t*)0x2000755c = 5; *(uint8_t*)0x2000755d = 3; *(uint8_t*)0x2000755e = 8; *(uint16_t*)0x2000755f = 0x10; *(uint8_t*)0x20007561 = 8; *(uint8_t*)0x20007562 = 1; *(uint8_t*)0x20007563 = 0x1f; *(uint8_t*)0x20007564 = 0xad; *(uint8_t*)0x20007565 = 2; memcpy((void*)0x20007566, "\xb0\x44\x85\x4e\xe1\x75\xc5\xf2\xbc\x2f\x67\x07\x5f\xf4\xfa\x04\x9f\x4d\xba\x9c\x23\x4b\xe8\xd4\x0e\x89\x5e\x8a\x2a\x79\x19\xb4\x8c\xc6\xc3\x04\x19\x01\x15\xe9\x93\x3e\xb1\xc9\x82\x42\x8c\x3a\x0d\x53\x36\x9e\xf7\x70\x92\xd6\x08\x1a\xa2\xbd\xf5\x46\x3d\xeb\x38\x45\x7f\x1d\x67\x44\xbb\x73\x4f\x03\xeb\xdf\x50\x76\x6b\x49\x53\x5c\x5e\xd1\xb3\x4b\x2e\x12\x85\x7c\x87\xbd\x89\xef\x45\x2a\x92\xeb\x07\x20\xb3\x9c\x06\xbc\x73\x67\xeb\x39\xfc\x6a\x1a\xf3\x7a\x88\x8f\xe0\x71\x01\x14\xe8\x78\x8d\xe4\xc8\x08\xbf\xd1\x19\x32\x6c\x6d\x2c\xf4\x94\x4b\x3a\x56\x89\xd0\x35\x93\x43\x6a\xa1\x07\x7e\xff\x8d\x2c\x94\xbd\x5d\xae\xbc\x9d\x86\xe5\xbb\xef\x65\x64\x04\x38\xb8\xc4\xfa\x73\xd8\x5c\xc7\xb2", 171); *(uint32_t*)0x20007840 = 0xa; *(uint32_t*)0x20007844 = 0x20007640; *(uint8_t*)0x20007640 = 0xa; *(uint8_t*)0x20007641 = 6; *(uint16_t*)0x20007642 = 0x110; *(uint8_t*)0x20007644 = 0x80; *(uint8_t*)0x20007645 = 9; *(uint8_t*)0x20007646 = 1; *(uint8_t*)0x20007647 = 0x10; *(uint8_t*)0x20007648 = 4; *(uint8_t*)0x20007649 = 0; *(uint32_t*)0x20007848 = 0x64; *(uint32_t*)0x2000784c = 0x20007680; *(uint8_t*)0x20007680 = 5; *(uint8_t*)0x20007681 = 0xf; *(uint16_t*)0x20007682 = 0x64; *(uint8_t*)0x20007684 = 6; *(uint8_t*)0x20007685 = 0x14; *(uint8_t*)0x20007686 = 0x10; *(uint8_t*)0x20007687 = 0xa; *(uint8_t*)0x20007688 = 0; STORE_BY_BITMASK(uint32_t, , 0x20007689, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20007689, 0, 5, 27); *(uint16_t*)0x2000768d = 0xf00; *(uint16_t*)0x2000768f = 4; *(uint32_t*)0x20007691 = 0xff0000; *(uint32_t*)0x20007695 = 0xc0; *(uint8_t*)0x20007699 = 0xa; *(uint8_t*)0x2000769a = 0x10; *(uint8_t*)0x2000769b = 3; *(uint8_t*)0x2000769c = 0; *(uint16_t*)0x2000769d = 1; *(uint8_t*)0x2000769f = 0; *(uint8_t*)0x200076a0 = 0x1f; *(uint16_t*)0x200076a1 = 9; *(uint8_t*)0x200076a3 = 0x20; *(uint8_t*)0x200076a4 = 0x10; *(uint8_t*)0x200076a5 = 0xa; *(uint8_t*)0x200076a6 = 0x81; STORE_BY_BITMASK(uint32_t, , 0x200076a7, 5, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x200076a7, 7, 5, 27); *(uint16_t*)0x200076ab = 0; *(uint16_t*)0x200076ad = 0x80; *(uint32_t*)0x200076af = 0; *(uint32_t*)0x200076b3 = 0x3f00; *(uint32_t*)0x200076b7 = 0; *(uint32_t*)0x200076bb = 0xc000; *(uint32_t*)0x200076bf = 0xffc0; *(uint8_t*)0x200076c3 = 3; *(uint8_t*)0x200076c4 = 0x10; *(uint8_t*)0x200076c5 = 0xb; *(uint8_t*)0x200076c6 = 0xa; *(uint8_t*)0x200076c7 = 0x10; *(uint8_t*)0x200076c8 = 3; *(uint8_t*)0x200076c9 = 2; *(uint16_t*)0x200076ca = 0xa; *(uint8_t*)0x200076cc = 0x80; *(uint8_t*)0x200076cd = 1; *(uint16_t*)0x200076ce = 0xf07a; *(uint8_t*)0x200076d0 = 0x14; *(uint8_t*)0x200076d1 = 0x10; *(uint8_t*)0x200076d2 = 4; *(uint8_t*)0x200076d3 = 1; memcpy((void*)0x200076d4, "\x16\xfa\x0c\xbc\xaf\x6e\x45\xfe\xf8\x91\x0f\xb5\x97\xfe\xa0\xeb", 16); *(uint32_t*)0x20007850 = 3; *(uint32_t*)0x20007854 = 0x9e; *(uint32_t*)0x20007858 = 0x20007700; *(uint8_t*)0x20007700 = 0x9e; *(uint8_t*)0x20007701 = 3; memcpy((void*)0x20007702, "\x34\x30\x1c\x3d\x32\xd7\xde\xf4\x67\x07\xec\x19\xf9\xc0\x6b\xbe\xea\x89\x88\x49\xd5\x69\x18\xf2\xd0\xf1\x0b\x7b\x72\x8f\x8d\x23\x2d\xe4\xe1\x22\x3c\xe4\x2f\x7d\x08\x67\x83\xba\x31\x0b\xaa\x68\xa2\x2d\x8a\xcf\xba\x4d\x52\x37\x5a\x16\xda\xca\xc7\x76\x1a\x3c\x95\x20\x92\x9d\x62\x39\xc1\x59\xe1\xda\x18\xcf\xc7\x80\xe3\xba\xe0\xa1\xe4\x74\x40\xbb\x15\xf6\xb6\x2f\x2b\x0e\xd3\x1f\x5c\xf2\x20\x7d\x40\x6b\xf7\x1d\xd3\x0a\x08\x9d\xbd\x71\x99\xbb\xb2\x1b\xfe\xbc\x4e\x35\x5e\xb5\x68\x02\xd9\x54\x25\x1c\xa9\x27\xdd\x11\x05\x1e\x83\xad\x0b\xf0\x91\x42\xb2\x53\x2b\xe8\xb2\x94\x46\x4a\x27\xa0\x75\xc4\xcc\xca\xe1\x91\xca\x85\x10\x49", 156); *(uint32_t*)0x2000785c = 0x15; *(uint32_t*)0x20007860 = 0x200077c0; *(uint8_t*)0x200077c0 = 0x15; *(uint8_t*)0x200077c1 = 3; memcpy((void*)0x200077c2, "\xee\xb2\x63\xc0\x0c\xe5\x8f\x49\x0a\x96\x56\x1b\x62\x60\x8f\xa1\x65\x52\x05", 19); *(uint32_t*)0x20007864 = 4; *(uint32_t*)0x20007868 = 0x20007800; *(uint8_t*)0x20007800 = 4; *(uint8_t*)0x20007801 = 3; *(uint16_t*)0x20007802 = 0x3416; res = -1; res = syz_usb_connect(4, 0xe11, 0x20006800, 0x20007840); if (res != -1) r[21] = res; break; case 44: *(uint8_t*)0x20007880 = 0x12; *(uint8_t*)0x20007881 = 1; *(uint16_t*)0x20007882 = 0x200; *(uint8_t*)0x20007884 = -1; *(uint8_t*)0x20007885 = -1; *(uint8_t*)0x20007886 = -1; *(uint8_t*)0x20007887 = 0x40; *(uint16_t*)0x20007888 = 0xcf3; *(uint16_t*)0x2000788a = 0x9271; *(uint16_t*)0x2000788c = 0x108; *(uint8_t*)0x2000788e = 1; *(uint8_t*)0x2000788f = 2; *(uint8_t*)0x20007890 = 3; *(uint8_t*)0x20007891 = 1; *(uint8_t*)0x20007892 = 9; *(uint8_t*)0x20007893 = 2; *(uint16_t*)0x20007894 = 0x48; *(uint8_t*)0x20007896 = 1; *(uint8_t*)0x20007897 = 1; *(uint8_t*)0x20007898 = 0; *(uint8_t*)0x20007899 = 0x80; *(uint8_t*)0x2000789a = 0xfa; *(uint8_t*)0x2000789b = 9; *(uint8_t*)0x2000789c = 4; *(uint8_t*)0x2000789d = 0; *(uint8_t*)0x2000789e = 0; *(uint8_t*)0x2000789f = 6; *(uint8_t*)0x200078a0 = -1; *(uint8_t*)0x200078a1 = 0; *(uint8_t*)0x200078a2 = 0; *(uint8_t*)0x200078a3 = 0; *(uint8_t*)0x200078a4 = 9; *(uint8_t*)0x200078a5 = 5; *(uint8_t*)0x200078a6 = 1; *(uint8_t*)0x200078a7 = 2; *(uint16_t*)0x200078a8 = 0x200; *(uint8_t*)0x200078aa = 0; *(uint8_t*)0x200078ab = 0; *(uint8_t*)0x200078ac = 0; *(uint8_t*)0x200078ad = 9; *(uint8_t*)0x200078ae = 5; *(uint8_t*)0x200078af = 0x82; *(uint8_t*)0x200078b0 = 2; *(uint16_t*)0x200078b1 = 0x200; *(uint8_t*)0x200078b3 = 0; *(uint8_t*)0x200078b4 = 0; *(uint8_t*)0x200078b5 = 0; *(uint8_t*)0x200078b6 = 9; *(uint8_t*)0x200078b7 = 5; *(uint8_t*)0x200078b8 = 0x83; *(uint8_t*)0x200078b9 = 3; *(uint16_t*)0x200078ba = 0x40; *(uint8_t*)0x200078bc = 1; *(uint8_t*)0x200078bd = 0; *(uint8_t*)0x200078be = 0; *(uint8_t*)0x200078bf = 9; *(uint8_t*)0x200078c0 = 5; *(uint8_t*)0x200078c1 = 4; *(uint8_t*)0x200078c2 = 3; *(uint16_t*)0x200078c3 = 0x40; *(uint8_t*)0x200078c5 = 1; *(uint8_t*)0x200078c6 = 0; *(uint8_t*)0x200078c7 = 0; *(uint8_t*)0x200078c8 = 9; *(uint8_t*)0x200078c9 = 5; *(uint8_t*)0x200078ca = 5; *(uint8_t*)0x200078cb = 2; *(uint16_t*)0x200078cc = 0x200; *(uint8_t*)0x200078ce = 0; *(uint8_t*)0x200078cf = 0; *(uint8_t*)0x200078d0 = 0; *(uint8_t*)0x200078d1 = 9; *(uint8_t*)0x200078d2 = 5; *(uint8_t*)0x200078d3 = 6; *(uint8_t*)0x200078d4 = 2; *(uint16_t*)0x200078d5 = 0x200; *(uint8_t*)0x200078d7 = 0; *(uint8_t*)0x200078d8 = 0; *(uint8_t*)0x200078d9 = 0; res = -1; res = syz_usb_connect_ath9k(3, 0x5a, 0x20007880, 0); if (res != -1) r[22] = res; break; case 45: *(uint32_t*)0x20007b00 = 0x18; *(uint32_t*)0x20007b04 = 0x20007900; *(uint8_t*)0x20007900 = 0x20; *(uint8_t*)0x20007901 = 0x21; *(uint32_t*)0x20007902 = 0x9a; *(uint8_t*)0x20007906 = 0x9a; *(uint8_t*)0x20007907 = 5; memcpy((void*)0x20007908, "\x0a\x16\x8b\x3c\x55\x88\x8f\x31\xc9\x26\xba\x29\x32\xa9\xd1\x37\xd8\xb1\x9a\xc2\x17\xf0\xd2\x22\xe0\x93\x82\x4f\x4b\x30\xec\x9e\x71\xc2\x63\x4e\xe0\xfb\x8f\xc2\x24\xad\xde\xfd\xba\x18\xc2\x2f\x1b\x78\xc6\xb4\x65\x11\x4b\xd2\x24\xc2\xaf\x0a\x37\x95\x37\xea\xe8\x7e\x76\xeb\xd9\x1d\x16\x06\x3f\x2e\xcc\xaf\xd3\x00\x90\x93\x6a\xfa\x29\xeb\xaa\xcd\x35\x08\x2c\xa5\xb7\xa2\xb7\x21\x5d\x54\xc7\x25\x55\x36\xc7\x7b\xd8\xdf\xb3\x4b\xf4\x0e\xc7\x57\x50\x83\x54\x8d\x95\xc5\x67\x77\x3c\xba\xc1\x87\xae\xaa\xf9\x8a\xfe\x5f\x50\x6e\x96\x09\x48\xb7\x5e\x62\xe2\x6a\x16\x57\x25\x84\x1b\x5b\x0c\x64\x36\x4a\x8f\x09\x09\x80", 152); *(uint32_t*)0x20007b08 = 0x200079c0; *(uint8_t*)0x200079c0 = 0; *(uint8_t*)0x200079c1 = 3; *(uint32_t*)0x200079c2 = 0x6e; *(uint8_t*)0x200079c6 = 0x6e; *(uint8_t*)0x200079c7 = 3; memcpy((void*)0x200079c8, "\xb5\xd2\x6a\xf6\x3c\x75\x39\x26\x99\xac\x83\xeb\x6a\xfa\x75\xb9\x21\xd7\x7e\x3f\xcf\x43\xef\x5e\x91\x9d\xf9\xbd\xca\x82\x84\x0c\xaf\x4c\xdf\x52\xbb\x7a\x8a\x23\x93\xa8\xb1\xa2\xa1\xb1\x7f\xc9\xfa\x42\x01\x35\x69\xea\xee\xac\xe8\xc9\x77\xcc\xd3\x08\xe3\x02\x6e\xc1\x28\x87\xb9\xb8\x82\xe4\x06\x8a\xdf\xe6\x9e\x7d\x2e\x10\x48\xa4\x52\x7a\xc6\xea\xb1\x62\xbc\x67\x00\x76\x48\xca\x3d\x0f\x3d\x8c\xeb\x3a\xe6\xff\x58\x09\x38\x04\x65\x4f", 108); *(uint32_t*)0x20007b0c = 0x20007a40; *(uint8_t*)0x20007a40 = 0; *(uint8_t*)0x20007a41 = 0xf; *(uint32_t*)0x20007a42 = 5; *(uint8_t*)0x20007a46 = 5; *(uint8_t*)0x20007a47 = 0xf; *(uint16_t*)0x20007a48 = 5; *(uint8_t*)0x20007a4a = 0; *(uint32_t*)0x20007b10 = 0x20007a80; *(uint8_t*)0x20007a80 = 0x20; *(uint8_t*)0x20007a81 = 0x29; *(uint32_t*)0x20007a82 = 0xf; *(uint8_t*)0x20007a86 = 0xf; *(uint8_t*)0x20007a87 = 0x29; *(uint8_t*)0x20007a88 = 0x80; *(uint16_t*)0x20007a89 = 4; *(uint8_t*)0x20007a8b = 8; *(uint8_t*)0x20007a8c = 2; memcpy((void*)0x20007a8d, "\x01\x8a\x11\xac", 4); memcpy((void*)0x20007a91, "\x98\x3b\x66\xd4", 4); *(uint32_t*)0x20007b14 = 0x20007ac0; *(uint8_t*)0x20007ac0 = 0x20; *(uint8_t*)0x20007ac1 = 0x2a; *(uint32_t*)0x20007ac2 = 0xc; *(uint8_t*)0x20007ac6 = 0xc; *(uint8_t*)0x20007ac7 = 0x2a; *(uint8_t*)0x20007ac8 = 3; *(uint16_t*)0x20007ac9 = 0x10; *(uint8_t*)0x20007acb = 0x20; *(uint8_t*)0x20007acc = 0x1f; *(uint8_t*)0x20007acd = 0x81; *(uint16_t*)0x20007ace = 8; *(uint16_t*)0x20007ad0 = 0; *(uint32_t*)0x20007f40 = 0x44; *(uint32_t*)0x20007f44 = 0x20007b40; *(uint8_t*)0x20007b40 = 0x20; *(uint8_t*)0x20007b41 = 9; *(uint32_t*)0x20007b42 = 0x10; memcpy((void*)0x20007b46, "\xce\xc6\x41\xd8\x1e\x53\xb2\xba\x4e\x01\xec\x10\x75\x8c\x40\xaa", 16); *(uint32_t*)0x20007f48 = 0x20007b80; *(uint8_t*)0x20007b80 = 0; *(uint8_t*)0x20007b81 = 0xa; *(uint32_t*)0x20007b82 = 1; *(uint8_t*)0x20007b86 = 8; *(uint32_t*)0x20007f4c = 0x20007bc0; *(uint8_t*)0x20007bc0 = 0; *(uint8_t*)0x20007bc1 = 8; *(uint32_t*)0x20007bc2 = 1; *(uint8_t*)0x20007bc6 = 0x1f; *(uint32_t*)0x20007f50 = 0x20007c00; *(uint8_t*)0x20007c00 = 0x20; *(uint8_t*)0x20007c01 = 0; *(uint32_t*)0x20007c02 = 4; *(uint16_t*)0x20007c06 = 1; *(uint16_t*)0x20007c08 = 2; *(uint32_t*)0x20007f54 = 0x20007c40; *(uint8_t*)0x20007c40 = 0x20; *(uint8_t*)0x20007c41 = 0; *(uint32_t*)0x20007c42 = 4; *(uint16_t*)0x20007c46 = 0x200; *(uint16_t*)0x20007c48 = 0x40; *(uint32_t*)0x20007f58 = 0x20007c80; *(uint8_t*)0x20007c80 = 0x40; *(uint8_t*)0x20007c81 = 7; *(uint32_t*)0x20007c82 = 2; *(uint16_t*)0x20007c86 = 9; *(uint32_t*)0x20007f5c = 0x20007cc0; *(uint8_t*)0x20007cc0 = 0x40; *(uint8_t*)0x20007cc1 = 9; *(uint32_t*)0x20007cc2 = 1; *(uint8_t*)0x20007cc6 = 0x12; *(uint32_t*)0x20007f60 = 0x20007d00; *(uint8_t*)0x20007d00 = 0x40; *(uint8_t*)0x20007d01 = 0xb; *(uint32_t*)0x20007d02 = 2; memcpy((void*)0x20007d06, "\xd8\x47", 2); *(uint32_t*)0x20007f64 = 0x20007d40; *(uint8_t*)0x20007d40 = 0x40; *(uint8_t*)0x20007d41 = 0xf; *(uint32_t*)0x20007d42 = 2; *(uint16_t*)0x20007d46 = 0x676; *(uint32_t*)0x20007f68 = 0x20007d80; *(uint8_t*)0x20007d80 = 0x40; *(uint8_t*)0x20007d81 = 0x13; *(uint32_t*)0x20007d82 = 6; *(uint8_t*)0x20007d86 = 0xaa; *(uint8_t*)0x20007d87 = 0xaa; *(uint8_t*)0x20007d88 = 0xaa; *(uint8_t*)0x20007d89 = 0xaa; *(uint8_t*)0x20007d8a = 0xaa; *(uint8_t*)0x20007d8b = 0xbb; *(uint32_t*)0x20007f6c = 0x20007dc0; *(uint8_t*)0x20007dc0 = 0x40; *(uint8_t*)0x20007dc1 = 0x17; *(uint32_t*)0x20007dc2 = 6; *(uint8_t*)0x20007dc6 = 1; *(uint8_t*)0x20007dc7 = 0x80; *(uint8_t*)0x20007dc8 = 0xc2; *(uint8_t*)0x20007dc9 = 0; *(uint8_t*)0x20007dca = 0; *(uint8_t*)0x20007dcb = 0; *(uint32_t*)0x20007f70 = 0x20007e00; *(uint8_t*)0x20007e00 = 0x40; *(uint8_t*)0x20007e01 = 0x19; *(uint32_t*)0x20007e02 = 2; memcpy((void*)0x20007e06, "aB", 2); *(uint32_t*)0x20007f74 = 0x20007e40; *(uint8_t*)0x20007e40 = 0x40; *(uint8_t*)0x20007e41 = 0x1a; *(uint32_t*)0x20007e42 = 2; *(uint16_t*)0x20007e46 = 4; *(uint32_t*)0x20007f78 = 0x20007e80; *(uint8_t*)0x20007e80 = 0x40; *(uint8_t*)0x20007e81 = 0x1c; *(uint32_t*)0x20007e82 = 1; *(uint8_t*)0x20007e86 = 0x70; *(uint32_t*)0x20007f7c = 0x20007ec0; *(uint8_t*)0x20007ec0 = 0x40; *(uint8_t*)0x20007ec1 = 0x1e; *(uint32_t*)0x20007ec2 = 1; *(uint8_t*)0x20007ec6 = 9; *(uint32_t*)0x20007f80 = 0x20007f00; *(uint8_t*)0x20007f00 = 0x40; *(uint8_t*)0x20007f01 = 0x21; *(uint32_t*)0x20007f02 = 1; *(uint8_t*)0x20007f06 = 0; syz_usb_control_io(r[22], 0x20007b00, 0x20007f40); break; case 46: syz_usb_disconnect(r[21]); break; case 47: syz_usb_ep_read(r[21], 0x20, 0x53, 0x20007fc0); break; case 48: *(uint8_t*)0x20008040 = 0x12; *(uint8_t*)0x20008041 = 1; *(uint16_t*)0x20008042 = 0x250; *(uint8_t*)0x20008044 = 0; *(uint8_t*)0x20008045 = 0; *(uint8_t*)0x20008046 = 0; *(uint8_t*)0x20008047 = 8; *(uint16_t*)0x20008048 = 0x1130; *(uint16_t*)0x2000804a = 0x3101; *(uint16_t*)0x2000804c = 0x40; *(uint8_t*)0x2000804e = 1; *(uint8_t*)0x2000804f = 2; *(uint8_t*)0x20008050 = 3; *(uint8_t*)0x20008051 = 1; *(uint8_t*)0x20008052 = 9; *(uint8_t*)0x20008053 = 2; *(uint16_t*)0x20008054 = 0x2d; *(uint8_t*)0x20008056 = 1; *(uint8_t*)0x20008057 = 1; *(uint8_t*)0x20008058 = 1; *(uint8_t*)0x20008059 = 0; *(uint8_t*)0x2000805a = 0x20; *(uint8_t*)0x2000805b = 9; *(uint8_t*)0x2000805c = 4; *(uint8_t*)0x2000805d = 0; *(uint8_t*)0x2000805e = 8; *(uint8_t*)0x2000805f = 1; *(uint8_t*)0x20008060 = 3; *(uint8_t*)0x20008061 = 1; *(uint8_t*)0x20008062 = 2; *(uint8_t*)0x20008063 = 1; *(uint8_t*)0x20008064 = 9; *(uint8_t*)0x20008065 = 0x21; *(uint16_t*)0x20008066 = 0x3ff; *(uint8_t*)0x20008068 = 2; *(uint8_t*)0x20008069 = 1; *(uint8_t*)0x2000806a = 0x22; *(uint16_t*)0x2000806b = 0xc2c; *(uint8_t*)0x2000806d = 9; *(uint8_t*)0x2000806e = 5; *(uint8_t*)0x2000806f = 0x81; *(uint8_t*)0x20008070 = 3; *(uint16_t*)0x20008071 = 0x200; *(uint8_t*)0x20008073 = 4; *(uint8_t*)0x20008074 = 0; *(uint8_t*)0x20008075 = 9; *(uint8_t*)0x20008076 = 9; *(uint8_t*)0x20008077 = 5; *(uint8_t*)0x20008078 = 2; *(uint8_t*)0x20008079 = 3; *(uint16_t*)0x2000807a = 8; *(uint8_t*)0x2000807c = 1; *(uint8_t*)0x2000807d = 0xfa; *(uint8_t*)0x2000807e = 0; *(uint32_t*)0x200084c0 = 0xa; *(uint32_t*)0x200084c4 = 0x20008080; *(uint8_t*)0x20008080 = 0xa; *(uint8_t*)0x20008081 = 6; *(uint16_t*)0x20008082 = 0; *(uint8_t*)0x20008084 = 0x11; *(uint8_t*)0x20008085 = 0xf2; *(uint8_t*)0x20008086 = 0x20; *(uint8_t*)0x20008087 = 0xbf; *(uint8_t*)0x20008088 = 0xe3; *(uint8_t*)0x20008089 = 0; *(uint32_t*)0x200084c8 = 0x35; *(uint32_t*)0x200084cc = 0x200080c0; *(uint8_t*)0x200080c0 = 5; *(uint8_t*)0x200080c1 = 0xf; *(uint16_t*)0x200080c2 = 0x35; *(uint8_t*)0x200080c4 = 5; *(uint8_t*)0x200080c5 = 3; *(uint8_t*)0x200080c6 = 0x10; *(uint8_t*)0x200080c7 = 0xb; *(uint8_t*)0x200080c8 = 0x14; *(uint8_t*)0x200080c9 = 0x10; *(uint8_t*)0x200080ca = 4; *(uint8_t*)0x200080cb = 3; memcpy((void*)0x200080cc, "\x81\xb3\xe8\x31\xd0\x5d\x61\x72\x4e\x7e\xfe\x59\xe3\xeb\x35\xa8", 16); *(uint8_t*)0x200080dc = 3; *(uint8_t*)0x200080dd = 0x10; *(uint8_t*)0x200080de = 0xb; *(uint8_t*)0x200080df = 0xb; *(uint8_t*)0x200080e0 = 0x10; *(uint8_t*)0x200080e1 = 1; *(uint8_t*)0x200080e2 = 4; *(uint16_t*)0x200080e3 = 0x20; *(uint8_t*)0x200080e5 = 9; *(uint8_t*)0x200080e6 = 5; *(uint16_t*)0x200080e7 = 0x232; *(uint8_t*)0x200080e9 = 1; *(uint8_t*)0x200080ea = 0xb; *(uint8_t*)0x200080eb = 0x10; *(uint8_t*)0x200080ec = 1; *(uint8_t*)0x200080ed = 6; *(uint16_t*)0x200080ee = 0x40; *(uint8_t*)0x200080f0 = 0x3f; *(uint8_t*)0x200080f1 = 1; *(uint16_t*)0x200080f2 = 0x1000; *(uint8_t*)0x200080f4 = 0x95; *(uint32_t*)0x200084d0 = 0xa; *(uint32_t*)0x200084d4 = 4; *(uint32_t*)0x200084d8 = 0x20008100; *(uint8_t*)0x20008100 = 4; *(uint8_t*)0x20008101 = 3; *(uint16_t*)0x20008102 = 0x437; *(uint32_t*)0x200084dc = 0x94; *(uint32_t*)0x200084e0 = 0x20008140; *(uint8_t*)0x20008140 = 0x94; *(uint8_t*)0x20008141 = 3; memcpy((void*)0x20008142, "\x0a\x2b\x55\xe2\x4c\x1e\x43\x9b\x99\xc4\xa7\xb6\xb7\x8a\x9e\x11\x99\xaf\x0f\xe5\xc7\x7d\x11\x9c\xaa\x1a\x26\x2a\x23\x23\xee\x85\xd4\x4c\xe5\x3c\xbc\x4f\x5b\xbf\x33\x95\xb8\xfc\x42\x68\x91\xdd\x21\xc2\xf6\x97\x20\xe4\x9d\x0f\xad\xd0\x34\xca\x35\x34\xb4\xf5\x2d\xf6\x84\x0f\x02\x75\x70\x5c\x82\x69\xc7\xe7\xfe\x3b\x1f\xeb\x95\x16\xea\xc7\xe5\x87\xde\x92\xb8\x90\x29\x30\x49\x14\xa6\x7f\x5b\xcc\x9f\x23\xf6\x09\x72\xb1\xc0\x3c\x7e\x6d\xd6\x49\x58\x7e\xc7\x80\xe8\x16\xd8\x65\x78\x1d\x19\xc1\x77\x76\x71\x41\x21\xe8\x7c\x91\x73\xfd\x96\xdb\xf3\xbd\xeb\x4b\x5f\x7e\x01\x2b\xb8\x27\x9f\x38", 146); *(uint32_t*)0x200084e4 = 0x44; *(uint32_t*)0x200084e8 = 0x20008200; *(uint8_t*)0x20008200 = 0x44; *(uint8_t*)0x20008201 = 3; memcpy((void*)0x20008202, "\x13\x5e\xa6\x24\x3a\x34\x97\xb7\xeb\x5c\x6f\x4b\xa0\xc3\x8c\x06\x84\x82\x17\xb0\x74\x3b\x8e\x74\xe6\x24\x95\xdd\xd2\x93\xaa\x49\xf0\xd2\x6f\x1b\x86\xbc\xde\x62\x55\x3a\x7e\x58\x7a\xef\x8c\x1e\xf0\xd8\xc1\x2b\xa3\xde\xc7\x57\x6f\x9e\x3e\x4f\x42\xec\xb1\xa1\x75\xca", 66); *(uint32_t*)0x200084ec = 4; *(uint32_t*)0x200084f0 = 0x20008280; *(uint8_t*)0x20008280 = 4; *(uint8_t*)0x20008281 = 3; *(uint16_t*)0x20008282 = 0x2c0a; *(uint32_t*)0x200084f4 = 4; *(uint32_t*)0x200084f8 = 0x200082c0; *(uint8_t*)0x200082c0 = 4; *(uint8_t*)0x200082c1 = 3; *(uint16_t*)0x200082c2 = 0x44b; *(uint32_t*)0x200084fc = 0x31; *(uint32_t*)0x20008500 = 0x20008300; *(uint8_t*)0x20008300 = 0x31; *(uint8_t*)0x20008301 = 3; memcpy((void*)0x20008302, "\x82\xc7\x02\x29\x05\x30\x20\xa3\x24\xb9\x8d\x14\xd5\x7b\x17\xa9\xb3\x44\x0c\x05\x1f\x56\xe3\xed\xd2\xf4\x96\x7b\xa5\x6e\x07\x5a\xa6\xf9\x88\x06\x3d\xe0\x7f\x08\xad\x93\xea\x70\x9b\xa6\x13", 47); *(uint32_t*)0x20008504 = 4; *(uint32_t*)0x20008508 = 0x20008340; *(uint8_t*)0x20008340 = 4; *(uint8_t*)0x20008341 = 3; *(uint16_t*)0x20008342 = 0x423; *(uint32_t*)0x2000850c = 4; *(uint32_t*)0x20008510 = 0x20008380; *(uint8_t*)0x20008380 = 4; *(uint8_t*)0x20008381 = 3; *(uint16_t*)0x20008382 = 0x430; *(uint32_t*)0x20008514 = 0x2c; *(uint32_t*)0x20008518 = 0x200083c0; *(uint8_t*)0x200083c0 = 0x2c; *(uint8_t*)0x200083c1 = 3; memcpy((void*)0x200083c2, "\xcd\x51\x8b\x3d\x76\xf8\x28\xb8\xd2\xd9\x8e\x57\x99\xa8\x29\x49\x6a\xf1\x48\x34\xd2\x49\xdc\x1c\xca\x0a\x1e\xcc\x5e\x98\x7c\x00\x8e\x50\xa3\xde\x8f\x93\x6a\xbd\x87\x28", 42); *(uint32_t*)0x2000851c = 0xa8; *(uint32_t*)0x20008520 = 0x20008400; *(uint8_t*)0x20008400 = 0xa8; *(uint8_t*)0x20008401 = 3; memcpy((void*)0x20008402, "\x95\x7f\xa0\x06\x47\xda\x8d\xf8\x45\x74\x7d\xea\xd5\x48\x2f\x41\x16\xe0\x44\x3b\xcb\x7b\x30\x3c\x0f\xcf\x35\xfc\xd1\x36\x7d\x8a\xd5\xe0\x69\xd0\xa3\x21\x76\x22\xe4\xdb\xe2\x01\x85\x55\xe1\x50\x6d\xad\xe1\xed\x57\x30\x8b\x80\x51\xad\xe8\x15\xe9\x25\x58\x1f\x82\xd3\xf3\xc5\xfe\x1d\xf8\x07\x02\xd0\x2c\x90\x74\xce\x05\x2e\x54\x2c\xf5\xcb\xc1\x0a\x22\xa0\x97\x65\xcb\x02\xc8\x7c\x14\xaa\x57\xb1\x92\xf9\x78\xea\x1a\x60\x02\xb1\x47\x60\x12\xc8\x8c\x87\x4e\x1b\x1c\xb7\xfc\x70\x93\x53\x16\xd3\x43\x00\xdd\xae\x42\x0a\x78\xe2\xe5\x3e\xb5\x30\x02\xf3\xb0\x3c\x9c\xd2\x75\x4b\x8c\xf0\x2f\x98\x41\xf8\xfb\x0e\x16\x8d\xc4\xe0\x0e\xea\x01\x4b\x30\xfe\x68\xa7\x00\xc6\x5c\x0c", 166); res = -1; res = syz_usb_connect(4, 0x3f, 0x20008040, 0x200084c0); if (res != -1) r[23] = res; break; case 49: memcpy((void*)0x20008540, "\x43\x4d\x22\xb9\x8f\x25\x94\x64\x3d", 9); syz_usb_ep_write(r[23], 9, 9, 0x20008540); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } : In function ‘syz_io_uring_setup’: :248:33: error: ‘__NR_io_uring_setup’ undeclared (first use in this function) :248:33: note: each undeclared identifier is reported only once for each function it appears in compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor661112706 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -static -Wno-overflow] --- FAIL: TestGenerate/linux/386/15 (0.24s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } #define XT_TABLE_SIZE 1536 #define XT_MAX_ENTRIES 10 struct xt_counters { uint64_t pcnt, bcnt; }; struct ipt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_entries; unsigned int size; }; struct ipt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct ipt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct ipt_table_desc { const char* name; struct ipt_getinfo info; struct ipt_replace replace; }; static struct ipt_table_desc ipv4_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; static struct ipt_table_desc ipv6_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; #define IPT_BASE_CTL 64 #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) #define IPT_SO_GET_INFO (IPT_BASE_CTL) #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) struct arpt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_entries; unsigned int size; }; struct arpt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct arpt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct arpt_table_desc { const char* name; struct arpt_getinfo info; struct arpt_replace replace; }; static struct arpt_table_desc arpt_tables[] = { {.name = "filter"}, }; #define ARPT_BASE_CTL 96 #define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { int fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) { switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: return; } exit(1); } for (int i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); socklen_t optlen = sizeof(table->info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } exit(1); } if (table->info.size > sizeof(table->replace.entrytable)) exit(1); if (table->info.num_entries > XT_MAX_ENTRIES) exit(1); struct ipt_get_entries entries; memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) exit(1); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { int fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) { switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: return; } exit(1); } for (int i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; if (table->info.valid_hooks == 0) continue; struct ipt_getinfo info; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); socklen_t optlen = sizeof(info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &info, &optlen)) exit(1); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { struct ipt_get_entries entries; memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) exit(1); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } struct xt_counters counters[XT_MAX_ENTRIES]; table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, level, IPT_SO_SET_REPLACE, &table->replace, optlen)) exit(1); } close(fd); } static void checkpoint_arptables(void) { int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) { switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: return; } exit(1); } for (unsigned i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); socklen_t optlen = sizeof(table->info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } exit(1); } if (table->info.size > sizeof(table->replace.entrytable)) exit(1); if (table->info.num_entries > XT_MAX_ENTRIES) exit(1); struct arpt_get_entries entries; memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) exit(1); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_arptables() { int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) { switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: return; } exit(1); } for (unsigned i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; if (table->info.valid_hooks == 0) continue; struct arpt_getinfo info; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); socklen_t optlen = sizeof(info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &info, &optlen)) exit(1); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { struct arpt_get_entries entries; memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) exit(1); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } else { } struct xt_counters counters[XT_MAX_ENTRIES]; table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, SOL_IP, ARPT_SO_SET_REPLACE, &table->replace, optlen)) exit(1); } close(fd); } #define NF_BR_NUMHOOKS 6 #define EBT_TABLE_MAXNAMELEN 32 #define EBT_CHAIN_MAXNAMELEN 32 #define EBT_BASE_CTL 128 #define EBT_SO_SET_ENTRIES (EBT_BASE_CTL) #define EBT_SO_GET_INFO (EBT_BASE_CTL) #define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO + 1) #define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES + 1) #define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO + 1) struct ebt_replace { char name[EBT_TABLE_MAXNAMELEN]; unsigned int valid_hooks; unsigned int nentries; unsigned int entries_size; struct ebt_entries* hook_entry[NF_BR_NUMHOOKS]; unsigned int num_counters; struct ebt_counter* counters; char* entries; }; struct ebt_entries { unsigned int distinguisher; char name[EBT_CHAIN_MAXNAMELEN]; unsigned int counter_offset; int policy; unsigned int nentries; char data[0] __attribute__((aligned(__alignof__(struct ebt_replace)))); }; struct ebt_table_desc { const char* name; struct ebt_replace replace; char entrytable[XT_TABLE_SIZE]; }; static struct ebt_table_desc ebt_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "broute"}, }; static void checkpoint_ebtables(void) { int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) { switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: return; } exit(1); } for (size_t i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) { struct ebt_table_desc* table = &ebt_tables[i]; strcpy(table->replace.name, table->name); socklen_t optlen = sizeof(table->replace); if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_INFO, &table->replace, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } exit(1); } if (table->replace.entries_size > sizeof(table->entrytable)) exit(1); table->replace.num_counters = 0; table->replace.entries = table->entrytable; optlen = sizeof(table->replace) + table->replace.entries_size; if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_ENTRIES, &table->replace, &optlen)) exit(1); } close(fd); } static void reset_ebtables() { int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) { switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: return; } exit(1); } for (unsigned i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) { struct ebt_table_desc* table = &ebt_tables[i]; if (table->replace.valid_hooks == 0) continue; struct ebt_replace replace; memset(&replace, 0, sizeof(replace)); strcpy(replace.name, table->name); socklen_t optlen = sizeof(replace); if (getsockopt(fd, SOL_IP, EBT_SO_GET_INFO, &replace, &optlen)) exit(1); replace.num_counters = 0; table->replace.entries = 0; for (unsigned h = 0; h < NF_BR_NUMHOOKS; h++) table->replace.hook_entry[h] = 0; if (memcmp(&table->replace, &replace, sizeof(table->replace)) == 0) { char entrytable[XT_TABLE_SIZE]; memset(&entrytable, 0, sizeof(entrytable)); replace.entries = entrytable; optlen = sizeof(replace) + replace.entries_size; if (getsockopt(fd, SOL_IP, EBT_SO_GET_ENTRIES, &replace, &optlen)) exit(1); if (memcmp(table->entrytable, entrytable, replace.entries_size) == 0) continue; } for (unsigned j = 0, h = 0; h < NF_BR_NUMHOOKS; h++) { if (table->replace.valid_hooks & (1 << h)) { table->replace.hook_entry[h] = (struct ebt_entries*)table->entrytable + j; j++; } } table->replace.entries = table->entrytable; optlen = sizeof(table->replace) + table->replace.entries_size; if (setsockopt(fd, SOL_IP, EBT_SO_SET_ENTRIES, &table->replace, optlen)) exit(1); } close(fd); } static void checkpoint_net_namespace(void) { checkpoint_ebtables(); checkpoint_arptables(); checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); checkpoint_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void reset_net_namespace(void) { reset_ebtables(); reset_arptables(); reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); reset_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_loop() { checkpoint_net_namespace(); } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } reset_net_namespace(); } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { setup_loop(); int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\xec\x2e\x7b\xc7\x2e\xa2\x42\xf6\xab\xc3\x2e\xc7\xa5\x13\xc2\xb3\xb3\xfc\x9f\xa5\xe4\x08\x68\x35\xe4\x7b\x30\xab\x60\x2d\x39\xfb\xfc\xa5\x4a\xd3\x43\x8e\x3d\xa0\x34\x5c\x29\xf8\x74\x76\x99\x04\x7e\x06\xc4\x68\x79\xa9\x4b\xef\x8f\xaa\x1b\x93\xde\xdb\xf8\xaa\xf7\x7e\x11\xda\x64\x96\x1b\x42\x92\xbd\x9e\x5b\xca\xe7\x7d\x1a\x4d\xd0\xa3\x71\x11\x49\x6b\x41\xa7\x91\x1a\x28\x6f\x1e\x80\xc8\x37\x42\x0d\x41\x62\x66\xe0\x5a\xaa\x11\x4d\x03\x1b\x68\xc1\xa7\xc7\x15\x37\x86\x9d\x6a\xd2\xad\x7c\x0d\x7d\x5c\xc8\xcc\x72\xc0\x54\x56\x9e\x15\x3d\x41\xd6\x0d\xd7\x49\xe0\x8e\x9c\x07\xb5\xc6\xf0\xdf\xd1\xe3\x9c\x03\xd7\xc0\xd4\xfa\x67\xe2\x8f\x32\x65\x67\xdf\x09\xbf\xdc\xd2\xff\xe2\x0d\x6b\xe1\x7c\xa0\xae\x00\x15\x57\xbf\xda\xf4\x11\x41\x0b\x45\x19\x74\x69\x6a\x32\xad\x65\x6a\x85\xf5\x01\x1f\xad\x89\x1e\xc4\xdd\x2a\xd2\xfa\x76\xeb\x91\x74\x92\xf6\x63\x50\xca\xaa\xe8\xdb\xb7\x62\xa0\xde\x4f\xfa\x4c\x35\xa6\x5f\x1e\xf5\x38\x8b\xeb\x9d\x30\x31\x3e\xb1\x20\x73\xbf\x69\xc5\x1b\x1e\xf1\x26\x97\x1f\x7b\xf2\x52\x51\xb2\x3c\xcd\x12\xb5\x9e\xa1\xde\x15\xe5\x2b\x90\x5e\x61\x46\x10\x40\x89\xd3\x73\x5a\xd0\x0e\x70\xc8\x8e\xb6\x57\x0a\x21\xdb\xa1\x6d\x05\xc8\xd8\x8a\xab\x82\xb9\x93\x3d\xec\x5b\xf6\xc5\x03\xa1\x4f\x1a\xf3\x33\x0e\x9b\xfd\x8e\x9a\xe7\x45\xf0\x46\x90\x53\xae\x9a\xb6\xe4\x6e\x8d\xda\x7c\x7c\x5c\xcc\xe8\x47\xd2\x8e\xf6\x8a\xd5\xd9\xbe\x21\xf2\x6a\xbf\xd6\x78\xfd\x60\x43\xa0\x72\x76\x8c\x0a\xb2\xf3\x18\x02\xc5\xd2\xee\x54\xa4\x26\x05\x3c\xd7\x74\xf7\xa1\x00\x53\x48\x7b\x56\x75\x02\xa4\x26\x2d\x63\xf0\x6f\xf9\x74\x92\xba\xc2\x70\x3c\xef\x66\x47\xc1\x91\x17\xd5\x84\x42\x84\xca\xe7\x94\x00\xe0\xc3\x67\x0d\x51\x75\xf9\x50\x49\x4c\x23\x30\x66\x13\x86\xf1\x0b\x57\xcb\x4b\x6e\xd2\xaa\x81\x12\x0a\x84\x26\x4f\xc9\x6e\xe2\xbf\x81\xd3\x80\xdc\x1c\x1b\xa7\x0d\xe9\x7a\x7f\xcc\x91\xdc\xcc\x42\xec\x90\xb2\x13\xcc\x3d\xb4\xf0\x88\x87\xdf\x8f\xa8\x0c\xb6\x48\x5a\xe8\x9b\x1a\x7d\x77\xb5\xc3\x9d\xcd\xf6\x2d\x79\x3a\x18\xf2\x9b\x5a\xc7\x35\xc0\x7b\x06\xe8\xf0\x09\x8b\xd9\x47\x40\x28\x49\x69\x52\x85\x91\x71\x35\xd2\xf6\x89\x16\x6b\x42\xcd\x14\x59\x9e\xe9\x17\x72\x56\xe7\xe4\x00\xc4\xed\xf7\x31\x7b\x6b\x30\xca\x6d\x9c\x2b\x7f\x28\x39\xf0\x96\xbd\x67\xd3\x34\x3f\xbe\x6c\xaa\x34\xdb\xd4\xb5\xcd\x33\x94\xb7\x07\xb6\x01\x79\x4b\x53\x11\xb2\xbb\x8e\xa8\xf7\x4e\x59\xfb\x66\x78\xa1\xde\x2e\xd8\xde\x44\x3a\x49\xf5\x31\x82\x99\xaa\x8a\x96\xd3\x4b\xa7\x53\xd7\xa8\xf9\xf9\x42\x95\xa4\xb7\xc4\x21\x9b\x5a\x1e\x11\x24\x6e\xbc\x65\x21\xc8\xe1\x86\xdf\x99\x3b\x9d\xa7\x9f\xa2\x39\x4b\x36\xa4\x53\xb0\xc5\xb5\xcc\xb6\xc2\x72\x93\x38\xac\x8e\x3a\x21\x53\xa4\xa3\x01\x2e\x8c\x43\x78\xfc\xbf\xd5\xe8\xb5\x6b\x04\x25\xcc\x23\x6c\x07\x31\x5c\x75\xba\xf6\x2b\xaf\x3b\x3b\x62\xc4\x13\xed\x9f\x5e\xc6\x6f\xf9\x8b\xbb\xe6\x1f\x2b\xda\x90\x6c\x8b\xde\xe0\xce\xc2\xde\x6d\x6e\x25\xa4\x9c\xef\xdf\xe3\xf3\xed\x53\xb1\x15\x41\x78\x39\x8c\x62\x87\xb8\x15\x8e\x1d\x7f\x81\x87\x68\x93\x8c\xcd\xcf\xad\x45\x8e\xe9\xb3\xa6\xea\x9a\x69\xa7\x86\x9d\x05\x95\x5d\xec\x71\xd8\x29\x09\xaf\x3e\x39\x30\xba\xb9\x8c\xd1\x75\x17\xd6\xbb\x16\x41\xce\xb9", 8192); *(uint32_t*)0x20004f00 = 0x20002200; *(uint32_t*)0x20002200 = 0x50; *(uint32_t*)0x20002204 = 0x48262fad; *(uint64_t*)0x20002208 = 0x1000; *(uint32_t*)0x20002210 = 7; *(uint32_t*)0x20002214 = 0x1f; *(uint32_t*)0x20002218 = 9; *(uint32_t*)0x2000221c = 0x200; *(uint16_t*)0x20002220 = 8; *(uint16_t*)0x20002222 = 0x1ff; *(uint32_t*)0x20002224 = 0xbb; *(uint32_t*)0x20002228 = 0xa; *(uint16_t*)0x2000222c = 0; *(uint16_t*)0x2000222e = 0; *(uint32_t*)0x20002230 = 0; *(uint32_t*)0x20002234 = 0; *(uint32_t*)0x20002238 = 0; *(uint32_t*)0x2000223c = 0; *(uint32_t*)0x20002240 = 0; *(uint32_t*)0x20002244 = 0; *(uint32_t*)0x20002248 = 0; *(uint32_t*)0x2000224c = 0; *(uint32_t*)0x20004f04 = 0x20002280; *(uint32_t*)0x20002280 = 0x18; *(uint32_t*)0x20002284 = 0xfffffff5; *(uint64_t*)0x20002288 = 2; *(uint64_t*)0x20002290 = 1; *(uint32_t*)0x20004f08 = 0x200022c0; *(uint32_t*)0x200022c0 = 0x18; *(uint32_t*)0x200022c4 = 0; *(uint64_t*)0x200022c8 = 4; *(uint64_t*)0x200022d0 = 7; *(uint32_t*)0x20004f0c = 0x20002300; *(uint32_t*)0x20002300 = 0x18; *(uint32_t*)0x20002304 = 0; *(uint64_t*)0x20002308 = 6; *(uint32_t*)0x20002310 = 0xfffffffb; *(uint32_t*)0x20002314 = 0; *(uint32_t*)0x20004f10 = 0x20002340; *(uint32_t*)0x20002340 = 0x18; *(uint32_t*)0x20002344 = 0xfffffffe; *(uint64_t*)0x20002348 = 0x401; *(uint32_t*)0x20002350 = 0x101; *(uint32_t*)0x20002354 = 0; *(uint32_t*)0x20004f14 = 0x200043c0; *(uint32_t*)0x200043c0 = 0x28; *(uint32_t*)0x200043c4 = 0xfffffffe; *(uint64_t*)0x200043c8 = 0xffffffffffff8000; *(uint64_t*)0x200043d0 = 0x1000; *(uint64_t*)0x200043d8 = 4; *(uint32_t*)0x200043e0 = 0; *(uint32_t*)0x200043e4 = r[6]; *(uint32_t*)0x20004f18 = 0x20004400; *(uint32_t*)0x20004400 = 0x60; *(uint32_t*)0x20004404 = 0; *(uint64_t*)0x20004408 = 0x8000; *(uint64_t*)0x20004410 = 0x19; *(uint64_t*)0x20004418 = 0; *(uint64_t*)0x20004420 = 0x4b; *(uint64_t*)0x20004428 = 3; *(uint64_t*)0x20004430 = 1; *(uint32_t*)0x20004438 = -1; *(uint32_t*)0x2000443c = 0x10001; *(uint32_t*)0x20004440 = 0x7fff; *(uint32_t*)0x20004444 = 0; *(uint32_t*)0x20004448 = 0; *(uint32_t*)0x2000444c = 0; *(uint32_t*)0x20004450 = 0; *(uint32_t*)0x20004454 = 0; *(uint32_t*)0x20004458 = 0; *(uint32_t*)0x2000445c = 0; *(uint32_t*)0x20004f1c = 0x20004480; *(uint32_t*)0x20004480 = 0x18; *(uint32_t*)0x20004484 = 0; *(uint64_t*)0x20004488 = 0xfffffffffffffffe; *(uint32_t*)0x20004490 = 1; *(uint32_t*)0x20004494 = 0; *(uint32_t*)0x20004f20 = 0x200044c0; *(uint32_t*)0x200044c0 = 0x2a; *(uint32_t*)0x200044c4 = 0; *(uint64_t*)0x200044c8 = 0; memcpy((void*)0x200044d0, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f24 = 0x20004500; *(uint32_t*)0x20004500 = 0x20; *(uint32_t*)0x20004504 = 0; *(uint64_t*)0x20004508 = 0xffffffff; *(uint64_t*)0x20004510 = 0; *(uint32_t*)0x20004518 = 5; *(uint32_t*)0x2000451c = 0; *(uint32_t*)0x20004f28 = 0x200047c0; *(uint32_t*)0x200047c0 = 0x78; *(uint32_t*)0x200047c4 = 0; *(uint64_t*)0x200047c8 = 0xfff; *(uint64_t*)0x200047d0 = 5; *(uint32_t*)0x200047d8 = 0; *(uint32_t*)0x200047dc = 0; *(uint64_t*)0x200047e0 = 0; *(uint64_t*)0x200047e8 = 0xfffffffffffffffb; *(uint64_t*)0x200047f0 = 5; *(uint64_t*)0x200047f8 = 0xfffffffffffffff9; *(uint64_t*)0x20004800 = 1; *(uint64_t*)0x20004808 = 9; *(uint32_t*)0x20004810 = 8; *(uint32_t*)0x20004814 = 0xff; *(uint32_t*)0x20004818 = 5; *(uint32_t*)0x2000481c = 0xc000; *(uint32_t*)0x20004820 = 0x7cc8; *(uint32_t*)0x20004824 = r[7]; *(uint32_t*)0x20004828 = r[8]; *(uint32_t*)0x2000482c = 0xf4a5; *(uint32_t*)0x20004830 = 9; *(uint32_t*)0x20004834 = 0; *(uint32_t*)0x20004f2c = 0x200048c0; *(uint32_t*)0x200048c0 = 0x90; *(uint32_t*)0x200048c4 = 0; *(uint64_t*)0x200048c8 = 0x100000001; *(uint64_t*)0x200048d0 = 5; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0x80000001; *(uint64_t*)0x200048e8 = 1; *(uint32_t*)0x200048f0 = 7; *(uint32_t*)0x200048f4 = 0x100; *(uint64_t*)0x200048f8 = 0; *(uint64_t*)0x20004900 = 0x3ff; *(uint64_t*)0x20004908 = 7; *(uint64_t*)0x20004910 = 6; *(uint64_t*)0x20004918 = 2; *(uint64_t*)0x20004920 = 0x200; *(uint32_t*)0x20004928 = 0x20; *(uint32_t*)0x2000492c = 6; *(uint32_t*)0x20004930 = 0xe07fd01; *(uint32_t*)0x20004934 = 0xc000; *(uint32_t*)0x20004938 = 9; *(uint32_t*)0x2000493c = r[9]; *(uint32_t*)0x20004940 = r[10]; *(uint32_t*)0x20004944 = 8; *(uint32_t*)0x20004948 = 1; *(uint32_t*)0x2000494c = 0; *(uint32_t*)0x20004f30 = 0x20004980; *(uint32_t*)0x20004980 = 0xa8; *(uint32_t*)0x20004984 = 0; *(uint64_t*)0x20004988 = 1; *(uint64_t*)0x20004990 = 0; *(uint64_t*)0x20004998 = 4; *(uint32_t*)0x200049a0 = 0x1a; *(uint32_t*)0x200049a4 = 0x3ff; memcpy((void*)0x200049a8, "bpf_lsm_post_notification\000", 26); *(uint64_t*)0x200049c8 = 2; *(uint64_t*)0x200049d0 = 0x80000000; *(uint32_t*)0x200049d8 = 4; *(uint32_t*)0x200049dc = 2; memcpy((void*)0x200049e0, "#(\\!", 4); *(uint64_t*)0x200049e8 = 2; *(uint64_t*)0x200049f0 = 0x80000001; *(uint32_t*)0x200049f8 = 1; *(uint32_t*)0x200049fc = 0x1ff; memcpy((void*)0x20004a00, "%", 1); *(uint64_t*)0x20004a08 = 2; *(uint64_t*)0x20004a10 = 0xff; *(uint32_t*)0x20004a18 = 1; *(uint32_t*)0x20004a1c = 0x8001; memcpy((void*)0x20004a20, "&", 1); *(uint32_t*)0x20004f34 = 0x20004bc0; *(uint32_t*)0x20004bc0 = 0xc8; *(uint32_t*)0x20004bc4 = 0; *(uint64_t*)0x20004bc8 = 0; *(uint64_t*)0x20004bd0 = 4; *(uint64_t*)0x20004bd8 = 3; *(uint64_t*)0x20004be0 = 9; *(uint64_t*)0x20004be8 = 4; *(uint32_t*)0x20004bf0 = 8; *(uint32_t*)0x20004bf4 = 5; *(uint64_t*)0x20004bf8 = 3; *(uint64_t*)0x20004c00 = 0x800; *(uint64_t*)0x20004c08 = 1; *(uint64_t*)0x20004c10 = 0x10001; *(uint64_t*)0x20004c18 = 8; *(uint64_t*)0x20004c20 = 1; *(uint32_t*)0x20004c28 = 0; *(uint32_t*)0x20004c2c = 0x401; *(uint32_t*)0x20004c30 = 0xfffffff7; *(uint32_t*)0x20004c34 = 0x6000; *(uint32_t*)0x20004c38 = 0x10001; *(uint32_t*)0x20004c3c = r[11]; *(uint32_t*)0x20004c40 = r[12]; *(uint32_t*)0x20004c44 = 6; *(uint32_t*)0x20004c48 = 0xf8; *(uint32_t*)0x20004c4c = 0; *(uint64_t*)0x20004c50 = 3; *(uint64_t*)0x20004c58 = 2; *(uint32_t*)0x20004c60 = 0x1a; *(uint32_t*)0x20004c64 = 9; memcpy((void*)0x20004c68, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f38 = 0x20004e00; *(uint32_t*)0x20004e00 = 0xa0; *(uint32_t*)0x20004e04 = 0xfffffffe; *(uint64_t*)0x20004e08 = 9; *(uint64_t*)0x20004e10 = 4; *(uint64_t*)0x20004e18 = 0; *(uint64_t*)0x20004e20 = 0x3ff; *(uint64_t*)0x20004e28 = 0x80000000; *(uint32_t*)0x20004e30 = 0xfffffffd; *(uint32_t*)0x20004e34 = 8; *(uint64_t*)0x20004e38 = 1; *(uint64_t*)0x20004e40 = 7; *(uint64_t*)0x20004e48 = 0x401; *(uint64_t*)0x20004e50 = 7; *(uint64_t*)0x20004e58 = 0; *(uint64_t*)0x20004e60 = 5; *(uint32_t*)0x20004e68 = 7; *(uint32_t*)0x20004e6c = 6; *(uint32_t*)0x20004e70 = 0x40; *(uint32_t*)0x20004e74 = 0xa000; *(uint32_t*)0x20004e78 = 0x800; *(uint32_t*)0x20004e7c = r[13]; *(uint32_t*)0x20004e80 = r[14]; *(uint32_t*)0x20004e84 = 0x8001; *(uint32_t*)0x20004e88 = 0; *(uint32_t*)0x20004e8c = 0; *(uint64_t*)0x20004e90 = 0; *(uint32_t*)0x20004e98 = 0; *(uint32_t*)0x20004e9c = 0; *(uint32_t*)0x20004f3c = 0x20004ec0; *(uint32_t*)0x20004ec0 = 0x20; *(uint32_t*)0x20004ec4 = 0xfffffffe; *(uint64_t*)0x20004ec8 = 1; *(uint32_t*)0x20004ed0 = 5; *(uint32_t*)0x20004ed4 = 4; *(uint32_t*)0x20004ed8 = 5; *(uint32_t*)0x20004edc = 1; syz_fuse_handle_req(r[5], 0x20000200, 0x2000, 0x20004f00); break; case 26: memcpy((void*)0x20004f40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20004f40); break; case 27: syz_init_net_socket(3, 3, 0xca); break; case 28: res = -1; res = syz_io_uring_complete(0); if (res != -1) r[15] = res; break; case 29: *(uint32_t*)0x20004f84 = 0x2b11; *(uint32_t*)0x20004f88 = 1; *(uint32_t*)0x20004f8c = 1; *(uint32_t*)0x20004f90 = 0x5b; *(uint32_t*)0x20004f98 = r[5]; *(uint32_t*)0x20004f9c = 0; *(uint32_t*)0x20004fa0 = 0; *(uint32_t*)0x20004fa4 = 0; res = syscall(__NR_io_uring_setup, 0x19b4, 0x20004f80); if (res != -1) r[16] = res; break; case 30: *(uint32_t*)0x20005004 = 0x208b; *(uint32_t*)0x20005008 = 4; *(uint32_t*)0x2000500c = 0; *(uint32_t*)0x20005010 = 0x355; *(uint32_t*)0x20005018 = r[16]; *(uint32_t*)0x2000501c = 0; *(uint32_t*)0x20005020 = 0; *(uint32_t*)0x20005024 = 0; syz_io_uring_setup(0xf44, 0x20005000, 0x20ffa000, 0x20ffb000, 0x20005080, 0x200050c0); break; case 31: *(uint32_t*)0x20005104 = 0x7b7; *(uint32_t*)0x20005108 = 2; *(uint32_t*)0x2000510c = 3; *(uint32_t*)0x20005110 = 0x202; *(uint32_t*)0x20005118 = -1; *(uint32_t*)0x2000511c = 0; *(uint32_t*)0x20005120 = 0; *(uint32_t*)0x20005124 = 0; res = -1; res = syz_io_uring_setup(0x22f7, 0x20005100, 0x20ffb000, 0x20ff8000, 0x20005180, 0x200051c0); if (res != -1) r[17] = *(uint64_t*)0x20005180; break; case 32: *(uint8_t*)0x20005240 = 0xb; *(uint8_t*)0x20005241 = 1; *(uint16_t*)0x20005242 = 0; *(uint32_t*)0x20005244 = 0; *(uint64_t*)0x20005248 = 6; *(uint32_t*)0x20005250 = 0x20005200; *(uint32_t*)0x20005200 = 0; *(uint32_t*)0x20005204 = 0x3938700; *(uint32_t*)0x20005254 = 1; *(uint32_t*)0x20005258 = 1; *(uint64_t*)0x2000525c = 1; *(uint16_t*)0x20005264 = 0; *(uint16_t*)0x20005266 = 0; *(uint8_t*)0x20005268 = 0; *(uint8_t*)0x20005269 = 0; *(uint8_t*)0x2000526a = 0; *(uint8_t*)0x2000526b = 0; *(uint8_t*)0x2000526c = 0; *(uint8_t*)0x2000526d = 0; *(uint8_t*)0x2000526e = 0; *(uint8_t*)0x2000526f = 0; *(uint8_t*)0x20005270 = 0; *(uint8_t*)0x20005271 = 0; *(uint8_t*)0x20005272 = 0; *(uint8_t*)0x20005273 = 0; *(uint8_t*)0x20005274 = 0; *(uint8_t*)0x20005275 = 0; *(uint8_t*)0x20005276 = 0; *(uint8_t*)0x20005277 = 0; *(uint8_t*)0x20005278 = 0; *(uint8_t*)0x20005279 = 0; *(uint8_t*)0x2000527a = 0; *(uint8_t*)0x2000527b = 0; syz_io_uring_submit(r[17], 0, 0x20005240, 7); break; case 33: memcpy((void*)0x20005280, "/dev/btrfs-control\000", 19); res = syscall(__NR_openat, 0xffffff9c, 0x20005280, 0x2100, 0); if (res != -1) r[18] = res; break; case 34: *(uint32_t*)0x20005300 = 0; *(uint32_t*)0x20005304 = 0x200052c0; memcpy((void*)0x200052c0, "\x35\xac\x4c\x65\xd5\xd9\x24\x44\x3c\x56\xd3\xcd\xca\xcf\xf7\x45\xb9\xdf\x2c\x8d\x85\x5f\x77\xc7\xe8\xfb\x87\x5f\xc4\xc8\x39\x83\xf4\xec\x40\x4e\x6a\xd2\x10\xd7\x4b\x41\xfc\x04\xcd\x89\xa8\x8b\xc3\xb3", 50); *(uint32_t*)0x20005308 = 0x32; *(uint64_t*)0x20005340 = 1; *(uint64_t*)0x20005348 = 0; syz_kvm_setup_cpu(r[18], r[15], 0x20fe8000, 0x20005300, 1, 0, 0x20005340, 1); break; case 35: *(uint32_t*)0x20005384 = 0x8a2; *(uint32_t*)0x20005388 = 4; *(uint32_t*)0x2000538c = 0; *(uint32_t*)0x20005390 = 0x30f; *(uint32_t*)0x20005398 = -1; *(uint32_t*)0x2000539c = 0; *(uint32_t*)0x200053a0 = 0; *(uint32_t*)0x200053a4 = 0; res = -1; res = syz_io_uring_setup(0x2a84, 0x20005380, 0x20ffc000, 0x20feb000, 0x20005400, 0x20005440); if (res != -1) r[19] = *(uint64_t*)0x20005400; break; case 36: *(uint32_t*)0x20005480 = 1; syz_memcpy_off(r[19], 0x114, 0x20005480, 0, 4); break; case 37: memcpy((void*)0x20006580, "./file0\000", 8); res = syscall(__NR_stat, 0x20006580, 0x200065c0); if (res != -1) r[20] = *(uint32_t*)0x200065d0; break; case 38: memcpy((void*)0x200054c0, "afs\000", 4); memcpy((void*)0x20005500, "./file0\000", 8); *(uint32_t*)0x20006540 = 0x20005540; memcpy((void*)0x20005540, "\xd2\xc8\x4e\x32\xfc\xd2\x5d\x6d\x0c\x83\x4d\xb2\x19\x8a\x08\xcf\x7b\xf0\x74\xc8\x96\xdf\x4f\x91\xd7\xd7\x89\x08\x93\x10\xa8\x83\xa2\x32\xfe\x7e\x05\x8e\x17\x5a\xb0\x04\xde\xc5\x36\xa4\xe1\xd5\x8f\xdc\x29\x54\xa5\xc2\x6e\x70\x2e\xb2\xfb\x50\xfc\x05\x8d\x18\xcb\x90\xbb\xda\xdc\xc9\xfd\xa0\x26\x22\x81\xbb\x9f\xb6\x99\x6f\x60\x89\xe3\x36\xed\xea\xf5\xfb\x57\x28\x44\x7a\xf3\xd6\x5c\xc0\x3e\xb9\x4b\x3d\xc3\xeb\x1e\x24\xdc\x78\x41\x32\xc9\xd0\x36\xe4\x6f\xc3\x14\x6c\xdf\x58\xc1\x75\xe6\x5d\xcc\x7f\x39\x81\x44\x35\x7d\xd2\x5c\x15\x67\x11\x32\x17\xeb\x9b\x2a\xbd\xff\x8c\xb8\x21\x15\xea\x31\xf8\x41\xa3\x77\xb7\x75\xf7\x9f\xa8\x9a\x60\x47\x95\xf4\x87\x60\x5d\x74\x0e\xc6\x46\xd1\x4f\x9b\x80\x80\xf5\x1b\x8e\x24\xea\x8d\x62\x1e\x25\xf3\xcf\xc2\xd9\x27\x9b\x47\xfe\x3e\xa7\xe4\xd2\xb3\x07\x16\xa1\x8f\x68\x44\x3b\x23\x7e\x6b\x15\x2a\xba\xa0\x9d\xc6\xbf\x3b\x13\x01\xad\xfc\xd3\x7b\x9a\x8c\x06\x3c\x83\x0e\x37\x9a\x72\xbd\xb3\x82\x5b\x32\xf5\x3f\xfe\x10\xc7\xda\x81\xc3\x44\xd8\xe9\x8b\x62\x36\x37\x27\xdc\x41\xf0\x50\xfb\x6f\x44\x0d\x3a\x4b\x44\xe8\x49\xa7\x06\xae\xad\x91\x91\x85\x86\x5e\x74\xf9\x4d\x13\xe7\x38\x44\x80\x75\x4a\x1d\x69\x50\x22\xfd\xc2\x16\xe4\x13\xb1\x36\x2a\xdd\x89\x47\xe0\x9f\x4b\x87\xc0\xfa\x05\xd9\x68\x65\xe5\x4d\xf5\x74\x65\x10\x2f\x90\x49\xa0\xb3\x8f\x48\x0f\xd6\x23\xee\x12\x1c\xd6\x35\xc7\x20\xf5\xce\x66\x07\x20\x9d\x0a\x3b\x39\x42\x65\x4e\x73\x81\xc9\x41\xe5\x6e\x7a\x74\xf4\xe0\x36\xe3\xed\xce\x82\xb5\x59\x3a\xed\xab\xf8\x6d\xca\x3e\x49\x25\x33\x36\xc8\x06\xbf\xec\xec\x26\x94\x29\x4d\x19\xc9\x59\xc3\x86\xef\xb8\x38\xab\xdf\x2b\x43\x78\x6c\x09\xbe\xec\xfa\xbf\x72\x3e\x0b\x24\x3a\x8e\xa4\x72\xf6\x3d\xf6\x2e\xd1\x73\x87\x59\x03\x29\x19\xac\x09\xa1\xc1\xcf\x7d\x8f\xe3\x37\x65\x0c\x37\xbb\xec\x02\xb5\x8a\x30\x98\xd1\x47\x8a\x5d\x3a\xbb\x8e\xda\x06\x90\xc8\xa5\x34\x7e\x86\x0b\x57\xd0\x27\x7e\x64\x24\x81\x3e\x06\xf7\x08\x3f\xe3\x25\x3c\x08\x60\x53\x7c\x76\x68\x8c\x88\x77\x79\x51\x38\xe0\xf9\xb2\xe5\x57\xa6\xec\xc9\x98\x60\x24\xc4\xbb\x77\x21\xec\xca\x04\xbc\x92\x2b\x87\xb3\x0c\x1e\x54\x6b\x09\x40\x80\xfb\x15\x94\x64\x2a\x4e\x08\x8c\x3b\x65\xad\xb3\x65\x5f\xcc\x92\x52\xf7\x53\x21\x21\x01\xf4\x17\x30\xad\x16\x42\x78\x7e\x7f\xbe\x39\xe5\xfb\x4f\x91\xcf\x2c\x0d\x84\xd0\xec\x80\x11\x2a\x97\x41\xc0\xfc\x9c\x4b\xfe\x1c\x41\x3e\x0a\x23\x71\x4d\xe7\xeb\x4b\xa7\xe9\x8c\x1c\x25\xed\x3b\xd4\x1b\xa2\xf3\x2f\xa0\xb6\x7f\xd6\x42\xa0\x0e\x13\x4d\x02\x72\x2f\x26\x80\x56\xce\x1c\x62\xf6\x82\xf0\x90\x9b\xbd\x6f\xd3\x89\x6c\x3e\x37\xac\xe1\x8d\x4d\x8e\x97\x88\x05\x7d\xc4\x5b\x27\x57\xb6\x64\x62\x05\xea\x11\xc4\x35\x01\x00\xda\xe7\xcc\xc8\x65\x35\x47\x0b\x4d\x03\x47\xd6\x99\x08\x12\x50\x6e\x3a\x98\x16\xcb\xe2\x8c\x50\xa2\x9a\xb3\xa7\x1e\x05\x0e\xe8\xff\x4c\x8a\x0a\x9c\xdf\x14\x6b\x6e\x6f\x97\x64\x18\xb0\x8d\x12\x3e\xf3\x72\x8a\xa2\x8f\x40\x8f\xab\xc5\x78\xe6\x0c\x7b\xdf\xff\x0d\x18\xad\x41\x6e\xd6\x6d\x5b\xbc\x66\xae\x3a\xb2\xfd\xc0\xa4\xd7\xc7\xac\x14\xf7\x92\xf2\xeb\xaf\x91\x9c\x65\xc1\xf1\x01\x77\x88\x3c\x3d\xbd\xb5\x81\x52\x6f\x72\x86\x93\x62\x03\xb6\x46\x77\x06\x0a\x5a\xf5\xe3\xe3\xdd\x98\x49\x64\x80\x0d\x58\xc4\x6c\x55\xd8\x68\x81\xbe\x8c\x1d\xef\x9f\x95\x79\x53\xf0\xa4\x07\x8a\xc1\x76\x16\xa3\xb9\x4e\xb7\xb0\x26\xb1\x2e\x34\x6f\x8d\x8c\xfb\x13\x91\x91\x9e\x38\xf4\xd5\x09\x0a\xb9\xbf\x15\x5b\x7d\x9c\xfd\xeb\xd3\x63\xa0\x9c\xed\x58\x8f\x68\x21\x86\x7e\xe8\x53\x8d\xc4\x23\x47\xfd\x7f\xaa\x82\x99\x8f\xff\xf2\x8d\x7f\xa3\x43\x26\xea\x5c\x6e\xc3\x0e\xdf\x69\xc6\x24\x60\x7d\xd8\x2a\x56\x7d\xf7\x6f\x27\x3d\x10\x52\x20\x88\x4d\xb7\x18\x70\x28\x5d\x7d\xc9\xf4\x88\x07\x77\xee\x0f\xb6\xbc\xe6\x71\xa5\x83\xb8\x21\x2b\xab\xb7\xdf\xba\x86\xc7\x93\xa8\x6f\xd8\x8e\xe0\x42\xeb\x4d\xca\xb1\x0f\xbd\xc2\xfb\xdf\xc0\x35\x2d\x4b\x82\x3c\x80\xb3\x14\x76\x66\xe3\xa8\xc6\xe0\xb7\x4a\x6e\x39\xba\xf5\xa9\x26\xd8\x61\xd3\x9c\xed\x6c\x15\x09\x9d\x57\xc6\x44\xde\x45\x63\xde\xef\x39\xd8\x49\x86\x2a\x02\x07\x1f\x29\x56\x78\x71\x12\xf6\xe8\xe6\xb3\x24\xdf\x79\x45\x1e\x48\x33\x4c\xe3\x09\x74\x95\x59\x48\xe2\xfa\xd7\x87\xcc\xc6\x1a\x67\x5d\xb6\x65\x4d\xa2\x72\x1d\x2e\x27\xfd\xa6\x23\xae\xec\xc0\xe9\xc6\x47\x62\xf7\x44\x26\xc5\x66\xaf\x7c\xc2\x34\x77\x3e\x9f\x7b\x30\x24\x06\xff\x85\xa4\xad\x15\xd9\x48\xb7\x73\x64\xfb\x27\x42\xdb\x1d\x0c\xee\x24\xef\x37\x29\xf3\xb4\x0e\x7f\x7f\x0e\x1a\x89\x1c\x4a\x21\x3f\x59\x0e\x80\x4d\x30\x93\x58\xf1\xcb\x93\xf2\x1c\xd1\x74\xc3\x74\xfc\x35\x5d\x87\x30\x28\xa2\xe4\xf5\x16\x4f\x24\xb3\x5c\x52\x81\x44\xfe\x7c\x32\xb9\xe6\xa2\xac\x0f\x04\xe6\x0f\x11\x01\x3c\x3c\xae\x20\x42\x0b\x11\xe2\xeb\xad\x83\xa7\xe5\x71\x02\x27\x38\x2d\x72\x52\x5f\xc5\x2a\x8c\x8f\xb6\x49\x8a\xc2\x1e\x91\x31\x74\x22\x7c\x65\xe8\xc5\x87\x6a\xd6\xfc\x49\xb2\xc1\xed\x73\x3e\xa1\x86\xe9\xf4\xf5\x76\x6f\x39\x32\x56\x42\xf8\xa0\xb7\x22\x12\x92\xc5\xb0\x17\x99\x04\xb3\x39\x34\xb6\xfc\xb7\xa6\x4f\x17\x05\xad\x70\x02\x66\x24\x2f\xaf\x54\xcb\xf6\x3d\x25\x49\xd4\xf3\x05\x4c\xe1\x68\xe1\x75\x00\xf5\xf5\xc3\xca\x1e\xde\xfd\xb0\xc6\x0c\x2b\x4f\xb0\x1d\x7d\x0f\xc0\x7d\x86\x67\xe1\x0f\x2f\x80\xcc\x7b\x50\xae\x2e\xd5\x74\xfc\xd3\xf7\x77\x5a\xe1\x7a\x20\x05\x14\xfb\xb2\x19\x51\x80\xe3\x5d\x90\xb8\x94\xdf\x9a\x1c\x35\x54\x00\x73\x82\x47\xda\xf3\x15\xb7\xe1\xcf\x1c\xac\x31\x97\xec\x0d\x74\xd1\xe4\x41\x0c\xaf\x94\x35\xfd\x14\x95\x72\xc1\x8a\x7d\x92\xee\xbb\xc7\x96\x3f\x14\x50\x73\x8e\xc0\x54\x32\x52\x64\x09\x40\xef\x1c\x8c\xe2\x5c\x80\xab\x9e\xd7\x2e\x67\x0b\x40\x23\xe5\xe1\x36\x31\x42\xb4\x31\x44\xbe\x12\xe9\x95\x55\x4a\xf2\x43\x1b\x2e\x5a\x8e\x2a\x45\xc7\x6c\xa7\xe3\x1a\x92\x2c\x59\x2a\x6d\x1c\x5a\x7e\xa9\x40\x36\x5f\xdc\x48\xe1\xb2\xc7\x3f\x66\x18\x65\xdc\x4e\x90\xd0\x8d\x5a\x2c\x4d\xb6\xbc\x5e\x01\x86\xf2\x37\x45\x1d\xfc\x14\xbc\x76\xf0\xdd\x98\x04\x8e\xf9\x9a\x1a\x1c\xb1\x5c\x1b\x53\xbc\xc9\x25\x49\x2b\x87\x1f\xa7\xdb\xe2\xe8\x72\xf9\x35\x85\x24\x8d\x0f\x2b\xf9\x15\x52\x15\x7b\xf5\x57\x8c\xbf\x1b\x65\x3f\x9d\x36\xcc\x95\x2b\x54\xb0\x09\x26\x83\x57\x7c\x5b\xa1\x59\x26\x6a\x5d\xf6\x6e\x74\x94\x62\xe4\xfc\x5a\x06\xd1\xc2\x65\x64\x63\x59\x26\x13\x8d\x9a\x99\x80\x51\x9e\x5d\x73\xbf\xb8\x52\x26\x55\xeb\xc0\x7c\xc8\x11\xc0\x56\xa0\x35\x31\xeb\x29\x3d\x47\x9c\x95\xf7\x13\x75\xea\x29\x3c\x0f\x18\x60\x49\x9e\xa9\x87\x18\xa3\x75\x00\xc5\x4a\x29\xfd\x9b\x8d\x01\x97\x71\x06\x1f\x77\x87\x60\xfd\xec\x9e\x6f\xac\x3d\x3c\x83\x1a\xee\x19\xb5\x6c\x0a\x19\x47\xa0\x89\x65\x3a\x15\xc2\x87\x70\x8e\x84\x6e\xd6\x5e\x1c\x9d\xc4\x92\x9c\xbb\x44\x33\x38\xa9\x36\xfd\x37\x26\xb3\xa0\xce\x78\x71\xac\x3c\x8c\xd3\x26\x00\x77\xb5\xc9\x8d\x98\xaf\xb5\x33\xd2\x5a\x8b\x42\x98\x9b\x7e\xe5\x27\x4f\x72\xe6\x10\x90\xb9\x04\x36\xb3\x2d\xe2\x76\xbc\x86\x6e\x6b\x8c\xd2\x57\x60\xdd\xc6\xa4\x97\xc9\xe8\x4d\x7e\x85\xa8\xc5\xdb\x0d\xf2\x22\x29\x6a\x3a\xa3\x62\x40\xa7\xb7\x6b\x9d\xbf\xb2\x49\x64\x77\xa9\x71\x6d\x80\x05\x00\x52\xce\x3a\x47\x36\xfb\xcf\xff\x5e\xe6\x34\x22\x52\x8b\xe6\xb0\xa4\x78\xec\xc7\x80\x3e\x22\x7f\x88\x0e\x4f\xd0\x7d\xc6\xde\x88\x48\x5a\x39\x81\xe0\x91\x70\xf8\x91\x84\xcf\x62\x97\x04\x9c\xc3\x01\x75\x51\x9f\x73\x09\x43\x4b\x96\xbc\x1b\x09\x6e\x05\xff\x02\x87\xca\x29\x92\x96\x24\xe1\xc6\xf4\x27\x0e\x89\xe9\xbc\x1b\x4c\x27\x82\xf5\x8b\x9a\x36\x0a\x00\x81\x45\xd8\x08\x33\x70\x08\x6a\x13\x14\xc9\x2a\x61\x03\xb2\x06\xb6\xcd\x0f\x6e\x63\x41\x6b\x35\xe7\x53\xb7\x09\xa6\x3a\x9a\x41\xd6\x13\xcb\x99\x7e\x55\xa6\x3f\xbf\xf2\x8c\x05\x73\xba\x2b\x64\xbf\xbc\xb0\xec\x3d\xfc\x5c\x9d\xd1\x34\xf0\xf2\xeb\x51\x15\x1e\xb2\x83\x10\xe3\xdd\x7f\x8a\xe8\x16\xf8\x66\x95\x90\x8a\xc6\xdf\x04\x80\x4e\x01\xf5\x3e\x40\x2b\xcc\x44\x5e\x17\x0c\xf2\x61\x0e\x1e\x32\xd0\x2f\x9e\x0d\x81\x49\x98\x76\xc1\x38\x3e\xec\x77\x81\x5b\x13\x59\x46\x2d\x8f\x4f\x50\x08\xaf\x8b\xb6\x1a\xe3\x58\xd8\x3c\x07\x54\xb5\x2d\x3c\xeb\x9b\x22\xc0\xa1\xb3\x5a\xfd\x92\x1e\x00\xc1\xd0\x6c\xf5\x4f\x88\x2e\x14\x5b\xd6\x08\x45\x1c\xe8\xda\x2c\x80\x81\xe2\x7e\x9c\x8d\x08\x6b\x80\x97\xd4\xf7\x7f\x1c\x33\xf5\x02\x4e\xd7\xd8\x78\xc1\x29\xe5\x34\x05\x6b\x89\xea\x2d\x14\xbd\x70\xd0\xca\x78\x9c\x7e\x29\xcc\xd3\xd2\x7a\xf1\xc6\x05\x8e\x26\x6c\x29\xe2\xfc\xd6\xf0\x4b\xa5\xa3\xd9\xe2\xc1\x16\xf0\x4c\x40\x73\x37\x96\xa1\xfe\x1c\x01\xa0\x4f\x06\x22\x2c\xce\x35\x90\x01\x53\x1b\x1c\x8f\x61\x3d\x45\x20\x83\xde\xe5\x08\x86\x01\x7a\xca\x82\x21\xa9\xa3\x06\x6e\x77\x68\x7b\x3f\xbe\xb0\xe4\x61\x92\x1f\x29\x21\xba\xf1\xa6\x69\x3e\xf0\x37\xa1\xd8\x56\x5a\x18\x04\x1b\x31\xc2\x66\xfb\x22\x5d\xd1\x74\x84\x8a\x84\x9f\xd1\x8e\x4b\x4b\xfd\x97\x23\x15\xd9\xf6\xff\x65\x29\x4f\x83\x74\xe7\x4f\x8d\x48\xbc\x17\xb6\xbe\xff\x62\xc1\x01\x2b\x5b\x04\x7f\x85\xea\x95\x6f\x50\xe1\x84\xa2\x95\xd1\xb1\x3e\x02\xb8\xe3\x5e\xa2\x4a\x1c\x80\x3a\xb1\x3a\x2a\x32\x85\xdd\xc0\xc3\x58\xd3\x01\x36\x2f\x70\x26\x7e\x7c\x6f\xd8\x25\x25\x24\xbe\x99\x3c\x0b\x61\x3c\x88\x05\x82\xf2\x85\x5f\x66\xa5\x17\xaf\x4d\xf5\x4e\xfa\x63\x58\x1f\xdb\xf3\x2b\x21\x0a\x21\x37\x55\x32\x3c\xab\x26\xdb\xc9\x1d\x85\x03\xac\x84\x2f\xa7\xca\x11\xec\x4d\xc0\xb0\x17\x1a\x3b\x7d\xc5\x1e\xd7\x63\xa7\x34\x82\x4d\x15\xfe\xb4\xa8\x0d\x6b\xfa\xf8\xf7\xd2\xfc\x82\x9b\xfe\x8d\x0b\x4b\x1b\xb4\x28\xcd\xa0\xe9\x6e\x11\x7c\x87\xa3\x81\x60\x83\x7c\xd2\x31\x56\xaf\x49\x8e\x00\x60\x31\x91\x61\x7e\xcc\x06\xa9\xa1\x6e\xb9\x33\xf2\x21\x5e\x8a\x86\xf2\xfe\x3f\x62\x9c\xa1\xd1\x45\x61\x5d\xa9\x57\xbb\xa3\xe1\xdf\x17\x9a\x07\xab\xc4\x88\x9d\x95\x61\x8f\x14\x5a\xca\x14\xe0\xd8\x85\x5f\x60\xff\xa5\x73\x34\x89\xb7\x12\xf0\x54\x42\xc0\xfd\xd2\x63\xea\xa0\x6e\xfa\x9e\x81\xcf\x2e\xb2\x98\x29\xb8\x82\x69\xc6\x53\xaa\x89\xeb\x93\x5a\x6b\x98\xe6\x5e\x46\xc6\x23\xfe\x8d\xe2\x1c\x25\x07\x66\x06\x05\x29\x15\xdc\x7d\xc9\x8e\xbc\xe6\xa7\x55\xae\x43\xb5\x57\x46\x00\x73\xd9\x4c\x8a\x44\xf6\xb6\xf6\x3a\x8a\x86\x6c\xdb\x47\x59\x15\xf4\xab\x00\xe5\xc5\x07\x2c\x1a\xe6\x10\xa8\x00\xea\x8f\xa8\x14\x7c\x96\x68\x6c\x30\x77\xcd\xfe\x0d\x9c\x77\x05\x84\xf2\x17\xfa\xc4\x7e\x64\xe5\x17\x4b\x9e\xb0\xc6\x8c\xa1\x47\xc2\x33\xde\xc2\x5c\xc2\x42\xe8\xe4\x3e\xe7\x39\x4c\x78\x76\xd2\x5e\x04\x0f\xfe\x89\xac\x1f\x6b\x2a\xa2\x40\xb6\x66\x8f\xfc\x89\x83\xfb\x86\x24\xe6\x0b\x3c\xb9\x91\x1f\xc8\x24\x0d\x9d\x8c\xe3\x50\xa8\x92\x45\x42\x04\x96\xae\x75\x76\xe1\x4b\x57\x72\x7a\x52\xe5\x55\xc9\xc8\x8d\xdd\x5c\x53\xca\x3f\xde\xe8\x83\x41\x46\x4e\x83\xdc\x59\xae\x9d\x6e\x17\xf5\xf2\xf7\x63\xa3\x8c\x93\x7e\x32\x53\x32\xea\xc2\x56\x31\xcf\x83\x15\x0a\xfa\x67\x7a\x72\x61\x1e\x7f\xc1\x45\x1b\x3e\x5f\x4d\xcd\xdd\x40\x2c\xb3\x22\xfd\x12\x0d\x9d\x56\x83\x9c\x01\x5e\xbe\x47\xc4\x19\xc5\x53\xff\x0d\xed\x43\xd0\x30\xca\x1d\x10\xb3\xb3\x83\xe6\xc3\xcf\x34\x86\x02\x61\x8a\x56\xca\x51\xf7\x75\x72\x1b\xd3\x55\x71\x0b\x7a\x99\x5a\x13\x93\x1d\xc0\x82\x35\x58\x87\x99\x86\xae\x4c\xe8\x50\xcc\xc3\x73\x1e\x78\x22\x83\x96\x66\x66\x5a\xfc\x00\xa8\x73\xc5\x6c\xa9\xcf\x79\xc6\xd6\x00\xe9\x07\xe1\x50\xb4\x06\x83\xb5\x67\xda\x9c\x1c\xa5\x96\xfc\x02\x4a\xbb\x5e\xea\xf0\x1c\x67\xe0\x83\x75\xff\x15\xc4\x32\xad\xf6\xa4\x37\xd9\x67\xdd\xf1\xbb\xfc\x6c\xcf\x9c\xe7\xc2\x02\x1b\x15\x2c\xd4\xba\x7e\xca\x0e\x67\xcf\x12\x97\x15\x1a\xea\x04\xd9\xea\x9d\xc2\xbf\x84\x44\x13\x3f\x43\x66\xbf\x36\x0e\xe5\x22\x40\x88\xb1\x94\x5b\x5e\x5d\x6d\xe3\x86\x9f\x59\xb1\xac\x7c\xc3\x35\x35\xb1\x57\x6b\xe8\xfd\x7d\xe9\xf2\xca\x5a\x3c\x0e\xb2\x61\xcc\x18\x6b\x6b\x68\x28\x55\x47\xb2\x82\x42\x88\xdf\x77\xfd\x45\x6a\xb5\x2f\x6e\xa4\x8d\xa9\x48\x19\x3a\x42\x40\xa3\x1d\x3a\x7a\xa4\xe6\x7b\xe5\xf2\xa1\x53\xa0\x18\xd3\x2c\xc0\x11\x96\x2b\xb6\x82\xda\xb5\xd3\x43\x7e\x90\x34\x2c\x24\x36\xe5\x40\x91\x38\x82\x26\xf5\xc7\x68\x53\x5e\x02\x75\xeb\xac\x26\xab\x19\xd0\x0e\x90\x38\x55\x10\xa8\x4c\x7a\x72\x6f\x91\xba\xae\xc1\x11\x8a\x74\xe6\x51\x91\x4d\x99\xe3\xe5\x09\x32\x2f\x51\xd0\x95\xb8\x94\xc2\x09\x23\xd0\xfa\x98\xe4\x2c\x4e\xc6\x77\xd0\x95\x00\x8b\x59\x53\xf6\xba\x61\x53\x7a\xba\xe5\x43\xde\x69\xef\xca\x30\xe4\x5d\x7b\xc9\x3c\xaa\x20\x2c\xc8\xf6\x6e\x57\xca\xbd\x54\x9e\xf1\x09\x2f\x79\x6b\x4a\x35\x73\xbe\xf4\x41\x09\x48\x44\xb2\x3a\x3d\x86\xbd\x14\x90\x9b\x84\x1a\xea\x10\x82\x19\xd5\xea\x4a\x49\xc8\xa9\x9e\xaf\xc5\x07\x61\x3c\x1e\x37\xae\xa3\x15\xba\x89\x4f\xec\xc1\xef\x28\x09\x21\x3e\x42\xb1\x37\x48\x58\xcb\x4d\x77\x68\x46\x58\xcf\x41\x4a\xda\x5e\x76\x0f\x4a\xc8\x3b\xc9\x35\x7e\xf1\x45\xa3\xe9\x2d\x7c\x55\x7c\x5d\x94\x40\x24\x65\x9a\xfd\x6c\xaf\x01\xb2\x96\x0c\x6c\x4a\xb1\x47\xc0\xd8\x19\x75\x4b\xe8\x00\x66\xd1\x41\x92\xa4\x79\xc7\xdc\xea\xd0\x4d\x3f\xa1\xe6\x62\x48\xcf\x29\x27\x39\x31\x24\x2d\x12\xf2\xb0\x8c\x71\xe8\x2f\x52\x86\xba\xb6\x76\x7c\x3e\x89\xa3\x6f\x27\x04\x5e\xcc\xf6\xe1\xcf\x3a\xbb\xbd\x9b\x1a\x26\x3d\xa7\xc0\xc0\x10\xfc\x10\xaf\xfc\x50\x32\xd4\x71\x23\xe1\xe1\x14\x6b\x38\xcb\xff\x01\xd4\x78\x56\x36\x04\x99\x26\x6c\xb5\x64\x59\x01\xe2\xed\x04\x9f\x45\xb2\x4e\x79\x3e\xf0\x08\x5f\x0e\x50\x40\xff\x2e\xbc\xb1\xd8\xd7\x01\x96\xd3\xde\x63\x14\xea\xe7\xf4\xf3\xe5\x26\x2c\x67\x67\x41\x59\xc1\xde\x4a\x08\x61\xaa\xd8\x14\x3b\xd5\x9f\xb3\xc8\x87\xc3\x84\x0b\x1c\x12\xc7\x42\xf1\xfa\xd2\x4c\xd9\xac\x7f\xea\x0f\xba\x87\x1c\x1e\xbc\x62\x8b\x34\xd9\x60\x43\x88\x5a\xe8\x26\x42\xda\x04\xd8\x7d\xca\xb5\x9b\xc8\xdd\x87\x65\x87\x11\xf6\x35\xbd\x66\xf4\x25\x4f\x83\xa4\x5d\x5b\xc7\x5e\x31\xfb\x60\xe9\xd6\xa5\xe6\xfb\x8b\x66\x86\x4c\xc3\x0b\x39\x11\xab\x9f\x87\xa5\x9c\xad\x38\xf0\xcc\x91\xb9\x20\x37\xbf\x1e\xa6\x42\x34\xe1\x3f\xc7\xc4\x50\x4c\xf0\x30\x0f\x1a\x0d\xeb\x39\xe6\x30\xc7\x10\xda\x48\x85\x5d\x8c\x45\x1d\x72\x6c\xc4\xc6\xe4\x43\x02\x11\x81\x8a\xaf\x9d\xca\xd5\x71\xb8\xb8\x9c\x4e\x94\x44\xae\xba\xa6\x9b\x97\x68\x9a\x5c\xa6\x70\xf8\xfa\x5e\xea\x13\x2c\x12\x1c\xc1\xef\xd2\x76\xf5\xa0\xb0\x2b\x96\x12\xbd\xc9\x9c\x99\xbc\xc6\x3b\x37\xcb\x86\x62\xcc\xaf\x7c\x80\x28\xeb\x67\x3a\x5f\x4f\x5b\xee\xff\x2c\xa9\x0d\x7a\xfa\xa1\xc6\xab\x6e\xe2\x23\x85\xae\xf9\x80\xd6\xa0\xf4\x54\x49\x86\xfb\x99\xbf\xe4\x10\x23\xb2\x20\x19\x89\x6f\x87\x7a\xae\xe7\x5e\xec\x90\xba\xe1\x0d\x43\xda\xb3\x36\xbb\xe5\x21\x5d\x05\x78\xf0\xd5\xc2\x94\xf0\xfa\x3f\xa1\x6a\xcf\xa9\xb8\x69\xaa\xf7\x9b\x6e\x7e\xf8\xc3\x8b\x9a\x9a\x2c\xfe\x0a\x02\x3e\xf3\x11\xca\xfd\xae\x30\x31\xc8\x2c\x97\x51\x81\x33\x27\x5d\x81\xf8\xfa\x5d\x7e\x4c\x42\xcb\xdf\xcd\xec\xff\x1b\x2b\xf2\x91\x22\x3d\xcd\x30\x75\x0a\x56\xa8\x12\x82\x4a\x5d\xd1\x00\x58\x5f\x1f\xf5\x22\x84\x84\xde\xc4\xbb\x50\x0e\xfd\xb0\x51\x82\xc0\x85\x75\x1a\xce\x19\x84\x4f\xeb\x55\x96\x6b\xaa\x3e\xd4\x76\xbc\xcc\xcb\x50\x9b\x0a\x05\x03\xad\x20\x2f\xab\x29\x67\x38\x8a\xf0\x78\xa7\xa0\x34\x08\xcd\x99\x90\xa3\x6a\x4d\xa1\xca\xff\xc9\x81\xb4\xe1\xfa\xeb\xca\x9f\x33\x76\x8f\x67\x3a\x16\x63\x76\xaa\x4a\x64\x4e\x9f\xc2\x5e\x41\xe0\x8f\xfa\x08\xa5\x5e\x3d\xbc\x4d\xcf\xf9\xe8\x4c\xcf\xb0\xf2\x27\xf3\xe7\x61\x40\xb6\xb9\x55\x77\xec\x7a\x37\xfe\x1c\x3f\x30\x6a\xe6\xa9\x87\x57\x60\xb3\xca\x15\x11\x42\x99\xcc\x0b\xaa\xc7\x66\xad\xe9\x30\x2a\x9d\xfe\x47\xcc\x99\x0d\x36\xbf\x04\xc2\x83\xc6\xe3\xa2\x2d\x7c\xaf\x75\xc8\xff\x75\xd6\x6a\xa7\xed\x34\xf5\x2f\xe8\x44\x69\xe8\x0b\x49\x54\xd7\x4d\x2c\x7c\x20\x14\xec\x97\x17\xb0\x73\x4b\x70\x58\x89\x81\x63\x56\xa6\xe2\xea\x80\x29\xfb\x59\xc0\x0f\x7e\x51\x8b\x14\x65\xde\x12\x8f\x6a\xc9\x66\xbb\xa6\x98\xbe\xb0\xcc\x35\xae\x7b\x7c\x41\x6a\x42\xce\x3e\xf5\xe6\x43\x54\xe5\x34\xca\xee\x98\x4d\xb5\xdb\x34\x0a\x4b\x86\x97\x3f\x0f\xcd\xc6\x80\xbb\xe8\x2d\xfa\x4f\x5b\x2b\x20\x4d\xd3\x15\xa5\x31\x0b\xdd\x34\x0c\x26\x6d\x32\x52\xc5\xe5\x7e\x8b\x87\x5c\x63\xdd\x45\xbc\x0f\xc3\xb2\xb9\xd6\xc5\x8d\x58\x60\x39\x3e\xa1\x91\x9d\x8f\x6c\xfd\x1d\xd9\x5d\xa5\x11\x21\x4f\x68\x4c\xb6\x5f\x55\x92\x22\x21\x69\x82\xba\xe0\x03\xc8\x7b\x12\x4a\x61\xce\xe2\x0e\x0d\xa6\x17\x5b\x59\x06\x15\x7f\x52\x65\x51\x92\xaa\x17\xb8\x52\xbf\xc4\x82\xf9\x34\xc4\x96\xdd\xc2\xa7\xa5\xab\x4d\x24\x45\xa8\x59\xcd\x46\x15\x47\xcb\xb0\x98\x4f\x68\xec\x57\x9e\x84\xfa\x07\xa1\xbf\xb8\xad\x07\x99\xff\xd5\x5f\x98\xab\xce\xba\xff\xc2\x6d\x8b\x20\x9a\xf5\xc4\x94\x42\x99\x99\xfa\xdc\x21\x1d\xe1\x52\x69\x36\x0c\x84\x20\x55\xf5\xf0\x81\x42\x49\xdd\x1b\x97\xe6\x5c\xcf\x97\xf4\x7e\x9b\x3e\x7c\x11\xf3\x23\x82\xa5\x11\x6d\xd2\x41\x49\xdb\x66\x28\xe2\xa2\x54\xfc\x38\x5c\x70\x98\x3d\xfe\xf3\x15\xb4\x9d\xc2\xad\xc3\x30\x14\x0c\xf1\x45\x48\x9e\x8e\x71\x68\x4c\x4c\xd9\x78\xda\xe8\xfa\xe6\x8c\xeb\x64\xc1\xcc\x11\xbb\x13\xd7\xe1\xb5\x48\x5f\x6a\x1e\xaf\x58\x34\x2a\x76\xc1\x41\xe2\xc3\x93\x3e\x6c\x3e\xed\xa4\x18\xdb\x11\x4b\x6d\xcf\x65\xa4\x91\xc6\x35\x7f\x9d\xfc\x5d\x80\x62\xc8\x2b\x07\xad\x86\x17\x10\x42\xab\xd8\x8d\x96\x07\xcd\x71\x24\x06\x66\x0e\x9c\x21\x6e\x9e\xe8\x36\x7e\xf8\xd2\x5c\x3d\x80\x9a\x5d\x4d\xe5\xd4\xcf\x90\x96\x53\x4b\x08\x9e\x3f\xcd\xc1\x34\x29\xb5\x2a\xde\xd9\x38\x7f\xd1\x61\x46\x14\xde\xa2\xd4\xed\x01\x37\x6e\xba\xfc\x2e\xbb\x0c\x34\x87\x2f\xfe\x57\x18\x63\x4e\x2a\xdd\xa4\x64\xe7\x7f\xaa\xc4\x70\x88\xcd\x9c\x3c\x30\x83\x7f\xd3\x08\x32\x75\xe8\x5f\x82\x2d\x1b\xc5\x1b\x3e\xc9\xf8\x44\x23\xdd\x81\xf2\x0a\x84\x0e\x0c\x35\xb8\xa7\x39\x8f\xff\x0b\x4e\xdf\xe8\x58\x31\x01", 4096); *(uint32_t*)0x20006544 = 0x1000; *(uint32_t*)0x20006548 = 4; memcpy((void*)0x20006640, "autocell", 8); *(uint8_t*)0x20006648 = 0x2c; memcpy((void*)0x20006649, "flock=write", 11); *(uint8_t*)0x20006654 = 0x2c; memcpy((void*)0x20006655, "flock=write", 11); *(uint8_t*)0x20006660 = 0x2c; memcpy((void*)0x20006661, "dyn", 3); *(uint8_t*)0x20006664 = 0x2c; memcpy((void*)0x20006665, "appraise", 8); *(uint8_t*)0x2000666d = 0x2c; memcpy((void*)0x2000666e, "euid<", 5); sprintf((char*)0x20006673, "%020llu", (long long)r[20]); *(uint8_t*)0x20006687 = 0x2c; memcpy((void*)0x20006688, "fsuuid", 6); *(uint8_t*)0x2000668e = 0x3d; *(uint8_t*)0x2000668f = 0x36; *(uint8_t*)0x20006690 = 0x63; *(uint8_t*)0x20006691 = 0x33; *(uint8_t*)0x20006692 = 0x63; *(uint8_t*)0x20006693 = 0x66; *(uint8_t*)0x20006694 = 0x39; *(uint8_t*)0x20006695 = 0x38; *(uint8_t*)0x20006696 = 0x62; *(uint8_t*)0x20006697 = 0x2d; *(uint8_t*)0x20006698 = 0x63; *(uint8_t*)0x20006699 = 0x38; *(uint8_t*)0x2000669a = 0x62; *(uint8_t*)0x2000669b = 0x33; *(uint8_t*)0x2000669c = 0x2d; *(uint8_t*)0x2000669d = 0x61; *(uint8_t*)0x2000669e = 0x33; *(uint8_t*)0x2000669f = 0; *(uint8_t*)0x200066a0 = 0x30; *(uint8_t*)0x200066a1 = 0x2d; *(uint8_t*)0x200066a2 = 0x61; *(uint8_t*)0x200066a3 = 0x34; *(uint8_t*)0x200066a4 = 0x63; *(uint8_t*)0x200066a5 = 0x37; *(uint8_t*)0x200066a6 = 0x2d; *(uint8_t*)0x200066a7 = 0x37; *(uint8_t*)0x200066a8 = 0x36; *(uint8_t*)0x200066a9 = 0x31; *(uint8_t*)0x200066aa = 0x63; *(uint8_t*)0x200066ab = 0x39; *(uint8_t*)0x200066ac = 0x64; *(uint8_t*)0x200066ad = 0x61; *(uint8_t*)0x200066ae = 0x34; *(uint8_t*)0x200066af = 0x2c; *(uint8_t*)0x200066b0 = 0; syz_mount_image(0x200054c0, 0x20005500, 0x80000001, 1, 0x20006540, 0x40000, 0x20006640); break; case 39: memcpy((void*)0x200066c0, "/dev/i2c-#\000", 11); syz_open_dev(0x200066c0, 0xb6f4, 0x400202); break; case 40: memcpy((void*)0x20006700, "mounts\000", 7); syz_open_procfs(r[6], 0x20006700); break; case 41: syz_open_pts(-1, 0x13022679); break; case 42: *(uint32_t*)0x200067c0 = 0x20006740; memcpy((void*)0x20006740, "\xdb\x5a\x07\x9d\xd4\x30\x62\xf6\x98\x5b\x51\x4a\xd6\xb7\xac\x65\x29\x50\xf7\xe5\x31\x7a\x81\xed\x92\x43\x86\xc1\x08\x3a\x75\xb7\xe2\x67\x59\x67\xac\xdc\x58\x64\x42\x41\xb6\xde\x98\x1b\xa6\x5e\x75\x81\x6e\x07\x8f\x21\x21\x2c\xb8\x62\xa3\x39\x34\xc9\xb4\x72\x9a\x72\x21\x51\xfd\x15\x36\x1d\x77\x1e\x0c\x59\xe4\xb2\xa7\xb4\xae\x5a\xd6\xd4\x5a\x6b\xb5\x1f\xa6\xd0", 90); *(uint32_t*)0x200067c4 = 0x5a; *(uint32_t*)0x200067c8 = 0x10001; syz_read_part_table(1, 1, 0x200067c0); break; case 43: *(uint8_t*)0x20006800 = 0x12; *(uint8_t*)0x20006801 = 1; *(uint16_t*)0x20006802 = 0x201; *(uint8_t*)0x20006804 = 0x73; *(uint8_t*)0x20006805 = 0x54; *(uint8_t*)0x20006806 = 0x2d; *(uint8_t*)0x20006807 = 0x40; *(uint16_t*)0x20006808 = 0x572; *(uint16_t*)0x2000680a = 0x1324; *(uint16_t*)0x2000680c = 0x84d3; *(uint8_t*)0x2000680e = 1; *(uint8_t*)0x2000680f = 2; *(uint8_t*)0x20006810 = 3; *(uint8_t*)0x20006811 = 1; *(uint8_t*)0x20006812 = 9; *(uint8_t*)0x20006813 = 2; *(uint16_t*)0x20006814 = 0xdff; *(uint8_t*)0x20006816 = 4; *(uint8_t*)0x20006817 = 0; *(uint8_t*)0x20006818 = 4; *(uint8_t*)0x20006819 = 0x20; *(uint8_t*)0x2000681a = 5; *(uint8_t*)0x2000681b = 9; *(uint8_t*)0x2000681c = 4; *(uint8_t*)0x2000681d = 0x21; *(uint8_t*)0x2000681e = 6; *(uint8_t*)0x2000681f = 0xf; *(uint8_t*)0x20006820 = 0x13; *(uint8_t*)0x20006821 = 0xd5; *(uint8_t*)0x20006822 = 0xef; *(uint8_t*)0x20006823 = -1; *(uint8_t*)0x20006824 = 0x7f; *(uint8_t*)0x20006825 = 3; memcpy((void*)0x20006826, "\xff\x04\x19\x26\x1d\x95\x19\x66\xe9\x2d\x90\x6d\x4e\x26\x34\x29\x08\xf7\xc1\x48\xa2\xd9\xb1\xb9\xfe\x29\x1a\xd2\xef\x96\x37\x25\xab\x89\x5c\x81\xd7\xbb\xf8\xf9\xd4\xda\x5a\x4f\x8e\x43\x11\xa0\xbd\xfd\xab\x97\xf5\x08\x93\x9e\x62\x47\x0e\xae\x4d\xc1\x3f\x11\x32\x4f\x9b\x80\x8e\xb9\xc0\x6c\xec\x3f\x30\xa8\x6e\xf0\xfb\x2a\xb9\x0e\x7e\x04\x40\xe8\x7f\xf5\x22\x68\x87\x9d\x8a\xe0\xc9\x1a\x67\x35\x0e\x71\xaf\x1f\xb2\xd4\x90\x8d\x78\x22\x20\x08\xe8\xb6\x71\x15\x6b\x17\x90\x6f\x6a\x1e\x05\xe0\x2b\x6b\x37", 125); *(uint8_t*)0x200068a3 = 5; *(uint8_t*)0x200068a4 = 0x24; *(uint8_t*)0x200068a5 = 6; *(uint8_t*)0x200068a6 = 0; *(uint8_t*)0x200068a7 = 0; *(uint8_t*)0x200068a8 = 5; *(uint8_t*)0x200068a9 = 0x24; *(uint8_t*)0x200068aa = 0; *(uint16_t*)0x200068ab = 7; *(uint8_t*)0x200068ad = 0xd; *(uint8_t*)0x200068ae = 0x24; *(uint8_t*)0x200068af = 0xf; *(uint8_t*)0x200068b0 = 1; *(uint32_t*)0x200068b1 = 3; *(uint16_t*)0x200068b5 = 0; *(uint16_t*)0x200068b7 = 3; *(uint8_t*)0x200068b9 = 0x6a; *(uint8_t*)0x200068ba = 0xc0; *(uint8_t*)0x200068bb = 0x24; *(uint8_t*)0x200068bc = 0x13; *(uint8_t*)0x200068bd = 2; memcpy((void*)0x200068be, "\xf6\xe0\xbd\x71\x54\x25\x30\xd6\xc8\x82\xe5\x31\xf6\x0f\x2e\xef\xd0\x5d\x35\x63\x85\xc0\xa6\x22\xa1\x20\xa8\x16\x78\x85\x48\x55\xc2\x70\x40\x64\x5d\x6c\x24\x37\x27\x72\x10\x8a\xef\x34\xf2\xaf\x02\x26\xda\xa9\x9d\x3c\xec\xfe\x16\x8f\xc9\xfa\xe2\x8e\xd3\xbd\x29\x5c\x75\x43\x16\x6c\xe5\xf2\x52\xa2\x58\x4e\x73\xd2\x12\xd5\x87\x24\x5b\x8e\xbe\xfb\xae\x86\x93\xd8\x8f\x8f\xda\x2b\xbf\xbc\x96\x28\xa0\x8e\x7d\x81\xa1\x94\xb0\xc4\x9e\x82\xf6\xbc\x23\x01\x24\x57\x6b\x45\xb4\xcb\xc1\xd5\xc0\x2d\xcb\x3f\x94\x3d\xad\x75\xc6\xc2\xc5\x02\x3c\x1e\x67\x0f\xf6\x82\x5d\x8b\xa2\x3c\x20\x5a\x7e\xb9\xdc\x0b\xca\xc2\x8c\x35\x14\x07\x20\x78\xd2\xfa\x78\x2c\x31\x86\xd4\xb1\xed\x80\x40\xee\x1c\x76\x5b\xc2\x34\xaf\xcc\x52\xa9\x17\x22\x52\x7e\x5d\xbd\x90\x2d\xc2\x99\xd8", 188); *(uint8_t*)0x2000697a = 9; *(uint8_t*)0x2000697b = 5; *(uint8_t*)0x2000697c = 0; *(uint8_t*)0x2000697d = 0x10; *(uint16_t*)0x2000697e = 0; *(uint8_t*)0x20006980 = 2; *(uint8_t*)0x20006981 = 0x36; *(uint8_t*)0x20006982 = 0; *(uint8_t*)0x20006983 = 0x2a; *(uint8_t*)0x20006984 = 0x31; memcpy((void*)0x20006985, "\x71\xc3\xc3\xd6\x1b\xbd\x69\x65\xe0\xda\xb5\x13\xc1\x4e\x7d\x2a\x6d\x7d\x83\x46\x22\x8a\xf4\x6c\x61\x7a\x9c\x6f\x93\xe2\xc9\x23\x76\x7b\x9d\xcf\x1b\x1c\x65\x24", 40); *(uint8_t*)0x200069ad = 0x35; *(uint8_t*)0x200069ae = 8; memcpy((void*)0x200069af, "\x2e\xfa\xc1\x77\x7f\x97\xf0\x88\xcf\x4e\xa6\x90\x9a\x4a\xb8\x19\x54\x3a\x67\x8d\xbd\x61\x1b\xae\xbf\x76\x50\x0b\x0c\x10\xe0\x99\xa0\x98\x27\xed\xc9\x86\xbd\x1c\x1c\x58\xec\x92\x77\x82\x78\x78\x70\x0a\x60", 51); *(uint8_t*)0x200069e2 = 9; *(uint8_t*)0x200069e3 = 5; *(uint8_t*)0x200069e4 = 6; *(uint8_t*)0x200069e5 = 3; *(uint16_t*)0x200069e6 = 0x400; *(uint8_t*)0x200069e8 = 0x3f; *(uint8_t*)0x200069e9 = 2; *(uint8_t*)0x200069ea = 8; *(uint8_t*)0x200069eb = 2; *(uint8_t*)0x200069ec = 7; *(uint8_t*)0x200069ed = 7; *(uint8_t*)0x200069ee = 0x25; *(uint8_t*)0x200069ef = 1; *(uint8_t*)0x200069f0 = 0x81; *(uint8_t*)0x200069f1 = 0x40; *(uint16_t*)0x200069f2 = 4; *(uint8_t*)0x200069f4 = 9; *(uint8_t*)0x200069f5 = 5; *(uint8_t*)0x200069f6 = 8; *(uint8_t*)0x200069f7 = 0; *(uint16_t*)0x200069f8 = 0x400; *(uint8_t*)0x200069fa = 2; *(uint8_t*)0x200069fb = 8; *(uint8_t*)0x200069fc = 8; *(uint8_t*)0x200069fd = 9; *(uint8_t*)0x200069fe = 5; *(uint8_t*)0x200069ff = 0xe; *(uint8_t*)0x20006a00 = 1; *(uint16_t*)0x20006a01 = 0x200; *(uint8_t*)0x20006a03 = 2; *(uint8_t*)0x20006a04 = 4; *(uint8_t*)0x20006a05 = 9; *(uint8_t*)0x20006a06 = 9; *(uint8_t*)0x20006a07 = 5; *(uint8_t*)0x20006a08 = 0xc; *(uint8_t*)0x20006a09 = 0; *(uint16_t*)0x20006a0a = 0x400; *(uint8_t*)0x20006a0c = 0; *(uint8_t*)0x20006a0d = 4; *(uint8_t*)0x20006a0e = 0x20; *(uint8_t*)0x20006a0f = 7; *(uint8_t*)0x20006a10 = 0x25; *(uint8_t*)0x20006a11 = 1; *(uint8_t*)0x20006a12 = 0; *(uint8_t*)0x20006a13 = 0x7f; *(uint16_t*)0x20006a14 = 0x1ff; *(uint8_t*)0x20006a16 = 7; *(uint8_t*)0x20006a17 = 0x25; *(uint8_t*)0x20006a18 = 1; *(uint8_t*)0x20006a19 = 0x41; *(uint8_t*)0x20006a1a = 0xcb; *(uint16_t*)0x20006a1b = 0x102d; *(uint8_t*)0x20006a1d = 9; *(uint8_t*)0x20006a1e = 5; *(uint8_t*)0x20006a1f = 0xf; *(uint8_t*)0x20006a20 = 0x10; *(uint16_t*)0x20006a21 = 0x20; *(uint8_t*)0x20006a23 = 0x32; *(uint8_t*)0x20006a24 = 0; *(uint8_t*)0x20006a25 = 0; *(uint8_t*)0x20006a26 = 9; *(uint8_t*)0x20006a27 = 5; *(uint8_t*)0x20006a28 = 2; *(uint8_t*)0x20006a29 = 4; *(uint16_t*)0x20006a2a = 0x20; *(uint8_t*)0x20006a2c = 0x20; *(uint8_t*)0x20006a2d = 0x7f; *(uint8_t*)0x20006a2e = 0x7f; *(uint8_t*)0x20006a2f = 7; *(uint8_t*)0x20006a30 = 0x25; *(uint8_t*)0x20006a31 = 1; *(uint8_t*)0x20006a32 = 1; *(uint8_t*)0x20006a33 = 8; *(uint16_t*)0x20006a34 = 0x40; *(uint8_t*)0x20006a36 = 9; *(uint8_t*)0x20006a37 = 5; *(uint8_t*)0x20006a38 = 1; *(uint8_t*)0x20006a39 = 0; *(uint16_t*)0x20006a3a = 8; *(uint8_t*)0x20006a3c = 0xe0; *(uint8_t*)0x20006a3d = 0x80; *(uint8_t*)0x20006a3e = 1; *(uint8_t*)0x20006a3f = 9; *(uint8_t*)0x20006a40 = 5; *(uint8_t*)0x20006a41 = 0xd; *(uint8_t*)0x20006a42 = 0; *(uint16_t*)0x20006a43 = 0x7f7; *(uint8_t*)0x20006a45 = 8; *(uint8_t*)0x20006a46 = 4; *(uint8_t*)0x20006a47 = 0x20; *(uint8_t*)0x20006a48 = 7; *(uint8_t*)0x20006a49 = 0x25; *(uint8_t*)0x20006a4a = 1; *(uint8_t*)0x20006a4b = 2; *(uint8_t*)0x20006a4c = 6; *(uint16_t*)0x20006a4d = 3; *(uint8_t*)0x20006a4f = 0x5b; *(uint8_t*)0x20006a50 = 2; memcpy((void*)0x20006a51, "\xe2\x68\x16\x78\x8a\x1c\xc1\x88\x1a\x23\xc8\xf4\x1a\x67\xd7\x3b\xe6\xc2\x14\x67\xfa\x34\xc3\x2c\x9f\xb2\xf2\x08\xc2\x69\x29\xeb\x65\x27\x36\xf9\xd9\x1d\x3a\x85\xb6\x39\x1d\xdd\x8c\x23\xc3\x09\xf2\x0a\xa9\x6d\x84\xd4\x89\xfd\xc4\x25\xac\xea\x48\x48\x9f\xbd\x62\xf0\xf3\x65\x3d\x94\xee\x6b\x8e\x1d\xab\x83\xb1\x9e\xbc\xa6\xd7\x35\x78\x5a\xb9\xdd\x72\x4d\x66", 89); *(uint8_t*)0x20006aaa = 9; *(uint8_t*)0x20006aab = 5; *(uint8_t*)0x20006aac = 6; *(uint8_t*)0x20006aad = 2; *(uint16_t*)0x20006aae = 0x40; *(uint8_t*)0x20006ab0 = 0x80; *(uint8_t*)0x20006ab1 = 1; *(uint8_t*)0x20006ab2 = 0x1b; *(uint8_t*)0x20006ab3 = 7; *(uint8_t*)0x20006ab4 = 0x25; *(uint8_t*)0x20006ab5 = 1; *(uint8_t*)0x20006ab6 = 0; *(uint8_t*)0x20006ab7 = 7; *(uint16_t*)0x20006ab8 = 0x40; *(uint8_t*)0x20006aba = 9; *(uint8_t*)0x20006abb = 5; *(uint8_t*)0x20006abc = 9; *(uint8_t*)0x20006abd = 0x10; *(uint16_t*)0x20006abe = 8; *(uint8_t*)0x20006ac0 = 7; *(uint8_t*)0x20006ac1 = 4; *(uint8_t*)0x20006ac2 = 0x3f; *(uint8_t*)0x20006ac3 = 0xe8; *(uint8_t*)0x20006ac4 = 0xb; memcpy((void*)0x20006ac5, "\x8a\xfc\x39\xfa\xbf\x2e\x69\xef\xa6\x1b\x09\x26\x94\xe9\xe7\x01\x87\xbb\xd4\x34\x3a\x56\x66\xc1\xc2\xe1\xb5\xbe\xc1\x2b\xd1\xb1\x63\x32\x5b\x32\x04\x7e\x6f\xad\x04\x42\xc3\x70\x40\x7a\xd2\xdd\xd4\xeb\x56\x3a\x85\x40\x8b\xb4\x76\x2b\x8e\x46\xa4\x63\x43\xa9\xbf\x71\x84\x80\x5c\xd6\x0c\x0d\xa1\x01\x0d\xbd\x99\x5b\x1d\x79\x8e\x5b\x4a\x50\xa1\x0d\xc1\x1c\xd3\x95\x93\x2b\x5e\xd4\xf8\xe0\x6e\x56\x6a\x72\x6d\xe0\x3c\x04\x47\x58\x7e\x03\xd6\x55\xe7\x3c\x3e\x30\xe4\x3e\x8c\x21\x89\xd9\xf1\xfc\xbd\x1e\x3d\x45\x71\x2e\x92\x03\xad\x62\xe3\x4e\x8e\x27\x53\xc6\xf2\xd0\xfa\x95\x3d\x20\xdf\xd1\xbb\x42\x47\x9f\xc0\x33\x95\x9a\xac\x50\x43\x14\x9c\xed\xe9\x28\x6d\xce\x76\x3b\x3f\x20\xad\xaf\xee\x00\x5d\xc6\x83\x0d\xb8\x9c\xd5\x8f\x56\xa2\xf9\x7f\xb1\x0e\x0c\x37\xc0\xdd\x51\x63\xae\x61\x78\x38\x7a\x02\x84\xab\x98\x1a\x6c\xab\xcd\x05\xdb\x43\x14\x32\x63\x32\xe1\xd3\x2d\x69\xd9\xe5\x62\x4a\xc0\x86\x33\x32\x79\xb2\xdf\x93\xb7\x8c", 230); *(uint8_t*)0x20006bab = 9; *(uint8_t*)0x20006bac = 5; *(uint8_t*)0x20006bad = 2; *(uint8_t*)0x20006bae = 8; *(uint16_t*)0x20006baf = 0x3ff; *(uint8_t*)0x20006bb1 = 9; *(uint8_t*)0x20006bb2 = 4; *(uint8_t*)0x20006bb3 = 2; *(uint8_t*)0x20006bb4 = 0xf8; *(uint8_t*)0x20006bb5 = 3; memcpy((void*)0x20006bb6, "\xd2\xa3\x36\x68\x18\x43\xbe\xe6\x3f\x11\x81\xdd\xe5\x8c\xe1\x39\xc8\x7e\xb3\x9d\x3b\x1b\x13\xc8\x9f\x9c\x99\x42\x60\x3a\xbc\x8f\x40\x9b\x89\xed\xa8\xfb\x2c\x9c\x68\xe3\xce\xb4\x70\x7a\x75\x45\x08\x30\x06\x6c\xf2\x30\x91\x72\xcf\x06\x53\x0b\xe6\x25\x66\xc8\xc6\x28\x43\x6e\xde\x40\xb0\x63\x4b\x77\x58\xb6\x17\x7a\xb7\x9a\x5e\xf2\x50\x1a\x59\xd5\x80\xc5\x73\x29\x44\xb2\xf3\xbd\x51\x23\xfd\x15\x63\x5c\xfe\x84\x91\xa0\x3a\xb3\xd1\x0d\x42\x51\x80\x9a\xc6\xaf\x63\x5e\x91\x48\xf6\xc9\xb7\xe3\xb9\x3f\xd4\xbe\x33\x87\xd4\xce\x97\x08\xf9\x74\x1d\x7d\x24\x96\xf6\x06\x97\xdb\x79\x6d\x17\xbb\x9f\x55\xed\x9d\x12\xa4\xf5\x24\xc9\xae\x5d\xe2\x04\x4e\x86\x3c\x24\x37\x08\x2c\x82\xf7\x05\x03\x62\xb3\x8a\x90\xff\x56\x63\xe9\xa1\xca\x56\xd8\x99\xac\x46\x21\x20\x97\x09\x52\x83\x42\xac\x71\xba\xd0\x76\x61\xab\x43\x79\x99\xa7\x3a\x96\x72\x00\xb8\xbd\xc9\x75\xa7\x8f\x6e\xd6\xf8\xe6\xec\x81\xb6\x37\xbb\xde\x98\x53\x15\xc3\x2e\xaa\xea\x7d\xe9\x23\x25\xdf\xef\x74\x82\x22\x1b\x7a\x31\x21\x2a\x96\xcd", 246); *(uint8_t*)0x20006cac = 7; *(uint8_t*)0x20006cad = 0x25; *(uint8_t*)0x20006cae = 1; *(uint8_t*)0x20006caf = 0x81; *(uint8_t*)0x20006cb0 = 0x82; *(uint16_t*)0x20006cb1 = 0x7ff; *(uint8_t*)0x20006cb3 = 9; *(uint8_t*)0x20006cb4 = 5; *(uint8_t*)0x20006cb5 = 5; *(uint8_t*)0x20006cb6 = 2; *(uint16_t*)0x20006cb7 = 0x3ff; *(uint8_t*)0x20006cb9 = 0xe4; *(uint8_t*)0x20006cba = 0; *(uint8_t*)0x20006cbb = 1; *(uint8_t*)0x20006cbc = 0xab; *(uint8_t*)0x20006cbd = 9; memcpy((void*)0x20006cbe, "\xc6\xfe\x27\x36\x94\xb4\x05\x2a\x22\x09\x9e\x80\xc6\x7e\x2e\xb2\x7f\xde\xed\x48\xb1\x52\x75\x46\xe3\xa7\x40\x7a\xfc\x77\xae\x43\xbd\x82\x4d\x2f\xfd\x79\xec\x4a\x23\x13\xe6\xde\xcb\x22\x1d\x29\x55\x42\x04\x6d\x0e\x03\x11\xc0\xc0\x2e\x9f\x09\x73\xd4\x9f\x0b\x1b\xd4\x9d\xa2\x3a\xf4\xc4\x14\x49\xe8\xfd\x00\x5d\xde\xac\x5c\xb8\xc7\x3c\x95\x1a\x76\x62\x6e\xe8\x86\x0e\x18\xc8\x5c\xef\x48\xbb\x8b\x33\x50\x6f\x1a\x4f\x6b\xa4\x21\x21\x1b\xd0\x4f\x96\xdd\x24\x63\x65\x5b\x6e\xd4\x20\x6b\xcc\x04\x9e\xbc\x67\xa5\xa0\xac\xbf\xd5\xeb\x77\x05\x5f\x23\x2b\xdc\x5c\x33\xa9\x2f\xd8\x0e\xbb\xd2\xda\xd6\x7c\x47\x0a\x1e\xe4\x01\x28\x0c\x84\xbc\x45\xa2\x25\xab\xf7\xd7\xb7\xa8\xc4\xfd\xd7\x7c", 169); *(uint8_t*)0x20006d67 = 0x99; *(uint8_t*)0x20006d68 = 0x23; memcpy((void*)0x20006d69, "\x6a\xd2\x4c\x93\xae\x66\xaf\xc2\x43\xc8\x2a\x20\x22\x88\x5c\x51\x54\x35\xd3\xa6\xa8\xd0\xef\x67\x86\x6f\x48\x82\x4a\xae\x8e\x31\xc1\x3f\x45\x0c\xf1\x04\x77\xc7\xad\xd8\x14\xe0\xa2\x0d\x36\x90\xe3\x4f\x87\x60\xb7\x87\x53\x57\x60\x1e\x82\x07\x3a\x7a\x84\xd0\xf4\xb1\xe6\x4b\x33\x27\x6f\x3b\xbb\xce\x50\x4b\xdd\x2f\x2b\x38\xc1\x83\x77\x70\x87\x6e\xd0\x36\x7d\xbb\x28\x0f\xc1\x08\xa3\x8f\x3b\x1a\x38\x69\xcf\x03\x88\x71\xf5\xac\xd4\xe8\xde\xc2\xec\x99\xbf\xef\x6e\x25\x96\xdf\x56\x7f\xac\x26\xf3\x17\x37\x92\xc2\x0b\x5d\x1f\xe6\x71\x5e\xb4\xa9\xd9\x64\xaf\x6f\xcc\x73\x1d\x4a\xc6\xbe\x25\xd3\x21\x7f\x7d\x87", 151); *(uint8_t*)0x20006e00 = 9; *(uint8_t*)0x20006e01 = 5; *(uint8_t*)0x20006e02 = 0xd; *(uint8_t*)0x20006e03 = 0xc; *(uint16_t*)0x20006e04 = 0x200; *(uint8_t*)0x20006e06 = 0x3f; *(uint8_t*)0x20006e07 = 8; *(uint8_t*)0x20006e08 = 1; *(uint8_t*)0x20006e09 = 9; *(uint8_t*)0x20006e0a = 5; *(uint8_t*)0x20006e0b = 6; *(uint8_t*)0x20006e0c = 0; *(uint16_t*)0x20006e0d = 0x1df; *(uint8_t*)0x20006e0f = 4; *(uint8_t*)0x20006e10 = 0x3f; *(uint8_t*)0x20006e11 = 0xc5; *(uint8_t*)0x20006e12 = 7; *(uint8_t*)0x20006e13 = 0x25; *(uint8_t*)0x20006e14 = 1; *(uint8_t*)0x20006e15 = 0x80; *(uint8_t*)0x20006e16 = 1; *(uint16_t*)0x20006e17 = 0; *(uint8_t*)0x20006e19 = 9; *(uint8_t*)0x20006e1a = 4; *(uint8_t*)0x20006e1b = 0xb1; *(uint8_t*)0x20006e1c = -1; *(uint8_t*)0x20006e1d = 4; *(uint8_t*)0x20006e1e = 0xb0; *(uint8_t*)0x20006e1f = 0x15; *(uint8_t*)0x20006e20 = 0x7a; *(uint8_t*)0x20006e21 = 0xa9; *(uint8_t*)0x20006e22 = 7; *(uint8_t*)0x20006e23 = 0x24; *(uint8_t*)0x20006e24 = 6; *(uint8_t*)0x20006e25 = 0; *(uint8_t*)0x20006e26 = 0; memcpy((void*)0x20006e27, "\x25\x02", 2); *(uint8_t*)0x20006e29 = 5; *(uint8_t*)0x20006e2a = 0x24; *(uint8_t*)0x20006e2b = 0; *(uint16_t*)0x20006e2c = 0x96; *(uint8_t*)0x20006e2e = 0xd; *(uint8_t*)0x20006e2f = 0x24; *(uint8_t*)0x20006e30 = 0xf; *(uint8_t*)0x20006e31 = 1; *(uint32_t*)0x20006e32 = 0; *(uint16_t*)0x20006e36 = 1; *(uint16_t*)0x20006e38 = 7; *(uint8_t*)0x20006e3a = 1; *(uint8_t*)0x20006e3b = 7; *(uint8_t*)0x20006e3c = 0x24; *(uint8_t*)0x20006e3d = 0xa; *(uint8_t*)0x20006e3e = 0xde; *(uint8_t*)0x20006e3f = 1; *(uint8_t*)0x20006e40 = 3; *(uint8_t*)0x20006e41 = 0x84; *(uint8_t*)0x20006e42 = 5; *(uint8_t*)0x20006e43 = 0x24; *(uint8_t*)0x20006e44 = 1; *(uint8_t*)0x20006e45 = 1; *(uint8_t*)0x20006e46 = 0x20; *(uint8_t*)0x20006e47 = 7; *(uint8_t*)0x20006e48 = 0x24; *(uint8_t*)0x20006e49 = 0x14; *(uint16_t*)0x20006e4a = 8; *(uint16_t*)0x20006e4c = 6; *(uint8_t*)0x20006e4e = 4; *(uint8_t*)0x20006e4f = 0x24; *(uint8_t*)0x20006e50 = 2; *(uint8_t*)0x20006e51 = 7; *(uint8_t*)0x20006e52 = 0xa; *(uint8_t*)0x20006e53 = 0x24; *(uint8_t*)0x20006e54 = 7; *(uint8_t*)0x20006e55 = 0x20; *(uint16_t*)0x20006e56 = 0xd57a; *(uint16_t*)0x20006e58 = 0x3ff; *(uint16_t*)0x20006e5a = 7; *(uint8_t*)0x20006e5c = 7; *(uint8_t*)0x20006e5d = 0x24; *(uint8_t*)0x20006e5e = 0xa; *(uint8_t*)0x20006e5f = 0x80; *(uint8_t*)0x20006e60 = 0; *(uint8_t*)0x20006e61 = 0xfc; *(uint8_t*)0x20006e62 = 6; *(uint8_t*)0x20006e63 = 9; *(uint8_t*)0x20006e64 = 5; *(uint8_t*)0x20006e65 = 0xc; *(uint8_t*)0x20006e66 = 0x10; *(uint16_t*)0x20006e67 = 0x400; *(uint8_t*)0x20006e69 = 0x80; *(uint8_t*)0x20006e6a = 0x3f; *(uint8_t*)0x20006e6b = 0; *(uint8_t*)0x20006e6c = 0xc0; *(uint8_t*)0x20006e6d = 0x23; memcpy((void*)0x20006e6e, "\x2f\xa6\x21\x6f\xa5\xb3\x4b\x3c\x34\x7a\x90\xd7\xc0\x9d\xee\x9e\x3b\xad\x4c\xef\xe7\xc1\x78\xd4\xc2\x48\xc1\x75\xd6\xe2\x65\xf0\xf1\x5b\x5d\xb2\xf1\xef\xac\xfb\xb4\x75\x80\x01\xa8\x95\xf8\x29\x6a\x82\xcc\x24\x3a\x7a\x71\xe6\xcf\xa5\x9d\x27\xd6\xba\x04\x08\x6b\x13\x18\xf3\x99\x7a\xee\x66\x3f\xb0\xb1\x88\xa9\x5e\x85\x05\xf2\x75\x8d\x8b\x43\xe5\x4d\xce\x1e\x61\x31\xac\x08\xc8\xf2\x9e\x40\xfd\xf1\x8b\xbc\xb5\x70\x4b\x23\x47\x1e\x1f\xa2\xbb\xa7\x64\x58\x1c\xe7\xdc\x0a\x1f\x88\x0b\x6a\xa4\xe3\x93\x0f\x95\x24\xba\xf7\xf5\x0f\x7c\xb5\x8d\xdb\xd7\xb0\x65\xbe\x27\x02\x27\xb4\x7e\x34\xa8\x27\xa2\xf0\x9e\x87\x65\x2c\x3b\x09\x33\x94\x5d\x95\xbc\xdc\x06\x2e\x78\x95\x3c\x6f\xef\x78\x19\x97\x36\xf6\x24\x70\xac\x62\x41\x40\xad\x40\x3c\x6f\x78\x8d\x52\xe1\x0e\x11\x03", 190); *(uint8_t*)0x20006f2c = 9; *(uint8_t*)0x20006f2d = 5; *(uint8_t*)0x20006f2e = 5; *(uint8_t*)0x20006f2f = 0; *(uint16_t*)0x20006f30 = 0x20; *(uint8_t*)0x20006f32 = 0x3f; *(uint8_t*)0x20006f33 = 0x7f; *(uint8_t*)0x20006f34 = 2; *(uint8_t*)0x20006f35 = 0x1a; *(uint8_t*)0x20006f36 = 0xc; memcpy((void*)0x20006f37, "\x1c\x2b\x9b\xf9\x18\x36\xba\x9e\x59\x50\x27\x9a\xa4\x49\xab\x26\x14\xf1\x7e\xc4\x78\xa5\xa7\x00", 24); *(uint8_t*)0x20006f4f = 0xc3; *(uint8_t*)0x20006f50 = 0xc; memcpy((void*)0x20006f51, "\x31\x39\xf5\x6a\x95\xcd\x9a\xcd\x2c\xaf\x28\x74\xda\x06\x4a\xdf\x8a\x3e\xa9\x3c\xbd\x32\xe1\x4f\x79\xb6\x83\x8a\x87\x5d\x2b\x1c\x72\x86\xc6\x17\xf7\x80\xe8\x3c\xd8\xac\x69\xa4\x71\x4e\x10\x41\xcf\x11\xa6\x98\x86\x60\x63\xe4\x4d\x74\xc6\xdf\xbe\xe8\x90\x55\xed\xa3\xb7\x01\x77\xaf\x2e\x4b\x13\x8e\xdb\xeb\x82\xf3\x46\x05\xc6\x14\xb3\xa5\xcb\x77\x50\xf2\x20\xc4\xc8\xbc\x45\x0a\x30\x09\xd9\xbd\x33\x00\x56\x14\x98\xc1\x64\xcf\x3b\x38\x00\xcd\xf5\x75\xf5\xee\x94\x56\xff\xec\x5a\xcc\x96\xed\x76\xe2\x26\xc3\x6e\x52\x50\x8d\x2f\xc0\x8e\x9f\x1e\xa6\xfe\x8c\xfc\x2c\x9a\x31\xb0\x9a\xc5\x56\xd2\xe4\x8e\x88\xdb\x31\x70\x50\x50\x52\xed\x76\xa4\x75\xaa\x82\xd6\x36\xd9\x7e\x10\xe7\xe3\xdd\x77\x12\x5f\x5d\xf8\xa7\x95\x7d\x3c\x3f\x94\xf1\xc7\x6c\xbc\x01\x36\x19\x26\x39\xd1\x76\x40", 193); *(uint8_t*)0x20007012 = 9; *(uint8_t*)0x20007013 = 5; *(uint8_t*)0x20007014 = 2; *(uint8_t*)0x20007015 = 2; *(uint16_t*)0x20007016 = 0x200; *(uint8_t*)0x20007018 = 0x48; *(uint8_t*)0x20007019 = 2; *(uint8_t*)0x2000701a = 4; *(uint8_t*)0x2000701b = 9; *(uint8_t*)0x2000701c = 5; *(uint8_t*)0x2000701d = 1; *(uint8_t*)0x2000701e = 0x10; *(uint16_t*)0x2000701f = 0x20; *(uint8_t*)0x20007021 = 0x6c; *(uint8_t*)0x20007022 = 1; *(uint8_t*)0x20007023 = 3; *(uint8_t*)0x20007024 = 0xce; *(uint8_t*)0x20007025 = 0x21; memcpy((void*)0x20007026, "\x06\xc1\x68\xe4\xec\x51\x8f\xa8\x4d\xd5\x1e\xa1\x69\x50\xaf\x04\x28\x9b\x85\x63\x92\x49\xe5\xb2\x76\x19\xa0\x30\x17\x47\x9c\xb3\x14\xd2\xff\xe9\xee\x81\xbe\x9e\xb0\x17\xcf\x98\x23\x4e\x8f\x72\x36\x18\xdf\xe3\x9f\x1f\x4c\xee\x3c\xa8\x42\xdd\x87\x02\x08\xe0\x1c\xcd\x1c\x6a\xe4\xd9\xa7\x1b\x28\x14\xb6\xaa\x79\x5f\xef\xda\x45\x07\x27\xb3\xbe\xb2\x66\xf7\xf3\x56\x20\xf0\x9a\x35\x08\xc2\x9f\xd6\x0d\x98\x47\x34\x2c\x29\x5b\x2b\xa8\x67\xe4\x9b\x8f\x0b\x74\x6d\x5b\x75\x2b\xe6\x9f\x4d\xa8\x8f\x93\x8d\xcb\xfe\x16\x90\x33\x3c\x46\x7c\xb8\x90\x05\x97\xad\x4a\xa4\x34\x40\x45\x39\x24\x3f\x3a\x64\xdb\xce\xd5\x55\x45\x62\x04\x2f\xb9\x8f\xd0\xa5\x55\x3a\xb0\xbd\xf0\xac\xcf\x16\x52\x5c\x4f\x84\x63\x4a\xee\x87\x63\xdb\x10\xe7\x0e\x77\xa8\x9a\x71\x42\x21\xad\x80\x5f\x53\x8a\x0d\x1a\x82\x4d\xcb\x6a\xaa\xc6\x1d\x3e\xa4\xbf\xe9", 204); *(uint8_t*)0x200070f2 = 7; *(uint8_t*)0x200070f3 = 0x25; *(uint8_t*)0x200070f4 = 1; *(uint8_t*)0x200070f5 = 3; *(uint8_t*)0x200070f6 = 0x80; *(uint16_t*)0x200070f7 = 5; *(uint8_t*)0x200070f9 = 9; *(uint8_t*)0x200070fa = 4; *(uint8_t*)0x200070fb = 0x6b; *(uint8_t*)0x200070fc = 3; *(uint8_t*)0x200070fd = 5; *(uint8_t*)0x200070fe = 0x3d; *(uint8_t*)0x200070ff = 0x21; *(uint8_t*)0x20007100 = 0xee; *(uint8_t*)0x20007101 = 0xc0; *(uint8_t*)0x20007102 = 9; *(uint8_t*)0x20007103 = 0x21; *(uint16_t*)0x20007104 = 0x848d; *(uint8_t*)0x20007106 = 0x1f; *(uint8_t*)0x20007107 = 1; *(uint8_t*)0x20007108 = 0x22; *(uint16_t*)0x20007109 = 0x3f6; *(uint8_t*)0x2000710b = 9; *(uint8_t*)0x2000710c = 5; *(uint8_t*)0x2000710d = 0xd; *(uint8_t*)0x2000710e = 0x10; *(uint16_t*)0x2000710f = 0x40; *(uint8_t*)0x20007111 = 0x7c; *(uint8_t*)0x20007112 = 6; *(uint8_t*)0x20007113 = 4; *(uint8_t*)0x20007114 = 7; *(uint8_t*)0x20007115 = 0x25; *(uint8_t*)0x20007116 = 1; *(uint8_t*)0x20007117 = 0x82; *(uint8_t*)0x20007118 = 0x69; *(uint16_t*)0x20007119 = 0x5fa4; *(uint8_t*)0x2000711b = 9; *(uint8_t*)0x2000711c = 5; *(uint8_t*)0x2000711d = 3; *(uint8_t*)0x2000711e = 0x1c; *(uint16_t*)0x2000711f = 0x3ff; *(uint8_t*)0x20007121 = 8; *(uint8_t*)0x20007122 = 0x81; *(uint8_t*)0x20007123 = 1; *(uint8_t*)0x20007124 = 7; *(uint8_t*)0x20007125 = 0x25; *(uint8_t*)0x20007126 = 1; *(uint8_t*)0x20007127 = 0x37; *(uint8_t*)0x20007128 = 3; *(uint16_t*)0x20007129 = 0xfff; *(uint8_t*)0x2000712b = 0xba; *(uint8_t*)0x2000712c = 9; memcpy((void*)0x2000712d, "\xb8\xe7\xe6\x10\xb0\x74\x32\x5b\x28\xa3\x8b\x1b\x5f\x75\x6c\xdd\xec\xec\x90\x26\xba\xed\xfb\x15\x8c\x2c\xe4\xd0\xe3\x48\xd2\x44\x73\xf7\xa1\xee\x74\xbd\xa8\xa6\xd5\x84\x5a\xcf\x5d\xe0\x95\x71\x3b\xb0\x20\xe1\x29\x2c\xc0\x80\xd9\xc8\x97\x44\xf8\xce\xd9\x69\x16\xbb\x20\x55\xa1\xa1\x76\x9f\x6a\x7b\x4d\x13\xb9\xf7\x40\x50\xa8\x22\x0d\xdf\x0d\x09\xa9\x4c\x3b\xfb\xaa\xb0\x6f\xdd\x2b\x5e\x0b\x19\x31\xb7\x7f\x42\x6c\x18\xe3\xc8\x8d\xa2\x5c\x52\xc0\x19\xdb\xfb\xdb\xb8\xbf\x0e\x5e\xe6\x28\xb5\xa4\x6d\x95\xb5\x39\x42\xfe\xb5\xbf\x7b\xfd\x58\x1f\x93\xa9\x45\xc8\x5d\xa3\x3b\x76\x3d\x2f\x0c\x33\x45\x89\x8c\x95\xe2\xa1\x22\x8e\x5e\x08\x40\x70\xa1\xe9\x6b\xce\xf7\x23\x7f\x0a\x03\x36\xc6\x30\x91\xbe\x6b\x87\xd3\xff\x68\xde\x36\xf6\xc9\xb0\xb2", 184); *(uint8_t*)0x200071e5 = 9; *(uint8_t*)0x200071e6 = 5; *(uint8_t*)0x200071e7 = 0; *(uint8_t*)0x200071e8 = 0x10; *(uint16_t*)0x200071e9 = 0; *(uint8_t*)0x200071eb = 0x40; *(uint8_t*)0x200071ec = 7; *(uint8_t*)0x200071ed = 0x22; *(uint8_t*)0x200071ee = 0xfc; *(uint8_t*)0x200071ef = 0x11; memcpy((void*)0x200071f0, "\xfb\xb0\xdd\xc3\x40\xe0\xee\x54\x66\x41\x5b\xab\xc5\x9d\x3b\xbf\x8a\x56\x91\x09\x35\x1e\x08\x9d\xf0\x59\x09\x4e\x3c\x5a\xef\x87\xf9\xe1\x31\x20\xdc\x04\x3a\x4d\xad\x91\x93\xdb\xea\x34\xae\xff\xbe\x3c\x0d\x94\x5d\x8a\x18\xd6\xc0\x55\xb7\x9c\xe5\x1a\xdb\x09\x82\x0e\xb6\x96\x5d\x78\x22\xf5\x53\xc5\x90\xfb\x93\x5c\xc1\x58\x0e\x2b\x0e\xf0\x39\x29\x0f\x87\xad\x62\xe2\x18\x1d\xd2\xbb\x24\xa7\x78\xed\x74\x23\x3d\x39\xc6\xb0\x15\x66\x72\x3d\x38\x6a\xcd\x2f\xf2\x42\x72\x0d\xa9\x5b\xf5\x44\x94\xdb\x06\x51\x6e\x40\xd1\x92\x76\xbe\x27\xf9\xe0\x78\xc7\x62\x1a\xbe\xc7\x9a\xf9\x0b\x12\xfd\x0d\xbf\x62\x8f\xa9\xf9\xa0\x94\x93\x8f\x29\x7a\x8f\x8c\x63\xff\xe5\x7d\x00\x40\x79\x2e\x86\xe8\xd2\x42\x5b\x2a\x50\xd3\x7c\xc1\xab\x39\x75\x22\x7e\xc4\xcd\x85\xc0\x2d\x73\x4b\x8e\xce\x89\x1b\x27\x49\x62\xc1\x13\x34\x9b\x2b\x06\xf2\xea\x19\x7a\xf2\x34\x72\xe2\xd1\xce\x4d\x93\x0c\xf8\x49\xf7\x7e\x61\x9c\x77\xb2\xe9\xb1\xdb\x97\x7c\x04\x0b\x42\x89\x33\xd8\x06\x6b\x59\x31\x28\x3d\x29\x49\xea\x81\x25\xc4\x65\x37\xa3\xe2", 250); *(uint8_t*)0x200072ea = 7; *(uint8_t*)0x200072eb = 0x25; *(uint8_t*)0x200072ec = 1; *(uint8_t*)0x200072ed = 0x5d; *(uint8_t*)0x200072ee = 7; *(uint16_t*)0x200072ef = 7; *(uint8_t*)0x200072f1 = 9; *(uint8_t*)0x200072f2 = 5; *(uint8_t*)0x200072f3 = 5; *(uint8_t*)0x200072f4 = 0; *(uint16_t*)0x200072f5 = 0x400; *(uint8_t*)0x200072f7 = 5; *(uint8_t*)0x200072f8 = 5; *(uint8_t*)0x200072f9 = 0x1f; *(uint8_t*)0x200072fa = 0xb3; *(uint8_t*)0x200072fb = 0xb; memcpy((void*)0x200072fc, "\x0a\x90\x26\x86\x4d\x79\xf2\x1b\x7a\x15\x0b\x9c\xaf\xf6\xd2\x23\x28\x7b\x8c\xa6\x7d\x8d\x62\xad\x24\x44\xad\x8a\xb2\x40\x35\xf8\x7b\xea\x38\x7a\x1c\x63\x16\xcd\xa6\x1d\x7f\x3d\x15\x2b\x50\x7d\xfe\xa1\x3e\xb6\x95\x48\x67\xd2\x49\xc9\x09\xaa\x46\xa7\x31\x77\x1b\xbc\x9d\xe9\x59\xdd\x60\xac\x85\x76\x69\xab\x68\x0a\xaf\x8c\x6f\x94\xb6\x47\x95\xdc\x7e\xc6\x0d\xa5\x53\x2b\xf5\x8f\x6b\xa5\xb8\xc7\x37\x2f\xf5\xf9\x5b\x31\x08\xe2\x9b\x13\xe6\x70\x9f\x81\x50\x16\xd3\x53\xc6\xde\xdb\xf5\x45\xdf\x03\xd5\x87\x4b\xe7\x15\x51\x3c\x36\xff\xfe\xea\x5b\xc1\xdf\x7b\xef\x3b\xf1\x99\x10\xb0\x15\x92\xc2\x35\xf3\xe8\x17\x74\x90\x84\xa3\x8b\xde\x9e\x19\x6e\x27\x37\xcd\xdd\xc6\xdb\xe1\x43\x13\x67\x9a\x0b\xe3\x21\x14\xa9\x35", 177); *(uint8_t*)0x200073ad = 0xcb; *(uint8_t*)0x200073ae = 9; memcpy((void*)0x200073af, "\x0e\x30\xd9\x67\xc4\xc4\x78\x8b\x63\x96\x45\x65\x05\x54\x46\x04\x9b\xb0\x57\xff\xe7\xfa\x48\x41\x37\xed\x94\x0e\xd6\x96\xd3\xdf\x82\x2d\x7f\xda\x84\xe0\x35\xfc\x02\xf2\x79\xaa\x40\x7f\xe5\x17\x92\x45\x64\x73\x44\x0d\xfa\xf2\xf6\xcf\x45\x2e\x0d\x53\x9d\x88\x95\x3e\xfd\xfb\xdb\xea\x71\xa7\xde\xf8\xbd\xc1\x06\xb8\x1f\x32\x5b\x00\xbd\x33\x2a\x3d\xc6\x9c\xba\x43\x29\xc3\x05\xbd\x46\x89\x2b\x30\xd4\x47\xec\xe1\x71\xba\x0b\x4a\x73\xc2\xa0\x8e\x64\x30\xa8\xed\xb6\xcf\xb5\xfb\x7a\xb5\xbc\xe3\x4b\xa2\x38\x5f\xc7\xab\x6a\x5d\x60\x2c\x69\x91\x92\xd9\xa9\x67\xdc\xf2\x55\xd2\xbd\x64\x53\xff\x27\xb3\xe4\x97\x8a\x81\x69\xf8\xf8\xd9\xe1\xd7\x42\xde\xa5\x53\x6e\xe6\xb5\xb8\x41\x1f\x4a\x7e\xea\xf5\x95\x9b\xba\xd4\xa2\x03\xde\x44\xcc\x50\xc1\x5d\x54\xac\x51\x0a\xfe\x7c\x69\xe7\x9f\x40\x14\x36\xdb\xc3\x65\x11\x4c", 201); *(uint8_t*)0x20007478 = 9; *(uint8_t*)0x20007479 = 5; *(uint8_t*)0x2000747a = 0xb; *(uint8_t*)0x2000747b = 0x16; *(uint16_t*)0x2000747c = 8; *(uint8_t*)0x2000747e = 5; *(uint8_t*)0x2000747f = 0; *(uint8_t*)0x20007480 = 3; *(uint8_t*)0x20007481 = 0x5f; *(uint8_t*)0x20007482 = 0xc; memcpy((void*)0x20007483, "\x7a\x83\xaa\x84\x2e\x67\xfc\x4a\x39\x31\x27\x22\xb0\x63\xb2\x9e\xd9\xd2\x08\x58\x58\x08\xb5\xdd\x26\xd2\xc9\x04\x3a\xc3\x04\xdc\x29\x86\x86\xd0\xcd\x8a\x9d\x62\x3e\x67\x8b\x98\x41\x0d\x54\xa5\xab\x43\xa7\x09\xa1\x62\x6f\x4d\x80\x47\x33\x5b\xa6\x2f\x79\x54\x59\x99\x0e\x70\x14\xec\xdc\x10\x49\x38\x63\x80\x36\x6f\x56\xe3\xd1\x0a\xf4\x24\xe1\xef\x08\x7b\x70\x70\xab\xb8\x93", 93); *(uint8_t*)0x200074e0 = 7; *(uint8_t*)0x200074e1 = 0x25; *(uint8_t*)0x200074e2 = 1; *(uint8_t*)0x200074e3 = 3; *(uint8_t*)0x200074e4 = 7; *(uint16_t*)0x200074e5 = 0x401; *(uint8_t*)0x200074e7 = 9; *(uint8_t*)0x200074e8 = 4; *(uint8_t*)0x200074e9 = 0x9d; *(uint8_t*)0x200074ea = 0xba; *(uint8_t*)0x200074eb = 1; *(uint8_t*)0x200074ec = -1; *(uint8_t*)0x200074ed = 2; *(uint8_t*)0x200074ee = 0x73; *(uint8_t*)0x200074ef = 0x7f; *(uint8_t*)0x200074f0 = 5; *(uint8_t*)0x200074f1 = 0x24; *(uint8_t*)0x200074f2 = 6; *(uint8_t*)0x200074f3 = 0; *(uint8_t*)0x200074f4 = 1; *(uint8_t*)0x200074f5 = 5; *(uint8_t*)0x200074f6 = 0x24; *(uint8_t*)0x200074f7 = 0; *(uint16_t*)0x200074f8 = 0xff80; *(uint8_t*)0x200074fa = 0xd; *(uint8_t*)0x200074fb = 0x24; *(uint8_t*)0x200074fc = 0xf; *(uint8_t*)0x200074fd = 1; *(uint32_t*)0x200074fe = 4; *(uint16_t*)0x20007502 = 0x3f; *(uint16_t*)0x20007504 = 0xa0; *(uint8_t*)0x20007506 = 0x81; *(uint8_t*)0x20007507 = 6; *(uint8_t*)0x20007508 = 0x24; *(uint8_t*)0x20007509 = 0x1a; *(uint16_t*)0x2000750a = 0x5118; *(uint8_t*)0x2000750c = 0x30; *(uint8_t*)0x2000750d = 0x15; *(uint8_t*)0x2000750e = 0x24; *(uint8_t*)0x2000750f = 0x12; *(uint16_t*)0x20007510 = 0x200; *(uint64_t*)0x20007512 = 0x14f5e048ba817a3; *(uint64_t*)0x2000751a = 0x2a397ecbffc007a6; *(uint8_t*)0x20007522 = 0xc; *(uint8_t*)0x20007523 = 0x24; *(uint8_t*)0x20007524 = 0x1b; *(uint16_t*)0x20007525 = 0x605; *(uint16_t*)0x20007527 = 0x3ff; *(uint8_t*)0x20007529 = 0x81; *(uint8_t*)0x2000752a = 4; *(uint16_t*)0x2000752b = 0xfffb; *(uint8_t*)0x2000752d = 2; *(uint8_t*)0x2000752e = 0x15; *(uint8_t*)0x2000752f = 0x24; *(uint8_t*)0x20007530 = 0x12; *(uint16_t*)0x20007531 = 0xb9; *(uint64_t*)0x20007533 = 0x14f5e048ba817a3; *(uint64_t*)0x2000753b = 0x2a397ecbffc007a6; *(uint8_t*)0x20007543 = 0xc; *(uint8_t*)0x20007544 = 0x24; *(uint8_t*)0x20007545 = 0x1b; *(uint16_t*)0x20007546 = 0x6e5; *(uint16_t*)0x20007548 = 0x200; *(uint8_t*)0x2000754a = 4; *(uint8_t*)0x2000754b = 0x6e; *(uint16_t*)0x2000754c = 0xce; *(uint8_t*)0x2000754e = 6; *(uint8_t*)0x2000754f = 0xc; *(uint8_t*)0x20007550 = 0x24; *(uint8_t*)0x20007551 = 0x1b; *(uint16_t*)0x20007552 = 0; *(uint16_t*)0x20007554 = 1; *(uint8_t*)0x20007556 = 2; *(uint8_t*)0x20007557 = 0x80; *(uint16_t*)0x20007558 = 6; *(uint8_t*)0x2000755a = 6; *(uint8_t*)0x2000755b = 9; *(uint8_t*)0x2000755c = 5; *(uint8_t*)0x2000755d = 3; *(uint8_t*)0x2000755e = 8; *(uint16_t*)0x2000755f = 0x10; *(uint8_t*)0x20007561 = 8; *(uint8_t*)0x20007562 = 1; *(uint8_t*)0x20007563 = 0x1f; *(uint8_t*)0x20007564 = 0xad; *(uint8_t*)0x20007565 = 2; memcpy((void*)0x20007566, "\xb0\x44\x85\x4e\xe1\x75\xc5\xf2\xbc\x2f\x67\x07\x5f\xf4\xfa\x04\x9f\x4d\xba\x9c\x23\x4b\xe8\xd4\x0e\x89\x5e\x8a\x2a\x79\x19\xb4\x8c\xc6\xc3\x04\x19\x01\x15\xe9\x93\x3e\xb1\xc9\x82\x42\x8c\x3a\x0d\x53\x36\x9e\xf7\x70\x92\xd6\x08\x1a\xa2\xbd\xf5\x46\x3d\xeb\x38\x45\x7f\x1d\x67\x44\xbb\x73\x4f\x03\xeb\xdf\x50\x76\x6b\x49\x53\x5c\x5e\xd1\xb3\x4b\x2e\x12\x85\x7c\x87\xbd\x89\xef\x45\x2a\x92\xeb\x07\x20\xb3\x9c\x06\xbc\x73\x67\xeb\x39\xfc\x6a\x1a\xf3\x7a\x88\x8f\xe0\x71\x01\x14\xe8\x78\x8d\xe4\xc8\x08\xbf\xd1\x19\x32\x6c\x6d\x2c\xf4\x94\x4b\x3a\x56\x89\xd0\x35\x93\x43\x6a\xa1\x07\x7e\xff\x8d\x2c\x94\xbd\x5d\xae\xbc\x9d\x86\xe5\xbb\xef\x65\x64\x04\x38\xb8\xc4\xfa\x73\xd8\x5c\xc7\xb2", 171); *(uint32_t*)0x20007840 = 0xa; *(uint32_t*)0x20007844 = 0x20007640; *(uint8_t*)0x20007640 = 0xa; *(uint8_t*)0x20007641 = 6; *(uint16_t*)0x20007642 = 0x110; *(uint8_t*)0x20007644 = 0x80; *(uint8_t*)0x20007645 = 9; *(uint8_t*)0x20007646 = 1; *(uint8_t*)0x20007647 = 0x10; *(uint8_t*)0x20007648 = 4; *(uint8_t*)0x20007649 = 0; *(uint32_t*)0x20007848 = 0x64; *(uint32_t*)0x2000784c = 0x20007680; *(uint8_t*)0x20007680 = 5; *(uint8_t*)0x20007681 = 0xf; *(uint16_t*)0x20007682 = 0x64; *(uint8_t*)0x20007684 = 6; *(uint8_t*)0x20007685 = 0x14; *(uint8_t*)0x20007686 = 0x10; *(uint8_t*)0x20007687 = 0xa; *(uint8_t*)0x20007688 = 0; STORE_BY_BITMASK(uint32_t, , 0x20007689, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20007689, 0, 5, 27); *(uint16_t*)0x2000768d = 0xf00; *(uint16_t*)0x2000768f = 4; *(uint32_t*)0x20007691 = 0xff0000; *(uint32_t*)0x20007695 = 0xc0; *(uint8_t*)0x20007699 = 0xa; *(uint8_t*)0x2000769a = 0x10; *(uint8_t*)0x2000769b = 3; *(uint8_t*)0x2000769c = 0; *(uint16_t*)0x2000769d = 1; *(uint8_t*)0x2000769f = 0; *(uint8_t*)0x200076a0 = 0x1f; *(uint16_t*)0x200076a1 = 9; *(uint8_t*)0x200076a3 = 0x20; *(uint8_t*)0x200076a4 = 0x10; *(uint8_t*)0x200076a5 = 0xa; *(uint8_t*)0x200076a6 = 0x81; STORE_BY_BITMASK(uint32_t, , 0x200076a7, 5, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x200076a7, 7, 5, 27); *(uint16_t*)0x200076ab = 0; *(uint16_t*)0x200076ad = 0x80; *(uint32_t*)0x200076af = 0; *(uint32_t*)0x200076b3 = 0x3f00; *(uint32_t*)0x200076b7 = 0; *(uint32_t*)0x200076bb = 0xc000; *(uint32_t*)0x200076bf = 0xffc0; *(uint8_t*)0x200076c3 = 3; *(uint8_t*)0x200076c4 = 0x10; *(uint8_t*)0x200076c5 = 0xb; *(uint8_t*)0x200076c6 = 0xa; *(uint8_t*)0x200076c7 = 0x10; *(uint8_t*)0x200076c8 = 3; *(uint8_t*)0x200076c9 = 2; *(uint16_t*)0x200076ca = 0xa; *(uint8_t*)0x200076cc = 0x80; *(uint8_t*)0x200076cd = 1; *(uint16_t*)0x200076ce = 0xf07a; *(uint8_t*)0x200076d0 = 0x14; *(uint8_t*)0x200076d1 = 0x10; *(uint8_t*)0x200076d2 = 4; *(uint8_t*)0x200076d3 = 1; memcpy((void*)0x200076d4, "\x16\xfa\x0c\xbc\xaf\x6e\x45\xfe\xf8\x91\x0f\xb5\x97\xfe\xa0\xeb", 16); *(uint32_t*)0x20007850 = 3; *(uint32_t*)0x20007854 = 0x9e; *(uint32_t*)0x20007858 = 0x20007700; *(uint8_t*)0x20007700 = 0x9e; *(uint8_t*)0x20007701 = 3; memcpy((void*)0x20007702, "\x34\x30\x1c\x3d\x32\xd7\xde\xf4\x67\x07\xec\x19\xf9\xc0\x6b\xbe\xea\x89\x88\x49\xd5\x69\x18\xf2\xd0\xf1\x0b\x7b\x72\x8f\x8d\x23\x2d\xe4\xe1\x22\x3c\xe4\x2f\x7d\x08\x67\x83\xba\x31\x0b\xaa\x68\xa2\x2d\x8a\xcf\xba\x4d\x52\x37\x5a\x16\xda\xca\xc7\x76\x1a\x3c\x95\x20\x92\x9d\x62\x39\xc1\x59\xe1\xda\x18\xcf\xc7\x80\xe3\xba\xe0\xa1\xe4\x74\x40\xbb\x15\xf6\xb6\x2f\x2b\x0e\xd3\x1f\x5c\xf2\x20\x7d\x40\x6b\xf7\x1d\xd3\x0a\x08\x9d\xbd\x71\x99\xbb\xb2\x1b\xfe\xbc\x4e\x35\x5e\xb5\x68\x02\xd9\x54\x25\x1c\xa9\x27\xdd\x11\x05\x1e\x83\xad\x0b\xf0\x91\x42\xb2\x53\x2b\xe8\xb2\x94\x46\x4a\x27\xa0\x75\xc4\xcc\xca\xe1\x91\xca\x85\x10\x49", 156); *(uint32_t*)0x2000785c = 0x15; *(uint32_t*)0x20007860 = 0x200077c0; *(uint8_t*)0x200077c0 = 0x15; *(uint8_t*)0x200077c1 = 3; memcpy((void*)0x200077c2, "\xee\xb2\x63\xc0\x0c\xe5\x8f\x49\x0a\x96\x56\x1b\x62\x60\x8f\xa1\x65\x52\x05", 19); *(uint32_t*)0x20007864 = 4; *(uint32_t*)0x20007868 = 0x20007800; *(uint8_t*)0x20007800 = 4; *(uint8_t*)0x20007801 = 3; *(uint16_t*)0x20007802 = 0x3416; res = -1; res = syz_usb_connect(4, 0xe11, 0x20006800, 0x20007840); if (res != -1) r[21] = res; break; case 44: *(uint8_t*)0x20007880 = 0x12; *(uint8_t*)0x20007881 = 1; *(uint16_t*)0x20007882 = 0x200; *(uint8_t*)0x20007884 = -1; *(uint8_t*)0x20007885 = -1; *(uint8_t*)0x20007886 = -1; *(uint8_t*)0x20007887 = 0x40; *(uint16_t*)0x20007888 = 0xcf3; *(uint16_t*)0x2000788a = 0x9271; *(uint16_t*)0x2000788c = 0x108; *(uint8_t*)0x2000788e = 1; *(uint8_t*)0x2000788f = 2; *(uint8_t*)0x20007890 = 3; *(uint8_t*)0x20007891 = 1; *(uint8_t*)0x20007892 = 9; *(uint8_t*)0x20007893 = 2; *(uint16_t*)0x20007894 = 0x48; *(uint8_t*)0x20007896 = 1; *(uint8_t*)0x20007897 = 1; *(uint8_t*)0x20007898 = 0; *(uint8_t*)0x20007899 = 0x80; *(uint8_t*)0x2000789a = 0xfa; *(uint8_t*)0x2000789b = 9; *(uint8_t*)0x2000789c = 4; *(uint8_t*)0x2000789d = 0; *(uint8_t*)0x2000789e = 0; *(uint8_t*)0x2000789f = 6; *(uint8_t*)0x200078a0 = -1; *(uint8_t*)0x200078a1 = 0; *(uint8_t*)0x200078a2 = 0; *(uint8_t*)0x200078a3 = 0; *(uint8_t*)0x200078a4 = 9; *(uint8_t*)0x200078a5 = 5; *(uint8_t*)0x200078a6 = 1; *(uint8_t*)0x200078a7 = 2; *(uint16_t*)0x200078a8 = 0x200; *(uint8_t*)0x200078aa = 0; *(uint8_t*)0x200078ab = 0; *(uint8_t*)0x200078ac = 0; *(uint8_t*)0x200078ad = 9; *(uint8_t*)0x200078ae = 5; *(uint8_t*)0x200078af = 0x82; *(uint8_t*)0x200078b0 = 2; *(uint16_t*)0x200078b1 = 0x200; *(uint8_t*)0x200078b3 = 0; *(uint8_t*)0x200078b4 = 0; *(uint8_t*)0x200078b5 = 0; *(uint8_t*)0x200078b6 = 9; *(uint8_t*)0x200078b7 = 5; *(uint8_t*)0x200078b8 = 0x83; *(uint8_t*)0x200078b9 = 3; *(uint16_t*)0x200078ba = 0x40; *(uint8_t*)0x200078bc = 1; *(uint8_t*)0x200078bd = 0; *(uint8_t*)0x200078be = 0; *(uint8_t*)0x200078bf = 9; *(uint8_t*)0x200078c0 = 5; *(uint8_t*)0x200078c1 = 4; *(uint8_t*)0x200078c2 = 3; *(uint16_t*)0x200078c3 = 0x40; *(uint8_t*)0x200078c5 = 1; *(uint8_t*)0x200078c6 = 0; *(uint8_t*)0x200078c7 = 0; *(uint8_t*)0x200078c8 = 9; *(uint8_t*)0x200078c9 = 5; *(uint8_t*)0x200078ca = 5; *(uint8_t*)0x200078cb = 2; *(uint16_t*)0x200078cc = 0x200; *(uint8_t*)0x200078ce = 0; *(uint8_t*)0x200078cf = 0; *(uint8_t*)0x200078d0 = 0; *(uint8_t*)0x200078d1 = 9; *(uint8_t*)0x200078d2 = 5; *(uint8_t*)0x200078d3 = 6; *(uint8_t*)0x200078d4 = 2; *(uint16_t*)0x200078d5 = 0x200; *(uint8_t*)0x200078d7 = 0; *(uint8_t*)0x200078d8 = 0; *(uint8_t*)0x200078d9 = 0; res = -1; res = syz_usb_connect_ath9k(3, 0x5a, 0x20007880, 0); if (res != -1) r[22] = res; break; case 45: *(uint32_t*)0x20007b00 = 0x18; *(uint32_t*)0x20007b04 = 0x20007900; *(uint8_t*)0x20007900 = 0x20; *(uint8_t*)0x20007901 = 0x21; *(uint32_t*)0x20007902 = 0x9a; *(uint8_t*)0x20007906 = 0x9a; *(uint8_t*)0x20007907 = 5; memcpy((void*)0x20007908, "\x0a\x16\x8b\x3c\x55\x88\x8f\x31\xc9\x26\xba\x29\x32\xa9\xd1\x37\xd8\xb1\x9a\xc2\x17\xf0\xd2\x22\xe0\x93\x82\x4f\x4b\x30\xec\x9e\x71\xc2\x63\x4e\xe0\xfb\x8f\xc2\x24\xad\xde\xfd\xba\x18\xc2\x2f\x1b\x78\xc6\xb4\x65\x11\x4b\xd2\x24\xc2\xaf\x0a\x37\x95\x37\xea\xe8\x7e\x76\xeb\xd9\x1d\x16\x06\x3f\x2e\xcc\xaf\xd3\x00\x90\x93\x6a\xfa\x29\xeb\xaa\xcd\x35\x08\x2c\xa5\xb7\xa2\xb7\x21\x5d\x54\xc7\x25\x55\x36\xc7\x7b\xd8\xdf\xb3\x4b\xf4\x0e\xc7\x57\x50\x83\x54\x8d\x95\xc5\x67\x77\x3c\xba\xc1\x87\xae\xaa\xf9\x8a\xfe\x5f\x50\x6e\x96\x09\x48\xb7\x5e\x62\xe2\x6a\x16\x57\x25\x84\x1b\x5b\x0c\x64\x36\x4a\x8f\x09\x09\x80", 152); *(uint32_t*)0x20007b08 = 0x200079c0; *(uint8_t*)0x200079c0 = 0; *(uint8_t*)0x200079c1 = 3; *(uint32_t*)0x200079c2 = 0x6e; *(uint8_t*)0x200079c6 = 0x6e; *(uint8_t*)0x200079c7 = 3; memcpy((void*)0x200079c8, "\xb5\xd2\x6a\xf6\x3c\x75\x39\x26\x99\xac\x83\xeb\x6a\xfa\x75\xb9\x21\xd7\x7e\x3f\xcf\x43\xef\x5e\x91\x9d\xf9\xbd\xca\x82\x84\x0c\xaf\x4c\xdf\x52\xbb\x7a\x8a\x23\x93\xa8\xb1\xa2\xa1\xb1\x7f\xc9\xfa\x42\x01\x35\x69\xea\xee\xac\xe8\xc9\x77\xcc\xd3\x08\xe3\x02\x6e\xc1\x28\x87\xb9\xb8\x82\xe4\x06\x8a\xdf\xe6\x9e\x7d\x2e\x10\x48\xa4\x52\x7a\xc6\xea\xb1\x62\xbc\x67\x00\x76\x48\xca\x3d\x0f\x3d\x8c\xeb\x3a\xe6\xff\x58\x09\x38\x04\x65\x4f", 108); *(uint32_t*)0x20007b0c = 0x20007a40; *(uint8_t*)0x20007a40 = 0; *(uint8_t*)0x20007a41 = 0xf; *(uint32_t*)0x20007a42 = 5; *(uint8_t*)0x20007a46 = 5; *(uint8_t*)0x20007a47 = 0xf; *(uint16_t*)0x20007a48 = 5; *(uint8_t*)0x20007a4a = 0; *(uint32_t*)0x20007b10 = 0x20007a80; *(uint8_t*)0x20007a80 = 0x20; *(uint8_t*)0x20007a81 = 0x29; *(uint32_t*)0x20007a82 = 0xf; *(uint8_t*)0x20007a86 = 0xf; *(uint8_t*)0x20007a87 = 0x29; *(uint8_t*)0x20007a88 = 0x80; *(uint16_t*)0x20007a89 = 4; *(uint8_t*)0x20007a8b = 8; *(uint8_t*)0x20007a8c = 2; memcpy((void*)0x20007a8d, "\x01\x8a\x11\xac", 4); memcpy((void*)0x20007a91, "\x98\x3b\x66\xd4", 4); *(uint32_t*)0x20007b14 = 0x20007ac0; *(uint8_t*)0x20007ac0 = 0x20; *(uint8_t*)0x20007ac1 = 0x2a; *(uint32_t*)0x20007ac2 = 0xc; *(uint8_t*)0x20007ac6 = 0xc; *(uint8_t*)0x20007ac7 = 0x2a; *(uint8_t*)0x20007ac8 = 3; *(uint16_t*)0x20007ac9 = 0x10; *(uint8_t*)0x20007acb = 0x20; *(uint8_t*)0x20007acc = 0x1f; *(uint8_t*)0x20007acd = 0x81; *(uint16_t*)0x20007ace = 8; *(uint16_t*)0x20007ad0 = 0; *(uint32_t*)0x20007f40 = 0x44; *(uint32_t*)0x20007f44 = 0x20007b40; *(uint8_t*)0x20007b40 = 0x20; *(uint8_t*)0x20007b41 = 9; *(uint32_t*)0x20007b42 = 0x10; memcpy((void*)0x20007b46, "\xce\xc6\x41\xd8\x1e\x53\xb2\xba\x4e\x01\xec\x10\x75\x8c\x40\xaa", 16); *(uint32_t*)0x20007f48 = 0x20007b80; *(uint8_t*)0x20007b80 = 0; *(uint8_t*)0x20007b81 = 0xa; *(uint32_t*)0x20007b82 = 1; *(uint8_t*)0x20007b86 = 8; *(uint32_t*)0x20007f4c = 0x20007bc0; *(uint8_t*)0x20007bc0 = 0; *(uint8_t*)0x20007bc1 = 8; *(uint32_t*)0x20007bc2 = 1; *(uint8_t*)0x20007bc6 = 0x1f; *(uint32_t*)0x20007f50 = 0x20007c00; *(uint8_t*)0x20007c00 = 0x20; *(uint8_t*)0x20007c01 = 0; *(uint32_t*)0x20007c02 = 4; *(uint16_t*)0x20007c06 = 1; *(uint16_t*)0x20007c08 = 2; *(uint32_t*)0x20007f54 = 0x20007c40; *(uint8_t*)0x20007c40 = 0x20; *(uint8_t*)0x20007c41 = 0; *(uint32_t*)0x20007c42 = 4; *(uint16_t*)0x20007c46 = 0x200; *(uint16_t*)0x20007c48 = 0x40; *(uint32_t*)0x20007f58 = 0x20007c80; *(uint8_t*)0x20007c80 = 0x40; *(uint8_t*)0x20007c81 = 7; *(uint32_t*)0x20007c82 = 2; *(uint16_t*)0x20007c86 = 9; *(uint32_t*)0x20007f5c = 0x20007cc0; *(uint8_t*)0x20007cc0 = 0x40; *(uint8_t*)0x20007cc1 = 9; *(uint32_t*)0x20007cc2 = 1; *(uint8_t*)0x20007cc6 = 0x12; *(uint32_t*)0x20007f60 = 0x20007d00; *(uint8_t*)0x20007d00 = 0x40; *(uint8_t*)0x20007d01 = 0xb; *(uint32_t*)0x20007d02 = 2; memcpy((void*)0x20007d06, "\xd8\x47", 2); *(uint32_t*)0x20007f64 = 0x20007d40; *(uint8_t*)0x20007d40 = 0x40; *(uint8_t*)0x20007d41 = 0xf; *(uint32_t*)0x20007d42 = 2; *(uint16_t*)0x20007d46 = 0x676; *(uint32_t*)0x20007f68 = 0x20007d80; *(uint8_t*)0x20007d80 = 0x40; *(uint8_t*)0x20007d81 = 0x13; *(uint32_t*)0x20007d82 = 6; *(uint8_t*)0x20007d86 = 0xaa; *(uint8_t*)0x20007d87 = 0xaa; *(uint8_t*)0x20007d88 = 0xaa; *(uint8_t*)0x20007d89 = 0xaa; *(uint8_t*)0x20007d8a = 0xaa; *(uint8_t*)0x20007d8b = 0xbb; *(uint32_t*)0x20007f6c = 0x20007dc0; *(uint8_t*)0x20007dc0 = 0x40; *(uint8_t*)0x20007dc1 = 0x17; *(uint32_t*)0x20007dc2 = 6; *(uint8_t*)0x20007dc6 = 1; *(uint8_t*)0x20007dc7 = 0x80; *(uint8_t*)0x20007dc8 = 0xc2; *(uint8_t*)0x20007dc9 = 0; *(uint8_t*)0x20007dca = 0; *(uint8_t*)0x20007dcb = 0; *(uint32_t*)0x20007f70 = 0x20007e00; *(uint8_t*)0x20007e00 = 0x40; *(uint8_t*)0x20007e01 = 0x19; *(uint32_t*)0x20007e02 = 2; memcpy((void*)0x20007e06, "aB", 2); *(uint32_t*)0x20007f74 = 0x20007e40; *(uint8_t*)0x20007e40 = 0x40; *(uint8_t*)0x20007e41 = 0x1a; *(uint32_t*)0x20007e42 = 2; *(uint16_t*)0x20007e46 = 4; *(uint32_t*)0x20007f78 = 0x20007e80; *(uint8_t*)0x20007e80 = 0x40; *(uint8_t*)0x20007e81 = 0x1c; *(uint32_t*)0x20007e82 = 1; *(uint8_t*)0x20007e86 = 0x70; *(uint32_t*)0x20007f7c = 0x20007ec0; *(uint8_t*)0x20007ec0 = 0x40; *(uint8_t*)0x20007ec1 = 0x1e; *(uint32_t*)0x20007ec2 = 1; *(uint8_t*)0x20007ec6 = 9; *(uint32_t*)0x20007f80 = 0x20007f00; *(uint8_t*)0x20007f00 = 0x40; *(uint8_t*)0x20007f01 = 0x21; *(uint32_t*)0x20007f02 = 1; *(uint8_t*)0x20007f06 = 0; syz_usb_control_io(r[22], 0x20007b00, 0x20007f40); break; case 46: syz_usb_disconnect(r[21]); break; case 47: syz_usb_ep_read(r[21], 0x20, 0x53, 0x20007fc0); break; case 48: *(uint8_t*)0x20008040 = 0x12; *(uint8_t*)0x20008041 = 1; *(uint16_t*)0x20008042 = 0x250; *(uint8_t*)0x20008044 = 0; *(uint8_t*)0x20008045 = 0; *(uint8_t*)0x20008046 = 0; *(uint8_t*)0x20008047 = 8; *(uint16_t*)0x20008048 = 0x1130; *(uint16_t*)0x2000804a = 0x3101; *(uint16_t*)0x2000804c = 0x40; *(uint8_t*)0x2000804e = 1; *(uint8_t*)0x2000804f = 2; *(uint8_t*)0x20008050 = 3; *(uint8_t*)0x20008051 = 1; *(uint8_t*)0x20008052 = 9; *(uint8_t*)0x20008053 = 2; *(uint16_t*)0x20008054 = 0x2d; *(uint8_t*)0x20008056 = 1; *(uint8_t*)0x20008057 = 1; *(uint8_t*)0x20008058 = 1; *(uint8_t*)0x20008059 = 0; *(uint8_t*)0x2000805a = 0x20; *(uint8_t*)0x2000805b = 9; *(uint8_t*)0x2000805c = 4; *(uint8_t*)0x2000805d = 0; *(uint8_t*)0x2000805e = 8; *(uint8_t*)0x2000805f = 1; *(uint8_t*)0x20008060 = 3; *(uint8_t*)0x20008061 = 1; *(uint8_t*)0x20008062 = 2; *(uint8_t*)0x20008063 = 1; *(uint8_t*)0x20008064 = 9; *(uint8_t*)0x20008065 = 0x21; *(uint16_t*)0x20008066 = 0x3ff; *(uint8_t*)0x20008068 = 2; *(uint8_t*)0x20008069 = 1; *(uint8_t*)0x2000806a = 0x22; *(uint16_t*)0x2000806b = 0xc2c; *(uint8_t*)0x2000806d = 9; *(uint8_t*)0x2000806e = 5; *(uint8_t*)0x2000806f = 0x81; *(uint8_t*)0x20008070 = 3; *(uint16_t*)0x20008071 = 0x200; *(uint8_t*)0x20008073 = 4; *(uint8_t*)0x20008074 = 0; *(uint8_t*)0x20008075 = 9; *(uint8_t*)0x20008076 = 9; *(uint8_t*)0x20008077 = 5; *(uint8_t*)0x20008078 = 2; *(uint8_t*)0x20008079 = 3; *(uint16_t*)0x2000807a = 8; *(uint8_t*)0x2000807c = 1; *(uint8_t*)0x2000807d = 0xfa; *(uint8_t*)0x2000807e = 0; *(uint32_t*)0x200084c0 = 0xa; *(uint32_t*)0x200084c4 = 0x20008080; *(uint8_t*)0x20008080 = 0xa; *(uint8_t*)0x20008081 = 6; *(uint16_t*)0x20008082 = 0; *(uint8_t*)0x20008084 = 0x11; *(uint8_t*)0x20008085 = 0xf2; *(uint8_t*)0x20008086 = 0x20; *(uint8_t*)0x20008087 = 0xbf; *(uint8_t*)0x20008088 = 0xe3; *(uint8_t*)0x20008089 = 0; *(uint32_t*)0x200084c8 = 0x35; *(uint32_t*)0x200084cc = 0x200080c0; *(uint8_t*)0x200080c0 = 5; *(uint8_t*)0x200080c1 = 0xf; *(uint16_t*)0x200080c2 = 0x35; *(uint8_t*)0x200080c4 = 5; *(uint8_t*)0x200080c5 = 3; *(uint8_t*)0x200080c6 = 0x10; *(uint8_t*)0x200080c7 = 0xb; *(uint8_t*)0x200080c8 = 0x14; *(uint8_t*)0x200080c9 = 0x10; *(uint8_t*)0x200080ca = 4; *(uint8_t*)0x200080cb = 3; memcpy((void*)0x200080cc, "\x81\xb3\xe8\x31\xd0\x5d\x61\x72\x4e\x7e\xfe\x59\xe3\xeb\x35\xa8", 16); *(uint8_t*)0x200080dc = 3; *(uint8_t*)0x200080dd = 0x10; *(uint8_t*)0x200080de = 0xb; *(uint8_t*)0x200080df = 0xb; *(uint8_t*)0x200080e0 = 0x10; *(uint8_t*)0x200080e1 = 1; *(uint8_t*)0x200080e2 = 4; *(uint16_t*)0x200080e3 = 0x20; *(uint8_t*)0x200080e5 = 9; *(uint8_t*)0x200080e6 = 5; *(uint16_t*)0x200080e7 = 0x232; *(uint8_t*)0x200080e9 = 1; *(uint8_t*)0x200080ea = 0xb; *(uint8_t*)0x200080eb = 0x10; *(uint8_t*)0x200080ec = 1; *(uint8_t*)0x200080ed = 6; *(uint16_t*)0x200080ee = 0x40; *(uint8_t*)0x200080f0 = 0x3f; *(uint8_t*)0x200080f1 = 1; *(uint16_t*)0x200080f2 = 0x1000; *(uint8_t*)0x200080f4 = 0x95; *(uint32_t*)0x200084d0 = 0xa; *(uint32_t*)0x200084d4 = 4; *(uint32_t*)0x200084d8 = 0x20008100; *(uint8_t*)0x20008100 = 4; *(uint8_t*)0x20008101 = 3; *(uint16_t*)0x20008102 = 0x437; *(uint32_t*)0x200084dc = 0x94; *(uint32_t*)0x200084e0 = 0x20008140; *(uint8_t*)0x20008140 = 0x94; *(uint8_t*)0x20008141 = 3; memcpy((void*)0x20008142, "\x0a\x2b\x55\xe2\x4c\x1e\x43\x9b\x99\xc4\xa7\xb6\xb7\x8a\x9e\x11\x99\xaf\x0f\xe5\xc7\x7d\x11\x9c\xaa\x1a\x26\x2a\x23\x23\xee\x85\xd4\x4c\xe5\x3c\xbc\x4f\x5b\xbf\x33\x95\xb8\xfc\x42\x68\x91\xdd\x21\xc2\xf6\x97\x20\xe4\x9d\x0f\xad\xd0\x34\xca\x35\x34\xb4\xf5\x2d\xf6\x84\x0f\x02\x75\x70\x5c\x82\x69\xc7\xe7\xfe\x3b\x1f\xeb\x95\x16\xea\xc7\xe5\x87\xde\x92\xb8\x90\x29\x30\x49\x14\xa6\x7f\x5b\xcc\x9f\x23\xf6\x09\x72\xb1\xc0\x3c\x7e\x6d\xd6\x49\x58\x7e\xc7\x80\xe8\x16\xd8\x65\x78\x1d\x19\xc1\x77\x76\x71\x41\x21\xe8\x7c\x91\x73\xfd\x96\xdb\xf3\xbd\xeb\x4b\x5f\x7e\x01\x2b\xb8\x27\x9f\x38", 146); *(uint32_t*)0x200084e4 = 0x44; *(uint32_t*)0x200084e8 = 0x20008200; *(uint8_t*)0x20008200 = 0x44; *(uint8_t*)0x20008201 = 3; memcpy((void*)0x20008202, "\x13\x5e\xa6\x24\x3a\x34\x97\xb7\xeb\x5c\x6f\x4b\xa0\xc3\x8c\x06\x84\x82\x17\xb0\x74\x3b\x8e\x74\xe6\x24\x95\xdd\xd2\x93\xaa\x49\xf0\xd2\x6f\x1b\x86\xbc\xde\x62\x55\x3a\x7e\x58\x7a\xef\x8c\x1e\xf0\xd8\xc1\x2b\xa3\xde\xc7\x57\x6f\x9e\x3e\x4f\x42\xec\xb1\xa1\x75\xca", 66); *(uint32_t*)0x200084ec = 4; *(uint32_t*)0x200084f0 = 0x20008280; *(uint8_t*)0x20008280 = 4; *(uint8_t*)0x20008281 = 3; *(uint16_t*)0x20008282 = 0x2c0a; *(uint32_t*)0x200084f4 = 4; *(uint32_t*)0x200084f8 = 0x200082c0; *(uint8_t*)0x200082c0 = 4; *(uint8_t*)0x200082c1 = 3; *(uint16_t*)0x200082c2 = 0x44b; *(uint32_t*)0x200084fc = 0x31; *(uint32_t*)0x20008500 = 0x20008300; *(uint8_t*)0x20008300 = 0x31; *(uint8_t*)0x20008301 = 3; memcpy((void*)0x20008302, "\x82\xc7\x02\x29\x05\x30\x20\xa3\x24\xb9\x8d\x14\xd5\x7b\x17\xa9\xb3\x44\x0c\x05\x1f\x56\xe3\xed\xd2\xf4\x96\x7b\xa5\x6e\x07\x5a\xa6\xf9\x88\x06\x3d\xe0\x7f\x08\xad\x93\xea\x70\x9b\xa6\x13", 47); *(uint32_t*)0x20008504 = 4; *(uint32_t*)0x20008508 = 0x20008340; *(uint8_t*)0x20008340 = 4; *(uint8_t*)0x20008341 = 3; *(uint16_t*)0x20008342 = 0x423; *(uint32_t*)0x2000850c = 4; *(uint32_t*)0x20008510 = 0x20008380; *(uint8_t*)0x20008380 = 4; *(uint8_t*)0x20008381 = 3; *(uint16_t*)0x20008382 = 0x430; *(uint32_t*)0x20008514 = 0x2c; *(uint32_t*)0x20008518 = 0x200083c0; *(uint8_t*)0x200083c0 = 0x2c; *(uint8_t*)0x200083c1 = 3; memcpy((void*)0x200083c2, "\xcd\x51\x8b\x3d\x76\xf8\x28\xb8\xd2\xd9\x8e\x57\x99\xa8\x29\x49\x6a\xf1\x48\x34\xd2\x49\xdc\x1c\xca\x0a\x1e\xcc\x5e\x98\x7c\x00\x8e\x50\xa3\xde\x8f\x93\x6a\xbd\x87\x28", 42); *(uint32_t*)0x2000851c = 0xa8; *(uint32_t*)0x20008520 = 0x20008400; *(uint8_t*)0x20008400 = 0xa8; *(uint8_t*)0x20008401 = 3; memcpy((void*)0x20008402, "\x95\x7f\xa0\x06\x47\xda\x8d\xf8\x45\x74\x7d\xea\xd5\x48\x2f\x41\x16\xe0\x44\x3b\xcb\x7b\x30\x3c\x0f\xcf\x35\xfc\xd1\x36\x7d\x8a\xd5\xe0\x69\xd0\xa3\x21\x76\x22\xe4\xdb\xe2\x01\x85\x55\xe1\x50\x6d\xad\xe1\xed\x57\x30\x8b\x80\x51\xad\xe8\x15\xe9\x25\x58\x1f\x82\xd3\xf3\xc5\xfe\x1d\xf8\x07\x02\xd0\x2c\x90\x74\xce\x05\x2e\x54\x2c\xf5\xcb\xc1\x0a\x22\xa0\x97\x65\xcb\x02\xc8\x7c\x14\xaa\x57\xb1\x92\xf9\x78\xea\x1a\x60\x02\xb1\x47\x60\x12\xc8\x8c\x87\x4e\x1b\x1c\xb7\xfc\x70\x93\x53\x16\xd3\x43\x00\xdd\xae\x42\x0a\x78\xe2\xe5\x3e\xb5\x30\x02\xf3\xb0\x3c\x9c\xd2\x75\x4b\x8c\xf0\x2f\x98\x41\xf8\xfb\x0e\x16\x8d\xc4\xe0\x0e\xea\x01\x4b\x30\xfe\x68\xa7\x00\xc6\x5c\x0c", 166); res = -1; res = syz_usb_connect(4, 0x3f, 0x20008040, 0x200084c0); if (res != -1) r[23] = res; break; case 49: memcpy((void*)0x20008540, "\x43\x4d\x22\xb9\x8f\x25\x94\x64\x3d", 9); syz_usb_ep_write(r[23], 9, 9, 0x20008540); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } : In function ‘syz_io_uring_setup’: :251:33: error: ‘__NR_io_uring_setup’ undeclared (first use in this function) :251:33: note: each undeclared identifier is reported only once for each function it appears in compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor893148563 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -static -Wno-overflow] --- FAIL: TestGenerate/linux/386/6 (0.25s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:4 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\xec\x2e\x7b\xc7\x2e\xa2\x42\xf6\xab\xc3\x2e\xc7\xa5\x13\xc2\xb3\xb3\xfc\x9f\xa5\xe4\x08\x68\x35\xe4\x7b\x30\xab\x60\x2d\x39\xfb\xfc\xa5\x4a\xd3\x43\x8e\x3d\xa0\x34\x5c\x29\xf8\x74\x76\x99\x04\x7e\x06\xc4\x68\x79\xa9\x4b\xef\x8f\xaa\x1b\x93\xde\xdb\xf8\xaa\xf7\x7e\x11\xda\x64\x96\x1b\x42\x92\xbd\x9e\x5b\xca\xe7\x7d\x1a\x4d\xd0\xa3\x71\x11\x49\x6b\x41\xa7\x91\x1a\x28\x6f\x1e\x80\xc8\x37\x42\x0d\x41\x62\x66\xe0\x5a\xaa\x11\x4d\x03\x1b\x68\xc1\xa7\xc7\x15\x37\x86\x9d\x6a\xd2\xad\x7c\x0d\x7d\x5c\xc8\xcc\x72\xc0\x54\x56\x9e\x15\x3d\x41\xd6\x0d\xd7\x49\xe0\x8e\x9c\x07\xb5\xc6\xf0\xdf\xd1\xe3\x9c\x03\xd7\xc0\xd4\xfa\x67\xe2\x8f\x32\x65\x67\xdf\x09\xbf\xdc\xd2\xff\xe2\x0d\x6b\xe1\x7c\xa0\xae\x00\x15\x57\xbf\xda\xf4\x11\x41\x0b\x45\x19\x74\x69\x6a\x32\xad\x65\x6a\x85\xf5\x01\x1f\xad\x89\x1e\xc4\xdd\x2a\xd2\xfa\x76\xeb\x91\x74\x92\xf6\x63\x50\xca\xaa\xe8\xdb\xb7\x62\xa0\xde\x4f\xfa\x4c\x35\xa6\x5f\x1e\xf5\x38\x8b\xeb\x9d\x30\x31\x3e\xb1\x20\x73\xbf\x69\xc5\x1b\x1e\xf1\x26\x97\x1f\x7b\xf2\x52\x51\xb2\x3c\xcd\x12\xb5\x9e\xa1\xde\x15\xe5\x2b\x90\x5e\x61\x46\x10\x40\x89\xd3\x73\x5a\xd0\x0e\x70\xc8\x8e\xb6\x57\x0a\x21\xdb\xa1\x6d\x05\xc8\xd8\x8a\xab\x82\xb9\x93\x3d\xec\x5b\xf6\xc5\x03\xa1\x4f\x1a\xf3\x33\x0e\x9b\xfd\x8e\x9a\xe7\x45\xf0\x46\x90\x53\xae\x9a\xb6\xe4\x6e\x8d\xda\x7c\x7c\x5c\xcc\xe8\x47\xd2\x8e\xf6\x8a\xd5\xd9\xbe\x21\xf2\x6a\xbf\xd6\x78\xfd\x60\x43\xa0\x72\x76\x8c\x0a\xb2\xf3\x18\x02\xc5\xd2\xee\x54\xa4\x26\x05\x3c\xd7\x74\xf7\xa1\x00\x53\x48\x7b\x56\x75\x02\xa4\x26\x2d\x63\xf0\x6f\xf9\x74\x92\xba\xc2\x70\x3c\xef\x66\x47\xc1\x91\x17\xd5\x84\x42\x84\xca\xe7\x94\x00\xe0\xc3\x67\x0d\x51\x75\xf9\x50\x49\x4c\x23\x30\x66\x13\x86\xf1\x0b\x57\xcb\x4b\x6e\xd2\xaa\x81\x12\x0a\x84\x26\x4f\xc9\x6e\xe2\xbf\x81\xd3\x80\xdc\x1c\x1b\xa7\x0d\xe9\x7a\x7f\xcc\x91\xdc\xcc\x42\xec\x90\xb2\x13\xcc\x3d\xb4\xf0\x88\x87\xdf\x8f\xa8\x0c\xb6\x48\x5a\xe8\x9b\x1a\x7d\x77\xb5\xc3\x9d\xcd\xf6\x2d\x79\x3a\x18\xf2\x9b\x5a\xc7\x35\xc0\x7b\x06\xe8\xf0\x09\x8b\xd9\x47\x40\x28\x49\x69\x52\x85\x91\x71\x35\xd2\xf6\x89\x16\x6b\x42\xcd\x14\x59\x9e\xe9\x17\x72\x56\xe7\xe4\x00\xc4\xed\xf7\x31\x7b\x6b\x30\xca\x6d\x9c\x2b\x7f\x28\x39\xf0\x96\xbd\x67\xd3\x34\x3f\xbe\x6c\xaa\x34\xdb\xd4\xb5\xcd\x33\x94\xb7\x07\xb6\x01\x79\x4b\x53\x11\xb2\xbb\x8e\xa8\xf7\x4e\x59\xfb\x66\x78\xa1\xde\x2e\xd8\xde\x44\x3a\x49\xf5\x31\x82\x99\xaa\x8a\x96\xd3\x4b\xa7\x53\xd7\xa8\xf9\xf9\x42\x95\xa4\xb7\xc4\x21\x9b\x5a\x1e\x11\x24\x6e\xbc\x65\x21\xc8\xe1\x86\xdf\x99\x3b\x9d\xa7\x9f\xa2\x39\x4b\x36\xa4\x53\xb0\xc5\xb5\xcc\xb6\xc2\x72\x93\x38\xac\x8e\x3a\x21\x53\xa4\xa3\x01\x2e\x8c\x43\x78\xfc\xbf\xd5\xe8\xb5\x6b\x04\x25\xcc\x23\x6c\x07\x31\x5c\x75\xba\xf6\x2b\xaf\x3b\x3b\x62\xc4\x13\xed\x9f\x5e\xc6\x6f\xf9\x8b\xbb\xe6\x1f\x2b\xda\x90\x6c\x8b\xde\xe0\xce\xc2\xde\x6d\x6e\x25\xa4\x9c\xef\xdf\xe3\xf3\xed\x53\xb1\x15\x41\x78\x39\x8c\x62\x87\xb8\x15\x8e\x1d\x7f\x81\x87\x68\x93\x8c\xcd\xcf\xad\x45\x8e\xe9\xb3\xa6\xea\x9a\x69\xa7\x86\x9d\x05\x95\x5d\xec\x71\xd8\x29\x09\xaf\x3e\x39\x30\xba\xb9\x8c\xd1\x75\x17\xd6\xbb\x16\x41\xce\xb9", 8192); *(uint32_t*)0x20004f00 = 0x20002200; *(uint32_t*)0x20002200 = 0x50; *(uint32_t*)0x20002204 = 0x48262fad; *(uint64_t*)0x20002208 = 0x1000; *(uint32_t*)0x20002210 = 7; *(uint32_t*)0x20002214 = 0x1f; *(uint32_t*)0x20002218 = 9; *(uint32_t*)0x2000221c = 0x200; *(uint16_t*)0x20002220 = 8; *(uint16_t*)0x20002222 = 0x1ff; *(uint32_t*)0x20002224 = 0xbb; *(uint32_t*)0x20002228 = 0xa; *(uint16_t*)0x2000222c = 0; *(uint16_t*)0x2000222e = 0; *(uint32_t*)0x20002230 = 0; *(uint32_t*)0x20002234 = 0; *(uint32_t*)0x20002238 = 0; *(uint32_t*)0x2000223c = 0; *(uint32_t*)0x20002240 = 0; *(uint32_t*)0x20002244 = 0; *(uint32_t*)0x20002248 = 0; *(uint32_t*)0x2000224c = 0; *(uint32_t*)0x20004f04 = 0x20002280; *(uint32_t*)0x20002280 = 0x18; *(uint32_t*)0x20002284 = 0xfffffff5; *(uint64_t*)0x20002288 = 2; *(uint64_t*)0x20002290 = 1; *(uint32_t*)0x20004f08 = 0x200022c0; *(uint32_t*)0x200022c0 = 0x18; *(uint32_t*)0x200022c4 = 0; *(uint64_t*)0x200022c8 = 4; *(uint64_t*)0x200022d0 = 7; *(uint32_t*)0x20004f0c = 0x20002300; *(uint32_t*)0x20002300 = 0x18; *(uint32_t*)0x20002304 = 0; *(uint64_t*)0x20002308 = 6; *(uint32_t*)0x20002310 = 0xfffffffb; *(uint32_t*)0x20002314 = 0; *(uint32_t*)0x20004f10 = 0x20002340; *(uint32_t*)0x20002340 = 0x18; *(uint32_t*)0x20002344 = 0xfffffffe; *(uint64_t*)0x20002348 = 0x401; *(uint32_t*)0x20002350 = 0x101; *(uint32_t*)0x20002354 = 0; *(uint32_t*)0x20004f14 = 0x200043c0; *(uint32_t*)0x200043c0 = 0x28; *(uint32_t*)0x200043c4 = 0xfffffffe; *(uint64_t*)0x200043c8 = 0xffffffffffff8000; *(uint64_t*)0x200043d0 = 0x1000; *(uint64_t*)0x200043d8 = 4; *(uint32_t*)0x200043e0 = 0; *(uint32_t*)0x200043e4 = r[6]; *(uint32_t*)0x20004f18 = 0x20004400; *(uint32_t*)0x20004400 = 0x60; *(uint32_t*)0x20004404 = 0; *(uint64_t*)0x20004408 = 0x8000; *(uint64_t*)0x20004410 = 0x19; *(uint64_t*)0x20004418 = 0; *(uint64_t*)0x20004420 = 0x4b; *(uint64_t*)0x20004428 = 3; *(uint64_t*)0x20004430 = 1; *(uint32_t*)0x20004438 = -1; *(uint32_t*)0x2000443c = 0x10001; *(uint32_t*)0x20004440 = 0x7fff; *(uint32_t*)0x20004444 = 0; *(uint32_t*)0x20004448 = 0; *(uint32_t*)0x2000444c = 0; *(uint32_t*)0x20004450 = 0; *(uint32_t*)0x20004454 = 0; *(uint32_t*)0x20004458 = 0; *(uint32_t*)0x2000445c = 0; *(uint32_t*)0x20004f1c = 0x20004480; *(uint32_t*)0x20004480 = 0x18; *(uint32_t*)0x20004484 = 0; *(uint64_t*)0x20004488 = 0xfffffffffffffffe; *(uint32_t*)0x20004490 = 1; *(uint32_t*)0x20004494 = 0; *(uint32_t*)0x20004f20 = 0x200044c0; *(uint32_t*)0x200044c0 = 0x2a; *(uint32_t*)0x200044c4 = 0; *(uint64_t*)0x200044c8 = 0; memcpy((void*)0x200044d0, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f24 = 0x20004500; *(uint32_t*)0x20004500 = 0x20; *(uint32_t*)0x20004504 = 0; *(uint64_t*)0x20004508 = 0xffffffff; *(uint64_t*)0x20004510 = 0; *(uint32_t*)0x20004518 = 5; *(uint32_t*)0x2000451c = 0; *(uint32_t*)0x20004f28 = 0x200047c0; *(uint32_t*)0x200047c0 = 0x78; *(uint32_t*)0x200047c4 = 0; *(uint64_t*)0x200047c8 = 0xfff; *(uint64_t*)0x200047d0 = 5; *(uint32_t*)0x200047d8 = 0; *(uint32_t*)0x200047dc = 0; *(uint64_t*)0x200047e0 = 0; *(uint64_t*)0x200047e8 = 0xfffffffffffffffb; *(uint64_t*)0x200047f0 = 5; *(uint64_t*)0x200047f8 = 0xfffffffffffffff9; *(uint64_t*)0x20004800 = 1; *(uint64_t*)0x20004808 = 9; *(uint32_t*)0x20004810 = 8; *(uint32_t*)0x20004814 = 0xff; *(uint32_t*)0x20004818 = 5; *(uint32_t*)0x2000481c = 0xc000; *(uint32_t*)0x20004820 = 0x7cc8; *(uint32_t*)0x20004824 = r[7]; *(uint32_t*)0x20004828 = r[8]; *(uint32_t*)0x2000482c = 0xf4a5; *(uint32_t*)0x20004830 = 9; *(uint32_t*)0x20004834 = 0; *(uint32_t*)0x20004f2c = 0x200048c0; *(uint32_t*)0x200048c0 = 0x90; *(uint32_t*)0x200048c4 = 0; *(uint64_t*)0x200048c8 = 0x100000001; *(uint64_t*)0x200048d0 = 5; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0x80000001; *(uint64_t*)0x200048e8 = 1; *(uint32_t*)0x200048f0 = 7; *(uint32_t*)0x200048f4 = 0x100; *(uint64_t*)0x200048f8 = 0; *(uint64_t*)0x20004900 = 0x3ff; *(uint64_t*)0x20004908 = 7; *(uint64_t*)0x20004910 = 6; *(uint64_t*)0x20004918 = 2; *(uint64_t*)0x20004920 = 0x200; *(uint32_t*)0x20004928 = 0x20; *(uint32_t*)0x2000492c = 6; *(uint32_t*)0x20004930 = 0xe07fd01; *(uint32_t*)0x20004934 = 0xc000; *(uint32_t*)0x20004938 = 9; *(uint32_t*)0x2000493c = r[9]; *(uint32_t*)0x20004940 = r[10]; *(uint32_t*)0x20004944 = 8; *(uint32_t*)0x20004948 = 1; *(uint32_t*)0x2000494c = 0; *(uint32_t*)0x20004f30 = 0x20004980; *(uint32_t*)0x20004980 = 0xa8; *(uint32_t*)0x20004984 = 0; *(uint64_t*)0x20004988 = 1; *(uint64_t*)0x20004990 = 0; *(uint64_t*)0x20004998 = 4; *(uint32_t*)0x200049a0 = 0x1a; *(uint32_t*)0x200049a4 = 0x3ff; memcpy((void*)0x200049a8, "bpf_lsm_post_notification\000", 26); *(uint64_t*)0x200049c8 = 2; *(uint64_t*)0x200049d0 = 0x80000000; *(uint32_t*)0x200049d8 = 4; *(uint32_t*)0x200049dc = 2; memcpy((void*)0x200049e0, "#(\\!", 4); *(uint64_t*)0x200049e8 = 2; *(uint64_t*)0x200049f0 = 0x80000001; *(uint32_t*)0x200049f8 = 1; *(uint32_t*)0x200049fc = 0x1ff; memcpy((void*)0x20004a00, "%", 1); *(uint64_t*)0x20004a08 = 2; *(uint64_t*)0x20004a10 = 0xff; *(uint32_t*)0x20004a18 = 1; *(uint32_t*)0x20004a1c = 0x8001; memcpy((void*)0x20004a20, "&", 1); *(uint32_t*)0x20004f34 = 0x20004bc0; *(uint32_t*)0x20004bc0 = 0xc8; *(uint32_t*)0x20004bc4 = 0; *(uint64_t*)0x20004bc8 = 0; *(uint64_t*)0x20004bd0 = 4; *(uint64_t*)0x20004bd8 = 3; *(uint64_t*)0x20004be0 = 9; *(uint64_t*)0x20004be8 = 4; *(uint32_t*)0x20004bf0 = 8; *(uint32_t*)0x20004bf4 = 5; *(uint64_t*)0x20004bf8 = 3; *(uint64_t*)0x20004c00 = 0x800; *(uint64_t*)0x20004c08 = 1; *(uint64_t*)0x20004c10 = 0x10001; *(uint64_t*)0x20004c18 = 8; *(uint64_t*)0x20004c20 = 1; *(uint32_t*)0x20004c28 = 0; *(uint32_t*)0x20004c2c = 0x401; *(uint32_t*)0x20004c30 = 0xfffffff7; *(uint32_t*)0x20004c34 = 0x6000; *(uint32_t*)0x20004c38 = 0x10001; *(uint32_t*)0x20004c3c = r[11]; *(uint32_t*)0x20004c40 = r[12]; *(uint32_t*)0x20004c44 = 6; *(uint32_t*)0x20004c48 = 0xf8; *(uint32_t*)0x20004c4c = 0; *(uint64_t*)0x20004c50 = 3; *(uint64_t*)0x20004c58 = 2; *(uint32_t*)0x20004c60 = 0x1a; *(uint32_t*)0x20004c64 = 9; memcpy((void*)0x20004c68, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f38 = 0x20004e00; *(uint32_t*)0x20004e00 = 0xa0; *(uint32_t*)0x20004e04 = 0xfffffffe; *(uint64_t*)0x20004e08 = 9; *(uint64_t*)0x20004e10 = 4; *(uint64_t*)0x20004e18 = 0; *(uint64_t*)0x20004e20 = 0x3ff; *(uint64_t*)0x20004e28 = 0x80000000; *(uint32_t*)0x20004e30 = 0xfffffffd; *(uint32_t*)0x20004e34 = 8; *(uint64_t*)0x20004e38 = 1; *(uint64_t*)0x20004e40 = 7; *(uint64_t*)0x20004e48 = 0x401; *(uint64_t*)0x20004e50 = 7; *(uint64_t*)0x20004e58 = 0; *(uint64_t*)0x20004e60 = 5; *(uint32_t*)0x20004e68 = 7; *(uint32_t*)0x20004e6c = 6; *(uint32_t*)0x20004e70 = 0x40; *(uint32_t*)0x20004e74 = 0xa000; *(uint32_t*)0x20004e78 = 0x800; *(uint32_t*)0x20004e7c = r[13]; *(uint32_t*)0x20004e80 = r[14]; *(uint32_t*)0x20004e84 = 0x8001; *(uint32_t*)0x20004e88 = 0; *(uint32_t*)0x20004e8c = 0; *(uint64_t*)0x20004e90 = 0; *(uint32_t*)0x20004e98 = 0; *(uint32_t*)0x20004e9c = 0; *(uint32_t*)0x20004f3c = 0x20004ec0; *(uint32_t*)0x20004ec0 = 0x20; *(uint32_t*)0x20004ec4 = 0xfffffffe; *(uint64_t*)0x20004ec8 = 1; *(uint32_t*)0x20004ed0 = 5; *(uint32_t*)0x20004ed4 = 4; *(uint32_t*)0x20004ed8 = 5; *(uint32_t*)0x20004edc = 1; syz_fuse_handle_req(r[5], 0x20000200, 0x2000, 0x20004f00); break; case 26: memcpy((void*)0x20004f40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20004f40); break; case 27: syz_init_net_socket(3, 3, 0xca); break; case 28: res = -1; res = syz_io_uring_complete(0); if (res != -1) r[15] = res; break; case 29: *(uint32_t*)0x20004f84 = 0x2b11; *(uint32_t*)0x20004f88 = 1; *(uint32_t*)0x20004f8c = 1; *(uint32_t*)0x20004f90 = 0x5b; *(uint32_t*)0x20004f98 = r[5]; *(uint32_t*)0x20004f9c = 0; *(uint32_t*)0x20004fa0 = 0; *(uint32_t*)0x20004fa4 = 0; res = syscall(__NR_io_uring_setup, 0x19b4, 0x20004f80); if (res != -1) r[16] = res; break; case 30: *(uint32_t*)0x20005004 = 0x208b; *(uint32_t*)0x20005008 = 4; *(uint32_t*)0x2000500c = 0; *(uint32_t*)0x20005010 = 0x355; *(uint32_t*)0x20005018 = r[16]; *(uint32_t*)0x2000501c = 0; *(uint32_t*)0x20005020 = 0; *(uint32_t*)0x20005024 = 0; syz_io_uring_setup(0xf44, 0x20005000, 0x20ffa000, 0x20ffb000, 0x20005080, 0x200050c0); break; case 31: *(uint32_t*)0x20005104 = 0x7b7; *(uint32_t*)0x20005108 = 2; *(uint32_t*)0x2000510c = 3; *(uint32_t*)0x20005110 = 0x202; *(uint32_t*)0x20005118 = -1; *(uint32_t*)0x2000511c = 0; *(uint32_t*)0x20005120 = 0; *(uint32_t*)0x20005124 = 0; res = -1; res = syz_io_uring_setup(0x22f7, 0x20005100, 0x20ffb000, 0x20ff8000, 0x20005180, 0x200051c0); if (res != -1) r[17] = *(uint64_t*)0x20005180; break; case 32: *(uint8_t*)0x20005240 = 0xb; *(uint8_t*)0x20005241 = 1; *(uint16_t*)0x20005242 = 0; *(uint32_t*)0x20005244 = 0; *(uint64_t*)0x20005248 = 6; *(uint32_t*)0x20005250 = 0x20005200; *(uint32_t*)0x20005200 = 0; *(uint32_t*)0x20005204 = 0x3938700; *(uint32_t*)0x20005254 = 1; *(uint32_t*)0x20005258 = 1; *(uint64_t*)0x2000525c = 1; *(uint16_t*)0x20005264 = 0; *(uint16_t*)0x20005266 = 0; *(uint8_t*)0x20005268 = 0; *(uint8_t*)0x20005269 = 0; *(uint8_t*)0x2000526a = 0; *(uint8_t*)0x2000526b = 0; *(uint8_t*)0x2000526c = 0; *(uint8_t*)0x2000526d = 0; *(uint8_t*)0x2000526e = 0; *(uint8_t*)0x2000526f = 0; *(uint8_t*)0x20005270 = 0; *(uint8_t*)0x20005271 = 0; *(uint8_t*)0x20005272 = 0; *(uint8_t*)0x20005273 = 0; *(uint8_t*)0x20005274 = 0; *(uint8_t*)0x20005275 = 0; *(uint8_t*)0x20005276 = 0; *(uint8_t*)0x20005277 = 0; *(uint8_t*)0x20005278 = 0; *(uint8_t*)0x20005279 = 0; *(uint8_t*)0x2000527a = 0; *(uint8_t*)0x2000527b = 0; syz_io_uring_submit(r[17], 0, 0x20005240, 7); break; case 33: memcpy((void*)0x20005280, "/dev/btrfs-control\000", 19); res = syscall(__NR_openat, 0xffffff9c, 0x20005280, 0x2100, 0); if (res != -1) r[18] = res; break; case 34: *(uint32_t*)0x20005300 = 0; *(uint32_t*)0x20005304 = 0x200052c0; memcpy((void*)0x200052c0, "\x35\xac\x4c\x65\xd5\xd9\x24\x44\x3c\x56\xd3\xcd\xca\xcf\xf7\x45\xb9\xdf\x2c\x8d\x85\x5f\x77\xc7\xe8\xfb\x87\x5f\xc4\xc8\x39\x83\xf4\xec\x40\x4e\x6a\xd2\x10\xd7\x4b\x41\xfc\x04\xcd\x89\xa8\x8b\xc3\xb3", 50); *(uint32_t*)0x20005308 = 0x32; *(uint64_t*)0x20005340 = 1; *(uint64_t*)0x20005348 = 0; syz_kvm_setup_cpu(r[18], r[15], 0x20fe8000, 0x20005300, 1, 0, 0x20005340, 1); break; case 35: *(uint32_t*)0x20005384 = 0x8a2; *(uint32_t*)0x20005388 = 4; *(uint32_t*)0x2000538c = 0; *(uint32_t*)0x20005390 = 0x30f; *(uint32_t*)0x20005398 = -1; *(uint32_t*)0x2000539c = 0; *(uint32_t*)0x200053a0 = 0; *(uint32_t*)0x200053a4 = 0; res = -1; res = syz_io_uring_setup(0x2a84, 0x20005380, 0x20ffc000, 0x20feb000, 0x20005400, 0x20005440); if (res != -1) r[19] = *(uint64_t*)0x20005400; break; case 36: *(uint32_t*)0x20005480 = 1; syz_memcpy_off(r[19], 0x114, 0x20005480, 0, 4); break; case 37: memcpy((void*)0x20006580, "./file0\000", 8); res = syscall(__NR_stat, 0x20006580, 0x200065c0); if (res != -1) r[20] = *(uint32_t*)0x200065d0; break; case 38: memcpy((void*)0x200054c0, "afs\000", 4); memcpy((void*)0x20005500, "./file0\000", 8); *(uint32_t*)0x20006540 = 0x20005540; memcpy((void*)0x20005540, "\xd2\xc8\x4e\x32\xfc\xd2\x5d\x6d\x0c\x83\x4d\xb2\x19\x8a\x08\xcf\x7b\xf0\x74\xc8\x96\xdf\x4f\x91\xd7\xd7\x89\x08\x93\x10\xa8\x83\xa2\x32\xfe\x7e\x05\x8e\x17\x5a\xb0\x04\xde\xc5\x36\xa4\xe1\xd5\x8f\xdc\x29\x54\xa5\xc2\x6e\x70\x2e\xb2\xfb\x50\xfc\x05\x8d\x18\xcb\x90\xbb\xda\xdc\xc9\xfd\xa0\x26\x22\x81\xbb\x9f\xb6\x99\x6f\x60\x89\xe3\x36\xed\xea\xf5\xfb\x57\x28\x44\x7a\xf3\xd6\x5c\xc0\x3e\xb9\x4b\x3d\xc3\xeb\x1e\x24\xdc\x78\x41\x32\xc9\xd0\x36\xe4\x6f\xc3\x14\x6c\xdf\x58\xc1\x75\xe6\x5d\xcc\x7f\x39\x81\x44\x35\x7d\xd2\x5c\x15\x67\x11\x32\x17\xeb\x9b\x2a\xbd\xff\x8c\xb8\x21\x15\xea\x31\xf8\x41\xa3\x77\xb7\x75\xf7\x9f\xa8\x9a\x60\x47\x95\xf4\x87\x60\x5d\x74\x0e\xc6\x46\xd1\x4f\x9b\x80\x80\xf5\x1b\x8e\x24\xea\x8d\x62\x1e\x25\xf3\xcf\xc2\xd9\x27\x9b\x47\xfe\x3e\xa7\xe4\xd2\xb3\x07\x16\xa1\x8f\x68\x44\x3b\x23\x7e\x6b\x15\x2a\xba\xa0\x9d\xc6\xbf\x3b\x13\x01\xad\xfc\xd3\x7b\x9a\x8c\x06\x3c\x83\x0e\x37\x9a\x72\xbd\xb3\x82\x5b\x32\xf5\x3f\xfe\x10\xc7\xda\x81\xc3\x44\xd8\xe9\x8b\x62\x36\x37\x27\xdc\x41\xf0\x50\xfb\x6f\x44\x0d\x3a\x4b\x44\xe8\x49\xa7\x06\xae\xad\x91\x91\x85\x86\x5e\x74\xf9\x4d\x13\xe7\x38\x44\x80\x75\x4a\x1d\x69\x50\x22\xfd\xc2\x16\xe4\x13\xb1\x36\x2a\xdd\x89\x47\xe0\x9f\x4b\x87\xc0\xfa\x05\xd9\x68\x65\xe5\x4d\xf5\x74\x65\x10\x2f\x90\x49\xa0\xb3\x8f\x48\x0f\xd6\x23\xee\x12\x1c\xd6\x35\xc7\x20\xf5\xce\x66\x07\x20\x9d\x0a\x3b\x39\x42\x65\x4e\x73\x81\xc9\x41\xe5\x6e\x7a\x74\xf4\xe0\x36\xe3\xed\xce\x82\xb5\x59\x3a\xed\xab\xf8\x6d\xca\x3e\x49\x25\x33\x36\xc8\x06\xbf\xec\xec\x26\x94\x29\x4d\x19\xc9\x59\xc3\x86\xef\xb8\x38\xab\xdf\x2b\x43\x78\x6c\x09\xbe\xec\xfa\xbf\x72\x3e\x0b\x24\x3a\x8e\xa4\x72\xf6\x3d\xf6\x2e\xd1\x73\x87\x59\x03\x29\x19\xac\x09\xa1\xc1\xcf\x7d\x8f\xe3\x37\x65\x0c\x37\xbb\xec\x02\xb5\x8a\x30\x98\xd1\x47\x8a\x5d\x3a\xbb\x8e\xda\x06\x90\xc8\xa5\x34\x7e\x86\x0b\x57\xd0\x27\x7e\x64\x24\x81\x3e\x06\xf7\x08\x3f\xe3\x25\x3c\x08\x60\x53\x7c\x76\x68\x8c\x88\x77\x79\x51\x38\xe0\xf9\xb2\xe5\x57\xa6\xec\xc9\x98\x60\x24\xc4\xbb\x77\x21\xec\xca\x04\xbc\x92\x2b\x87\xb3\x0c\x1e\x54\x6b\x09\x40\x80\xfb\x15\x94\x64\x2a\x4e\x08\x8c\x3b\x65\xad\xb3\x65\x5f\xcc\x92\x52\xf7\x53\x21\x21\x01\xf4\x17\x30\xad\x16\x42\x78\x7e\x7f\xbe\x39\xe5\xfb\x4f\x91\xcf\x2c\x0d\x84\xd0\xec\x80\x11\x2a\x97\x41\xc0\xfc\x9c\x4b\xfe\x1c\x41\x3e\x0a\x23\x71\x4d\xe7\xeb\x4b\xa7\xe9\x8c\x1c\x25\xed\x3b\xd4\x1b\xa2\xf3\x2f\xa0\xb6\x7f\xd6\x42\xa0\x0e\x13\x4d\x02\x72\x2f\x26\x80\x56\xce\x1c\x62\xf6\x82\xf0\x90\x9b\xbd\x6f\xd3\x89\x6c\x3e\x37\xac\xe1\x8d\x4d\x8e\x97\x88\x05\x7d\xc4\x5b\x27\x57\xb6\x64\x62\x05\xea\x11\xc4\x35\x01\x00\xda\xe7\xcc\xc8\x65\x35\x47\x0b\x4d\x03\x47\xd6\x99\x08\x12\x50\x6e\x3a\x98\x16\xcb\xe2\x8c\x50\xa2\x9a\xb3\xa7\x1e\x05\x0e\xe8\xff\x4c\x8a\x0a\x9c\xdf\x14\x6b\x6e\x6f\x97\x64\x18\xb0\x8d\x12\x3e\xf3\x72\x8a\xa2\x8f\x40\x8f\xab\xc5\x78\xe6\x0c\x7b\xdf\xff\x0d\x18\xad\x41\x6e\xd6\x6d\x5b\xbc\x66\xae\x3a\xb2\xfd\xc0\xa4\xd7\xc7\xac\x14\xf7\x92\xf2\xeb\xaf\x91\x9c\x65\xc1\xf1\x01\x77\x88\x3c\x3d\xbd\xb5\x81\x52\x6f\x72\x86\x93\x62\x03\xb6\x46\x77\x06\x0a\x5a\xf5\xe3\xe3\xdd\x98\x49\x64\x80\x0d\x58\xc4\x6c\x55\xd8\x68\x81\xbe\x8c\x1d\xef\x9f\x95\x79\x53\xf0\xa4\x07\x8a\xc1\x76\x16\xa3\xb9\x4e\xb7\xb0\x26\xb1\x2e\x34\x6f\x8d\x8c\xfb\x13\x91\x91\x9e\x38\xf4\xd5\x09\x0a\xb9\xbf\x15\x5b\x7d\x9c\xfd\xeb\xd3\x63\xa0\x9c\xed\x58\x8f\x68\x21\x86\x7e\xe8\x53\x8d\xc4\x23\x47\xfd\x7f\xaa\x82\x99\x8f\xff\xf2\x8d\x7f\xa3\x43\x26\xea\x5c\x6e\xc3\x0e\xdf\x69\xc6\x24\x60\x7d\xd8\x2a\x56\x7d\xf7\x6f\x27\x3d\x10\x52\x20\x88\x4d\xb7\x18\x70\x28\x5d\x7d\xc9\xf4\x88\x07\x77\xee\x0f\xb6\xbc\xe6\x71\xa5\x83\xb8\x21\x2b\xab\xb7\xdf\xba\x86\xc7\x93\xa8\x6f\xd8\x8e\xe0\x42\xeb\x4d\xca\xb1\x0f\xbd\xc2\xfb\xdf\xc0\x35\x2d\x4b\x82\x3c\x80\xb3\x14\x76\x66\xe3\xa8\xc6\xe0\xb7\x4a\x6e\x39\xba\xf5\xa9\x26\xd8\x61\xd3\x9c\xed\x6c\x15\x09\x9d\x57\xc6\x44\xde\x45\x63\xde\xef\x39\xd8\x49\x86\x2a\x02\x07\x1f\x29\x56\x78\x71\x12\xf6\xe8\xe6\xb3\x24\xdf\x79\x45\x1e\x48\x33\x4c\xe3\x09\x74\x95\x59\x48\xe2\xfa\xd7\x87\xcc\xc6\x1a\x67\x5d\xb6\x65\x4d\xa2\x72\x1d\x2e\x27\xfd\xa6\x23\xae\xec\xc0\xe9\xc6\x47\x62\xf7\x44\x26\xc5\x66\xaf\x7c\xc2\x34\x77\x3e\x9f\x7b\x30\x24\x06\xff\x85\xa4\xad\x15\xd9\x48\xb7\x73\x64\xfb\x27\x42\xdb\x1d\x0c\xee\x24\xef\x37\x29\xf3\xb4\x0e\x7f\x7f\x0e\x1a\x89\x1c\x4a\x21\x3f\x59\x0e\x80\x4d\x30\x93\x58\xf1\xcb\x93\xf2\x1c\xd1\x74\xc3\x74\xfc\x35\x5d\x87\x30\x28\xa2\xe4\xf5\x16\x4f\x24\xb3\x5c\x52\x81\x44\xfe\x7c\x32\xb9\xe6\xa2\xac\x0f\x04\xe6\x0f\x11\x01\x3c\x3c\xae\x20\x42\x0b\x11\xe2\xeb\xad\x83\xa7\xe5\x71\x02\x27\x38\x2d\x72\x52\x5f\xc5\x2a\x8c\x8f\xb6\x49\x8a\xc2\x1e\x91\x31\x74\x22\x7c\x65\xe8\xc5\x87\x6a\xd6\xfc\x49\xb2\xc1\xed\x73\x3e\xa1\x86\xe9\xf4\xf5\x76\x6f\x39\x32\x56\x42\xf8\xa0\xb7\x22\x12\x92\xc5\xb0\x17\x99\x04\xb3\x39\x34\xb6\xfc\xb7\xa6\x4f\x17\x05\xad\x70\x02\x66\x24\x2f\xaf\x54\xcb\xf6\x3d\x25\x49\xd4\xf3\x05\x4c\xe1\x68\xe1\x75\x00\xf5\xf5\xc3\xca\x1e\xde\xfd\xb0\xc6\x0c\x2b\x4f\xb0\x1d\x7d\x0f\xc0\x7d\x86\x67\xe1\x0f\x2f\x80\xcc\x7b\x50\xae\x2e\xd5\x74\xfc\xd3\xf7\x77\x5a\xe1\x7a\x20\x05\x14\xfb\xb2\x19\x51\x80\xe3\x5d\x90\xb8\x94\xdf\x9a\x1c\x35\x54\x00\x73\x82\x47\xda\xf3\x15\xb7\xe1\xcf\x1c\xac\x31\x97\xec\x0d\x74\xd1\xe4\x41\x0c\xaf\x94\x35\xfd\x14\x95\x72\xc1\x8a\x7d\x92\xee\xbb\xc7\x96\x3f\x14\x50\x73\x8e\xc0\x54\x32\x52\x64\x09\x40\xef\x1c\x8c\xe2\x5c\x80\xab\x9e\xd7\x2e\x67\x0b\x40\x23\xe5\xe1\x36\x31\x42\xb4\x31\x44\xbe\x12\xe9\x95\x55\x4a\xf2\x43\x1b\x2e\x5a\x8e\x2a\x45\xc7\x6c\xa7\xe3\x1a\x92\x2c\x59\x2a\x6d\x1c\x5a\x7e\xa9\x40\x36\x5f\xdc\x48\xe1\xb2\xc7\x3f\x66\x18\x65\xdc\x4e\x90\xd0\x8d\x5a\x2c\x4d\xb6\xbc\x5e\x01\x86\xf2\x37\x45\x1d\xfc\x14\xbc\x76\xf0\xdd\x98\x04\x8e\xf9\x9a\x1a\x1c\xb1\x5c\x1b\x53\xbc\xc9\x25\x49\x2b\x87\x1f\xa7\xdb\xe2\xe8\x72\xf9\x35\x85\x24\x8d\x0f\x2b\xf9\x15\x52\x15\x7b\xf5\x57\x8c\xbf\x1b\x65\x3f\x9d\x36\xcc\x95\x2b\x54\xb0\x09\x26\x83\x57\x7c\x5b\xa1\x59\x26\x6a\x5d\xf6\x6e\x74\x94\x62\xe4\xfc\x5a\x06\xd1\xc2\x65\x64\x63\x59\x26\x13\x8d\x9a\x99\x80\x51\x9e\x5d\x73\xbf\xb8\x52\x26\x55\xeb\xc0\x7c\xc8\x11\xc0\x56\xa0\x35\x31\xeb\x29\x3d\x47\x9c\x95\xf7\x13\x75\xea\x29\x3c\x0f\x18\x60\x49\x9e\xa9\x87\x18\xa3\x75\x00\xc5\x4a\x29\xfd\x9b\x8d\x01\x97\x71\x06\x1f\x77\x87\x60\xfd\xec\x9e\x6f\xac\x3d\x3c\x83\x1a\xee\x19\xb5\x6c\x0a\x19\x47\xa0\x89\x65\x3a\x15\xc2\x87\x70\x8e\x84\x6e\xd6\x5e\x1c\x9d\xc4\x92\x9c\xbb\x44\x33\x38\xa9\x36\xfd\x37\x26\xb3\xa0\xce\x78\x71\xac\x3c\x8c\xd3\x26\x00\x77\xb5\xc9\x8d\x98\xaf\xb5\x33\xd2\x5a\x8b\x42\x98\x9b\x7e\xe5\x27\x4f\x72\xe6\x10\x90\xb9\x04\x36\xb3\x2d\xe2\x76\xbc\x86\x6e\x6b\x8c\xd2\x57\x60\xdd\xc6\xa4\x97\xc9\xe8\x4d\x7e\x85\xa8\xc5\xdb\x0d\xf2\x22\x29\x6a\x3a\xa3\x62\x40\xa7\xb7\x6b\x9d\xbf\xb2\x49\x64\x77\xa9\x71\x6d\x80\x05\x00\x52\xce\x3a\x47\x36\xfb\xcf\xff\x5e\xe6\x34\x22\x52\x8b\xe6\xb0\xa4\x78\xec\xc7\x80\x3e\x22\x7f\x88\x0e\x4f\xd0\x7d\xc6\xde\x88\x48\x5a\x39\x81\xe0\x91\x70\xf8\x91\x84\xcf\x62\x97\x04\x9c\xc3\x01\x75\x51\x9f\x73\x09\x43\x4b\x96\xbc\x1b\x09\x6e\x05\xff\x02\x87\xca\x29\x92\x96\x24\xe1\xc6\xf4\x27\x0e\x89\xe9\xbc\x1b\x4c\x27\x82\xf5\x8b\x9a\x36\x0a\x00\x81\x45\xd8\x08\x33\x70\x08\x6a\x13\x14\xc9\x2a\x61\x03\xb2\x06\xb6\xcd\x0f\x6e\x63\x41\x6b\x35\xe7\x53\xb7\x09\xa6\x3a\x9a\x41\xd6\x13\xcb\x99\x7e\x55\xa6\x3f\xbf\xf2\x8c\x05\x73\xba\x2b\x64\xbf\xbc\xb0\xec\x3d\xfc\x5c\x9d\xd1\x34\xf0\xf2\xeb\x51\x15\x1e\xb2\x83\x10\xe3\xdd\x7f\x8a\xe8\x16\xf8\x66\x95\x90\x8a\xc6\xdf\x04\x80\x4e\x01\xf5\x3e\x40\x2b\xcc\x44\x5e\x17\x0c\xf2\x61\x0e\x1e\x32\xd0\x2f\x9e\x0d\x81\x49\x98\x76\xc1\x38\x3e\xec\x77\x81\x5b\x13\x59\x46\x2d\x8f\x4f\x50\x08\xaf\x8b\xb6\x1a\xe3\x58\xd8\x3c\x07\x54\xb5\x2d\x3c\xeb\x9b\x22\xc0\xa1\xb3\x5a\xfd\x92\x1e\x00\xc1\xd0\x6c\xf5\x4f\x88\x2e\x14\x5b\xd6\x08\x45\x1c\xe8\xda\x2c\x80\x81\xe2\x7e\x9c\x8d\x08\x6b\x80\x97\xd4\xf7\x7f\x1c\x33\xf5\x02\x4e\xd7\xd8\x78\xc1\x29\xe5\x34\x05\x6b\x89\xea\x2d\x14\xbd\x70\xd0\xca\x78\x9c\x7e\x29\xcc\xd3\xd2\x7a\xf1\xc6\x05\x8e\x26\x6c\x29\xe2\xfc\xd6\xf0\x4b\xa5\xa3\xd9\xe2\xc1\x16\xf0\x4c\x40\x73\x37\x96\xa1\xfe\x1c\x01\xa0\x4f\x06\x22\x2c\xce\x35\x90\x01\x53\x1b\x1c\x8f\x61\x3d\x45\x20\x83\xde\xe5\x08\x86\x01\x7a\xca\x82\x21\xa9\xa3\x06\x6e\x77\x68\x7b\x3f\xbe\xb0\xe4\x61\x92\x1f\x29\x21\xba\xf1\xa6\x69\x3e\xf0\x37\xa1\xd8\x56\x5a\x18\x04\x1b\x31\xc2\x66\xfb\x22\x5d\xd1\x74\x84\x8a\x84\x9f\xd1\x8e\x4b\x4b\xfd\x97\x23\x15\xd9\xf6\xff\x65\x29\x4f\x83\x74\xe7\x4f\x8d\x48\xbc\x17\xb6\xbe\xff\x62\xc1\x01\x2b\x5b\x04\x7f\x85\xea\x95\x6f\x50\xe1\x84\xa2\x95\xd1\xb1\x3e\x02\xb8\xe3\x5e\xa2\x4a\x1c\x80\x3a\xb1\x3a\x2a\x32\x85\xdd\xc0\xc3\x58\xd3\x01\x36\x2f\x70\x26\x7e\x7c\x6f\xd8\x25\x25\x24\xbe\x99\x3c\x0b\x61\x3c\x88\x05\x82\xf2\x85\x5f\x66\xa5\x17\xaf\x4d\xf5\x4e\xfa\x63\x58\x1f\xdb\xf3\x2b\x21\x0a\x21\x37\x55\x32\x3c\xab\x26\xdb\xc9\x1d\x85\x03\xac\x84\x2f\xa7\xca\x11\xec\x4d\xc0\xb0\x17\x1a\x3b\x7d\xc5\x1e\xd7\x63\xa7\x34\x82\x4d\x15\xfe\xb4\xa8\x0d\x6b\xfa\xf8\xf7\xd2\xfc\x82\x9b\xfe\x8d\x0b\x4b\x1b\xb4\x28\xcd\xa0\xe9\x6e\x11\x7c\x87\xa3\x81\x60\x83\x7c\xd2\x31\x56\xaf\x49\x8e\x00\x60\x31\x91\x61\x7e\xcc\x06\xa9\xa1\x6e\xb9\x33\xf2\x21\x5e\x8a\x86\xf2\xfe\x3f\x62\x9c\xa1\xd1\x45\x61\x5d\xa9\x57\xbb\xa3\xe1\xdf\x17\x9a\x07\xab\xc4\x88\x9d\x95\x61\x8f\x14\x5a\xca\x14\xe0\xd8\x85\x5f\x60\xff\xa5\x73\x34\x89\xb7\x12\xf0\x54\x42\xc0\xfd\xd2\x63\xea\xa0\x6e\xfa\x9e\x81\xcf\x2e\xb2\x98\x29\xb8\x82\x69\xc6\x53\xaa\x89\xeb\x93\x5a\x6b\x98\xe6\x5e\x46\xc6\x23\xfe\x8d\xe2\x1c\x25\x07\x66\x06\x05\x29\x15\xdc\x7d\xc9\x8e\xbc\xe6\xa7\x55\xae\x43\xb5\x57\x46\x00\x73\xd9\x4c\x8a\x44\xf6\xb6\xf6\x3a\x8a\x86\x6c\xdb\x47\x59\x15\xf4\xab\x00\xe5\xc5\x07\x2c\x1a\xe6\x10\xa8\x00\xea\x8f\xa8\x14\x7c\x96\x68\x6c\x30\x77\xcd\xfe\x0d\x9c\x77\x05\x84\xf2\x17\xfa\xc4\x7e\x64\xe5\x17\x4b\x9e\xb0\xc6\x8c\xa1\x47\xc2\x33\xde\xc2\x5c\xc2\x42\xe8\xe4\x3e\xe7\x39\x4c\x78\x76\xd2\x5e\x04\x0f\xfe\x89\xac\x1f\x6b\x2a\xa2\x40\xb6\x66\x8f\xfc\x89\x83\xfb\x86\x24\xe6\x0b\x3c\xb9\x91\x1f\xc8\x24\x0d\x9d\x8c\xe3\x50\xa8\x92\x45\x42\x04\x96\xae\x75\x76\xe1\x4b\x57\x72\x7a\x52\xe5\x55\xc9\xc8\x8d\xdd\x5c\x53\xca\x3f\xde\xe8\x83\x41\x46\x4e\x83\xdc\x59\xae\x9d\x6e\x17\xf5\xf2\xf7\x63\xa3\x8c\x93\x7e\x32\x53\x32\xea\xc2\x56\x31\xcf\x83\x15\x0a\xfa\x67\x7a\x72\x61\x1e\x7f\xc1\x45\x1b\x3e\x5f\x4d\xcd\xdd\x40\x2c\xb3\x22\xfd\x12\x0d\x9d\x56\x83\x9c\x01\x5e\xbe\x47\xc4\x19\xc5\x53\xff\x0d\xed\x43\xd0\x30\xca\x1d\x10\xb3\xb3\x83\xe6\xc3\xcf\x34\x86\x02\x61\x8a\x56\xca\x51\xf7\x75\x72\x1b\xd3\x55\x71\x0b\x7a\x99\x5a\x13\x93\x1d\xc0\x82\x35\x58\x87\x99\x86\xae\x4c\xe8\x50\xcc\xc3\x73\x1e\x78\x22\x83\x96\x66\x66\x5a\xfc\x00\xa8\x73\xc5\x6c\xa9\xcf\x79\xc6\xd6\x00\xe9\x07\xe1\x50\xb4\x06\x83\xb5\x67\xda\x9c\x1c\xa5\x96\xfc\x02\x4a\xbb\x5e\xea\xf0\x1c\x67\xe0\x83\x75\xff\x15\xc4\x32\xad\xf6\xa4\x37\xd9\x67\xdd\xf1\xbb\xfc\x6c\xcf\x9c\xe7\xc2\x02\x1b\x15\x2c\xd4\xba\x7e\xca\x0e\x67\xcf\x12\x97\x15\x1a\xea\x04\xd9\xea\x9d\xc2\xbf\x84\x44\x13\x3f\x43\x66\xbf\x36\x0e\xe5\x22\x40\x88\xb1\x94\x5b\x5e\x5d\x6d\xe3\x86\x9f\x59\xb1\xac\x7c\xc3\x35\x35\xb1\x57\x6b\xe8\xfd\x7d\xe9\xf2\xca\x5a\x3c\x0e\xb2\x61\xcc\x18\x6b\x6b\x68\x28\x55\x47\xb2\x82\x42\x88\xdf\x77\xfd\x45\x6a\xb5\x2f\x6e\xa4\x8d\xa9\x48\x19\x3a\x42\x40\xa3\x1d\x3a\x7a\xa4\xe6\x7b\xe5\xf2\xa1\x53\xa0\x18\xd3\x2c\xc0\x11\x96\x2b\xb6\x82\xda\xb5\xd3\x43\x7e\x90\x34\x2c\x24\x36\xe5\x40\x91\x38\x82\x26\xf5\xc7\x68\x53\x5e\x02\x75\xeb\xac\x26\xab\x19\xd0\x0e\x90\x38\x55\x10\xa8\x4c\x7a\x72\x6f\x91\xba\xae\xc1\x11\x8a\x74\xe6\x51\x91\x4d\x99\xe3\xe5\x09\x32\x2f\x51\xd0\x95\xb8\x94\xc2\x09\x23\xd0\xfa\x98\xe4\x2c\x4e\xc6\x77\xd0\x95\x00\x8b\x59\x53\xf6\xba\x61\x53\x7a\xba\xe5\x43\xde\x69\xef\xca\x30\xe4\x5d\x7b\xc9\x3c\xaa\x20\x2c\xc8\xf6\x6e\x57\xca\xbd\x54\x9e\xf1\x09\x2f\x79\x6b\x4a\x35\x73\xbe\xf4\x41\x09\x48\x44\xb2\x3a\x3d\x86\xbd\x14\x90\x9b\x84\x1a\xea\x10\x82\x19\xd5\xea\x4a\x49\xc8\xa9\x9e\xaf\xc5\x07\x61\x3c\x1e\x37\xae\xa3\x15\xba\x89\x4f\xec\xc1\xef\x28\x09\x21\x3e\x42\xb1\x37\x48\x58\xcb\x4d\x77\x68\x46\x58\xcf\x41\x4a\xda\x5e\x76\x0f\x4a\xc8\x3b\xc9\x35\x7e\xf1\x45\xa3\xe9\x2d\x7c\x55\x7c\x5d\x94\x40\x24\x65\x9a\xfd\x6c\xaf\x01\xb2\x96\x0c\x6c\x4a\xb1\x47\xc0\xd8\x19\x75\x4b\xe8\x00\x66\xd1\x41\x92\xa4\x79\xc7\xdc\xea\xd0\x4d\x3f\xa1\xe6\x62\x48\xcf\x29\x27\x39\x31\x24\x2d\x12\xf2\xb0\x8c\x71\xe8\x2f\x52\x86\xba\xb6\x76\x7c\x3e\x89\xa3\x6f\x27\x04\x5e\xcc\xf6\xe1\xcf\x3a\xbb\xbd\x9b\x1a\x26\x3d\xa7\xc0\xc0\x10\xfc\x10\xaf\xfc\x50\x32\xd4\x71\x23\xe1\xe1\x14\x6b\x38\xcb\xff\x01\xd4\x78\x56\x36\x04\x99\x26\x6c\xb5\x64\x59\x01\xe2\xed\x04\x9f\x45\xb2\x4e\x79\x3e\xf0\x08\x5f\x0e\x50\x40\xff\x2e\xbc\xb1\xd8\xd7\x01\x96\xd3\xde\x63\x14\xea\xe7\xf4\xf3\xe5\x26\x2c\x67\x67\x41\x59\xc1\xde\x4a\x08\x61\xaa\xd8\x14\x3b\xd5\x9f\xb3\xc8\x87\xc3\x84\x0b\x1c\x12\xc7\x42\xf1\xfa\xd2\x4c\xd9\xac\x7f\xea\x0f\xba\x87\x1c\x1e\xbc\x62\x8b\x34\xd9\x60\x43\x88\x5a\xe8\x26\x42\xda\x04\xd8\x7d\xca\xb5\x9b\xc8\xdd\x87\x65\x87\x11\xf6\x35\xbd\x66\xf4\x25\x4f\x83\xa4\x5d\x5b\xc7\x5e\x31\xfb\x60\xe9\xd6\xa5\xe6\xfb\x8b\x66\x86\x4c\xc3\x0b\x39\x11\xab\x9f\x87\xa5\x9c\xad\x38\xf0\xcc\x91\xb9\x20\x37\xbf\x1e\xa6\x42\x34\xe1\x3f\xc7\xc4\x50\x4c\xf0\x30\x0f\x1a\x0d\xeb\x39\xe6\x30\xc7\x10\xda\x48\x85\x5d\x8c\x45\x1d\x72\x6c\xc4\xc6\xe4\x43\x02\x11\x81\x8a\xaf\x9d\xca\xd5\x71\xb8\xb8\x9c\x4e\x94\x44\xae\xba\xa6\x9b\x97\x68\x9a\x5c\xa6\x70\xf8\xfa\x5e\xea\x13\x2c\x12\x1c\xc1\xef\xd2\x76\xf5\xa0\xb0\x2b\x96\x12\xbd\xc9\x9c\x99\xbc\xc6\x3b\x37\xcb\x86\x62\xcc\xaf\x7c\x80\x28\xeb\x67\x3a\x5f\x4f\x5b\xee\xff\x2c\xa9\x0d\x7a\xfa\xa1\xc6\xab\x6e\xe2\x23\x85\xae\xf9\x80\xd6\xa0\xf4\x54\x49\x86\xfb\x99\xbf\xe4\x10\x23\xb2\x20\x19\x89\x6f\x87\x7a\xae\xe7\x5e\xec\x90\xba\xe1\x0d\x43\xda\xb3\x36\xbb\xe5\x21\x5d\x05\x78\xf0\xd5\xc2\x94\xf0\xfa\x3f\xa1\x6a\xcf\xa9\xb8\x69\xaa\xf7\x9b\x6e\x7e\xf8\xc3\x8b\x9a\x9a\x2c\xfe\x0a\x02\x3e\xf3\x11\xca\xfd\xae\x30\x31\xc8\x2c\x97\x51\x81\x33\x27\x5d\x81\xf8\xfa\x5d\x7e\x4c\x42\xcb\xdf\xcd\xec\xff\x1b\x2b\xf2\x91\x22\x3d\xcd\x30\x75\x0a\x56\xa8\x12\x82\x4a\x5d\xd1\x00\x58\x5f\x1f\xf5\x22\x84\x84\xde\xc4\xbb\x50\x0e\xfd\xb0\x51\x82\xc0\x85\x75\x1a\xce\x19\x84\x4f\xeb\x55\x96\x6b\xaa\x3e\xd4\x76\xbc\xcc\xcb\x50\x9b\x0a\x05\x03\xad\x20\x2f\xab\x29\x67\x38\x8a\xf0\x78\xa7\xa0\x34\x08\xcd\x99\x90\xa3\x6a\x4d\xa1\xca\xff\xc9\x81\xb4\xe1\xfa\xeb\xca\x9f\x33\x76\x8f\x67\x3a\x16\x63\x76\xaa\x4a\x64\x4e\x9f\xc2\x5e\x41\xe0\x8f\xfa\x08\xa5\x5e\x3d\xbc\x4d\xcf\xf9\xe8\x4c\xcf\xb0\xf2\x27\xf3\xe7\x61\x40\xb6\xb9\x55\x77\xec\x7a\x37\xfe\x1c\x3f\x30\x6a\xe6\xa9\x87\x57\x60\xb3\xca\x15\x11\x42\x99\xcc\x0b\xaa\xc7\x66\xad\xe9\x30\x2a\x9d\xfe\x47\xcc\x99\x0d\x36\xbf\x04\xc2\x83\xc6\xe3\xa2\x2d\x7c\xaf\x75\xc8\xff\x75\xd6\x6a\xa7\xed\x34\xf5\x2f\xe8\x44\x69\xe8\x0b\x49\x54\xd7\x4d\x2c\x7c\x20\x14\xec\x97\x17\xb0\x73\x4b\x70\x58\x89\x81\x63\x56\xa6\xe2\xea\x80\x29\xfb\x59\xc0\x0f\x7e\x51\x8b\x14\x65\xde\x12\x8f\x6a\xc9\x66\xbb\xa6\x98\xbe\xb0\xcc\x35\xae\x7b\x7c\x41\x6a\x42\xce\x3e\xf5\xe6\x43\x54\xe5\x34\xca\xee\x98\x4d\xb5\xdb\x34\x0a\x4b\x86\x97\x3f\x0f\xcd\xc6\x80\xbb\xe8\x2d\xfa\x4f\x5b\x2b\x20\x4d\xd3\x15\xa5\x31\x0b\xdd\x34\x0c\x26\x6d\x32\x52\xc5\xe5\x7e\x8b\x87\x5c\x63\xdd\x45\xbc\x0f\xc3\xb2\xb9\xd6\xc5\x8d\x58\x60\x39\x3e\xa1\x91\x9d\x8f\x6c\xfd\x1d\xd9\x5d\xa5\x11\x21\x4f\x68\x4c\xb6\x5f\x55\x92\x22\x21\x69\x82\xba\xe0\x03\xc8\x7b\x12\x4a\x61\xce\xe2\x0e\x0d\xa6\x17\x5b\x59\x06\x15\x7f\x52\x65\x51\x92\xaa\x17\xb8\x52\xbf\xc4\x82\xf9\x34\xc4\x96\xdd\xc2\xa7\xa5\xab\x4d\x24\x45\xa8\x59\xcd\x46\x15\x47\xcb\xb0\x98\x4f\x68\xec\x57\x9e\x84\xfa\x07\xa1\xbf\xb8\xad\x07\x99\xff\xd5\x5f\x98\xab\xce\xba\xff\xc2\x6d\x8b\x20\x9a\xf5\xc4\x94\x42\x99\x99\xfa\xdc\x21\x1d\xe1\x52\x69\x36\x0c\x84\x20\x55\xf5\xf0\x81\x42\x49\xdd\x1b\x97\xe6\x5c\xcf\x97\xf4\x7e\x9b\x3e\x7c\x11\xf3\x23\x82\xa5\x11\x6d\xd2\x41\x49\xdb\x66\x28\xe2\xa2\x54\xfc\x38\x5c\x70\x98\x3d\xfe\xf3\x15\xb4\x9d\xc2\xad\xc3\x30\x14\x0c\xf1\x45\x48\x9e\x8e\x71\x68\x4c\x4c\xd9\x78\xda\xe8\xfa\xe6\x8c\xeb\x64\xc1\xcc\x11\xbb\x13\xd7\xe1\xb5\x48\x5f\x6a\x1e\xaf\x58\x34\x2a\x76\xc1\x41\xe2\xc3\x93\x3e\x6c\x3e\xed\xa4\x18\xdb\x11\x4b\x6d\xcf\x65\xa4\x91\xc6\x35\x7f\x9d\xfc\x5d\x80\x62\xc8\x2b\x07\xad\x86\x17\x10\x42\xab\xd8\x8d\x96\x07\xcd\x71\x24\x06\x66\x0e\x9c\x21\x6e\x9e\xe8\x36\x7e\xf8\xd2\x5c\x3d\x80\x9a\x5d\x4d\xe5\xd4\xcf\x90\x96\x53\x4b\x08\x9e\x3f\xcd\xc1\x34\x29\xb5\x2a\xde\xd9\x38\x7f\xd1\x61\x46\x14\xde\xa2\xd4\xed\x01\x37\x6e\xba\xfc\x2e\xbb\x0c\x34\x87\x2f\xfe\x57\x18\x63\x4e\x2a\xdd\xa4\x64\xe7\x7f\xaa\xc4\x70\x88\xcd\x9c\x3c\x30\x83\x7f\xd3\x08\x32\x75\xe8\x5f\x82\x2d\x1b\xc5\x1b\x3e\xc9\xf8\x44\x23\xdd\x81\xf2\x0a\x84\x0e\x0c\x35\xb8\xa7\x39\x8f\xff\x0b\x4e\xdf\xe8\x58\x31\x01", 4096); *(uint32_t*)0x20006544 = 0x1000; *(uint32_t*)0x20006548 = 4; memcpy((void*)0x20006640, "autocell", 8); *(uint8_t*)0x20006648 = 0x2c; memcpy((void*)0x20006649, "flock=write", 11); *(uint8_t*)0x20006654 = 0x2c; memcpy((void*)0x20006655, "flock=write", 11); *(uint8_t*)0x20006660 = 0x2c; memcpy((void*)0x20006661, "dyn", 3); *(uint8_t*)0x20006664 = 0x2c; memcpy((void*)0x20006665, "appraise", 8); *(uint8_t*)0x2000666d = 0x2c; memcpy((void*)0x2000666e, "euid<", 5); sprintf((char*)0x20006673, "%020llu", (long long)r[20]); *(uint8_t*)0x20006687 = 0x2c; memcpy((void*)0x20006688, "fsuuid", 6); *(uint8_t*)0x2000668e = 0x3d; *(uint8_t*)0x2000668f = 0x36; *(uint8_t*)0x20006690 = 0x63; *(uint8_t*)0x20006691 = 0x33; *(uint8_t*)0x20006692 = 0x63; *(uint8_t*)0x20006693 = 0x66; *(uint8_t*)0x20006694 = 0x39; *(uint8_t*)0x20006695 = 0x38; *(uint8_t*)0x20006696 = 0x62; *(uint8_t*)0x20006697 = 0x2d; *(uint8_t*)0x20006698 = 0x63; *(uint8_t*)0x20006699 = 0x38; *(uint8_t*)0x2000669a = 0x62; *(uint8_t*)0x2000669b = 0x33; *(uint8_t*)0x2000669c = 0x2d; *(uint8_t*)0x2000669d = 0x61; *(uint8_t*)0x2000669e = 0x33; *(uint8_t*)0x2000669f = 0; *(uint8_t*)0x200066a0 = 0x30; *(uint8_t*)0x200066a1 = 0x2d; *(uint8_t*)0x200066a2 = 0x61; *(uint8_t*)0x200066a3 = 0x34; *(uint8_t*)0x200066a4 = 0x63; *(uint8_t*)0x200066a5 = 0x37; *(uint8_t*)0x200066a6 = 0x2d; *(uint8_t*)0x200066a7 = 0x37; *(uint8_t*)0x200066a8 = 0x36; *(uint8_t*)0x200066a9 = 0x31; *(uint8_t*)0x200066aa = 0x63; *(uint8_t*)0x200066ab = 0x39; *(uint8_t*)0x200066ac = 0x64; *(uint8_t*)0x200066ad = 0x61; *(uint8_t*)0x200066ae = 0x34; *(uint8_t*)0x200066af = 0x2c; *(uint8_t*)0x200066b0 = 0; syz_mount_image(0x200054c0, 0x20005500, 0x80000001, 1, 0x20006540, 0x40000, 0x20006640); break; case 39: memcpy((void*)0x200066c0, "/dev/i2c-#\000", 11); syz_open_dev(0x200066c0, 0xb6f4, 0x400202); break; case 40: memcpy((void*)0x20006700, "mounts\000", 7); syz_open_procfs(r[6], 0x20006700); break; case 41: syz_open_pts(-1, 0x13022679); break; case 42: *(uint32_t*)0x200067c0 = 0x20006740; memcpy((void*)0x20006740, "\xdb\x5a\x07\x9d\xd4\x30\x62\xf6\x98\x5b\x51\x4a\xd6\xb7\xac\x65\x29\x50\xf7\xe5\x31\x7a\x81\xed\x92\x43\x86\xc1\x08\x3a\x75\xb7\xe2\x67\x59\x67\xac\xdc\x58\x64\x42\x41\xb6\xde\x98\x1b\xa6\x5e\x75\x81\x6e\x07\x8f\x21\x21\x2c\xb8\x62\xa3\x39\x34\xc9\xb4\x72\x9a\x72\x21\x51\xfd\x15\x36\x1d\x77\x1e\x0c\x59\xe4\xb2\xa7\xb4\xae\x5a\xd6\xd4\x5a\x6b\xb5\x1f\xa6\xd0", 90); *(uint32_t*)0x200067c4 = 0x5a; *(uint32_t*)0x200067c8 = 0x10001; syz_read_part_table(1, 1, 0x200067c0); break; case 43: *(uint8_t*)0x20006800 = 0x12; *(uint8_t*)0x20006801 = 1; *(uint16_t*)0x20006802 = 0x201; *(uint8_t*)0x20006804 = 0x73; *(uint8_t*)0x20006805 = 0x54; *(uint8_t*)0x20006806 = 0x2d; *(uint8_t*)0x20006807 = 0x40; *(uint16_t*)0x20006808 = 0x572; *(uint16_t*)0x2000680a = 0x1324; *(uint16_t*)0x2000680c = 0x84d3; *(uint8_t*)0x2000680e = 1; *(uint8_t*)0x2000680f = 2; *(uint8_t*)0x20006810 = 3; *(uint8_t*)0x20006811 = 1; *(uint8_t*)0x20006812 = 9; *(uint8_t*)0x20006813 = 2; *(uint16_t*)0x20006814 = 0xdff; *(uint8_t*)0x20006816 = 4; *(uint8_t*)0x20006817 = 0; *(uint8_t*)0x20006818 = 4; *(uint8_t*)0x20006819 = 0x20; *(uint8_t*)0x2000681a = 5; *(uint8_t*)0x2000681b = 9; *(uint8_t*)0x2000681c = 4; *(uint8_t*)0x2000681d = 0x21; *(uint8_t*)0x2000681e = 6; *(uint8_t*)0x2000681f = 0xf; *(uint8_t*)0x20006820 = 0x13; *(uint8_t*)0x20006821 = 0xd5; *(uint8_t*)0x20006822 = 0xef; *(uint8_t*)0x20006823 = -1; *(uint8_t*)0x20006824 = 0x7f; *(uint8_t*)0x20006825 = 3; memcpy((void*)0x20006826, "\xff\x04\x19\x26\x1d\x95\x19\x66\xe9\x2d\x90\x6d\x4e\x26\x34\x29\x08\xf7\xc1\x48\xa2\xd9\xb1\xb9\xfe\x29\x1a\xd2\xef\x96\x37\x25\xab\x89\x5c\x81\xd7\xbb\xf8\xf9\xd4\xda\x5a\x4f\x8e\x43\x11\xa0\xbd\xfd\xab\x97\xf5\x08\x93\x9e\x62\x47\x0e\xae\x4d\xc1\x3f\x11\x32\x4f\x9b\x80\x8e\xb9\xc0\x6c\xec\x3f\x30\xa8\x6e\xf0\xfb\x2a\xb9\x0e\x7e\x04\x40\xe8\x7f\xf5\x22\x68\x87\x9d\x8a\xe0\xc9\x1a\x67\x35\x0e\x71\xaf\x1f\xb2\xd4\x90\x8d\x78\x22\x20\x08\xe8\xb6\x71\x15\x6b\x17\x90\x6f\x6a\x1e\x05\xe0\x2b\x6b\x37", 125); *(uint8_t*)0x200068a3 = 5; *(uint8_t*)0x200068a4 = 0x24; *(uint8_t*)0x200068a5 = 6; *(uint8_t*)0x200068a6 = 0; *(uint8_t*)0x200068a7 = 0; *(uint8_t*)0x200068a8 = 5; *(uint8_t*)0x200068a9 = 0x24; *(uint8_t*)0x200068aa = 0; *(uint16_t*)0x200068ab = 7; *(uint8_t*)0x200068ad = 0xd; *(uint8_t*)0x200068ae = 0x24; *(uint8_t*)0x200068af = 0xf; *(uint8_t*)0x200068b0 = 1; *(uint32_t*)0x200068b1 = 3; *(uint16_t*)0x200068b5 = 0; *(uint16_t*)0x200068b7 = 3; *(uint8_t*)0x200068b9 = 0x6a; *(uint8_t*)0x200068ba = 0xc0; *(uint8_t*)0x200068bb = 0x24; *(uint8_t*)0x200068bc = 0x13; *(uint8_t*)0x200068bd = 2; memcpy((void*)0x200068be, "\xf6\xe0\xbd\x71\x54\x25\x30\xd6\xc8\x82\xe5\x31\xf6\x0f\x2e\xef\xd0\x5d\x35\x63\x85\xc0\xa6\x22\xa1\x20\xa8\x16\x78\x85\x48\x55\xc2\x70\x40\x64\x5d\x6c\x24\x37\x27\x72\x10\x8a\xef\x34\xf2\xaf\x02\x26\xda\xa9\x9d\x3c\xec\xfe\x16\x8f\xc9\xfa\xe2\x8e\xd3\xbd\x29\x5c\x75\x43\x16\x6c\xe5\xf2\x52\xa2\x58\x4e\x73\xd2\x12\xd5\x87\x24\x5b\x8e\xbe\xfb\xae\x86\x93\xd8\x8f\x8f\xda\x2b\xbf\xbc\x96\x28\xa0\x8e\x7d\x81\xa1\x94\xb0\xc4\x9e\x82\xf6\xbc\x23\x01\x24\x57\x6b\x45\xb4\xcb\xc1\xd5\xc0\x2d\xcb\x3f\x94\x3d\xad\x75\xc6\xc2\xc5\x02\x3c\x1e\x67\x0f\xf6\x82\x5d\x8b\xa2\x3c\x20\x5a\x7e\xb9\xdc\x0b\xca\xc2\x8c\x35\x14\x07\x20\x78\xd2\xfa\x78\x2c\x31\x86\xd4\xb1\xed\x80\x40\xee\x1c\x76\x5b\xc2\x34\xaf\xcc\x52\xa9\x17\x22\x52\x7e\x5d\xbd\x90\x2d\xc2\x99\xd8", 188); *(uint8_t*)0x2000697a = 9; *(uint8_t*)0x2000697b = 5; *(uint8_t*)0x2000697c = 0; *(uint8_t*)0x2000697d = 0x10; *(uint16_t*)0x2000697e = 0; *(uint8_t*)0x20006980 = 2; *(uint8_t*)0x20006981 = 0x36; *(uint8_t*)0x20006982 = 0; *(uint8_t*)0x20006983 = 0x2a; *(uint8_t*)0x20006984 = 0x31; memcpy((void*)0x20006985, "\x71\xc3\xc3\xd6\x1b\xbd\x69\x65\xe0\xda\xb5\x13\xc1\x4e\x7d\x2a\x6d\x7d\x83\x46\x22\x8a\xf4\x6c\x61\x7a\x9c\x6f\x93\xe2\xc9\x23\x76\x7b\x9d\xcf\x1b\x1c\x65\x24", 40); *(uint8_t*)0x200069ad = 0x35; *(uint8_t*)0x200069ae = 8; memcpy((void*)0x200069af, "\x2e\xfa\xc1\x77\x7f\x97\xf0\x88\xcf\x4e\xa6\x90\x9a\x4a\xb8\x19\x54\x3a\x67\x8d\xbd\x61\x1b\xae\xbf\x76\x50\x0b\x0c\x10\xe0\x99\xa0\x98\x27\xed\xc9\x86\xbd\x1c\x1c\x58\xec\x92\x77\x82\x78\x78\x70\x0a\x60", 51); *(uint8_t*)0x200069e2 = 9; *(uint8_t*)0x200069e3 = 5; *(uint8_t*)0x200069e4 = 6; *(uint8_t*)0x200069e5 = 3; *(uint16_t*)0x200069e6 = 0x400; *(uint8_t*)0x200069e8 = 0x3f; *(uint8_t*)0x200069e9 = 2; *(uint8_t*)0x200069ea = 8; *(uint8_t*)0x200069eb = 2; *(uint8_t*)0x200069ec = 7; *(uint8_t*)0x200069ed = 7; *(uint8_t*)0x200069ee = 0x25; *(uint8_t*)0x200069ef = 1; *(uint8_t*)0x200069f0 = 0x81; *(uint8_t*)0x200069f1 = 0x40; *(uint16_t*)0x200069f2 = 4; *(uint8_t*)0x200069f4 = 9; *(uint8_t*)0x200069f5 = 5; *(uint8_t*)0x200069f6 = 8; *(uint8_t*)0x200069f7 = 0; *(uint16_t*)0x200069f8 = 0x400; *(uint8_t*)0x200069fa = 2; *(uint8_t*)0x200069fb = 8; *(uint8_t*)0x200069fc = 8; *(uint8_t*)0x200069fd = 9; *(uint8_t*)0x200069fe = 5; *(uint8_t*)0x200069ff = 0xe; *(uint8_t*)0x20006a00 = 1; *(uint16_t*)0x20006a01 = 0x200; *(uint8_t*)0x20006a03 = 2; *(uint8_t*)0x20006a04 = 4; *(uint8_t*)0x20006a05 = 9; *(uint8_t*)0x20006a06 = 9; *(uint8_t*)0x20006a07 = 5; *(uint8_t*)0x20006a08 = 0xc; *(uint8_t*)0x20006a09 = 0; *(uint16_t*)0x20006a0a = 0x400; *(uint8_t*)0x20006a0c = 0; *(uint8_t*)0x20006a0d = 4; *(uint8_t*)0x20006a0e = 0x20; *(uint8_t*)0x20006a0f = 7; *(uint8_t*)0x20006a10 = 0x25; *(uint8_t*)0x20006a11 = 1; *(uint8_t*)0x20006a12 = 0; *(uint8_t*)0x20006a13 = 0x7f; *(uint16_t*)0x20006a14 = 0x1ff; *(uint8_t*)0x20006a16 = 7; *(uint8_t*)0x20006a17 = 0x25; *(uint8_t*)0x20006a18 = 1; *(uint8_t*)0x20006a19 = 0x41; *(uint8_t*)0x20006a1a = 0xcb; *(uint16_t*)0x20006a1b = 0x102d; *(uint8_t*)0x20006a1d = 9; *(uint8_t*)0x20006a1e = 5; *(uint8_t*)0x20006a1f = 0xf; *(uint8_t*)0x20006a20 = 0x10; *(uint16_t*)0x20006a21 = 0x20; *(uint8_t*)0x20006a23 = 0x32; *(uint8_t*)0x20006a24 = 0; *(uint8_t*)0x20006a25 = 0; *(uint8_t*)0x20006a26 = 9; *(uint8_t*)0x20006a27 = 5; *(uint8_t*)0x20006a28 = 2; *(uint8_t*)0x20006a29 = 4; *(uint16_t*)0x20006a2a = 0x20; *(uint8_t*)0x20006a2c = 0x20; *(uint8_t*)0x20006a2d = 0x7f; *(uint8_t*)0x20006a2e = 0x7f; *(uint8_t*)0x20006a2f = 7; *(uint8_t*)0x20006a30 = 0x25; *(uint8_t*)0x20006a31 = 1; *(uint8_t*)0x20006a32 = 1; *(uint8_t*)0x20006a33 = 8; *(uint16_t*)0x20006a34 = 0x40; *(uint8_t*)0x20006a36 = 9; *(uint8_t*)0x20006a37 = 5; *(uint8_t*)0x20006a38 = 1; *(uint8_t*)0x20006a39 = 0; *(uint16_t*)0x20006a3a = 8; *(uint8_t*)0x20006a3c = 0xe0; *(uint8_t*)0x20006a3d = 0x80; *(uint8_t*)0x20006a3e = 1; *(uint8_t*)0x20006a3f = 9; *(uint8_t*)0x20006a40 = 5; *(uint8_t*)0x20006a41 = 0xd; *(uint8_t*)0x20006a42 = 0; *(uint16_t*)0x20006a43 = 0x7f7; *(uint8_t*)0x20006a45 = 8; *(uint8_t*)0x20006a46 = 4; *(uint8_t*)0x20006a47 = 0x20; *(uint8_t*)0x20006a48 = 7; *(uint8_t*)0x20006a49 = 0x25; *(uint8_t*)0x20006a4a = 1; *(uint8_t*)0x20006a4b = 2; *(uint8_t*)0x20006a4c = 6; *(uint16_t*)0x20006a4d = 3; *(uint8_t*)0x20006a4f = 0x5b; *(uint8_t*)0x20006a50 = 2; memcpy((void*)0x20006a51, "\xe2\x68\x16\x78\x8a\x1c\xc1\x88\x1a\x23\xc8\xf4\x1a\x67\xd7\x3b\xe6\xc2\x14\x67\xfa\x34\xc3\x2c\x9f\xb2\xf2\x08\xc2\x69\x29\xeb\x65\x27\x36\xf9\xd9\x1d\x3a\x85\xb6\x39\x1d\xdd\x8c\x23\xc3\x09\xf2\x0a\xa9\x6d\x84\xd4\x89\xfd\xc4\x25\xac\xea\x48\x48\x9f\xbd\x62\xf0\xf3\x65\x3d\x94\xee\x6b\x8e\x1d\xab\x83\xb1\x9e\xbc\xa6\xd7\x35\x78\x5a\xb9\xdd\x72\x4d\x66", 89); *(uint8_t*)0x20006aaa = 9; *(uint8_t*)0x20006aab = 5; *(uint8_t*)0x20006aac = 6; *(uint8_t*)0x20006aad = 2; *(uint16_t*)0x20006aae = 0x40; *(uint8_t*)0x20006ab0 = 0x80; *(uint8_t*)0x20006ab1 = 1; *(uint8_t*)0x20006ab2 = 0x1b; *(uint8_t*)0x20006ab3 = 7; *(uint8_t*)0x20006ab4 = 0x25; *(uint8_t*)0x20006ab5 = 1; *(uint8_t*)0x20006ab6 = 0; *(uint8_t*)0x20006ab7 = 7; *(uint16_t*)0x20006ab8 = 0x40; *(uint8_t*)0x20006aba = 9; *(uint8_t*)0x20006abb = 5; *(uint8_t*)0x20006abc = 9; *(uint8_t*)0x20006abd = 0x10; *(uint16_t*)0x20006abe = 8; *(uint8_t*)0x20006ac0 = 7; *(uint8_t*)0x20006ac1 = 4; *(uint8_t*)0x20006ac2 = 0x3f; *(uint8_t*)0x20006ac3 = 0xe8; *(uint8_t*)0x20006ac4 = 0xb; memcpy((void*)0x20006ac5, "\x8a\xfc\x39\xfa\xbf\x2e\x69\xef\xa6\x1b\x09\x26\x94\xe9\xe7\x01\x87\xbb\xd4\x34\x3a\x56\x66\xc1\xc2\xe1\xb5\xbe\xc1\x2b\xd1\xb1\x63\x32\x5b\x32\x04\x7e\x6f\xad\x04\x42\xc3\x70\x40\x7a\xd2\xdd\xd4\xeb\x56\x3a\x85\x40\x8b\xb4\x76\x2b\x8e\x46\xa4\x63\x43\xa9\xbf\x71\x84\x80\x5c\xd6\x0c\x0d\xa1\x01\x0d\xbd\x99\x5b\x1d\x79\x8e\x5b\x4a\x50\xa1\x0d\xc1\x1c\xd3\x95\x93\x2b\x5e\xd4\xf8\xe0\x6e\x56\x6a\x72\x6d\xe0\x3c\x04\x47\x58\x7e\x03\xd6\x55\xe7\x3c\x3e\x30\xe4\x3e\x8c\x21\x89\xd9\xf1\xfc\xbd\x1e\x3d\x45\x71\x2e\x92\x03\xad\x62\xe3\x4e\x8e\x27\x53\xc6\xf2\xd0\xfa\x95\x3d\x20\xdf\xd1\xbb\x42\x47\x9f\xc0\x33\x95\x9a\xac\x50\x43\x14\x9c\xed\xe9\x28\x6d\xce\x76\x3b\x3f\x20\xad\xaf\xee\x00\x5d\xc6\x83\x0d\xb8\x9c\xd5\x8f\x56\xa2\xf9\x7f\xb1\x0e\x0c\x37\xc0\xdd\x51\x63\xae\x61\x78\x38\x7a\x02\x84\xab\x98\x1a\x6c\xab\xcd\x05\xdb\x43\x14\x32\x63\x32\xe1\xd3\x2d\x69\xd9\xe5\x62\x4a\xc0\x86\x33\x32\x79\xb2\xdf\x93\xb7\x8c", 230); *(uint8_t*)0x20006bab = 9; *(uint8_t*)0x20006bac = 5; *(uint8_t*)0x20006bad = 2; *(uint8_t*)0x20006bae = 8; *(uint16_t*)0x20006baf = 0x3ff; *(uint8_t*)0x20006bb1 = 9; *(uint8_t*)0x20006bb2 = 4; *(uint8_t*)0x20006bb3 = 2; *(uint8_t*)0x20006bb4 = 0xf8; *(uint8_t*)0x20006bb5 = 3; memcpy((void*)0x20006bb6, "\xd2\xa3\x36\x68\x18\x43\xbe\xe6\x3f\x11\x81\xdd\xe5\x8c\xe1\x39\xc8\x7e\xb3\x9d\x3b\x1b\x13\xc8\x9f\x9c\x99\x42\x60\x3a\xbc\x8f\x40\x9b\x89\xed\xa8\xfb\x2c\x9c\x68\xe3\xce\xb4\x70\x7a\x75\x45\x08\x30\x06\x6c\xf2\x30\x91\x72\xcf\x06\x53\x0b\xe6\x25\x66\xc8\xc6\x28\x43\x6e\xde\x40\xb0\x63\x4b\x77\x58\xb6\x17\x7a\xb7\x9a\x5e\xf2\x50\x1a\x59\xd5\x80\xc5\x73\x29\x44\xb2\xf3\xbd\x51\x23\xfd\x15\x63\x5c\xfe\x84\x91\xa0\x3a\xb3\xd1\x0d\x42\x51\x80\x9a\xc6\xaf\x63\x5e\x91\x48\xf6\xc9\xb7\xe3\xb9\x3f\xd4\xbe\x33\x87\xd4\xce\x97\x08\xf9\x74\x1d\x7d\x24\x96\xf6\x06\x97\xdb\x79\x6d\x17\xbb\x9f\x55\xed\x9d\x12\xa4\xf5\x24\xc9\xae\x5d\xe2\x04\x4e\x86\x3c\x24\x37\x08\x2c\x82\xf7\x05\x03\x62\xb3\x8a\x90\xff\x56\x63\xe9\xa1\xca\x56\xd8\x99\xac\x46\x21\x20\x97\x09\x52\x83\x42\xac\x71\xba\xd0\x76\x61\xab\x43\x79\x99\xa7\x3a\x96\x72\x00\xb8\xbd\xc9\x75\xa7\x8f\x6e\xd6\xf8\xe6\xec\x81\xb6\x37\xbb\xde\x98\x53\x15\xc3\x2e\xaa\xea\x7d\xe9\x23\x25\xdf\xef\x74\x82\x22\x1b\x7a\x31\x21\x2a\x96\xcd", 246); *(uint8_t*)0x20006cac = 7; *(uint8_t*)0x20006cad = 0x25; *(uint8_t*)0x20006cae = 1; *(uint8_t*)0x20006caf = 0x81; *(uint8_t*)0x20006cb0 = 0x82; *(uint16_t*)0x20006cb1 = 0x7ff; *(uint8_t*)0x20006cb3 = 9; *(uint8_t*)0x20006cb4 = 5; *(uint8_t*)0x20006cb5 = 5; *(uint8_t*)0x20006cb6 = 2; *(uint16_t*)0x20006cb7 = 0x3ff; *(uint8_t*)0x20006cb9 = 0xe4; *(uint8_t*)0x20006cba = 0; *(uint8_t*)0x20006cbb = 1; *(uint8_t*)0x20006cbc = 0xab; *(uint8_t*)0x20006cbd = 9; memcpy((void*)0x20006cbe, "\xc6\xfe\x27\x36\x94\xb4\x05\x2a\x22\x09\x9e\x80\xc6\x7e\x2e\xb2\x7f\xde\xed\x48\xb1\x52\x75\x46\xe3\xa7\x40\x7a\xfc\x77\xae\x43\xbd\x82\x4d\x2f\xfd\x79\xec\x4a\x23\x13\xe6\xde\xcb\x22\x1d\x29\x55\x42\x04\x6d\x0e\x03\x11\xc0\xc0\x2e\x9f\x09\x73\xd4\x9f\x0b\x1b\xd4\x9d\xa2\x3a\xf4\xc4\x14\x49\xe8\xfd\x00\x5d\xde\xac\x5c\xb8\xc7\x3c\x95\x1a\x76\x62\x6e\xe8\x86\x0e\x18\xc8\x5c\xef\x48\xbb\x8b\x33\x50\x6f\x1a\x4f\x6b\xa4\x21\x21\x1b\xd0\x4f\x96\xdd\x24\x63\x65\x5b\x6e\xd4\x20\x6b\xcc\x04\x9e\xbc\x67\xa5\xa0\xac\xbf\xd5\xeb\x77\x05\x5f\x23\x2b\xdc\x5c\x33\xa9\x2f\xd8\x0e\xbb\xd2\xda\xd6\x7c\x47\x0a\x1e\xe4\x01\x28\x0c\x84\xbc\x45\xa2\x25\xab\xf7\xd7\xb7\xa8\xc4\xfd\xd7\x7c", 169); *(uint8_t*)0x20006d67 = 0x99; *(uint8_t*)0x20006d68 = 0x23; memcpy((void*)0x20006d69, "\x6a\xd2\x4c\x93\xae\x66\xaf\xc2\x43\xc8\x2a\x20\x22\x88\x5c\x51\x54\x35\xd3\xa6\xa8\xd0\xef\x67\x86\x6f\x48\x82\x4a\xae\x8e\x31\xc1\x3f\x45\x0c\xf1\x04\x77\xc7\xad\xd8\x14\xe0\xa2\x0d\x36\x90\xe3\x4f\x87\x60\xb7\x87\x53\x57\x60\x1e\x82\x07\x3a\x7a\x84\xd0\xf4\xb1\xe6\x4b\x33\x27\x6f\x3b\xbb\xce\x50\x4b\xdd\x2f\x2b\x38\xc1\x83\x77\x70\x87\x6e\xd0\x36\x7d\xbb\x28\x0f\xc1\x08\xa3\x8f\x3b\x1a\x38\x69\xcf\x03\x88\x71\xf5\xac\xd4\xe8\xde\xc2\xec\x99\xbf\xef\x6e\x25\x96\xdf\x56\x7f\xac\x26\xf3\x17\x37\x92\xc2\x0b\x5d\x1f\xe6\x71\x5e\xb4\xa9\xd9\x64\xaf\x6f\xcc\x73\x1d\x4a\xc6\xbe\x25\xd3\x21\x7f\x7d\x87", 151); *(uint8_t*)0x20006e00 = 9; *(uint8_t*)0x20006e01 = 5; *(uint8_t*)0x20006e02 = 0xd; *(uint8_t*)0x20006e03 = 0xc; *(uint16_t*)0x20006e04 = 0x200; *(uint8_t*)0x20006e06 = 0x3f; *(uint8_t*)0x20006e07 = 8; *(uint8_t*)0x20006e08 = 1; *(uint8_t*)0x20006e09 = 9; *(uint8_t*)0x20006e0a = 5; *(uint8_t*)0x20006e0b = 6; *(uint8_t*)0x20006e0c = 0; *(uint16_t*)0x20006e0d = 0x1df; *(uint8_t*)0x20006e0f = 4; *(uint8_t*)0x20006e10 = 0x3f; *(uint8_t*)0x20006e11 = 0xc5; *(uint8_t*)0x20006e12 = 7; *(uint8_t*)0x20006e13 = 0x25; *(uint8_t*)0x20006e14 = 1; *(uint8_t*)0x20006e15 = 0x80; *(uint8_t*)0x20006e16 = 1; *(uint16_t*)0x20006e17 = 0; *(uint8_t*)0x20006e19 = 9; *(uint8_t*)0x20006e1a = 4; *(uint8_t*)0x20006e1b = 0xb1; *(uint8_t*)0x20006e1c = -1; *(uint8_t*)0x20006e1d = 4; *(uint8_t*)0x20006e1e = 0xb0; *(uint8_t*)0x20006e1f = 0x15; *(uint8_t*)0x20006e20 = 0x7a; *(uint8_t*)0x20006e21 = 0xa9; *(uint8_t*)0x20006e22 = 7; *(uint8_t*)0x20006e23 = 0x24; *(uint8_t*)0x20006e24 = 6; *(uint8_t*)0x20006e25 = 0; *(uint8_t*)0x20006e26 = 0; memcpy((void*)0x20006e27, "\x25\x02", 2); *(uint8_t*)0x20006e29 = 5; *(uint8_t*)0x20006e2a = 0x24; *(uint8_t*)0x20006e2b = 0; *(uint16_t*)0x20006e2c = 0x96; *(uint8_t*)0x20006e2e = 0xd; *(uint8_t*)0x20006e2f = 0x24; *(uint8_t*)0x20006e30 = 0xf; *(uint8_t*)0x20006e31 = 1; *(uint32_t*)0x20006e32 = 0; *(uint16_t*)0x20006e36 = 1; *(uint16_t*)0x20006e38 = 7; *(uint8_t*)0x20006e3a = 1; *(uint8_t*)0x20006e3b = 7; *(uint8_t*)0x20006e3c = 0x24; *(uint8_t*)0x20006e3d = 0xa; *(uint8_t*)0x20006e3e = 0xde; *(uint8_t*)0x20006e3f = 1; *(uint8_t*)0x20006e40 = 3; *(uint8_t*)0x20006e41 = 0x84; *(uint8_t*)0x20006e42 = 5; *(uint8_t*)0x20006e43 = 0x24; *(uint8_t*)0x20006e44 = 1; *(uint8_t*)0x20006e45 = 1; *(uint8_t*)0x20006e46 = 0x20; *(uint8_t*)0x20006e47 = 7; *(uint8_t*)0x20006e48 = 0x24; *(uint8_t*)0x20006e49 = 0x14; *(uint16_t*)0x20006e4a = 8; *(uint16_t*)0x20006e4c = 6; *(uint8_t*)0x20006e4e = 4; *(uint8_t*)0x20006e4f = 0x24; *(uint8_t*)0x20006e50 = 2; *(uint8_t*)0x20006e51 = 7; *(uint8_t*)0x20006e52 = 0xa; *(uint8_t*)0x20006e53 = 0x24; *(uint8_t*)0x20006e54 = 7; *(uint8_t*)0x20006e55 = 0x20; *(uint16_t*)0x20006e56 = 0xd57a; *(uint16_t*)0x20006e58 = 0x3ff; *(uint16_t*)0x20006e5a = 7; *(uint8_t*)0x20006e5c = 7; *(uint8_t*)0x20006e5d = 0x24; *(uint8_t*)0x20006e5e = 0xa; *(uint8_t*)0x20006e5f = 0x80; *(uint8_t*)0x20006e60 = 0; *(uint8_t*)0x20006e61 = 0xfc; *(uint8_t*)0x20006e62 = 6; *(uint8_t*)0x20006e63 = 9; *(uint8_t*)0x20006e64 = 5; *(uint8_t*)0x20006e65 = 0xc; *(uint8_t*)0x20006e66 = 0x10; *(uint16_t*)0x20006e67 = 0x400; *(uint8_t*)0x20006e69 = 0x80; *(uint8_t*)0x20006e6a = 0x3f; *(uint8_t*)0x20006e6b = 0; *(uint8_t*)0x20006e6c = 0xc0; *(uint8_t*)0x20006e6d = 0x23; memcpy((void*)0x20006e6e, "\x2f\xa6\x21\x6f\xa5\xb3\x4b\x3c\x34\x7a\x90\xd7\xc0\x9d\xee\x9e\x3b\xad\x4c\xef\xe7\xc1\x78\xd4\xc2\x48\xc1\x75\xd6\xe2\x65\xf0\xf1\x5b\x5d\xb2\xf1\xef\xac\xfb\xb4\x75\x80\x01\xa8\x95\xf8\x29\x6a\x82\xcc\x24\x3a\x7a\x71\xe6\xcf\xa5\x9d\x27\xd6\xba\x04\x08\x6b\x13\x18\xf3\x99\x7a\xee\x66\x3f\xb0\xb1\x88\xa9\x5e\x85\x05\xf2\x75\x8d\x8b\x43\xe5\x4d\xce\x1e\x61\x31\xac\x08\xc8\xf2\x9e\x40\xfd\xf1\x8b\xbc\xb5\x70\x4b\x23\x47\x1e\x1f\xa2\xbb\xa7\x64\x58\x1c\xe7\xdc\x0a\x1f\x88\x0b\x6a\xa4\xe3\x93\x0f\x95\x24\xba\xf7\xf5\x0f\x7c\xb5\x8d\xdb\xd7\xb0\x65\xbe\x27\x02\x27\xb4\x7e\x34\xa8\x27\xa2\xf0\x9e\x87\x65\x2c\x3b\x09\x33\x94\x5d\x95\xbc\xdc\x06\x2e\x78\x95\x3c\x6f\xef\x78\x19\x97\x36\xf6\x24\x70\xac\x62\x41\x40\xad\x40\x3c\x6f\x78\x8d\x52\xe1\x0e\x11\x03", 190); *(uint8_t*)0x20006f2c = 9; *(uint8_t*)0x20006f2d = 5; *(uint8_t*)0x20006f2e = 5; *(uint8_t*)0x20006f2f = 0; *(uint16_t*)0x20006f30 = 0x20; *(uint8_t*)0x20006f32 = 0x3f; *(uint8_t*)0x20006f33 = 0x7f; *(uint8_t*)0x20006f34 = 2; *(uint8_t*)0x20006f35 = 0x1a; *(uint8_t*)0x20006f36 = 0xc; memcpy((void*)0x20006f37, "\x1c\x2b\x9b\xf9\x18\x36\xba\x9e\x59\x50\x27\x9a\xa4\x49\xab\x26\x14\xf1\x7e\xc4\x78\xa5\xa7\x00", 24); *(uint8_t*)0x20006f4f = 0xc3; *(uint8_t*)0x20006f50 = 0xc; memcpy((void*)0x20006f51, "\x31\x39\xf5\x6a\x95\xcd\x9a\xcd\x2c\xaf\x28\x74\xda\x06\x4a\xdf\x8a\x3e\xa9\x3c\xbd\x32\xe1\x4f\x79\xb6\x83\x8a\x87\x5d\x2b\x1c\x72\x86\xc6\x17\xf7\x80\xe8\x3c\xd8\xac\x69\xa4\x71\x4e\x10\x41\xcf\x11\xa6\x98\x86\x60\x63\xe4\x4d\x74\xc6\xdf\xbe\xe8\x90\x55\xed\xa3\xb7\x01\x77\xaf\x2e\x4b\x13\x8e\xdb\xeb\x82\xf3\x46\x05\xc6\x14\xb3\xa5\xcb\x77\x50\xf2\x20\xc4\xc8\xbc\x45\x0a\x30\x09\xd9\xbd\x33\x00\x56\x14\x98\xc1\x64\xcf\x3b\x38\x00\xcd\xf5\x75\xf5\xee\x94\x56\xff\xec\x5a\xcc\x96\xed\x76\xe2\x26\xc3\x6e\x52\x50\x8d\x2f\xc0\x8e\x9f\x1e\xa6\xfe\x8c\xfc\x2c\x9a\x31\xb0\x9a\xc5\x56\xd2\xe4\x8e\x88\xdb\x31\x70\x50\x50\x52\xed\x76\xa4\x75\xaa\x82\xd6\x36\xd9\x7e\x10\xe7\xe3\xdd\x77\x12\x5f\x5d\xf8\xa7\x95\x7d\x3c\x3f\x94\xf1\xc7\x6c\xbc\x01\x36\x19\x26\x39\xd1\x76\x40", 193); *(uint8_t*)0x20007012 = 9; *(uint8_t*)0x20007013 = 5; *(uint8_t*)0x20007014 = 2; *(uint8_t*)0x20007015 = 2; *(uint16_t*)0x20007016 = 0x200; *(uint8_t*)0x20007018 = 0x48; *(uint8_t*)0x20007019 = 2; *(uint8_t*)0x2000701a = 4; *(uint8_t*)0x2000701b = 9; *(uint8_t*)0x2000701c = 5; *(uint8_t*)0x2000701d = 1; *(uint8_t*)0x2000701e = 0x10; *(uint16_t*)0x2000701f = 0x20; *(uint8_t*)0x20007021 = 0x6c; *(uint8_t*)0x20007022 = 1; *(uint8_t*)0x20007023 = 3; *(uint8_t*)0x20007024 = 0xce; *(uint8_t*)0x20007025 = 0x21; memcpy((void*)0x20007026, "\x06\xc1\x68\xe4\xec\x51\x8f\xa8\x4d\xd5\x1e\xa1\x69\x50\xaf\x04\x28\x9b\x85\x63\x92\x49\xe5\xb2\x76\x19\xa0\x30\x17\x47\x9c\xb3\x14\xd2\xff\xe9\xee\x81\xbe\x9e\xb0\x17\xcf\x98\x23\x4e\x8f\x72\x36\x18\xdf\xe3\x9f\x1f\x4c\xee\x3c\xa8\x42\xdd\x87\x02\x08\xe0\x1c\xcd\x1c\x6a\xe4\xd9\xa7\x1b\x28\x14\xb6\xaa\x79\x5f\xef\xda\x45\x07\x27\xb3\xbe\xb2\x66\xf7\xf3\x56\x20\xf0\x9a\x35\x08\xc2\x9f\xd6\x0d\x98\x47\x34\x2c\x29\x5b\x2b\xa8\x67\xe4\x9b\x8f\x0b\x74\x6d\x5b\x75\x2b\xe6\x9f\x4d\xa8\x8f\x93\x8d\xcb\xfe\x16\x90\x33\x3c\x46\x7c\xb8\x90\x05\x97\xad\x4a\xa4\x34\x40\x45\x39\x24\x3f\x3a\x64\xdb\xce\xd5\x55\x45\x62\x04\x2f\xb9\x8f\xd0\xa5\x55\x3a\xb0\xbd\xf0\xac\xcf\x16\x52\x5c\x4f\x84\x63\x4a\xee\x87\x63\xdb\x10\xe7\x0e\x77\xa8\x9a\x71\x42\x21\xad\x80\x5f\x53\x8a\x0d\x1a\x82\x4d\xcb\x6a\xaa\xc6\x1d\x3e\xa4\xbf\xe9", 204); *(uint8_t*)0x200070f2 = 7; *(uint8_t*)0x200070f3 = 0x25; *(uint8_t*)0x200070f4 = 1; *(uint8_t*)0x200070f5 = 3; *(uint8_t*)0x200070f6 = 0x80; *(uint16_t*)0x200070f7 = 5; *(uint8_t*)0x200070f9 = 9; *(uint8_t*)0x200070fa = 4; *(uint8_t*)0x200070fb = 0x6b; *(uint8_t*)0x200070fc = 3; *(uint8_t*)0x200070fd = 5; *(uint8_t*)0x200070fe = 0x3d; *(uint8_t*)0x200070ff = 0x21; *(uint8_t*)0x20007100 = 0xee; *(uint8_t*)0x20007101 = 0xc0; *(uint8_t*)0x20007102 = 9; *(uint8_t*)0x20007103 = 0x21; *(uint16_t*)0x20007104 = 0x848d; *(uint8_t*)0x20007106 = 0x1f; *(uint8_t*)0x20007107 = 1; *(uint8_t*)0x20007108 = 0x22; *(uint16_t*)0x20007109 = 0x3f6; *(uint8_t*)0x2000710b = 9; *(uint8_t*)0x2000710c = 5; *(uint8_t*)0x2000710d = 0xd; *(uint8_t*)0x2000710e = 0x10; *(uint16_t*)0x2000710f = 0x40; *(uint8_t*)0x20007111 = 0x7c; *(uint8_t*)0x20007112 = 6; *(uint8_t*)0x20007113 = 4; *(uint8_t*)0x20007114 = 7; *(uint8_t*)0x20007115 = 0x25; *(uint8_t*)0x20007116 = 1; *(uint8_t*)0x20007117 = 0x82; *(uint8_t*)0x20007118 = 0x69; *(uint16_t*)0x20007119 = 0x5fa4; *(uint8_t*)0x2000711b = 9; *(uint8_t*)0x2000711c = 5; *(uint8_t*)0x2000711d = 3; *(uint8_t*)0x2000711e = 0x1c; *(uint16_t*)0x2000711f = 0x3ff; *(uint8_t*)0x20007121 = 8; *(uint8_t*)0x20007122 = 0x81; *(uint8_t*)0x20007123 = 1; *(uint8_t*)0x20007124 = 7; *(uint8_t*)0x20007125 = 0x25; *(uint8_t*)0x20007126 = 1; *(uint8_t*)0x20007127 = 0x37; *(uint8_t*)0x20007128 = 3; *(uint16_t*)0x20007129 = 0xfff; *(uint8_t*)0x2000712b = 0xba; *(uint8_t*)0x2000712c = 9; memcpy((void*)0x2000712d, "\xb8\xe7\xe6\x10\xb0\x74\x32\x5b\x28\xa3\x8b\x1b\x5f\x75\x6c\xdd\xec\xec\x90\x26\xba\xed\xfb\x15\x8c\x2c\xe4\xd0\xe3\x48\xd2\x44\x73\xf7\xa1\xee\x74\xbd\xa8\xa6\xd5\x84\x5a\xcf\x5d\xe0\x95\x71\x3b\xb0\x20\xe1\x29\x2c\xc0\x80\xd9\xc8\x97\x44\xf8\xce\xd9\x69\x16\xbb\x20\x55\xa1\xa1\x76\x9f\x6a\x7b\x4d\x13\xb9\xf7\x40\x50\xa8\x22\x0d\xdf\x0d\x09\xa9\x4c\x3b\xfb\xaa\xb0\x6f\xdd\x2b\x5e\x0b\x19\x31\xb7\x7f\x42\x6c\x18\xe3\xc8\x8d\xa2\x5c\x52\xc0\x19\xdb\xfb\xdb\xb8\xbf\x0e\x5e\xe6\x28\xb5\xa4\x6d\x95\xb5\x39\x42\xfe\xb5\xbf\x7b\xfd\x58\x1f\x93\xa9\x45\xc8\x5d\xa3\x3b\x76\x3d\x2f\x0c\x33\x45\x89\x8c\x95\xe2\xa1\x22\x8e\x5e\x08\x40\x70\xa1\xe9\x6b\xce\xf7\x23\x7f\x0a\x03\x36\xc6\x30\x91\xbe\x6b\x87\xd3\xff\x68\xde\x36\xf6\xc9\xb0\xb2", 184); *(uint8_t*)0x200071e5 = 9; *(uint8_t*)0x200071e6 = 5; *(uint8_t*)0x200071e7 = 0; *(uint8_t*)0x200071e8 = 0x10; *(uint16_t*)0x200071e9 = 0; *(uint8_t*)0x200071eb = 0x40; *(uint8_t*)0x200071ec = 7; *(uint8_t*)0x200071ed = 0x22; *(uint8_t*)0x200071ee = 0xfc; *(uint8_t*)0x200071ef = 0x11; memcpy((void*)0x200071f0, "\xfb\xb0\xdd\xc3\x40\xe0\xee\x54\x66\x41\x5b\xab\xc5\x9d\x3b\xbf\x8a\x56\x91\x09\x35\x1e\x08\x9d\xf0\x59\x09\x4e\x3c\x5a\xef\x87\xf9\xe1\x31\x20\xdc\x04\x3a\x4d\xad\x91\x93\xdb\xea\x34\xae\xff\xbe\x3c\x0d\x94\x5d\x8a\x18\xd6\xc0\x55\xb7\x9c\xe5\x1a\xdb\x09\x82\x0e\xb6\x96\x5d\x78\x22\xf5\x53\xc5\x90\xfb\x93\x5c\xc1\x58\x0e\x2b\x0e\xf0\x39\x29\x0f\x87\xad\x62\xe2\x18\x1d\xd2\xbb\x24\xa7\x78\xed\x74\x23\x3d\x39\xc6\xb0\x15\x66\x72\x3d\x38\x6a\xcd\x2f\xf2\x42\x72\x0d\xa9\x5b\xf5\x44\x94\xdb\x06\x51\x6e\x40\xd1\x92\x76\xbe\x27\xf9\xe0\x78\xc7\x62\x1a\xbe\xc7\x9a\xf9\x0b\x12\xfd\x0d\xbf\x62\x8f\xa9\xf9\xa0\x94\x93\x8f\x29\x7a\x8f\x8c\x63\xff\xe5\x7d\x00\x40\x79\x2e\x86\xe8\xd2\x42\x5b\x2a\x50\xd3\x7c\xc1\xab\x39\x75\x22\x7e\xc4\xcd\x85\xc0\x2d\x73\x4b\x8e\xce\x89\x1b\x27\x49\x62\xc1\x13\x34\x9b\x2b\x06\xf2\xea\x19\x7a\xf2\x34\x72\xe2\xd1\xce\x4d\x93\x0c\xf8\x49\xf7\x7e\x61\x9c\x77\xb2\xe9\xb1\xdb\x97\x7c\x04\x0b\x42\x89\x33\xd8\x06\x6b\x59\x31\x28\x3d\x29\x49\xea\x81\x25\xc4\x65\x37\xa3\xe2", 250); *(uint8_t*)0x200072ea = 7; *(uint8_t*)0x200072eb = 0x25; *(uint8_t*)0x200072ec = 1; *(uint8_t*)0x200072ed = 0x5d; *(uint8_t*)0x200072ee = 7; *(uint16_t*)0x200072ef = 7; *(uint8_t*)0x200072f1 = 9; *(uint8_t*)0x200072f2 = 5; *(uint8_t*)0x200072f3 = 5; *(uint8_t*)0x200072f4 = 0; *(uint16_t*)0x200072f5 = 0x400; *(uint8_t*)0x200072f7 = 5; *(uint8_t*)0x200072f8 = 5; *(uint8_t*)0x200072f9 = 0x1f; *(uint8_t*)0x200072fa = 0xb3; *(uint8_t*)0x200072fb = 0xb; memcpy((void*)0x200072fc, "\x0a\x90\x26\x86\x4d\x79\xf2\x1b\x7a\x15\x0b\x9c\xaf\xf6\xd2\x23\x28\x7b\x8c\xa6\x7d\x8d\x62\xad\x24\x44\xad\x8a\xb2\x40\x35\xf8\x7b\xea\x38\x7a\x1c\x63\x16\xcd\xa6\x1d\x7f\x3d\x15\x2b\x50\x7d\xfe\xa1\x3e\xb6\x95\x48\x67\xd2\x49\xc9\x09\xaa\x46\xa7\x31\x77\x1b\xbc\x9d\xe9\x59\xdd\x60\xac\x85\x76\x69\xab\x68\x0a\xaf\x8c\x6f\x94\xb6\x47\x95\xdc\x7e\xc6\x0d\xa5\x53\x2b\xf5\x8f\x6b\xa5\xb8\xc7\x37\x2f\xf5\xf9\x5b\x31\x08\xe2\x9b\x13\xe6\x70\x9f\x81\x50\x16\xd3\x53\xc6\xde\xdb\xf5\x45\xdf\x03\xd5\x87\x4b\xe7\x15\x51\x3c\x36\xff\xfe\xea\x5b\xc1\xdf\x7b\xef\x3b\xf1\x99\x10\xb0\x15\x92\xc2\x35\xf3\xe8\x17\x74\x90\x84\xa3\x8b\xde\x9e\x19\x6e\x27\x37\xcd\xdd\xc6\xdb\xe1\x43\x13\x67\x9a\x0b\xe3\x21\x14\xa9\x35", 177); *(uint8_t*)0x200073ad = 0xcb; *(uint8_t*)0x200073ae = 9; memcpy((void*)0x200073af, "\x0e\x30\xd9\x67\xc4\xc4\x78\x8b\x63\x96\x45\x65\x05\x54\x46\x04\x9b\xb0\x57\xff\xe7\xfa\x48\x41\x37\xed\x94\x0e\xd6\x96\xd3\xdf\x82\x2d\x7f\xda\x84\xe0\x35\xfc\x02\xf2\x79\xaa\x40\x7f\xe5\x17\x92\x45\x64\x73\x44\x0d\xfa\xf2\xf6\xcf\x45\x2e\x0d\x53\x9d\x88\x95\x3e\xfd\xfb\xdb\xea\x71\xa7\xde\xf8\xbd\xc1\x06\xb8\x1f\x32\x5b\x00\xbd\x33\x2a\x3d\xc6\x9c\xba\x43\x29\xc3\x05\xbd\x46\x89\x2b\x30\xd4\x47\xec\xe1\x71\xba\x0b\x4a\x73\xc2\xa0\x8e\x64\x30\xa8\xed\xb6\xcf\xb5\xfb\x7a\xb5\xbc\xe3\x4b\xa2\x38\x5f\xc7\xab\x6a\x5d\x60\x2c\x69\x91\x92\xd9\xa9\x67\xdc\xf2\x55\xd2\xbd\x64\x53\xff\x27\xb3\xe4\x97\x8a\x81\x69\xf8\xf8\xd9\xe1\xd7\x42\xde\xa5\x53\x6e\xe6\xb5\xb8\x41\x1f\x4a\x7e\xea\xf5\x95\x9b\xba\xd4\xa2\x03\xde\x44\xcc\x50\xc1\x5d\x54\xac\x51\x0a\xfe\x7c\x69\xe7\x9f\x40\x14\x36\xdb\xc3\x65\x11\x4c", 201); *(uint8_t*)0x20007478 = 9; *(uint8_t*)0x20007479 = 5; *(uint8_t*)0x2000747a = 0xb; *(uint8_t*)0x2000747b = 0x16; *(uint16_t*)0x2000747c = 8; *(uint8_t*)0x2000747e = 5; *(uint8_t*)0x2000747f = 0; *(uint8_t*)0x20007480 = 3; *(uint8_t*)0x20007481 = 0x5f; *(uint8_t*)0x20007482 = 0xc; memcpy((void*)0x20007483, "\x7a\x83\xaa\x84\x2e\x67\xfc\x4a\x39\x31\x27\x22\xb0\x63\xb2\x9e\xd9\xd2\x08\x58\x58\x08\xb5\xdd\x26\xd2\xc9\x04\x3a\xc3\x04\xdc\x29\x86\x86\xd0\xcd\x8a\x9d\x62\x3e\x67\x8b\x98\x41\x0d\x54\xa5\xab\x43\xa7\x09\xa1\x62\x6f\x4d\x80\x47\x33\x5b\xa6\x2f\x79\x54\x59\x99\x0e\x70\x14\xec\xdc\x10\x49\x38\x63\x80\x36\x6f\x56\xe3\xd1\x0a\xf4\x24\xe1\xef\x08\x7b\x70\x70\xab\xb8\x93", 93); *(uint8_t*)0x200074e0 = 7; *(uint8_t*)0x200074e1 = 0x25; *(uint8_t*)0x200074e2 = 1; *(uint8_t*)0x200074e3 = 3; *(uint8_t*)0x200074e4 = 7; *(uint16_t*)0x200074e5 = 0x401; *(uint8_t*)0x200074e7 = 9; *(uint8_t*)0x200074e8 = 4; *(uint8_t*)0x200074e9 = 0x9d; *(uint8_t*)0x200074ea = 0xba; *(uint8_t*)0x200074eb = 1; *(uint8_t*)0x200074ec = -1; *(uint8_t*)0x200074ed = 2; *(uint8_t*)0x200074ee = 0x73; *(uint8_t*)0x200074ef = 0x7f; *(uint8_t*)0x200074f0 = 5; *(uint8_t*)0x200074f1 = 0x24; *(uint8_t*)0x200074f2 = 6; *(uint8_t*)0x200074f3 = 0; *(uint8_t*)0x200074f4 = 1; *(uint8_t*)0x200074f5 = 5; *(uint8_t*)0x200074f6 = 0x24; *(uint8_t*)0x200074f7 = 0; *(uint16_t*)0x200074f8 = 0xff80; *(uint8_t*)0x200074fa = 0xd; *(uint8_t*)0x200074fb = 0x24; *(uint8_t*)0x200074fc = 0xf; *(uint8_t*)0x200074fd = 1; *(uint32_t*)0x200074fe = 4; *(uint16_t*)0x20007502 = 0x3f; *(uint16_t*)0x20007504 = 0xa0; *(uint8_t*)0x20007506 = 0x81; *(uint8_t*)0x20007507 = 6; *(uint8_t*)0x20007508 = 0x24; *(uint8_t*)0x20007509 = 0x1a; *(uint16_t*)0x2000750a = 0x5118; *(uint8_t*)0x2000750c = 0x30; *(uint8_t*)0x2000750d = 0x15; *(uint8_t*)0x2000750e = 0x24; *(uint8_t*)0x2000750f = 0x12; *(uint16_t*)0x20007510 = 0x200; *(uint64_t*)0x20007512 = 0x14f5e048ba817a3; *(uint64_t*)0x2000751a = 0x2a397ecbffc007a6; *(uint8_t*)0x20007522 = 0xc; *(uint8_t*)0x20007523 = 0x24; *(uint8_t*)0x20007524 = 0x1b; *(uint16_t*)0x20007525 = 0x605; *(uint16_t*)0x20007527 = 0x3ff; *(uint8_t*)0x20007529 = 0x81; *(uint8_t*)0x2000752a = 4; *(uint16_t*)0x2000752b = 0xfffb; *(uint8_t*)0x2000752d = 2; *(uint8_t*)0x2000752e = 0x15; *(uint8_t*)0x2000752f = 0x24; *(uint8_t*)0x20007530 = 0x12; *(uint16_t*)0x20007531 = 0xb9; *(uint64_t*)0x20007533 = 0x14f5e048ba817a3; *(uint64_t*)0x2000753b = 0x2a397ecbffc007a6; *(uint8_t*)0x20007543 = 0xc; *(uint8_t*)0x20007544 = 0x24; *(uint8_t*)0x20007545 = 0x1b; *(uint16_t*)0x20007546 = 0x6e5; *(uint16_t*)0x20007548 = 0x200; *(uint8_t*)0x2000754a = 4; *(uint8_t*)0x2000754b = 0x6e; *(uint16_t*)0x2000754c = 0xce; *(uint8_t*)0x2000754e = 6; *(uint8_t*)0x2000754f = 0xc; *(uint8_t*)0x20007550 = 0x24; *(uint8_t*)0x20007551 = 0x1b; *(uint16_t*)0x20007552 = 0; *(uint16_t*)0x20007554 = 1; *(uint8_t*)0x20007556 = 2; *(uint8_t*)0x20007557 = 0x80; *(uint16_t*)0x20007558 = 6; *(uint8_t*)0x2000755a = 6; *(uint8_t*)0x2000755b = 9; *(uint8_t*)0x2000755c = 5; *(uint8_t*)0x2000755d = 3; *(uint8_t*)0x2000755e = 8; *(uint16_t*)0x2000755f = 0x10; *(uint8_t*)0x20007561 = 8; *(uint8_t*)0x20007562 = 1; *(uint8_t*)0x20007563 = 0x1f; *(uint8_t*)0x20007564 = 0xad; *(uint8_t*)0x20007565 = 2; memcpy((void*)0x20007566, "\xb0\x44\x85\x4e\xe1\x75\xc5\xf2\xbc\x2f\x67\x07\x5f\xf4\xfa\x04\x9f\x4d\xba\x9c\x23\x4b\xe8\xd4\x0e\x89\x5e\x8a\x2a\x79\x19\xb4\x8c\xc6\xc3\x04\x19\x01\x15\xe9\x93\x3e\xb1\xc9\x82\x42\x8c\x3a\x0d\x53\x36\x9e\xf7\x70\x92\xd6\x08\x1a\xa2\xbd\xf5\x46\x3d\xeb\x38\x45\x7f\x1d\x67\x44\xbb\x73\x4f\x03\xeb\xdf\x50\x76\x6b\x49\x53\x5c\x5e\xd1\xb3\x4b\x2e\x12\x85\x7c\x87\xbd\x89\xef\x45\x2a\x92\xeb\x07\x20\xb3\x9c\x06\xbc\x73\x67\xeb\x39\xfc\x6a\x1a\xf3\x7a\x88\x8f\xe0\x71\x01\x14\xe8\x78\x8d\xe4\xc8\x08\xbf\xd1\x19\x32\x6c\x6d\x2c\xf4\x94\x4b\x3a\x56\x89\xd0\x35\x93\x43\x6a\xa1\x07\x7e\xff\x8d\x2c\x94\xbd\x5d\xae\xbc\x9d\x86\xe5\xbb\xef\x65\x64\x04\x38\xb8\xc4\xfa\x73\xd8\x5c\xc7\xb2", 171); *(uint32_t*)0x20007840 = 0xa; *(uint32_t*)0x20007844 = 0x20007640; *(uint8_t*)0x20007640 = 0xa; *(uint8_t*)0x20007641 = 6; *(uint16_t*)0x20007642 = 0x110; *(uint8_t*)0x20007644 = 0x80; *(uint8_t*)0x20007645 = 9; *(uint8_t*)0x20007646 = 1; *(uint8_t*)0x20007647 = 0x10; *(uint8_t*)0x20007648 = 4; *(uint8_t*)0x20007649 = 0; *(uint32_t*)0x20007848 = 0x64; *(uint32_t*)0x2000784c = 0x20007680; *(uint8_t*)0x20007680 = 5; *(uint8_t*)0x20007681 = 0xf; *(uint16_t*)0x20007682 = 0x64; *(uint8_t*)0x20007684 = 6; *(uint8_t*)0x20007685 = 0x14; *(uint8_t*)0x20007686 = 0x10; *(uint8_t*)0x20007687 = 0xa; *(uint8_t*)0x20007688 = 0; STORE_BY_BITMASK(uint32_t, , 0x20007689, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20007689, 0, 5, 27); *(uint16_t*)0x2000768d = 0xf00; *(uint16_t*)0x2000768f = 4; *(uint32_t*)0x20007691 = 0xff0000; *(uint32_t*)0x20007695 = 0xc0; *(uint8_t*)0x20007699 = 0xa; *(uint8_t*)0x2000769a = 0x10; *(uint8_t*)0x2000769b = 3; *(uint8_t*)0x2000769c = 0; *(uint16_t*)0x2000769d = 1; *(uint8_t*)0x2000769f = 0; *(uint8_t*)0x200076a0 = 0x1f; *(uint16_t*)0x200076a1 = 9; *(uint8_t*)0x200076a3 = 0x20; *(uint8_t*)0x200076a4 = 0x10; *(uint8_t*)0x200076a5 = 0xa; *(uint8_t*)0x200076a6 = 0x81; STORE_BY_BITMASK(uint32_t, , 0x200076a7, 5, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x200076a7, 7, 5, 27); *(uint16_t*)0x200076ab = 0; *(uint16_t*)0x200076ad = 0x80; *(uint32_t*)0x200076af = 0; *(uint32_t*)0x200076b3 = 0x3f00; *(uint32_t*)0x200076b7 = 0; *(uint32_t*)0x200076bb = 0xc000; *(uint32_t*)0x200076bf = 0xffc0; *(uint8_t*)0x200076c3 = 3; *(uint8_t*)0x200076c4 = 0x10; *(uint8_t*)0x200076c5 = 0xb; *(uint8_t*)0x200076c6 = 0xa; *(uint8_t*)0x200076c7 = 0x10; *(uint8_t*)0x200076c8 = 3; *(uint8_t*)0x200076c9 = 2; *(uint16_t*)0x200076ca = 0xa; *(uint8_t*)0x200076cc = 0x80; *(uint8_t*)0x200076cd = 1; *(uint16_t*)0x200076ce = 0xf07a; *(uint8_t*)0x200076d0 = 0x14; *(uint8_t*)0x200076d1 = 0x10; *(uint8_t*)0x200076d2 = 4; *(uint8_t*)0x200076d3 = 1; memcpy((void*)0x200076d4, "\x16\xfa\x0c\xbc\xaf\x6e\x45\xfe\xf8\x91\x0f\xb5\x97\xfe\xa0\xeb", 16); *(uint32_t*)0x20007850 = 3; *(uint32_t*)0x20007854 = 0x9e; *(uint32_t*)0x20007858 = 0x20007700; *(uint8_t*)0x20007700 = 0x9e; *(uint8_t*)0x20007701 = 3; memcpy((void*)0x20007702, "\x34\x30\x1c\x3d\x32\xd7\xde\xf4\x67\x07\xec\x19\xf9\xc0\x6b\xbe\xea\x89\x88\x49\xd5\x69\x18\xf2\xd0\xf1\x0b\x7b\x72\x8f\x8d\x23\x2d\xe4\xe1\x22\x3c\xe4\x2f\x7d\x08\x67\x83\xba\x31\x0b\xaa\x68\xa2\x2d\x8a\xcf\xba\x4d\x52\x37\x5a\x16\xda\xca\xc7\x76\x1a\x3c\x95\x20\x92\x9d\x62\x39\xc1\x59\xe1\xda\x18\xcf\xc7\x80\xe3\xba\xe0\xa1\xe4\x74\x40\xbb\x15\xf6\xb6\x2f\x2b\x0e\xd3\x1f\x5c\xf2\x20\x7d\x40\x6b\xf7\x1d\xd3\x0a\x08\x9d\xbd\x71\x99\xbb\xb2\x1b\xfe\xbc\x4e\x35\x5e\xb5\x68\x02\xd9\x54\x25\x1c\xa9\x27\xdd\x11\x05\x1e\x83\xad\x0b\xf0\x91\x42\xb2\x53\x2b\xe8\xb2\x94\x46\x4a\x27\xa0\x75\xc4\xcc\xca\xe1\x91\xca\x85\x10\x49", 156); *(uint32_t*)0x2000785c = 0x15; *(uint32_t*)0x20007860 = 0x200077c0; *(uint8_t*)0x200077c0 = 0x15; *(uint8_t*)0x200077c1 = 3; memcpy((void*)0x200077c2, "\xee\xb2\x63\xc0\x0c\xe5\x8f\x49\x0a\x96\x56\x1b\x62\x60\x8f\xa1\x65\x52\x05", 19); *(uint32_t*)0x20007864 = 4; *(uint32_t*)0x20007868 = 0x20007800; *(uint8_t*)0x20007800 = 4; *(uint8_t*)0x20007801 = 3; *(uint16_t*)0x20007802 = 0x3416; res = -1; res = syz_usb_connect(4, 0xe11, 0x20006800, 0x20007840); if (res != -1) r[21] = res; break; case 44: *(uint8_t*)0x20007880 = 0x12; *(uint8_t*)0x20007881 = 1; *(uint16_t*)0x20007882 = 0x200; *(uint8_t*)0x20007884 = -1; *(uint8_t*)0x20007885 = -1; *(uint8_t*)0x20007886 = -1; *(uint8_t*)0x20007887 = 0x40; *(uint16_t*)0x20007888 = 0xcf3; *(uint16_t*)0x2000788a = 0x9271; *(uint16_t*)0x2000788c = 0x108; *(uint8_t*)0x2000788e = 1; *(uint8_t*)0x2000788f = 2; *(uint8_t*)0x20007890 = 3; *(uint8_t*)0x20007891 = 1; *(uint8_t*)0x20007892 = 9; *(uint8_t*)0x20007893 = 2; *(uint16_t*)0x20007894 = 0x48; *(uint8_t*)0x20007896 = 1; *(uint8_t*)0x20007897 = 1; *(uint8_t*)0x20007898 = 0; *(uint8_t*)0x20007899 = 0x80; *(uint8_t*)0x2000789a = 0xfa; *(uint8_t*)0x2000789b = 9; *(uint8_t*)0x2000789c = 4; *(uint8_t*)0x2000789d = 0; *(uint8_t*)0x2000789e = 0; *(uint8_t*)0x2000789f = 6; *(uint8_t*)0x200078a0 = -1; *(uint8_t*)0x200078a1 = 0; *(uint8_t*)0x200078a2 = 0; *(uint8_t*)0x200078a3 = 0; *(uint8_t*)0x200078a4 = 9; *(uint8_t*)0x200078a5 = 5; *(uint8_t*)0x200078a6 = 1; *(uint8_t*)0x200078a7 = 2; *(uint16_t*)0x200078a8 = 0x200; *(uint8_t*)0x200078aa = 0; *(uint8_t*)0x200078ab = 0; *(uint8_t*)0x200078ac = 0; *(uint8_t*)0x200078ad = 9; *(uint8_t*)0x200078ae = 5; *(uint8_t*)0x200078af = 0x82; *(uint8_t*)0x200078b0 = 2; *(uint16_t*)0x200078b1 = 0x200; *(uint8_t*)0x200078b3 = 0; *(uint8_t*)0x200078b4 = 0; *(uint8_t*)0x200078b5 = 0; *(uint8_t*)0x200078b6 = 9; *(uint8_t*)0x200078b7 = 5; *(uint8_t*)0x200078b8 = 0x83; *(uint8_t*)0x200078b9 = 3; *(uint16_t*)0x200078ba = 0x40; *(uint8_t*)0x200078bc = 1; *(uint8_t*)0x200078bd = 0; *(uint8_t*)0x200078be = 0; *(uint8_t*)0x200078bf = 9; *(uint8_t*)0x200078c0 = 5; *(uint8_t*)0x200078c1 = 4; *(uint8_t*)0x200078c2 = 3; *(uint16_t*)0x200078c3 = 0x40; *(uint8_t*)0x200078c5 = 1; *(uint8_t*)0x200078c6 = 0; *(uint8_t*)0x200078c7 = 0; *(uint8_t*)0x200078c8 = 9; *(uint8_t*)0x200078c9 = 5; *(uint8_t*)0x200078ca = 5; *(uint8_t*)0x200078cb = 2; *(uint16_t*)0x200078cc = 0x200; *(uint8_t*)0x200078ce = 0; *(uint8_t*)0x200078cf = 0; *(uint8_t*)0x200078d0 = 0; *(uint8_t*)0x200078d1 = 9; *(uint8_t*)0x200078d2 = 5; *(uint8_t*)0x200078d3 = 6; *(uint8_t*)0x200078d4 = 2; *(uint16_t*)0x200078d5 = 0x200; *(uint8_t*)0x200078d7 = 0; *(uint8_t*)0x200078d8 = 0; *(uint8_t*)0x200078d9 = 0; res = -1; res = syz_usb_connect_ath9k(3, 0x5a, 0x20007880, 0); if (res != -1) r[22] = res; break; case 45: *(uint32_t*)0x20007b00 = 0x18; *(uint32_t*)0x20007b04 = 0x20007900; *(uint8_t*)0x20007900 = 0x20; *(uint8_t*)0x20007901 = 0x21; *(uint32_t*)0x20007902 = 0x9a; *(uint8_t*)0x20007906 = 0x9a; *(uint8_t*)0x20007907 = 5; memcpy((void*)0x20007908, "\x0a\x16\x8b\x3c\x55\x88\x8f\x31\xc9\x26\xba\x29\x32\xa9\xd1\x37\xd8\xb1\x9a\xc2\x17\xf0\xd2\x22\xe0\x93\x82\x4f\x4b\x30\xec\x9e\x71\xc2\x63\x4e\xe0\xfb\x8f\xc2\x24\xad\xde\xfd\xba\x18\xc2\x2f\x1b\x78\xc6\xb4\x65\x11\x4b\xd2\x24\xc2\xaf\x0a\x37\x95\x37\xea\xe8\x7e\x76\xeb\xd9\x1d\x16\x06\x3f\x2e\xcc\xaf\xd3\x00\x90\x93\x6a\xfa\x29\xeb\xaa\xcd\x35\x08\x2c\xa5\xb7\xa2\xb7\x21\x5d\x54\xc7\x25\x55\x36\xc7\x7b\xd8\xdf\xb3\x4b\xf4\x0e\xc7\x57\x50\x83\x54\x8d\x95\xc5\x67\x77\x3c\xba\xc1\x87\xae\xaa\xf9\x8a\xfe\x5f\x50\x6e\x96\x09\x48\xb7\x5e\x62\xe2\x6a\x16\x57\x25\x84\x1b\x5b\x0c\x64\x36\x4a\x8f\x09\x09\x80", 152); *(uint32_t*)0x20007b08 = 0x200079c0; *(uint8_t*)0x200079c0 = 0; *(uint8_t*)0x200079c1 = 3; *(uint32_t*)0x200079c2 = 0x6e; *(uint8_t*)0x200079c6 = 0x6e; *(uint8_t*)0x200079c7 = 3; memcpy((void*)0x200079c8, "\xb5\xd2\x6a\xf6\x3c\x75\x39\x26\x99\xac\x83\xeb\x6a\xfa\x75\xb9\x21\xd7\x7e\x3f\xcf\x43\xef\x5e\x91\x9d\xf9\xbd\xca\x82\x84\x0c\xaf\x4c\xdf\x52\xbb\x7a\x8a\x23\x93\xa8\xb1\xa2\xa1\xb1\x7f\xc9\xfa\x42\x01\x35\x69\xea\xee\xac\xe8\xc9\x77\xcc\xd3\x08\xe3\x02\x6e\xc1\x28\x87\xb9\xb8\x82\xe4\x06\x8a\xdf\xe6\x9e\x7d\x2e\x10\x48\xa4\x52\x7a\xc6\xea\xb1\x62\xbc\x67\x00\x76\x48\xca\x3d\x0f\x3d\x8c\xeb\x3a\xe6\xff\x58\x09\x38\x04\x65\x4f", 108); *(uint32_t*)0x20007b0c = 0x20007a40; *(uint8_t*)0x20007a40 = 0; *(uint8_t*)0x20007a41 = 0xf; *(uint32_t*)0x20007a42 = 5; *(uint8_t*)0x20007a46 = 5; *(uint8_t*)0x20007a47 = 0xf; *(uint16_t*)0x20007a48 = 5; *(uint8_t*)0x20007a4a = 0; *(uint32_t*)0x20007b10 = 0x20007a80; *(uint8_t*)0x20007a80 = 0x20; *(uint8_t*)0x20007a81 = 0x29; *(uint32_t*)0x20007a82 = 0xf; *(uint8_t*)0x20007a86 = 0xf; *(uint8_t*)0x20007a87 = 0x29; *(uint8_t*)0x20007a88 = 0x80; *(uint16_t*)0x20007a89 = 4; *(uint8_t*)0x20007a8b = 8; *(uint8_t*)0x20007a8c = 2; memcpy((void*)0x20007a8d, "\x01\x8a\x11\xac", 4); memcpy((void*)0x20007a91, "\x98\x3b\x66\xd4", 4); *(uint32_t*)0x20007b14 = 0x20007ac0; *(uint8_t*)0x20007ac0 = 0x20; *(uint8_t*)0x20007ac1 = 0x2a; *(uint32_t*)0x20007ac2 = 0xc; *(uint8_t*)0x20007ac6 = 0xc; *(uint8_t*)0x20007ac7 = 0x2a; *(uint8_t*)0x20007ac8 = 3; *(uint16_t*)0x20007ac9 = 0x10; *(uint8_t*)0x20007acb = 0x20; *(uint8_t*)0x20007acc = 0x1f; *(uint8_t*)0x20007acd = 0x81; *(uint16_t*)0x20007ace = 8; *(uint16_t*)0x20007ad0 = 0; *(uint32_t*)0x20007f40 = 0x44; *(uint32_t*)0x20007f44 = 0x20007b40; *(uint8_t*)0x20007b40 = 0x20; *(uint8_t*)0x20007b41 = 9; *(uint32_t*)0x20007b42 = 0x10; memcpy((void*)0x20007b46, "\xce\xc6\x41\xd8\x1e\x53\xb2\xba\x4e\x01\xec\x10\x75\x8c\x40\xaa", 16); *(uint32_t*)0x20007f48 = 0x20007b80; *(uint8_t*)0x20007b80 = 0; *(uint8_t*)0x20007b81 = 0xa; *(uint32_t*)0x20007b82 = 1; *(uint8_t*)0x20007b86 = 8; *(uint32_t*)0x20007f4c = 0x20007bc0; *(uint8_t*)0x20007bc0 = 0; *(uint8_t*)0x20007bc1 = 8; *(uint32_t*)0x20007bc2 = 1; *(uint8_t*)0x20007bc6 = 0x1f; *(uint32_t*)0x20007f50 = 0x20007c00; *(uint8_t*)0x20007c00 = 0x20; *(uint8_t*)0x20007c01 = 0; *(uint32_t*)0x20007c02 = 4; *(uint16_t*)0x20007c06 = 1; *(uint16_t*)0x20007c08 = 2; *(uint32_t*)0x20007f54 = 0x20007c40; *(uint8_t*)0x20007c40 = 0x20; *(uint8_t*)0x20007c41 = 0; *(uint32_t*)0x20007c42 = 4; *(uint16_t*)0x20007c46 = 0x200; *(uint16_t*)0x20007c48 = 0x40; *(uint32_t*)0x20007f58 = 0x20007c80; *(uint8_t*)0x20007c80 = 0x40; *(uint8_t*)0x20007c81 = 7; *(uint32_t*)0x20007c82 = 2; *(uint16_t*)0x20007c86 = 9; *(uint32_t*)0x20007f5c = 0x20007cc0; *(uint8_t*)0x20007cc0 = 0x40; *(uint8_t*)0x20007cc1 = 9; *(uint32_t*)0x20007cc2 = 1; *(uint8_t*)0x20007cc6 = 0x12; *(uint32_t*)0x20007f60 = 0x20007d00; *(uint8_t*)0x20007d00 = 0x40; *(uint8_t*)0x20007d01 = 0xb; *(uint32_t*)0x20007d02 = 2; memcpy((void*)0x20007d06, "\xd8\x47", 2); *(uint32_t*)0x20007f64 = 0x20007d40; *(uint8_t*)0x20007d40 = 0x40; *(uint8_t*)0x20007d41 = 0xf; *(uint32_t*)0x20007d42 = 2; *(uint16_t*)0x20007d46 = 0x676; *(uint32_t*)0x20007f68 = 0x20007d80; *(uint8_t*)0x20007d80 = 0x40; *(uint8_t*)0x20007d81 = 0x13; *(uint32_t*)0x20007d82 = 6; *(uint8_t*)0x20007d86 = 0xaa; *(uint8_t*)0x20007d87 = 0xaa; *(uint8_t*)0x20007d88 = 0xaa; *(uint8_t*)0x20007d89 = 0xaa; *(uint8_t*)0x20007d8a = 0xaa; *(uint8_t*)0x20007d8b = 0xbb; *(uint32_t*)0x20007f6c = 0x20007dc0; *(uint8_t*)0x20007dc0 = 0x40; *(uint8_t*)0x20007dc1 = 0x17; *(uint32_t*)0x20007dc2 = 6; *(uint8_t*)0x20007dc6 = 1; *(uint8_t*)0x20007dc7 = 0x80; *(uint8_t*)0x20007dc8 = 0xc2; *(uint8_t*)0x20007dc9 = 0; *(uint8_t*)0x20007dca = 0; *(uint8_t*)0x20007dcb = 0; *(uint32_t*)0x20007f70 = 0x20007e00; *(uint8_t*)0x20007e00 = 0x40; *(uint8_t*)0x20007e01 = 0x19; *(uint32_t*)0x20007e02 = 2; memcpy((void*)0x20007e06, "aB", 2); *(uint32_t*)0x20007f74 = 0x20007e40; *(uint8_t*)0x20007e40 = 0x40; *(uint8_t*)0x20007e41 = 0x1a; *(uint32_t*)0x20007e42 = 2; *(uint16_t*)0x20007e46 = 4; *(uint32_t*)0x20007f78 = 0x20007e80; *(uint8_t*)0x20007e80 = 0x40; *(uint8_t*)0x20007e81 = 0x1c; *(uint32_t*)0x20007e82 = 1; *(uint8_t*)0x20007e86 = 0x70; *(uint32_t*)0x20007f7c = 0x20007ec0; *(uint8_t*)0x20007ec0 = 0x40; *(uint8_t*)0x20007ec1 = 0x1e; *(uint32_t*)0x20007ec2 = 1; *(uint8_t*)0x20007ec6 = 9; *(uint32_t*)0x20007f80 = 0x20007f00; *(uint8_t*)0x20007f00 = 0x40; *(uint8_t*)0x20007f01 = 0x21; *(uint32_t*)0x20007f02 = 1; *(uint8_t*)0x20007f06 = 0; syz_usb_control_io(r[22], 0x20007b00, 0x20007f40); break; case 46: syz_usb_disconnect(r[21]); break; case 47: syz_usb_ep_read(r[21], 0x20, 0x53, 0x20007fc0); break; case 48: *(uint8_t*)0x20008040 = 0x12; *(uint8_t*)0x20008041 = 1; *(uint16_t*)0x20008042 = 0x250; *(uint8_t*)0x20008044 = 0; *(uint8_t*)0x20008045 = 0; *(uint8_t*)0x20008046 = 0; *(uint8_t*)0x20008047 = 8; *(uint16_t*)0x20008048 = 0x1130; *(uint16_t*)0x2000804a = 0x3101; *(uint16_t*)0x2000804c = 0x40; *(uint8_t*)0x2000804e = 1; *(uint8_t*)0x2000804f = 2; *(uint8_t*)0x20008050 = 3; *(uint8_t*)0x20008051 = 1; *(uint8_t*)0x20008052 = 9; *(uint8_t*)0x20008053 = 2; *(uint16_t*)0x20008054 = 0x2d; *(uint8_t*)0x20008056 = 1; *(uint8_t*)0x20008057 = 1; *(uint8_t*)0x20008058 = 1; *(uint8_t*)0x20008059 = 0; *(uint8_t*)0x2000805a = 0x20; *(uint8_t*)0x2000805b = 9; *(uint8_t*)0x2000805c = 4; *(uint8_t*)0x2000805d = 0; *(uint8_t*)0x2000805e = 8; *(uint8_t*)0x2000805f = 1; *(uint8_t*)0x20008060 = 3; *(uint8_t*)0x20008061 = 1; *(uint8_t*)0x20008062 = 2; *(uint8_t*)0x20008063 = 1; *(uint8_t*)0x20008064 = 9; *(uint8_t*)0x20008065 = 0x21; *(uint16_t*)0x20008066 = 0x3ff; *(uint8_t*)0x20008068 = 2; *(uint8_t*)0x20008069 = 1; *(uint8_t*)0x2000806a = 0x22; *(uint16_t*)0x2000806b = 0xc2c; *(uint8_t*)0x2000806d = 9; *(uint8_t*)0x2000806e = 5; *(uint8_t*)0x2000806f = 0x81; *(uint8_t*)0x20008070 = 3; *(uint16_t*)0x20008071 = 0x200; *(uint8_t*)0x20008073 = 4; *(uint8_t*)0x20008074 = 0; *(uint8_t*)0x20008075 = 9; *(uint8_t*)0x20008076 = 9; *(uint8_t*)0x20008077 = 5; *(uint8_t*)0x20008078 = 2; *(uint8_t*)0x20008079 = 3; *(uint16_t*)0x2000807a = 8; *(uint8_t*)0x2000807c = 1; *(uint8_t*)0x2000807d = 0xfa; *(uint8_t*)0x2000807e = 0; *(uint32_t*)0x200084c0 = 0xa; *(uint32_t*)0x200084c4 = 0x20008080; *(uint8_t*)0x20008080 = 0xa; *(uint8_t*)0x20008081 = 6; *(uint16_t*)0x20008082 = 0; *(uint8_t*)0x20008084 = 0x11; *(uint8_t*)0x20008085 = 0xf2; *(uint8_t*)0x20008086 = 0x20; *(uint8_t*)0x20008087 = 0xbf; *(uint8_t*)0x20008088 = 0xe3; *(uint8_t*)0x20008089 = 0; *(uint32_t*)0x200084c8 = 0x35; *(uint32_t*)0x200084cc = 0x200080c0; *(uint8_t*)0x200080c0 = 5; *(uint8_t*)0x200080c1 = 0xf; *(uint16_t*)0x200080c2 = 0x35; *(uint8_t*)0x200080c4 = 5; *(uint8_t*)0x200080c5 = 3; *(uint8_t*)0x200080c6 = 0x10; *(uint8_t*)0x200080c7 = 0xb; *(uint8_t*)0x200080c8 = 0x14; *(uint8_t*)0x200080c9 = 0x10; *(uint8_t*)0x200080ca = 4; *(uint8_t*)0x200080cb = 3; memcpy((void*)0x200080cc, "\x81\xb3\xe8\x31\xd0\x5d\x61\x72\x4e\x7e\xfe\x59\xe3\xeb\x35\xa8", 16); *(uint8_t*)0x200080dc = 3; *(uint8_t*)0x200080dd = 0x10; *(uint8_t*)0x200080de = 0xb; *(uint8_t*)0x200080df = 0xb; *(uint8_t*)0x200080e0 = 0x10; *(uint8_t*)0x200080e1 = 1; *(uint8_t*)0x200080e2 = 4; *(uint16_t*)0x200080e3 = 0x20; *(uint8_t*)0x200080e5 = 9; *(uint8_t*)0x200080e6 = 5; *(uint16_t*)0x200080e7 = 0x232; *(uint8_t*)0x200080e9 = 1; *(uint8_t*)0x200080ea = 0xb; *(uint8_t*)0x200080eb = 0x10; *(uint8_t*)0x200080ec = 1; *(uint8_t*)0x200080ed = 6; *(uint16_t*)0x200080ee = 0x40; *(uint8_t*)0x200080f0 = 0x3f; *(uint8_t*)0x200080f1 = 1; *(uint16_t*)0x200080f2 = 0x1000; *(uint8_t*)0x200080f4 = 0x95; *(uint32_t*)0x200084d0 = 0xa; *(uint32_t*)0x200084d4 = 4; *(uint32_t*)0x200084d8 = 0x20008100; *(uint8_t*)0x20008100 = 4; *(uint8_t*)0x20008101 = 3; *(uint16_t*)0x20008102 = 0x437; *(uint32_t*)0x200084dc = 0x94; *(uint32_t*)0x200084e0 = 0x20008140; *(uint8_t*)0x20008140 = 0x94; *(uint8_t*)0x20008141 = 3; memcpy((void*)0x20008142, "\x0a\x2b\x55\xe2\x4c\x1e\x43\x9b\x99\xc4\xa7\xb6\xb7\x8a\x9e\x11\x99\xaf\x0f\xe5\xc7\x7d\x11\x9c\xaa\x1a\x26\x2a\x23\x23\xee\x85\xd4\x4c\xe5\x3c\xbc\x4f\x5b\xbf\x33\x95\xb8\xfc\x42\x68\x91\xdd\x21\xc2\xf6\x97\x20\xe4\x9d\x0f\xad\xd0\x34\xca\x35\x34\xb4\xf5\x2d\xf6\x84\x0f\x02\x75\x70\x5c\x82\x69\xc7\xe7\xfe\x3b\x1f\xeb\x95\x16\xea\xc7\xe5\x87\xde\x92\xb8\x90\x29\x30\x49\x14\xa6\x7f\x5b\xcc\x9f\x23\xf6\x09\x72\xb1\xc0\x3c\x7e\x6d\xd6\x49\x58\x7e\xc7\x80\xe8\x16\xd8\x65\x78\x1d\x19\xc1\x77\x76\x71\x41\x21\xe8\x7c\x91\x73\xfd\x96\xdb\xf3\xbd\xeb\x4b\x5f\x7e\x01\x2b\xb8\x27\x9f\x38", 146); *(uint32_t*)0x200084e4 = 0x44; *(uint32_t*)0x200084e8 = 0x20008200; *(uint8_t*)0x20008200 = 0x44; *(uint8_t*)0x20008201 = 3; memcpy((void*)0x20008202, "\x13\x5e\xa6\x24\x3a\x34\x97\xb7\xeb\x5c\x6f\x4b\xa0\xc3\x8c\x06\x84\x82\x17\xb0\x74\x3b\x8e\x74\xe6\x24\x95\xdd\xd2\x93\xaa\x49\xf0\xd2\x6f\x1b\x86\xbc\xde\x62\x55\x3a\x7e\x58\x7a\xef\x8c\x1e\xf0\xd8\xc1\x2b\xa3\xde\xc7\x57\x6f\x9e\x3e\x4f\x42\xec\xb1\xa1\x75\xca", 66); *(uint32_t*)0x200084ec = 4; *(uint32_t*)0x200084f0 = 0x20008280; *(uint8_t*)0x20008280 = 4; *(uint8_t*)0x20008281 = 3; *(uint16_t*)0x20008282 = 0x2c0a; *(uint32_t*)0x200084f4 = 4; *(uint32_t*)0x200084f8 = 0x200082c0; *(uint8_t*)0x200082c0 = 4; *(uint8_t*)0x200082c1 = 3; *(uint16_t*)0x200082c2 = 0x44b; *(uint32_t*)0x200084fc = 0x31; *(uint32_t*)0x20008500 = 0x20008300; *(uint8_t*)0x20008300 = 0x31; *(uint8_t*)0x20008301 = 3; memcpy((void*)0x20008302, "\x82\xc7\x02\x29\x05\x30\x20\xa3\x24\xb9\x8d\x14\xd5\x7b\x17\xa9\xb3\x44\x0c\x05\x1f\x56\xe3\xed\xd2\xf4\x96\x7b\xa5\x6e\x07\x5a\xa6\xf9\x88\x06\x3d\xe0\x7f\x08\xad\x93\xea\x70\x9b\xa6\x13", 47); *(uint32_t*)0x20008504 = 4; *(uint32_t*)0x20008508 = 0x20008340; *(uint8_t*)0x20008340 = 4; *(uint8_t*)0x20008341 = 3; *(uint16_t*)0x20008342 = 0x423; *(uint32_t*)0x2000850c = 4; *(uint32_t*)0x20008510 = 0x20008380; *(uint8_t*)0x20008380 = 4; *(uint8_t*)0x20008381 = 3; *(uint16_t*)0x20008382 = 0x430; *(uint32_t*)0x20008514 = 0x2c; *(uint32_t*)0x20008518 = 0x200083c0; *(uint8_t*)0x200083c0 = 0x2c; *(uint8_t*)0x200083c1 = 3; memcpy((void*)0x200083c2, "\xcd\x51\x8b\x3d\x76\xf8\x28\xb8\xd2\xd9\x8e\x57\x99\xa8\x29\x49\x6a\xf1\x48\x34\xd2\x49\xdc\x1c\xca\x0a\x1e\xcc\x5e\x98\x7c\x00\x8e\x50\xa3\xde\x8f\x93\x6a\xbd\x87\x28", 42); *(uint32_t*)0x2000851c = 0xa8; *(uint32_t*)0x20008520 = 0x20008400; *(uint8_t*)0x20008400 = 0xa8; *(uint8_t*)0x20008401 = 3; memcpy((void*)0x20008402, "\x95\x7f\xa0\x06\x47\xda\x8d\xf8\x45\x74\x7d\xea\xd5\x48\x2f\x41\x16\xe0\x44\x3b\xcb\x7b\x30\x3c\x0f\xcf\x35\xfc\xd1\x36\x7d\x8a\xd5\xe0\x69\xd0\xa3\x21\x76\x22\xe4\xdb\xe2\x01\x85\x55\xe1\x50\x6d\xad\xe1\xed\x57\x30\x8b\x80\x51\xad\xe8\x15\xe9\x25\x58\x1f\x82\xd3\xf3\xc5\xfe\x1d\xf8\x07\x02\xd0\x2c\x90\x74\xce\x05\x2e\x54\x2c\xf5\xcb\xc1\x0a\x22\xa0\x97\x65\xcb\x02\xc8\x7c\x14\xaa\x57\xb1\x92\xf9\x78\xea\x1a\x60\x02\xb1\x47\x60\x12\xc8\x8c\x87\x4e\x1b\x1c\xb7\xfc\x70\x93\x53\x16\xd3\x43\x00\xdd\xae\x42\x0a\x78\xe2\xe5\x3e\xb5\x30\x02\xf3\xb0\x3c\x9c\xd2\x75\x4b\x8c\xf0\x2f\x98\x41\xf8\xfb\x0e\x16\x8d\xc4\xe0\x0e\xea\x01\x4b\x30\xfe\x68\xa7\x00\xc6\x5c\x0c", 166); res = -1; res = syz_usb_connect(4, 0x3f, 0x20008040, 0x200084c0); if (res != -1) r[23] = res; break; case 49: memcpy((void*)0x20008540, "\x43\x4d\x22\xb9\x8f\x25\x94\x64\x3d", 9); syz_usb_ep_write(r[23], 9, 9, 0x20008540); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } : In function ‘syz_io_uring_setup’: :248:33: error: ‘__NR_io_uring_setup’ undeclared (first use in this function) :248:33: note: each undeclared identifier is reported only once for each function it appears in compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor592450293 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -static -Wno-overflow] --- FAIL: TestGenerate/linux/386/18 (0.25s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void close_fds() { for (int fd = 3; fd < MAX_FDS; fd++) close(fd); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); close_fds(); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\xec\x2e\x7b\xc7\x2e\xa2\x42\xf6\xab\xc3\x2e\xc7\xa5\x13\xc2\xb3\xb3\xfc\x9f\xa5\xe4\x08\x68\x35\xe4\x7b\x30\xab\x60\x2d\x39\xfb\xfc\xa5\x4a\xd3\x43\x8e\x3d\xa0\x34\x5c\x29\xf8\x74\x76\x99\x04\x7e\x06\xc4\x68\x79\xa9\x4b\xef\x8f\xaa\x1b\x93\xde\xdb\xf8\xaa\xf7\x7e\x11\xda\x64\x96\x1b\x42\x92\xbd\x9e\x5b\xca\xe7\x7d\x1a\x4d\xd0\xa3\x71\x11\x49\x6b\x41\xa7\x91\x1a\x28\x6f\x1e\x80\xc8\x37\x42\x0d\x41\x62\x66\xe0\x5a\xaa\x11\x4d\x03\x1b\x68\xc1\xa7\xc7\x15\x37\x86\x9d\x6a\xd2\xad\x7c\x0d\x7d\x5c\xc8\xcc\x72\xc0\x54\x56\x9e\x15\x3d\x41\xd6\x0d\xd7\x49\xe0\x8e\x9c\x07\xb5\xc6\xf0\xdf\xd1\xe3\x9c\x03\xd7\xc0\xd4\xfa\x67\xe2\x8f\x32\x65\x67\xdf\x09\xbf\xdc\xd2\xff\xe2\x0d\x6b\xe1\x7c\xa0\xae\x00\x15\x57\xbf\xda\xf4\x11\x41\x0b\x45\x19\x74\x69\x6a\x32\xad\x65\x6a\x85\xf5\x01\x1f\xad\x89\x1e\xc4\xdd\x2a\xd2\xfa\x76\xeb\x91\x74\x92\xf6\x63\x50\xca\xaa\xe8\xdb\xb7\x62\xa0\xde\x4f\xfa\x4c\x35\xa6\x5f\x1e\xf5\x38\x8b\xeb\x9d\x30\x31\x3e\xb1\x20\x73\xbf\x69\xc5\x1b\x1e\xf1\x26\x97\x1f\x7b\xf2\x52\x51\xb2\x3c\xcd\x12\xb5\x9e\xa1\xde\x15\xe5\x2b\x90\x5e\x61\x46\x10\x40\x89\xd3\x73\x5a\xd0\x0e\x70\xc8\x8e\xb6\x57\x0a\x21\xdb\xa1\x6d\x05\xc8\xd8\x8a\xab\x82\xb9\x93\x3d\xec\x5b\xf6\xc5\x03\xa1\x4f\x1a\xf3\x33\x0e\x9b\xfd\x8e\x9a\xe7\x45\xf0\x46\x90\x53\xae\x9a\xb6\xe4\x6e\x8d\xda\x7c\x7c\x5c\xcc\xe8\x47\xd2\x8e\xf6\x8a\xd5\xd9\xbe\x21\xf2\x6a\xbf\xd6\x78\xfd\x60\x43\xa0\x72\x76\x8c\x0a\xb2\xf3\x18\x02\xc5\xd2\xee\x54\xa4\x26\x05\x3c\xd7\x74\xf7\xa1\x00\x53\x48\x7b\x56\x75\x02\xa4\x26\x2d\x63\xf0\x6f\xf9\x74\x92\xba\xc2\x70\x3c\xef\x66\x47\xc1\x91\x17\xd5\x84\x42\x84\xca\xe7\x94\x00\xe0\xc3\x67\x0d\x51\x75\xf9\x50\x49\x4c\x23\x30\x66\x13\x86\xf1\x0b\x57\xcb\x4b\x6e\xd2\xaa\x81\x12\x0a\x84\x26\x4f\xc9\x6e\xe2\xbf\x81\xd3\x80\xdc\x1c\x1b\xa7\x0d\xe9\x7a\x7f\xcc\x91\xdc\xcc\x42\xec\x90\xb2\x13\xcc\x3d\xb4\xf0\x88\x87\xdf\x8f\xa8\x0c\xb6\x48\x5a\xe8\x9b\x1a\x7d\x77\xb5\xc3\x9d\xcd\xf6\x2d\x79\x3a\x18\xf2\x9b\x5a\xc7\x35\xc0\x7b\x06\xe8\xf0\x09\x8b\xd9\x47\x40\x28\x49\x69\x52\x85\x91\x71\x35\xd2\xf6\x89\x16\x6b\x42\xcd\x14\x59\x9e\xe9\x17\x72\x56\xe7\xe4\x00\xc4\xed\xf7\x31\x7b\x6b\x30\xca\x6d\x9c\x2b\x7f\x28\x39\xf0\x96\xbd\x67\xd3\x34\x3f\xbe\x6c\xaa\x34\xdb\xd4\xb5\xcd\x33\x94\xb7\x07\xb6\x01\x79\x4b\x53\x11\xb2\xbb\x8e\xa8\xf7\x4e\x59\xfb\x66\x78\xa1\xde\x2e\xd8\xde\x44\x3a\x49\xf5\x31\x82\x99\xaa\x8a\x96\xd3\x4b\xa7\x53\xd7\xa8\xf9\xf9\x42\x95\xa4\xb7\xc4\x21\x9b\x5a\x1e\x11\x24\x6e\xbc\x65\x21\xc8\xe1\x86\xdf\x99\x3b\x9d\xa7\x9f\xa2\x39\x4b\x36\xa4\x53\xb0\xc5\xb5\xcc\xb6\xc2\x72\x93\x38\xac\x8e\x3a\x21\x53\xa4\xa3\x01\x2e\x8c\x43\x78\xfc\xbf\xd5\xe8\xb5\x6b\x04\x25\xcc\x23\x6c\x07\x31\x5c\x75\xba\xf6\x2b\xaf\x3b\x3b\x62\xc4\x13\xed\x9f\x5e\xc6\x6f\xf9\x8b\xbb\xe6\x1f\x2b\xda\x90\x6c\x8b\xde\xe0\xce\xc2\xde\x6d\x6e\x25\xa4\x9c\xef\xdf\xe3\xf3\xed\x53\xb1\x15\x41\x78\x39\x8c\x62\x87\xb8\x15\x8e\x1d\x7f\x81\x87\x68\x93\x8c\xcd\xcf\xad\x45\x8e\xe9\xb3\xa6\xea\x9a\x69\xa7\x86\x9d\x05\x95\x5d\xec\x71\xd8\x29\x09\xaf\x3e\x39\x30\xba\xb9\x8c\xd1\x75\x17\xd6\xbb\x16\x41\xce\xb9", 8192); *(uint32_t*)0x20004f00 = 0x20002200; *(uint32_t*)0x20002200 = 0x50; *(uint32_t*)0x20002204 = 0x48262fad; *(uint64_t*)0x20002208 = 0x1000; *(uint32_t*)0x20002210 = 7; *(uint32_t*)0x20002214 = 0x1f; *(uint32_t*)0x20002218 = 9; *(uint32_t*)0x2000221c = 0x200; *(uint16_t*)0x20002220 = 8; *(uint16_t*)0x20002222 = 0x1ff; *(uint32_t*)0x20002224 = 0xbb; *(uint32_t*)0x20002228 = 0xa; *(uint16_t*)0x2000222c = 0; *(uint16_t*)0x2000222e = 0; *(uint32_t*)0x20002230 = 0; *(uint32_t*)0x20002234 = 0; *(uint32_t*)0x20002238 = 0; *(uint32_t*)0x2000223c = 0; *(uint32_t*)0x20002240 = 0; *(uint32_t*)0x20002244 = 0; *(uint32_t*)0x20002248 = 0; *(uint32_t*)0x2000224c = 0; *(uint32_t*)0x20004f04 = 0x20002280; *(uint32_t*)0x20002280 = 0x18; *(uint32_t*)0x20002284 = 0xfffffff5; *(uint64_t*)0x20002288 = 2; *(uint64_t*)0x20002290 = 1; *(uint32_t*)0x20004f08 = 0x200022c0; *(uint32_t*)0x200022c0 = 0x18; *(uint32_t*)0x200022c4 = 0; *(uint64_t*)0x200022c8 = 4; *(uint64_t*)0x200022d0 = 7; *(uint32_t*)0x20004f0c = 0x20002300; *(uint32_t*)0x20002300 = 0x18; *(uint32_t*)0x20002304 = 0; *(uint64_t*)0x20002308 = 6; *(uint32_t*)0x20002310 = 0xfffffffb; *(uint32_t*)0x20002314 = 0; *(uint32_t*)0x20004f10 = 0x20002340; *(uint32_t*)0x20002340 = 0x18; *(uint32_t*)0x20002344 = 0xfffffffe; *(uint64_t*)0x20002348 = 0x401; *(uint32_t*)0x20002350 = 0x101; *(uint32_t*)0x20002354 = 0; *(uint32_t*)0x20004f14 = 0x200043c0; *(uint32_t*)0x200043c0 = 0x28; *(uint32_t*)0x200043c4 = 0xfffffffe; *(uint64_t*)0x200043c8 = 0xffffffffffff8000; *(uint64_t*)0x200043d0 = 0x1000; *(uint64_t*)0x200043d8 = 4; *(uint32_t*)0x200043e0 = 0; *(uint32_t*)0x200043e4 = r[6]; *(uint32_t*)0x20004f18 = 0x20004400; *(uint32_t*)0x20004400 = 0x60; *(uint32_t*)0x20004404 = 0; *(uint64_t*)0x20004408 = 0x8000; *(uint64_t*)0x20004410 = 0x19; *(uint64_t*)0x20004418 = 0; *(uint64_t*)0x20004420 = 0x4b; *(uint64_t*)0x20004428 = 3; *(uint64_t*)0x20004430 = 1; *(uint32_t*)0x20004438 = -1; *(uint32_t*)0x2000443c = 0x10001; *(uint32_t*)0x20004440 = 0x7fff; *(uint32_t*)0x20004444 = 0; *(uint32_t*)0x20004448 = 0; *(uint32_t*)0x2000444c = 0; *(uint32_t*)0x20004450 = 0; *(uint32_t*)0x20004454 = 0; *(uint32_t*)0x20004458 = 0; *(uint32_t*)0x2000445c = 0; *(uint32_t*)0x20004f1c = 0x20004480; *(uint32_t*)0x20004480 = 0x18; *(uint32_t*)0x20004484 = 0; *(uint64_t*)0x20004488 = 0xfffffffffffffffe; *(uint32_t*)0x20004490 = 1; *(uint32_t*)0x20004494 = 0; *(uint32_t*)0x20004f20 = 0x200044c0; *(uint32_t*)0x200044c0 = 0x2a; *(uint32_t*)0x200044c4 = 0; *(uint64_t*)0x200044c8 = 0; memcpy((void*)0x200044d0, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f24 = 0x20004500; *(uint32_t*)0x20004500 = 0x20; *(uint32_t*)0x20004504 = 0; *(uint64_t*)0x20004508 = 0xffffffff; *(uint64_t*)0x20004510 = 0; *(uint32_t*)0x20004518 = 5; *(uint32_t*)0x2000451c = 0; *(uint32_t*)0x20004f28 = 0x200047c0; *(uint32_t*)0x200047c0 = 0x78; *(uint32_t*)0x200047c4 = 0; *(uint64_t*)0x200047c8 = 0xfff; *(uint64_t*)0x200047d0 = 5; *(uint32_t*)0x200047d8 = 0; *(uint32_t*)0x200047dc = 0; *(uint64_t*)0x200047e0 = 0; *(uint64_t*)0x200047e8 = 0xfffffffffffffffb; *(uint64_t*)0x200047f0 = 5; *(uint64_t*)0x200047f8 = 0xfffffffffffffff9; *(uint64_t*)0x20004800 = 1; *(uint64_t*)0x20004808 = 9; *(uint32_t*)0x20004810 = 8; *(uint32_t*)0x20004814 = 0xff; *(uint32_t*)0x20004818 = 5; *(uint32_t*)0x2000481c = 0xc000; *(uint32_t*)0x20004820 = 0x7cc8; *(uint32_t*)0x20004824 = r[7]; *(uint32_t*)0x20004828 = r[8]; *(uint32_t*)0x2000482c = 0xf4a5; *(uint32_t*)0x20004830 = 9; *(uint32_t*)0x20004834 = 0; *(uint32_t*)0x20004f2c = 0x200048c0; *(uint32_t*)0x200048c0 = 0x90; *(uint32_t*)0x200048c4 = 0; *(uint64_t*)0x200048c8 = 0x100000001; *(uint64_t*)0x200048d0 = 5; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0x80000001; *(uint64_t*)0x200048e8 = 1; *(uint32_t*)0x200048f0 = 7; *(uint32_t*)0x200048f4 = 0x100; *(uint64_t*)0x200048f8 = 0; *(uint64_t*)0x20004900 = 0x3ff; *(uint64_t*)0x20004908 = 7; *(uint64_t*)0x20004910 = 6; *(uint64_t*)0x20004918 = 2; *(uint64_t*)0x20004920 = 0x200; *(uint32_t*)0x20004928 = 0x20; *(uint32_t*)0x2000492c = 6; *(uint32_t*)0x20004930 = 0xe07fd01; *(uint32_t*)0x20004934 = 0xc000; *(uint32_t*)0x20004938 = 9; *(uint32_t*)0x2000493c = r[9]; *(uint32_t*)0x20004940 = r[10]; *(uint32_t*)0x20004944 = 8; *(uint32_t*)0x20004948 = 1; *(uint32_t*)0x2000494c = 0; *(uint32_t*)0x20004f30 = 0x20004980; *(uint32_t*)0x20004980 = 0xa8; *(uint32_t*)0x20004984 = 0; *(uint64_t*)0x20004988 = 1; *(uint64_t*)0x20004990 = 0; *(uint64_t*)0x20004998 = 4; *(uint32_t*)0x200049a0 = 0x1a; *(uint32_t*)0x200049a4 = 0x3ff; memcpy((void*)0x200049a8, "bpf_lsm_post_notification\000", 26); *(uint64_t*)0x200049c8 = 2; *(uint64_t*)0x200049d0 = 0x80000000; *(uint32_t*)0x200049d8 = 4; *(uint32_t*)0x200049dc = 2; memcpy((void*)0x200049e0, "#(\\!", 4); *(uint64_t*)0x200049e8 = 2; *(uint64_t*)0x200049f0 = 0x80000001; *(uint32_t*)0x200049f8 = 1; *(uint32_t*)0x200049fc = 0x1ff; memcpy((void*)0x20004a00, "%", 1); *(uint64_t*)0x20004a08 = 2; *(uint64_t*)0x20004a10 = 0xff; *(uint32_t*)0x20004a18 = 1; *(uint32_t*)0x20004a1c = 0x8001; memcpy((void*)0x20004a20, "&", 1); *(uint32_t*)0x20004f34 = 0x20004bc0; *(uint32_t*)0x20004bc0 = 0xc8; *(uint32_t*)0x20004bc4 = 0; *(uint64_t*)0x20004bc8 = 0; *(uint64_t*)0x20004bd0 = 4; *(uint64_t*)0x20004bd8 = 3; *(uint64_t*)0x20004be0 = 9; *(uint64_t*)0x20004be8 = 4; *(uint32_t*)0x20004bf0 = 8; *(uint32_t*)0x20004bf4 = 5; *(uint64_t*)0x20004bf8 = 3; *(uint64_t*)0x20004c00 = 0x800; *(uint64_t*)0x20004c08 = 1; *(uint64_t*)0x20004c10 = 0x10001; *(uint64_t*)0x20004c18 = 8; *(uint64_t*)0x20004c20 = 1; *(uint32_t*)0x20004c28 = 0; *(uint32_t*)0x20004c2c = 0x401; *(uint32_t*)0x20004c30 = 0xfffffff7; *(uint32_t*)0x20004c34 = 0x6000; *(uint32_t*)0x20004c38 = 0x10001; *(uint32_t*)0x20004c3c = r[11]; *(uint32_t*)0x20004c40 = r[12]; *(uint32_t*)0x20004c44 = 6; *(uint32_t*)0x20004c48 = 0xf8; *(uint32_t*)0x20004c4c = 0; *(uint64_t*)0x20004c50 = 3; *(uint64_t*)0x20004c58 = 2; *(uint32_t*)0x20004c60 = 0x1a; *(uint32_t*)0x20004c64 = 9; memcpy((void*)0x20004c68, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f38 = 0x20004e00; *(uint32_t*)0x20004e00 = 0xa0; *(uint32_t*)0x20004e04 = 0xfffffffe; *(uint64_t*)0x20004e08 = 9; *(uint64_t*)0x20004e10 = 4; *(uint64_t*)0x20004e18 = 0; *(uint64_t*)0x20004e20 = 0x3ff; *(uint64_t*)0x20004e28 = 0x80000000; *(uint32_t*)0x20004e30 = 0xfffffffd; *(uint32_t*)0x20004e34 = 8; *(uint64_t*)0x20004e38 = 1; *(uint64_t*)0x20004e40 = 7; *(uint64_t*)0x20004e48 = 0x401; *(uint64_t*)0x20004e50 = 7; *(uint64_t*)0x20004e58 = 0; *(uint64_t*)0x20004e60 = 5; *(uint32_t*)0x20004e68 = 7; *(uint32_t*)0x20004e6c = 6; *(uint32_t*)0x20004e70 = 0x40; *(uint32_t*)0x20004e74 = 0xa000; *(uint32_t*)0x20004e78 = 0x800; *(uint32_t*)0x20004e7c = r[13]; *(uint32_t*)0x20004e80 = r[14]; *(uint32_t*)0x20004e84 = 0x8001; *(uint32_t*)0x20004e88 = 0; *(uint32_t*)0x20004e8c = 0; *(uint64_t*)0x20004e90 = 0; *(uint32_t*)0x20004e98 = 0; *(uint32_t*)0x20004e9c = 0; *(uint32_t*)0x20004f3c = 0x20004ec0; *(uint32_t*)0x20004ec0 = 0x20; *(uint32_t*)0x20004ec4 = 0xfffffffe; *(uint64_t*)0x20004ec8 = 1; *(uint32_t*)0x20004ed0 = 5; *(uint32_t*)0x20004ed4 = 4; *(uint32_t*)0x20004ed8 = 5; *(uint32_t*)0x20004edc = 1; syz_fuse_handle_req(r[5], 0x20000200, 0x2000, 0x20004f00); break; case 26: memcpy((void*)0x20004f40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20004f40); break; case 27: syz_init_net_socket(3, 3, 0xca); break; case 28: res = -1; res = syz_io_uring_complete(0); if (res != -1) r[15] = res; break; case 29: *(uint32_t*)0x20004f84 = 0x2b11; *(uint32_t*)0x20004f88 = 1; *(uint32_t*)0x20004f8c = 1; *(uint32_t*)0x20004f90 = 0x5b; *(uint32_t*)0x20004f98 = r[5]; *(uint32_t*)0x20004f9c = 0; *(uint32_t*)0x20004fa0 = 0; *(uint32_t*)0x20004fa4 = 0; res = syscall(__NR_io_uring_setup, 0x19b4, 0x20004f80); if (res != -1) r[16] = res; break; case 30: *(uint32_t*)0x20005004 = 0x208b; *(uint32_t*)0x20005008 = 4; *(uint32_t*)0x2000500c = 0; *(uint32_t*)0x20005010 = 0x355; *(uint32_t*)0x20005018 = r[16]; *(uint32_t*)0x2000501c = 0; *(uint32_t*)0x20005020 = 0; *(uint32_t*)0x20005024 = 0; syz_io_uring_setup(0xf44, 0x20005000, 0x20ffa000, 0x20ffb000, 0x20005080, 0x200050c0); break; case 31: *(uint32_t*)0x20005104 = 0x7b7; *(uint32_t*)0x20005108 = 2; *(uint32_t*)0x2000510c = 3; *(uint32_t*)0x20005110 = 0x202; *(uint32_t*)0x20005118 = -1; *(uint32_t*)0x2000511c = 0; *(uint32_t*)0x20005120 = 0; *(uint32_t*)0x20005124 = 0; res = -1; res = syz_io_uring_setup(0x22f7, 0x20005100, 0x20ffb000, 0x20ff8000, 0x20005180, 0x200051c0); if (res != -1) r[17] = *(uint64_t*)0x20005180; break; case 32: *(uint8_t*)0x20005240 = 0xb; *(uint8_t*)0x20005241 = 1; *(uint16_t*)0x20005242 = 0; *(uint32_t*)0x20005244 = 0; *(uint64_t*)0x20005248 = 6; *(uint32_t*)0x20005250 = 0x20005200; *(uint32_t*)0x20005200 = 0; *(uint32_t*)0x20005204 = 0x3938700; *(uint32_t*)0x20005254 = 1; *(uint32_t*)0x20005258 = 1; *(uint64_t*)0x2000525c = 1; *(uint16_t*)0x20005264 = 0; *(uint16_t*)0x20005266 = 0; *(uint8_t*)0x20005268 = 0; *(uint8_t*)0x20005269 = 0; *(uint8_t*)0x2000526a = 0; *(uint8_t*)0x2000526b = 0; *(uint8_t*)0x2000526c = 0; *(uint8_t*)0x2000526d = 0; *(uint8_t*)0x2000526e = 0; *(uint8_t*)0x2000526f = 0; *(uint8_t*)0x20005270 = 0; *(uint8_t*)0x20005271 = 0; *(uint8_t*)0x20005272 = 0; *(uint8_t*)0x20005273 = 0; *(uint8_t*)0x20005274 = 0; *(uint8_t*)0x20005275 = 0; *(uint8_t*)0x20005276 = 0; *(uint8_t*)0x20005277 = 0; *(uint8_t*)0x20005278 = 0; *(uint8_t*)0x20005279 = 0; *(uint8_t*)0x2000527a = 0; *(uint8_t*)0x2000527b = 0; syz_io_uring_submit(r[17], 0, 0x20005240, 7); break; case 33: memcpy((void*)0x20005280, "/dev/btrfs-control\000", 19); res = syscall(__NR_openat, 0xffffff9c, 0x20005280, 0x2100, 0); if (res != -1) r[18] = res; break; case 34: *(uint32_t*)0x20005300 = 0; *(uint32_t*)0x20005304 = 0x200052c0; memcpy((void*)0x200052c0, "\x35\xac\x4c\x65\xd5\xd9\x24\x44\x3c\x56\xd3\xcd\xca\xcf\xf7\x45\xb9\xdf\x2c\x8d\x85\x5f\x77\xc7\xe8\xfb\x87\x5f\xc4\xc8\x39\x83\xf4\xec\x40\x4e\x6a\xd2\x10\xd7\x4b\x41\xfc\x04\xcd\x89\xa8\x8b\xc3\xb3", 50); *(uint32_t*)0x20005308 = 0x32; *(uint64_t*)0x20005340 = 1; *(uint64_t*)0x20005348 = 0; syz_kvm_setup_cpu(r[18], r[15], 0x20fe8000, 0x20005300, 1, 0, 0x20005340, 1); break; case 35: *(uint32_t*)0x20005384 = 0x8a2; *(uint32_t*)0x20005388 = 4; *(uint32_t*)0x2000538c = 0; *(uint32_t*)0x20005390 = 0x30f; *(uint32_t*)0x20005398 = -1; *(uint32_t*)0x2000539c = 0; *(uint32_t*)0x200053a0 = 0; *(uint32_t*)0x200053a4 = 0; res = -1; res = syz_io_uring_setup(0x2a84, 0x20005380, 0x20ffc000, 0x20feb000, 0x20005400, 0x20005440); if (res != -1) r[19] = *(uint64_t*)0x20005400; break; case 36: *(uint32_t*)0x20005480 = 1; syz_memcpy_off(r[19], 0x114, 0x20005480, 0, 4); break; case 37: memcpy((void*)0x20006580, "./file0\000", 8); res = syscall(__NR_stat, 0x20006580, 0x200065c0); if (res != -1) r[20] = *(uint32_t*)0x200065d0; break; case 38: memcpy((void*)0x200054c0, "afs\000", 4); memcpy((void*)0x20005500, "./file0\000", 8); *(uint32_t*)0x20006540 = 0x20005540; memcpy((void*)0x20005540, "\xd2\xc8\x4e\x32\xfc\xd2\x5d\x6d\x0c\x83\x4d\xb2\x19\x8a\x08\xcf\x7b\xf0\x74\xc8\x96\xdf\x4f\x91\xd7\xd7\x89\x08\x93\x10\xa8\x83\xa2\x32\xfe\x7e\x05\x8e\x17\x5a\xb0\x04\xde\xc5\x36\xa4\xe1\xd5\x8f\xdc\x29\x54\xa5\xc2\x6e\x70\x2e\xb2\xfb\x50\xfc\x05\x8d\x18\xcb\x90\xbb\xda\xdc\xc9\xfd\xa0\x26\x22\x81\xbb\x9f\xb6\x99\x6f\x60\x89\xe3\x36\xed\xea\xf5\xfb\x57\x28\x44\x7a\xf3\xd6\x5c\xc0\x3e\xb9\x4b\x3d\xc3\xeb\x1e\x24\xdc\x78\x41\x32\xc9\xd0\x36\xe4\x6f\xc3\x14\x6c\xdf\x58\xc1\x75\xe6\x5d\xcc\x7f\x39\x81\x44\x35\x7d\xd2\x5c\x15\x67\x11\x32\x17\xeb\x9b\x2a\xbd\xff\x8c\xb8\x21\x15\xea\x31\xf8\x41\xa3\x77\xb7\x75\xf7\x9f\xa8\x9a\x60\x47\x95\xf4\x87\x60\x5d\x74\x0e\xc6\x46\xd1\x4f\x9b\x80\x80\xf5\x1b\x8e\x24\xea\x8d\x62\x1e\x25\xf3\xcf\xc2\xd9\x27\x9b\x47\xfe\x3e\xa7\xe4\xd2\xb3\x07\x16\xa1\x8f\x68\x44\x3b\x23\x7e\x6b\x15\x2a\xba\xa0\x9d\xc6\xbf\x3b\x13\x01\xad\xfc\xd3\x7b\x9a\x8c\x06\x3c\x83\x0e\x37\x9a\x72\xbd\xb3\x82\x5b\x32\xf5\x3f\xfe\x10\xc7\xda\x81\xc3\x44\xd8\xe9\x8b\x62\x36\x37\x27\xdc\x41\xf0\x50\xfb\x6f\x44\x0d\x3a\x4b\x44\xe8\x49\xa7\x06\xae\xad\x91\x91\x85\x86\x5e\x74\xf9\x4d\x13\xe7\x38\x44\x80\x75\x4a\x1d\x69\x50\x22\xfd\xc2\x16\xe4\x13\xb1\x36\x2a\xdd\x89\x47\xe0\x9f\x4b\x87\xc0\xfa\x05\xd9\x68\x65\xe5\x4d\xf5\x74\x65\x10\x2f\x90\x49\xa0\xb3\x8f\x48\x0f\xd6\x23\xee\x12\x1c\xd6\x35\xc7\x20\xf5\xce\x66\x07\x20\x9d\x0a\x3b\x39\x42\x65\x4e\x73\x81\xc9\x41\xe5\x6e\x7a\x74\xf4\xe0\x36\xe3\xed\xce\x82\xb5\x59\x3a\xed\xab\xf8\x6d\xca\x3e\x49\x25\x33\x36\xc8\x06\xbf\xec\xec\x26\x94\x29\x4d\x19\xc9\x59\xc3\x86\xef\xb8\x38\xab\xdf\x2b\x43\x78\x6c\x09\xbe\xec\xfa\xbf\x72\x3e\x0b\x24\x3a\x8e\xa4\x72\xf6\x3d\xf6\x2e\xd1\x73\x87\x59\x03\x29\x19\xac\x09\xa1\xc1\xcf\x7d\x8f\xe3\x37\x65\x0c\x37\xbb\xec\x02\xb5\x8a\x30\x98\xd1\x47\x8a\x5d\x3a\xbb\x8e\xda\x06\x90\xc8\xa5\x34\x7e\x86\x0b\x57\xd0\x27\x7e\x64\x24\x81\x3e\x06\xf7\x08\x3f\xe3\x25\x3c\x08\x60\x53\x7c\x76\x68\x8c\x88\x77\x79\x51\x38\xe0\xf9\xb2\xe5\x57\xa6\xec\xc9\x98\x60\x24\xc4\xbb\x77\x21\xec\xca\x04\xbc\x92\x2b\x87\xb3\x0c\x1e\x54\x6b\x09\x40\x80\xfb\x15\x94\x64\x2a\x4e\x08\x8c\x3b\x65\xad\xb3\x65\x5f\xcc\x92\x52\xf7\x53\x21\x21\x01\xf4\x17\x30\xad\x16\x42\x78\x7e\x7f\xbe\x39\xe5\xfb\x4f\x91\xcf\x2c\x0d\x84\xd0\xec\x80\x11\x2a\x97\x41\xc0\xfc\x9c\x4b\xfe\x1c\x41\x3e\x0a\x23\x71\x4d\xe7\xeb\x4b\xa7\xe9\x8c\x1c\x25\xed\x3b\xd4\x1b\xa2\xf3\x2f\xa0\xb6\x7f\xd6\x42\xa0\x0e\x13\x4d\x02\x72\x2f\x26\x80\x56\xce\x1c\x62\xf6\x82\xf0\x90\x9b\xbd\x6f\xd3\x89\x6c\x3e\x37\xac\xe1\x8d\x4d\x8e\x97\x88\x05\x7d\xc4\x5b\x27\x57\xb6\x64\x62\x05\xea\x11\xc4\x35\x01\x00\xda\xe7\xcc\xc8\x65\x35\x47\x0b\x4d\x03\x47\xd6\x99\x08\x12\x50\x6e\x3a\x98\x16\xcb\xe2\x8c\x50\xa2\x9a\xb3\xa7\x1e\x05\x0e\xe8\xff\x4c\x8a\x0a\x9c\xdf\x14\x6b\x6e\x6f\x97\x64\x18\xb0\x8d\x12\x3e\xf3\x72\x8a\xa2\x8f\x40\x8f\xab\xc5\x78\xe6\x0c\x7b\xdf\xff\x0d\x18\xad\x41\x6e\xd6\x6d\x5b\xbc\x66\xae\x3a\xb2\xfd\xc0\xa4\xd7\xc7\xac\x14\xf7\x92\xf2\xeb\xaf\x91\x9c\x65\xc1\xf1\x01\x77\x88\x3c\x3d\xbd\xb5\x81\x52\x6f\x72\x86\x93\x62\x03\xb6\x46\x77\x06\x0a\x5a\xf5\xe3\xe3\xdd\x98\x49\x64\x80\x0d\x58\xc4\x6c\x55\xd8\x68\x81\xbe\x8c\x1d\xef\x9f\x95\x79\x53\xf0\xa4\x07\x8a\xc1\x76\x16\xa3\xb9\x4e\xb7\xb0\x26\xb1\x2e\x34\x6f\x8d\x8c\xfb\x13\x91\x91\x9e\x38\xf4\xd5\x09\x0a\xb9\xbf\x15\x5b\x7d\x9c\xfd\xeb\xd3\x63\xa0\x9c\xed\x58\x8f\x68\x21\x86\x7e\xe8\x53\x8d\xc4\x23\x47\xfd\x7f\xaa\x82\x99\x8f\xff\xf2\x8d\x7f\xa3\x43\x26\xea\x5c\x6e\xc3\x0e\xdf\x69\xc6\x24\x60\x7d\xd8\x2a\x56\x7d\xf7\x6f\x27\x3d\x10\x52\x20\x88\x4d\xb7\x18\x70\x28\x5d\x7d\xc9\xf4\x88\x07\x77\xee\x0f\xb6\xbc\xe6\x71\xa5\x83\xb8\x21\x2b\xab\xb7\xdf\xba\x86\xc7\x93\xa8\x6f\xd8\x8e\xe0\x42\xeb\x4d\xca\xb1\x0f\xbd\xc2\xfb\xdf\xc0\x35\x2d\x4b\x82\x3c\x80\xb3\x14\x76\x66\xe3\xa8\xc6\xe0\xb7\x4a\x6e\x39\xba\xf5\xa9\x26\xd8\x61\xd3\x9c\xed\x6c\x15\x09\x9d\x57\xc6\x44\xde\x45\x63\xde\xef\x39\xd8\x49\x86\x2a\x02\x07\x1f\x29\x56\x78\x71\x12\xf6\xe8\xe6\xb3\x24\xdf\x79\x45\x1e\x48\x33\x4c\xe3\x09\x74\x95\x59\x48\xe2\xfa\xd7\x87\xcc\xc6\x1a\x67\x5d\xb6\x65\x4d\xa2\x72\x1d\x2e\x27\xfd\xa6\x23\xae\xec\xc0\xe9\xc6\x47\x62\xf7\x44\x26\xc5\x66\xaf\x7c\xc2\x34\x77\x3e\x9f\x7b\x30\x24\x06\xff\x85\xa4\xad\x15\xd9\x48\xb7\x73\x64\xfb\x27\x42\xdb\x1d\x0c\xee\x24\xef\x37\x29\xf3\xb4\x0e\x7f\x7f\x0e\x1a\x89\x1c\x4a\x21\x3f\x59\x0e\x80\x4d\x30\x93\x58\xf1\xcb\x93\xf2\x1c\xd1\x74\xc3\x74\xfc\x35\x5d\x87\x30\x28\xa2\xe4\xf5\x16\x4f\x24\xb3\x5c\x52\x81\x44\xfe\x7c\x32\xb9\xe6\xa2\xac\x0f\x04\xe6\x0f\x11\x01\x3c\x3c\xae\x20\x42\x0b\x11\xe2\xeb\xad\x83\xa7\xe5\x71\x02\x27\x38\x2d\x72\x52\x5f\xc5\x2a\x8c\x8f\xb6\x49\x8a\xc2\x1e\x91\x31\x74\x22\x7c\x65\xe8\xc5\x87\x6a\xd6\xfc\x49\xb2\xc1\xed\x73\x3e\xa1\x86\xe9\xf4\xf5\x76\x6f\x39\x32\x56\x42\xf8\xa0\xb7\x22\x12\x92\xc5\xb0\x17\x99\x04\xb3\x39\x34\xb6\xfc\xb7\xa6\x4f\x17\x05\xad\x70\x02\x66\x24\x2f\xaf\x54\xcb\xf6\x3d\x25\x49\xd4\xf3\x05\x4c\xe1\x68\xe1\x75\x00\xf5\xf5\xc3\xca\x1e\xde\xfd\xb0\xc6\x0c\x2b\x4f\xb0\x1d\x7d\x0f\xc0\x7d\x86\x67\xe1\x0f\x2f\x80\xcc\x7b\x50\xae\x2e\xd5\x74\xfc\xd3\xf7\x77\x5a\xe1\x7a\x20\x05\x14\xfb\xb2\x19\x51\x80\xe3\x5d\x90\xb8\x94\xdf\x9a\x1c\x35\x54\x00\x73\x82\x47\xda\xf3\x15\xb7\xe1\xcf\x1c\xac\x31\x97\xec\x0d\x74\xd1\xe4\x41\x0c\xaf\x94\x35\xfd\x14\x95\x72\xc1\x8a\x7d\x92\xee\xbb\xc7\x96\x3f\x14\x50\x73\x8e\xc0\x54\x32\x52\x64\x09\x40\xef\x1c\x8c\xe2\x5c\x80\xab\x9e\xd7\x2e\x67\x0b\x40\x23\xe5\xe1\x36\x31\x42\xb4\x31\x44\xbe\x12\xe9\x95\x55\x4a\xf2\x43\x1b\x2e\x5a\x8e\x2a\x45\xc7\x6c\xa7\xe3\x1a\x92\x2c\x59\x2a\x6d\x1c\x5a\x7e\xa9\x40\x36\x5f\xdc\x48\xe1\xb2\xc7\x3f\x66\x18\x65\xdc\x4e\x90\xd0\x8d\x5a\x2c\x4d\xb6\xbc\x5e\x01\x86\xf2\x37\x45\x1d\xfc\x14\xbc\x76\xf0\xdd\x98\x04\x8e\xf9\x9a\x1a\x1c\xb1\x5c\x1b\x53\xbc\xc9\x25\x49\x2b\x87\x1f\xa7\xdb\xe2\xe8\x72\xf9\x35\x85\x24\x8d\x0f\x2b\xf9\x15\x52\x15\x7b\xf5\x57\x8c\xbf\x1b\x65\x3f\x9d\x36\xcc\x95\x2b\x54\xb0\x09\x26\x83\x57\x7c\x5b\xa1\x59\x26\x6a\x5d\xf6\x6e\x74\x94\x62\xe4\xfc\x5a\x06\xd1\xc2\x65\x64\x63\x59\x26\x13\x8d\x9a\x99\x80\x51\x9e\x5d\x73\xbf\xb8\x52\x26\x55\xeb\xc0\x7c\xc8\x11\xc0\x56\xa0\x35\x31\xeb\x29\x3d\x47\x9c\x95\xf7\x13\x75\xea\x29\x3c\x0f\x18\x60\x49\x9e\xa9\x87\x18\xa3\x75\x00\xc5\x4a\x29\xfd\x9b\x8d\x01\x97\x71\x06\x1f\x77\x87\x60\xfd\xec\x9e\x6f\xac\x3d\x3c\x83\x1a\xee\x19\xb5\x6c\x0a\x19\x47\xa0\x89\x65\x3a\x15\xc2\x87\x70\x8e\x84\x6e\xd6\x5e\x1c\x9d\xc4\x92\x9c\xbb\x44\x33\x38\xa9\x36\xfd\x37\x26\xb3\xa0\xce\x78\x71\xac\x3c\x8c\xd3\x26\x00\x77\xb5\xc9\x8d\x98\xaf\xb5\x33\xd2\x5a\x8b\x42\x98\x9b\x7e\xe5\x27\x4f\x72\xe6\x10\x90\xb9\x04\x36\xb3\x2d\xe2\x76\xbc\x86\x6e\x6b\x8c\xd2\x57\x60\xdd\xc6\xa4\x97\xc9\xe8\x4d\x7e\x85\xa8\xc5\xdb\x0d\xf2\x22\x29\x6a\x3a\xa3\x62\x40\xa7\xb7\x6b\x9d\xbf\xb2\x49\x64\x77\xa9\x71\x6d\x80\x05\x00\x52\xce\x3a\x47\x36\xfb\xcf\xff\x5e\xe6\x34\x22\x52\x8b\xe6\xb0\xa4\x78\xec\xc7\x80\x3e\x22\x7f\x88\x0e\x4f\xd0\x7d\xc6\xde\x88\x48\x5a\x39\x81\xe0\x91\x70\xf8\x91\x84\xcf\x62\x97\x04\x9c\xc3\x01\x75\x51\x9f\x73\x09\x43\x4b\x96\xbc\x1b\x09\x6e\x05\xff\x02\x87\xca\x29\x92\x96\x24\xe1\xc6\xf4\x27\x0e\x89\xe9\xbc\x1b\x4c\x27\x82\xf5\x8b\x9a\x36\x0a\x00\x81\x45\xd8\x08\x33\x70\x08\x6a\x13\x14\xc9\x2a\x61\x03\xb2\x06\xb6\xcd\x0f\x6e\x63\x41\x6b\x35\xe7\x53\xb7\x09\xa6\x3a\x9a\x41\xd6\x13\xcb\x99\x7e\x55\xa6\x3f\xbf\xf2\x8c\x05\x73\xba\x2b\x64\xbf\xbc\xb0\xec\x3d\xfc\x5c\x9d\xd1\x34\xf0\xf2\xeb\x51\x15\x1e\xb2\x83\x10\xe3\xdd\x7f\x8a\xe8\x16\xf8\x66\x95\x90\x8a\xc6\xdf\x04\x80\x4e\x01\xf5\x3e\x40\x2b\xcc\x44\x5e\x17\x0c\xf2\x61\x0e\x1e\x32\xd0\x2f\x9e\x0d\x81\x49\x98\x76\xc1\x38\x3e\xec\x77\x81\x5b\x13\x59\x46\x2d\x8f\x4f\x50\x08\xaf\x8b\xb6\x1a\xe3\x58\xd8\x3c\x07\x54\xb5\x2d\x3c\xeb\x9b\x22\xc0\xa1\xb3\x5a\xfd\x92\x1e\x00\xc1\xd0\x6c\xf5\x4f\x88\x2e\x14\x5b\xd6\x08\x45\x1c\xe8\xda\x2c\x80\x81\xe2\x7e\x9c\x8d\x08\x6b\x80\x97\xd4\xf7\x7f\x1c\x33\xf5\x02\x4e\xd7\xd8\x78\xc1\x29\xe5\x34\x05\x6b\x89\xea\x2d\x14\xbd\x70\xd0\xca\x78\x9c\x7e\x29\xcc\xd3\xd2\x7a\xf1\xc6\x05\x8e\x26\x6c\x29\xe2\xfc\xd6\xf0\x4b\xa5\xa3\xd9\xe2\xc1\x16\xf0\x4c\x40\x73\x37\x96\xa1\xfe\x1c\x01\xa0\x4f\x06\x22\x2c\xce\x35\x90\x01\x53\x1b\x1c\x8f\x61\x3d\x45\x20\x83\xde\xe5\x08\x86\x01\x7a\xca\x82\x21\xa9\xa3\x06\x6e\x77\x68\x7b\x3f\xbe\xb0\xe4\x61\x92\x1f\x29\x21\xba\xf1\xa6\x69\x3e\xf0\x37\xa1\xd8\x56\x5a\x18\x04\x1b\x31\xc2\x66\xfb\x22\x5d\xd1\x74\x84\x8a\x84\x9f\xd1\x8e\x4b\x4b\xfd\x97\x23\x15\xd9\xf6\xff\x65\x29\x4f\x83\x74\xe7\x4f\x8d\x48\xbc\x17\xb6\xbe\xff\x62\xc1\x01\x2b\x5b\x04\x7f\x85\xea\x95\x6f\x50\xe1\x84\xa2\x95\xd1\xb1\x3e\x02\xb8\xe3\x5e\xa2\x4a\x1c\x80\x3a\xb1\x3a\x2a\x32\x85\xdd\xc0\xc3\x58\xd3\x01\x36\x2f\x70\x26\x7e\x7c\x6f\xd8\x25\x25\x24\xbe\x99\x3c\x0b\x61\x3c\x88\x05\x82\xf2\x85\x5f\x66\xa5\x17\xaf\x4d\xf5\x4e\xfa\x63\x58\x1f\xdb\xf3\x2b\x21\x0a\x21\x37\x55\x32\x3c\xab\x26\xdb\xc9\x1d\x85\x03\xac\x84\x2f\xa7\xca\x11\xec\x4d\xc0\xb0\x17\x1a\x3b\x7d\xc5\x1e\xd7\x63\xa7\x34\x82\x4d\x15\xfe\xb4\xa8\x0d\x6b\xfa\xf8\xf7\xd2\xfc\x82\x9b\xfe\x8d\x0b\x4b\x1b\xb4\x28\xcd\xa0\xe9\x6e\x11\x7c\x87\xa3\x81\x60\x83\x7c\xd2\x31\x56\xaf\x49\x8e\x00\x60\x31\x91\x61\x7e\xcc\x06\xa9\xa1\x6e\xb9\x33\xf2\x21\x5e\x8a\x86\xf2\xfe\x3f\x62\x9c\xa1\xd1\x45\x61\x5d\xa9\x57\xbb\xa3\xe1\xdf\x17\x9a\x07\xab\xc4\x88\x9d\x95\x61\x8f\x14\x5a\xca\x14\xe0\xd8\x85\x5f\x60\xff\xa5\x73\x34\x89\xb7\x12\xf0\x54\x42\xc0\xfd\xd2\x63\xea\xa0\x6e\xfa\x9e\x81\xcf\x2e\xb2\x98\x29\xb8\x82\x69\xc6\x53\xaa\x89\xeb\x93\x5a\x6b\x98\xe6\x5e\x46\xc6\x23\xfe\x8d\xe2\x1c\x25\x07\x66\x06\x05\x29\x15\xdc\x7d\xc9\x8e\xbc\xe6\xa7\x55\xae\x43\xb5\x57\x46\x00\x73\xd9\x4c\x8a\x44\xf6\xb6\xf6\x3a\x8a\x86\x6c\xdb\x47\x59\x15\xf4\xab\x00\xe5\xc5\x07\x2c\x1a\xe6\x10\xa8\x00\xea\x8f\xa8\x14\x7c\x96\x68\x6c\x30\x77\xcd\xfe\x0d\x9c\x77\x05\x84\xf2\x17\xfa\xc4\x7e\x64\xe5\x17\x4b\x9e\xb0\xc6\x8c\xa1\x47\xc2\x33\xde\xc2\x5c\xc2\x42\xe8\xe4\x3e\xe7\x39\x4c\x78\x76\xd2\x5e\x04\x0f\xfe\x89\xac\x1f\x6b\x2a\xa2\x40\xb6\x66\x8f\xfc\x89\x83\xfb\x86\x24\xe6\x0b\x3c\xb9\x91\x1f\xc8\x24\x0d\x9d\x8c\xe3\x50\xa8\x92\x45\x42\x04\x96\xae\x75\x76\xe1\x4b\x57\x72\x7a\x52\xe5\x55\xc9\xc8\x8d\xdd\x5c\x53\xca\x3f\xde\xe8\x83\x41\x46\x4e\x83\xdc\x59\xae\x9d\x6e\x17\xf5\xf2\xf7\x63\xa3\x8c\x93\x7e\x32\x53\x32\xea\xc2\x56\x31\xcf\x83\x15\x0a\xfa\x67\x7a\x72\x61\x1e\x7f\xc1\x45\x1b\x3e\x5f\x4d\xcd\xdd\x40\x2c\xb3\x22\xfd\x12\x0d\x9d\x56\x83\x9c\x01\x5e\xbe\x47\xc4\x19\xc5\x53\xff\x0d\xed\x43\xd0\x30\xca\x1d\x10\xb3\xb3\x83\xe6\xc3\xcf\x34\x86\x02\x61\x8a\x56\xca\x51\xf7\x75\x72\x1b\xd3\x55\x71\x0b\x7a\x99\x5a\x13\x93\x1d\xc0\x82\x35\x58\x87\x99\x86\xae\x4c\xe8\x50\xcc\xc3\x73\x1e\x78\x22\x83\x96\x66\x66\x5a\xfc\x00\xa8\x73\xc5\x6c\xa9\xcf\x79\xc6\xd6\x00\xe9\x07\xe1\x50\xb4\x06\x83\xb5\x67\xda\x9c\x1c\xa5\x96\xfc\x02\x4a\xbb\x5e\xea\xf0\x1c\x67\xe0\x83\x75\xff\x15\xc4\x32\xad\xf6\xa4\x37\xd9\x67\xdd\xf1\xbb\xfc\x6c\xcf\x9c\xe7\xc2\x02\x1b\x15\x2c\xd4\xba\x7e\xca\x0e\x67\xcf\x12\x97\x15\x1a\xea\x04\xd9\xea\x9d\xc2\xbf\x84\x44\x13\x3f\x43\x66\xbf\x36\x0e\xe5\x22\x40\x88\xb1\x94\x5b\x5e\x5d\x6d\xe3\x86\x9f\x59\xb1\xac\x7c\xc3\x35\x35\xb1\x57\x6b\xe8\xfd\x7d\xe9\xf2\xca\x5a\x3c\x0e\xb2\x61\xcc\x18\x6b\x6b\x68\x28\x55\x47\xb2\x82\x42\x88\xdf\x77\xfd\x45\x6a\xb5\x2f\x6e\xa4\x8d\xa9\x48\x19\x3a\x42\x40\xa3\x1d\x3a\x7a\xa4\xe6\x7b\xe5\xf2\xa1\x53\xa0\x18\xd3\x2c\xc0\x11\x96\x2b\xb6\x82\xda\xb5\xd3\x43\x7e\x90\x34\x2c\x24\x36\xe5\x40\x91\x38\x82\x26\xf5\xc7\x68\x53\x5e\x02\x75\xeb\xac\x26\xab\x19\xd0\x0e\x90\x38\x55\x10\xa8\x4c\x7a\x72\x6f\x91\xba\xae\xc1\x11\x8a\x74\xe6\x51\x91\x4d\x99\xe3\xe5\x09\x32\x2f\x51\xd0\x95\xb8\x94\xc2\x09\x23\xd0\xfa\x98\xe4\x2c\x4e\xc6\x77\xd0\x95\x00\x8b\x59\x53\xf6\xba\x61\x53\x7a\xba\xe5\x43\xde\x69\xef\xca\x30\xe4\x5d\x7b\xc9\x3c\xaa\x20\x2c\xc8\xf6\x6e\x57\xca\xbd\x54\x9e\xf1\x09\x2f\x79\x6b\x4a\x35\x73\xbe\xf4\x41\x09\x48\x44\xb2\x3a\x3d\x86\xbd\x14\x90\x9b\x84\x1a\xea\x10\x82\x19\xd5\xea\x4a\x49\xc8\xa9\x9e\xaf\xc5\x07\x61\x3c\x1e\x37\xae\xa3\x15\xba\x89\x4f\xec\xc1\xef\x28\x09\x21\x3e\x42\xb1\x37\x48\x58\xcb\x4d\x77\x68\x46\x58\xcf\x41\x4a\xda\x5e\x76\x0f\x4a\xc8\x3b\xc9\x35\x7e\xf1\x45\xa3\xe9\x2d\x7c\x55\x7c\x5d\x94\x40\x24\x65\x9a\xfd\x6c\xaf\x01\xb2\x96\x0c\x6c\x4a\xb1\x47\xc0\xd8\x19\x75\x4b\xe8\x00\x66\xd1\x41\x92\xa4\x79\xc7\xdc\xea\xd0\x4d\x3f\xa1\xe6\x62\x48\xcf\x29\x27\x39\x31\x24\x2d\x12\xf2\xb0\x8c\x71\xe8\x2f\x52\x86\xba\xb6\x76\x7c\x3e\x89\xa3\x6f\x27\x04\x5e\xcc\xf6\xe1\xcf\x3a\xbb\xbd\x9b\x1a\x26\x3d\xa7\xc0\xc0\x10\xfc\x10\xaf\xfc\x50\x32\xd4\x71\x23\xe1\xe1\x14\x6b\x38\xcb\xff\x01\xd4\x78\x56\x36\x04\x99\x26\x6c\xb5\x64\x59\x01\xe2\xed\x04\x9f\x45\xb2\x4e\x79\x3e\xf0\x08\x5f\x0e\x50\x40\xff\x2e\xbc\xb1\xd8\xd7\x01\x96\xd3\xde\x63\x14\xea\xe7\xf4\xf3\xe5\x26\x2c\x67\x67\x41\x59\xc1\xde\x4a\x08\x61\xaa\xd8\x14\x3b\xd5\x9f\xb3\xc8\x87\xc3\x84\x0b\x1c\x12\xc7\x42\xf1\xfa\xd2\x4c\xd9\xac\x7f\xea\x0f\xba\x87\x1c\x1e\xbc\x62\x8b\x34\xd9\x60\x43\x88\x5a\xe8\x26\x42\xda\x04\xd8\x7d\xca\xb5\x9b\xc8\xdd\x87\x65\x87\x11\xf6\x35\xbd\x66\xf4\x25\x4f\x83\xa4\x5d\x5b\xc7\x5e\x31\xfb\x60\xe9\xd6\xa5\xe6\xfb\x8b\x66\x86\x4c\xc3\x0b\x39\x11\xab\x9f\x87\xa5\x9c\xad\x38\xf0\xcc\x91\xb9\x20\x37\xbf\x1e\xa6\x42\x34\xe1\x3f\xc7\xc4\x50\x4c\xf0\x30\x0f\x1a\x0d\xeb\x39\xe6\x30\xc7\x10\xda\x48\x85\x5d\x8c\x45\x1d\x72\x6c\xc4\xc6\xe4\x43\x02\x11\x81\x8a\xaf\x9d\xca\xd5\x71\xb8\xb8\x9c\x4e\x94\x44\xae\xba\xa6\x9b\x97\x68\x9a\x5c\xa6\x70\xf8\xfa\x5e\xea\x13\x2c\x12\x1c\xc1\xef\xd2\x76\xf5\xa0\xb0\x2b\x96\x12\xbd\xc9\x9c\x99\xbc\xc6\x3b\x37\xcb\x86\x62\xcc\xaf\x7c\x80\x28\xeb\x67\x3a\x5f\x4f\x5b\xee\xff\x2c\xa9\x0d\x7a\xfa\xa1\xc6\xab\x6e\xe2\x23\x85\xae\xf9\x80\xd6\xa0\xf4\x54\x49\x86\xfb\x99\xbf\xe4\x10\x23\xb2\x20\x19\x89\x6f\x87\x7a\xae\xe7\x5e\xec\x90\xba\xe1\x0d\x43\xda\xb3\x36\xbb\xe5\x21\x5d\x05\x78\xf0\xd5\xc2\x94\xf0\xfa\x3f\xa1\x6a\xcf\xa9\xb8\x69\xaa\xf7\x9b\x6e\x7e\xf8\xc3\x8b\x9a\x9a\x2c\xfe\x0a\x02\x3e\xf3\x11\xca\xfd\xae\x30\x31\xc8\x2c\x97\x51\x81\x33\x27\x5d\x81\xf8\xfa\x5d\x7e\x4c\x42\xcb\xdf\xcd\xec\xff\x1b\x2b\xf2\x91\x22\x3d\xcd\x30\x75\x0a\x56\xa8\x12\x82\x4a\x5d\xd1\x00\x58\x5f\x1f\xf5\x22\x84\x84\xde\xc4\xbb\x50\x0e\xfd\xb0\x51\x82\xc0\x85\x75\x1a\xce\x19\x84\x4f\xeb\x55\x96\x6b\xaa\x3e\xd4\x76\xbc\xcc\xcb\x50\x9b\x0a\x05\x03\xad\x20\x2f\xab\x29\x67\x38\x8a\xf0\x78\xa7\xa0\x34\x08\xcd\x99\x90\xa3\x6a\x4d\xa1\xca\xff\xc9\x81\xb4\xe1\xfa\xeb\xca\x9f\x33\x76\x8f\x67\x3a\x16\x63\x76\xaa\x4a\x64\x4e\x9f\xc2\x5e\x41\xe0\x8f\xfa\x08\xa5\x5e\x3d\xbc\x4d\xcf\xf9\xe8\x4c\xcf\xb0\xf2\x27\xf3\xe7\x61\x40\xb6\xb9\x55\x77\xec\x7a\x37\xfe\x1c\x3f\x30\x6a\xe6\xa9\x87\x57\x60\xb3\xca\x15\x11\x42\x99\xcc\x0b\xaa\xc7\x66\xad\xe9\x30\x2a\x9d\xfe\x47\xcc\x99\x0d\x36\xbf\x04\xc2\x83\xc6\xe3\xa2\x2d\x7c\xaf\x75\xc8\xff\x75\xd6\x6a\xa7\xed\x34\xf5\x2f\xe8\x44\x69\xe8\x0b\x49\x54\xd7\x4d\x2c\x7c\x20\x14\xec\x97\x17\xb0\x73\x4b\x70\x58\x89\x81\x63\x56\xa6\xe2\xea\x80\x29\xfb\x59\xc0\x0f\x7e\x51\x8b\x14\x65\xde\x12\x8f\x6a\xc9\x66\xbb\xa6\x98\xbe\xb0\xcc\x35\xae\x7b\x7c\x41\x6a\x42\xce\x3e\xf5\xe6\x43\x54\xe5\x34\xca\xee\x98\x4d\xb5\xdb\x34\x0a\x4b\x86\x97\x3f\x0f\xcd\xc6\x80\xbb\xe8\x2d\xfa\x4f\x5b\x2b\x20\x4d\xd3\x15\xa5\x31\x0b\xdd\x34\x0c\x26\x6d\x32\x52\xc5\xe5\x7e\x8b\x87\x5c\x63\xdd\x45\xbc\x0f\xc3\xb2\xb9\xd6\xc5\x8d\x58\x60\x39\x3e\xa1\x91\x9d\x8f\x6c\xfd\x1d\xd9\x5d\xa5\x11\x21\x4f\x68\x4c\xb6\x5f\x55\x92\x22\x21\x69\x82\xba\xe0\x03\xc8\x7b\x12\x4a\x61\xce\xe2\x0e\x0d\xa6\x17\x5b\x59\x06\x15\x7f\x52\x65\x51\x92\xaa\x17\xb8\x52\xbf\xc4\x82\xf9\x34\xc4\x96\xdd\xc2\xa7\xa5\xab\x4d\x24\x45\xa8\x59\xcd\x46\x15\x47\xcb\xb0\x98\x4f\x68\xec\x57\x9e\x84\xfa\x07\xa1\xbf\xb8\xad\x07\x99\xff\xd5\x5f\x98\xab\xce\xba\xff\xc2\x6d\x8b\x20\x9a\xf5\xc4\x94\x42\x99\x99\xfa\xdc\x21\x1d\xe1\x52\x69\x36\x0c\x84\x20\x55\xf5\xf0\x81\x42\x49\xdd\x1b\x97\xe6\x5c\xcf\x97\xf4\x7e\x9b\x3e\x7c\x11\xf3\x23\x82\xa5\x11\x6d\xd2\x41\x49\xdb\x66\x28\xe2\xa2\x54\xfc\x38\x5c\x70\x98\x3d\xfe\xf3\x15\xb4\x9d\xc2\xad\xc3\x30\x14\x0c\xf1\x45\x48\x9e\x8e\x71\x68\x4c\x4c\xd9\x78\xda\xe8\xfa\xe6\x8c\xeb\x64\xc1\xcc\x11\xbb\x13\xd7\xe1\xb5\x48\x5f\x6a\x1e\xaf\x58\x34\x2a\x76\xc1\x41\xe2\xc3\x93\x3e\x6c\x3e\xed\xa4\x18\xdb\x11\x4b\x6d\xcf\x65\xa4\x91\xc6\x35\x7f\x9d\xfc\x5d\x80\x62\xc8\x2b\x07\xad\x86\x17\x10\x42\xab\xd8\x8d\x96\x07\xcd\x71\x24\x06\x66\x0e\x9c\x21\x6e\x9e\xe8\x36\x7e\xf8\xd2\x5c\x3d\x80\x9a\x5d\x4d\xe5\xd4\xcf\x90\x96\x53\x4b\x08\x9e\x3f\xcd\xc1\x34\x29\xb5\x2a\xde\xd9\x38\x7f\xd1\x61\x46\x14\xde\xa2\xd4\xed\x01\x37\x6e\xba\xfc\x2e\xbb\x0c\x34\x87\x2f\xfe\x57\x18\x63\x4e\x2a\xdd\xa4\x64\xe7\x7f\xaa\xc4\x70\x88\xcd\x9c\x3c\x30\x83\x7f\xd3\x08\x32\x75\xe8\x5f\x82\x2d\x1b\xc5\x1b\x3e\xc9\xf8\x44\x23\xdd\x81\xf2\x0a\x84\x0e\x0c\x35\xb8\xa7\x39\x8f\xff\x0b\x4e\xdf\xe8\x58\x31\x01", 4096); *(uint32_t*)0x20006544 = 0x1000; *(uint32_t*)0x20006548 = 4; memcpy((void*)0x20006640, "autocell", 8); *(uint8_t*)0x20006648 = 0x2c; memcpy((void*)0x20006649, "flock=write", 11); *(uint8_t*)0x20006654 = 0x2c; memcpy((void*)0x20006655, "flock=write", 11); *(uint8_t*)0x20006660 = 0x2c; memcpy((void*)0x20006661, "dyn", 3); *(uint8_t*)0x20006664 = 0x2c; memcpy((void*)0x20006665, "appraise", 8); *(uint8_t*)0x2000666d = 0x2c; memcpy((void*)0x2000666e, "euid<", 5); sprintf((char*)0x20006673, "%020llu", (long long)r[20]); *(uint8_t*)0x20006687 = 0x2c; memcpy((void*)0x20006688, "fsuuid", 6); *(uint8_t*)0x2000668e = 0x3d; *(uint8_t*)0x2000668f = 0x36; *(uint8_t*)0x20006690 = 0x63; *(uint8_t*)0x20006691 = 0x33; *(uint8_t*)0x20006692 = 0x63; *(uint8_t*)0x20006693 = 0x66; *(uint8_t*)0x20006694 = 0x39; *(uint8_t*)0x20006695 = 0x38; *(uint8_t*)0x20006696 = 0x62; *(uint8_t*)0x20006697 = 0x2d; *(uint8_t*)0x20006698 = 0x63; *(uint8_t*)0x20006699 = 0x38; *(uint8_t*)0x2000669a = 0x62; *(uint8_t*)0x2000669b = 0x33; *(uint8_t*)0x2000669c = 0x2d; *(uint8_t*)0x2000669d = 0x61; *(uint8_t*)0x2000669e = 0x33; *(uint8_t*)0x2000669f = 0; *(uint8_t*)0x200066a0 = 0x30; *(uint8_t*)0x200066a1 = 0x2d; *(uint8_t*)0x200066a2 = 0x61; *(uint8_t*)0x200066a3 = 0x34; *(uint8_t*)0x200066a4 = 0x63; *(uint8_t*)0x200066a5 = 0x37; *(uint8_t*)0x200066a6 = 0x2d; *(uint8_t*)0x200066a7 = 0x37; *(uint8_t*)0x200066a8 = 0x36; *(uint8_t*)0x200066a9 = 0x31; *(uint8_t*)0x200066aa = 0x63; *(uint8_t*)0x200066ab = 0x39; *(uint8_t*)0x200066ac = 0x64; *(uint8_t*)0x200066ad = 0x61; *(uint8_t*)0x200066ae = 0x34; *(uint8_t*)0x200066af = 0x2c; *(uint8_t*)0x200066b0 = 0; syz_mount_image(0x200054c0, 0x20005500, 0x80000001, 1, 0x20006540, 0x40000, 0x20006640); break; case 39: memcpy((void*)0x200066c0, "/dev/i2c-#\000", 11); syz_open_dev(0x200066c0, 0xb6f4, 0x400202); break; case 40: memcpy((void*)0x20006700, "mounts\000", 7); syz_open_procfs(r[6], 0x20006700); break; case 41: syz_open_pts(-1, 0x13022679); break; case 42: *(uint32_t*)0x200067c0 = 0x20006740; memcpy((void*)0x20006740, "\xdb\x5a\x07\x9d\xd4\x30\x62\xf6\x98\x5b\x51\x4a\xd6\xb7\xac\x65\x29\x50\xf7\xe5\x31\x7a\x81\xed\x92\x43\x86\xc1\x08\x3a\x75\xb7\xe2\x67\x59\x67\xac\xdc\x58\x64\x42\x41\xb6\xde\x98\x1b\xa6\x5e\x75\x81\x6e\x07\x8f\x21\x21\x2c\xb8\x62\xa3\x39\x34\xc9\xb4\x72\x9a\x72\x21\x51\xfd\x15\x36\x1d\x77\x1e\x0c\x59\xe4\xb2\xa7\xb4\xae\x5a\xd6\xd4\x5a\x6b\xb5\x1f\xa6\xd0", 90); *(uint32_t*)0x200067c4 = 0x5a; *(uint32_t*)0x200067c8 = 0x10001; syz_read_part_table(1, 1, 0x200067c0); break; case 43: *(uint8_t*)0x20006800 = 0x12; *(uint8_t*)0x20006801 = 1; *(uint16_t*)0x20006802 = 0x201; *(uint8_t*)0x20006804 = 0x73; *(uint8_t*)0x20006805 = 0x54; *(uint8_t*)0x20006806 = 0x2d; *(uint8_t*)0x20006807 = 0x40; *(uint16_t*)0x20006808 = 0x572; *(uint16_t*)0x2000680a = 0x1324; *(uint16_t*)0x2000680c = 0x84d3; *(uint8_t*)0x2000680e = 1; *(uint8_t*)0x2000680f = 2; *(uint8_t*)0x20006810 = 3; *(uint8_t*)0x20006811 = 1; *(uint8_t*)0x20006812 = 9; *(uint8_t*)0x20006813 = 2; *(uint16_t*)0x20006814 = 0xdff; *(uint8_t*)0x20006816 = 4; *(uint8_t*)0x20006817 = 0; *(uint8_t*)0x20006818 = 4; *(uint8_t*)0x20006819 = 0x20; *(uint8_t*)0x2000681a = 5; *(uint8_t*)0x2000681b = 9; *(uint8_t*)0x2000681c = 4; *(uint8_t*)0x2000681d = 0x21; *(uint8_t*)0x2000681e = 6; *(uint8_t*)0x2000681f = 0xf; *(uint8_t*)0x20006820 = 0x13; *(uint8_t*)0x20006821 = 0xd5; *(uint8_t*)0x20006822 = 0xef; *(uint8_t*)0x20006823 = -1; *(uint8_t*)0x20006824 = 0x7f; *(uint8_t*)0x20006825 = 3; memcpy((void*)0x20006826, "\xff\x04\x19\x26\x1d\x95\x19\x66\xe9\x2d\x90\x6d\x4e\x26\x34\x29\x08\xf7\xc1\x48\xa2\xd9\xb1\xb9\xfe\x29\x1a\xd2\xef\x96\x37\x25\xab\x89\x5c\x81\xd7\xbb\xf8\xf9\xd4\xda\x5a\x4f\x8e\x43\x11\xa0\xbd\xfd\xab\x97\xf5\x08\x93\x9e\x62\x47\x0e\xae\x4d\xc1\x3f\x11\x32\x4f\x9b\x80\x8e\xb9\xc0\x6c\xec\x3f\x30\xa8\x6e\xf0\xfb\x2a\xb9\x0e\x7e\x04\x40\xe8\x7f\xf5\x22\x68\x87\x9d\x8a\xe0\xc9\x1a\x67\x35\x0e\x71\xaf\x1f\xb2\xd4\x90\x8d\x78\x22\x20\x08\xe8\xb6\x71\x15\x6b\x17\x90\x6f\x6a\x1e\x05\xe0\x2b\x6b\x37", 125); *(uint8_t*)0x200068a3 = 5; *(uint8_t*)0x200068a4 = 0x24; *(uint8_t*)0x200068a5 = 6; *(uint8_t*)0x200068a6 = 0; *(uint8_t*)0x200068a7 = 0; *(uint8_t*)0x200068a8 = 5; *(uint8_t*)0x200068a9 = 0x24; *(uint8_t*)0x200068aa = 0; *(uint16_t*)0x200068ab = 7; *(uint8_t*)0x200068ad = 0xd; *(uint8_t*)0x200068ae = 0x24; *(uint8_t*)0x200068af = 0xf; *(uint8_t*)0x200068b0 = 1; *(uint32_t*)0x200068b1 = 3; *(uint16_t*)0x200068b5 = 0; *(uint16_t*)0x200068b7 = 3; *(uint8_t*)0x200068b9 = 0x6a; *(uint8_t*)0x200068ba = 0xc0; *(uint8_t*)0x200068bb = 0x24; *(uint8_t*)0x200068bc = 0x13; *(uint8_t*)0x200068bd = 2; memcpy((void*)0x200068be, "\xf6\xe0\xbd\x71\x54\x25\x30\xd6\xc8\x82\xe5\x31\xf6\x0f\x2e\xef\xd0\x5d\x35\x63\x85\xc0\xa6\x22\xa1\x20\xa8\x16\x78\x85\x48\x55\xc2\x70\x40\x64\x5d\x6c\x24\x37\x27\x72\x10\x8a\xef\x34\xf2\xaf\x02\x26\xda\xa9\x9d\x3c\xec\xfe\x16\x8f\xc9\xfa\xe2\x8e\xd3\xbd\x29\x5c\x75\x43\x16\x6c\xe5\xf2\x52\xa2\x58\x4e\x73\xd2\x12\xd5\x87\x24\x5b\x8e\xbe\xfb\xae\x86\x93\xd8\x8f\x8f\xda\x2b\xbf\xbc\x96\x28\xa0\x8e\x7d\x81\xa1\x94\xb0\xc4\x9e\x82\xf6\xbc\x23\x01\x24\x57\x6b\x45\xb4\xcb\xc1\xd5\xc0\x2d\xcb\x3f\x94\x3d\xad\x75\xc6\xc2\xc5\x02\x3c\x1e\x67\x0f\xf6\x82\x5d\x8b\xa2\x3c\x20\x5a\x7e\xb9\xdc\x0b\xca\xc2\x8c\x35\x14\x07\x20\x78\xd2\xfa\x78\x2c\x31\x86\xd4\xb1\xed\x80\x40\xee\x1c\x76\x5b\xc2\x34\xaf\xcc\x52\xa9\x17\x22\x52\x7e\x5d\xbd\x90\x2d\xc2\x99\xd8", 188); *(uint8_t*)0x2000697a = 9; *(uint8_t*)0x2000697b = 5; *(uint8_t*)0x2000697c = 0; *(uint8_t*)0x2000697d = 0x10; *(uint16_t*)0x2000697e = 0; *(uint8_t*)0x20006980 = 2; *(uint8_t*)0x20006981 = 0x36; *(uint8_t*)0x20006982 = 0; *(uint8_t*)0x20006983 = 0x2a; *(uint8_t*)0x20006984 = 0x31; memcpy((void*)0x20006985, "\x71\xc3\xc3\xd6\x1b\xbd\x69\x65\xe0\xda\xb5\x13\xc1\x4e\x7d\x2a\x6d\x7d\x83\x46\x22\x8a\xf4\x6c\x61\x7a\x9c\x6f\x93\xe2\xc9\x23\x76\x7b\x9d\xcf\x1b\x1c\x65\x24", 40); *(uint8_t*)0x200069ad = 0x35; *(uint8_t*)0x200069ae = 8; memcpy((void*)0x200069af, "\x2e\xfa\xc1\x77\x7f\x97\xf0\x88\xcf\x4e\xa6\x90\x9a\x4a\xb8\x19\x54\x3a\x67\x8d\xbd\x61\x1b\xae\xbf\x76\x50\x0b\x0c\x10\xe0\x99\xa0\x98\x27\xed\xc9\x86\xbd\x1c\x1c\x58\xec\x92\x77\x82\x78\x78\x70\x0a\x60", 51); *(uint8_t*)0x200069e2 = 9; *(uint8_t*)0x200069e3 = 5; *(uint8_t*)0x200069e4 = 6; *(uint8_t*)0x200069e5 = 3; *(uint16_t*)0x200069e6 = 0x400; *(uint8_t*)0x200069e8 = 0x3f; *(uint8_t*)0x200069e9 = 2; *(uint8_t*)0x200069ea = 8; *(uint8_t*)0x200069eb = 2; *(uint8_t*)0x200069ec = 7; *(uint8_t*)0x200069ed = 7; *(uint8_t*)0x200069ee = 0x25; *(uint8_t*)0x200069ef = 1; *(uint8_t*)0x200069f0 = 0x81; *(uint8_t*)0x200069f1 = 0x40; *(uint16_t*)0x200069f2 = 4; *(uint8_t*)0x200069f4 = 9; *(uint8_t*)0x200069f5 = 5; *(uint8_t*)0x200069f6 = 8; *(uint8_t*)0x200069f7 = 0; *(uint16_t*)0x200069f8 = 0x400; *(uint8_t*)0x200069fa = 2; *(uint8_t*)0x200069fb = 8; *(uint8_t*)0x200069fc = 8; *(uint8_t*)0x200069fd = 9; *(uint8_t*)0x200069fe = 5; *(uint8_t*)0x200069ff = 0xe; *(uint8_t*)0x20006a00 = 1; *(uint16_t*)0x20006a01 = 0x200; *(uint8_t*)0x20006a03 = 2; *(uint8_t*)0x20006a04 = 4; *(uint8_t*)0x20006a05 = 9; *(uint8_t*)0x20006a06 = 9; *(uint8_t*)0x20006a07 = 5; *(uint8_t*)0x20006a08 = 0xc; *(uint8_t*)0x20006a09 = 0; *(uint16_t*)0x20006a0a = 0x400; *(uint8_t*)0x20006a0c = 0; *(uint8_t*)0x20006a0d = 4; *(uint8_t*)0x20006a0e = 0x20; *(uint8_t*)0x20006a0f = 7; *(uint8_t*)0x20006a10 = 0x25; *(uint8_t*)0x20006a11 = 1; *(uint8_t*)0x20006a12 = 0; *(uint8_t*)0x20006a13 = 0x7f; *(uint16_t*)0x20006a14 = 0x1ff; *(uint8_t*)0x20006a16 = 7; *(uint8_t*)0x20006a17 = 0x25; *(uint8_t*)0x20006a18 = 1; *(uint8_t*)0x20006a19 = 0x41; *(uint8_t*)0x20006a1a = 0xcb; *(uint16_t*)0x20006a1b = 0x102d; *(uint8_t*)0x20006a1d = 9; *(uint8_t*)0x20006a1e = 5; *(uint8_t*)0x20006a1f = 0xf; *(uint8_t*)0x20006a20 = 0x10; *(uint16_t*)0x20006a21 = 0x20; *(uint8_t*)0x20006a23 = 0x32; *(uint8_t*)0x20006a24 = 0; *(uint8_t*)0x20006a25 = 0; *(uint8_t*)0x20006a26 = 9; *(uint8_t*)0x20006a27 = 5; *(uint8_t*)0x20006a28 = 2; *(uint8_t*)0x20006a29 = 4; *(uint16_t*)0x20006a2a = 0x20; *(uint8_t*)0x20006a2c = 0x20; *(uint8_t*)0x20006a2d = 0x7f; *(uint8_t*)0x20006a2e = 0x7f; *(uint8_t*)0x20006a2f = 7; *(uint8_t*)0x20006a30 = 0x25; *(uint8_t*)0x20006a31 = 1; *(uint8_t*)0x20006a32 = 1; *(uint8_t*)0x20006a33 = 8; *(uint16_t*)0x20006a34 = 0x40; *(uint8_t*)0x20006a36 = 9; *(uint8_t*)0x20006a37 = 5; *(uint8_t*)0x20006a38 = 1; *(uint8_t*)0x20006a39 = 0; *(uint16_t*)0x20006a3a = 8; *(uint8_t*)0x20006a3c = 0xe0; *(uint8_t*)0x20006a3d = 0x80; *(uint8_t*)0x20006a3e = 1; *(uint8_t*)0x20006a3f = 9; *(uint8_t*)0x20006a40 = 5; *(uint8_t*)0x20006a41 = 0xd; *(uint8_t*)0x20006a42 = 0; *(uint16_t*)0x20006a43 = 0x7f7; *(uint8_t*)0x20006a45 = 8; *(uint8_t*)0x20006a46 = 4; *(uint8_t*)0x20006a47 = 0x20; *(uint8_t*)0x20006a48 = 7; *(uint8_t*)0x20006a49 = 0x25; *(uint8_t*)0x20006a4a = 1; *(uint8_t*)0x20006a4b = 2; *(uint8_t*)0x20006a4c = 6; *(uint16_t*)0x20006a4d = 3; *(uint8_t*)0x20006a4f = 0x5b; *(uint8_t*)0x20006a50 = 2; memcpy((void*)0x20006a51, "\xe2\x68\x16\x78\x8a\x1c\xc1\x88\x1a\x23\xc8\xf4\x1a\x67\xd7\x3b\xe6\xc2\x14\x67\xfa\x34\xc3\x2c\x9f\xb2\xf2\x08\xc2\x69\x29\xeb\x65\x27\x36\xf9\xd9\x1d\x3a\x85\xb6\x39\x1d\xdd\x8c\x23\xc3\x09\xf2\x0a\xa9\x6d\x84\xd4\x89\xfd\xc4\x25\xac\xea\x48\x48\x9f\xbd\x62\xf0\xf3\x65\x3d\x94\xee\x6b\x8e\x1d\xab\x83\xb1\x9e\xbc\xa6\xd7\x35\x78\x5a\xb9\xdd\x72\x4d\x66", 89); *(uint8_t*)0x20006aaa = 9; *(uint8_t*)0x20006aab = 5; *(uint8_t*)0x20006aac = 6; *(uint8_t*)0x20006aad = 2; *(uint16_t*)0x20006aae = 0x40; *(uint8_t*)0x20006ab0 = 0x80; *(uint8_t*)0x20006ab1 = 1; *(uint8_t*)0x20006ab2 = 0x1b; *(uint8_t*)0x20006ab3 = 7; *(uint8_t*)0x20006ab4 = 0x25; *(uint8_t*)0x20006ab5 = 1; *(uint8_t*)0x20006ab6 = 0; *(uint8_t*)0x20006ab7 = 7; *(uint16_t*)0x20006ab8 = 0x40; *(uint8_t*)0x20006aba = 9; *(uint8_t*)0x20006abb = 5; *(uint8_t*)0x20006abc = 9; *(uint8_t*)0x20006abd = 0x10; *(uint16_t*)0x20006abe = 8; *(uint8_t*)0x20006ac0 = 7; *(uint8_t*)0x20006ac1 = 4; *(uint8_t*)0x20006ac2 = 0x3f; *(uint8_t*)0x20006ac3 = 0xe8; *(uint8_t*)0x20006ac4 = 0xb; memcpy((void*)0x20006ac5, "\x8a\xfc\x39\xfa\xbf\x2e\x69\xef\xa6\x1b\x09\x26\x94\xe9\xe7\x01\x87\xbb\xd4\x34\x3a\x56\x66\xc1\xc2\xe1\xb5\xbe\xc1\x2b\xd1\xb1\x63\x32\x5b\x32\x04\x7e\x6f\xad\x04\x42\xc3\x70\x40\x7a\xd2\xdd\xd4\xeb\x56\x3a\x85\x40\x8b\xb4\x76\x2b\x8e\x46\xa4\x63\x43\xa9\xbf\x71\x84\x80\x5c\xd6\x0c\x0d\xa1\x01\x0d\xbd\x99\x5b\x1d\x79\x8e\x5b\x4a\x50\xa1\x0d\xc1\x1c\xd3\x95\x93\x2b\x5e\xd4\xf8\xe0\x6e\x56\x6a\x72\x6d\xe0\x3c\x04\x47\x58\x7e\x03\xd6\x55\xe7\x3c\x3e\x30\xe4\x3e\x8c\x21\x89\xd9\xf1\xfc\xbd\x1e\x3d\x45\x71\x2e\x92\x03\xad\x62\xe3\x4e\x8e\x27\x53\xc6\xf2\xd0\xfa\x95\x3d\x20\xdf\xd1\xbb\x42\x47\x9f\xc0\x33\x95\x9a\xac\x50\x43\x14\x9c\xed\xe9\x28\x6d\xce\x76\x3b\x3f\x20\xad\xaf\xee\x00\x5d\xc6\x83\x0d\xb8\x9c\xd5\x8f\x56\xa2\xf9\x7f\xb1\x0e\x0c\x37\xc0\xdd\x51\x63\xae\x61\x78\x38\x7a\x02\x84\xab\x98\x1a\x6c\xab\xcd\x05\xdb\x43\x14\x32\x63\x32\xe1\xd3\x2d\x69\xd9\xe5\x62\x4a\xc0\x86\x33\x32\x79\xb2\xdf\x93\xb7\x8c", 230); *(uint8_t*)0x20006bab = 9; *(uint8_t*)0x20006bac = 5; *(uint8_t*)0x20006bad = 2; *(uint8_t*)0x20006bae = 8; *(uint16_t*)0x20006baf = 0x3ff; *(uint8_t*)0x20006bb1 = 9; *(uint8_t*)0x20006bb2 = 4; *(uint8_t*)0x20006bb3 = 2; *(uint8_t*)0x20006bb4 = 0xf8; *(uint8_t*)0x20006bb5 = 3; memcpy((void*)0x20006bb6, "\xd2\xa3\x36\x68\x18\x43\xbe\xe6\x3f\x11\x81\xdd\xe5\x8c\xe1\x39\xc8\x7e\xb3\x9d\x3b\x1b\x13\xc8\x9f\x9c\x99\x42\x60\x3a\xbc\x8f\x40\x9b\x89\xed\xa8\xfb\x2c\x9c\x68\xe3\xce\xb4\x70\x7a\x75\x45\x08\x30\x06\x6c\xf2\x30\x91\x72\xcf\x06\x53\x0b\xe6\x25\x66\xc8\xc6\x28\x43\x6e\xde\x40\xb0\x63\x4b\x77\x58\xb6\x17\x7a\xb7\x9a\x5e\xf2\x50\x1a\x59\xd5\x80\xc5\x73\x29\x44\xb2\xf3\xbd\x51\x23\xfd\x15\x63\x5c\xfe\x84\x91\xa0\x3a\xb3\xd1\x0d\x42\x51\x80\x9a\xc6\xaf\x63\x5e\x91\x48\xf6\xc9\xb7\xe3\xb9\x3f\xd4\xbe\x33\x87\xd4\xce\x97\x08\xf9\x74\x1d\x7d\x24\x96\xf6\x06\x97\xdb\x79\x6d\x17\xbb\x9f\x55\xed\x9d\x12\xa4\xf5\x24\xc9\xae\x5d\xe2\x04\x4e\x86\x3c\x24\x37\x08\x2c\x82\xf7\x05\x03\x62\xb3\x8a\x90\xff\x56\x63\xe9\xa1\xca\x56\xd8\x99\xac\x46\x21\x20\x97\x09\x52\x83\x42\xac\x71\xba\xd0\x76\x61\xab\x43\x79\x99\xa7\x3a\x96\x72\x00\xb8\xbd\xc9\x75\xa7\x8f\x6e\xd6\xf8\xe6\xec\x81\xb6\x37\xbb\xde\x98\x53\x15\xc3\x2e\xaa\xea\x7d\xe9\x23\x25\xdf\xef\x74\x82\x22\x1b\x7a\x31\x21\x2a\x96\xcd", 246); *(uint8_t*)0x20006cac = 7; *(uint8_t*)0x20006cad = 0x25; *(uint8_t*)0x20006cae = 1; *(uint8_t*)0x20006caf = 0x81; *(uint8_t*)0x20006cb0 = 0x82; *(uint16_t*)0x20006cb1 = 0x7ff; *(uint8_t*)0x20006cb3 = 9; *(uint8_t*)0x20006cb4 = 5; *(uint8_t*)0x20006cb5 = 5; *(uint8_t*)0x20006cb6 = 2; *(uint16_t*)0x20006cb7 = 0x3ff; *(uint8_t*)0x20006cb9 = 0xe4; *(uint8_t*)0x20006cba = 0; *(uint8_t*)0x20006cbb = 1; *(uint8_t*)0x20006cbc = 0xab; *(uint8_t*)0x20006cbd = 9; memcpy((void*)0x20006cbe, "\xc6\xfe\x27\x36\x94\xb4\x05\x2a\x22\x09\x9e\x80\xc6\x7e\x2e\xb2\x7f\xde\xed\x48\xb1\x52\x75\x46\xe3\xa7\x40\x7a\xfc\x77\xae\x43\xbd\x82\x4d\x2f\xfd\x79\xec\x4a\x23\x13\xe6\xde\xcb\x22\x1d\x29\x55\x42\x04\x6d\x0e\x03\x11\xc0\xc0\x2e\x9f\x09\x73\xd4\x9f\x0b\x1b\xd4\x9d\xa2\x3a\xf4\xc4\x14\x49\xe8\xfd\x00\x5d\xde\xac\x5c\xb8\xc7\x3c\x95\x1a\x76\x62\x6e\xe8\x86\x0e\x18\xc8\x5c\xef\x48\xbb\x8b\x33\x50\x6f\x1a\x4f\x6b\xa4\x21\x21\x1b\xd0\x4f\x96\xdd\x24\x63\x65\x5b\x6e\xd4\x20\x6b\xcc\x04\x9e\xbc\x67\xa5\xa0\xac\xbf\xd5\xeb\x77\x05\x5f\x23\x2b\xdc\x5c\x33\xa9\x2f\xd8\x0e\xbb\xd2\xda\xd6\x7c\x47\x0a\x1e\xe4\x01\x28\x0c\x84\xbc\x45\xa2\x25\xab\xf7\xd7\xb7\xa8\xc4\xfd\xd7\x7c", 169); *(uint8_t*)0x20006d67 = 0x99; *(uint8_t*)0x20006d68 = 0x23; memcpy((void*)0x20006d69, "\x6a\xd2\x4c\x93\xae\x66\xaf\xc2\x43\xc8\x2a\x20\x22\x88\x5c\x51\x54\x35\xd3\xa6\xa8\xd0\xef\x67\x86\x6f\x48\x82\x4a\xae\x8e\x31\xc1\x3f\x45\x0c\xf1\x04\x77\xc7\xad\xd8\x14\xe0\xa2\x0d\x36\x90\xe3\x4f\x87\x60\xb7\x87\x53\x57\x60\x1e\x82\x07\x3a\x7a\x84\xd0\xf4\xb1\xe6\x4b\x33\x27\x6f\x3b\xbb\xce\x50\x4b\xdd\x2f\x2b\x38\xc1\x83\x77\x70\x87\x6e\xd0\x36\x7d\xbb\x28\x0f\xc1\x08\xa3\x8f\x3b\x1a\x38\x69\xcf\x03\x88\x71\xf5\xac\xd4\xe8\xde\xc2\xec\x99\xbf\xef\x6e\x25\x96\xdf\x56\x7f\xac\x26\xf3\x17\x37\x92\xc2\x0b\x5d\x1f\xe6\x71\x5e\xb4\xa9\xd9\x64\xaf\x6f\xcc\x73\x1d\x4a\xc6\xbe\x25\xd3\x21\x7f\x7d\x87", 151); *(uint8_t*)0x20006e00 = 9; *(uint8_t*)0x20006e01 = 5; *(uint8_t*)0x20006e02 = 0xd; *(uint8_t*)0x20006e03 = 0xc; *(uint16_t*)0x20006e04 = 0x200; *(uint8_t*)0x20006e06 = 0x3f; *(uint8_t*)0x20006e07 = 8; *(uint8_t*)0x20006e08 = 1; *(uint8_t*)0x20006e09 = 9; *(uint8_t*)0x20006e0a = 5; *(uint8_t*)0x20006e0b = 6; *(uint8_t*)0x20006e0c = 0; *(uint16_t*)0x20006e0d = 0x1df; *(uint8_t*)0x20006e0f = 4; *(uint8_t*)0x20006e10 = 0x3f; *(uint8_t*)0x20006e11 = 0xc5; *(uint8_t*)0x20006e12 = 7; *(uint8_t*)0x20006e13 = 0x25; *(uint8_t*)0x20006e14 = 1; *(uint8_t*)0x20006e15 = 0x80; *(uint8_t*)0x20006e16 = 1; *(uint16_t*)0x20006e17 = 0; *(uint8_t*)0x20006e19 = 9; *(uint8_t*)0x20006e1a = 4; *(uint8_t*)0x20006e1b = 0xb1; *(uint8_t*)0x20006e1c = -1; *(uint8_t*)0x20006e1d = 4; *(uint8_t*)0x20006e1e = 0xb0; *(uint8_t*)0x20006e1f = 0x15; *(uint8_t*)0x20006e20 = 0x7a; *(uint8_t*)0x20006e21 = 0xa9; *(uint8_t*)0x20006e22 = 7; *(uint8_t*)0x20006e23 = 0x24; *(uint8_t*)0x20006e24 = 6; *(uint8_t*)0x20006e25 = 0; *(uint8_t*)0x20006e26 = 0; memcpy((void*)0x20006e27, "\x25\x02", 2); *(uint8_t*)0x20006e29 = 5; *(uint8_t*)0x20006e2a = 0x24; *(uint8_t*)0x20006e2b = 0; *(uint16_t*)0x20006e2c = 0x96; *(uint8_t*)0x20006e2e = 0xd; *(uint8_t*)0x20006e2f = 0x24; *(uint8_t*)0x20006e30 = 0xf; *(uint8_t*)0x20006e31 = 1; *(uint32_t*)0x20006e32 = 0; *(uint16_t*)0x20006e36 = 1; *(uint16_t*)0x20006e38 = 7; *(uint8_t*)0x20006e3a = 1; *(uint8_t*)0x20006e3b = 7; *(uint8_t*)0x20006e3c = 0x24; *(uint8_t*)0x20006e3d = 0xa; *(uint8_t*)0x20006e3e = 0xde; *(uint8_t*)0x20006e3f = 1; *(uint8_t*)0x20006e40 = 3; *(uint8_t*)0x20006e41 = 0x84; *(uint8_t*)0x20006e42 = 5; *(uint8_t*)0x20006e43 = 0x24; *(uint8_t*)0x20006e44 = 1; *(uint8_t*)0x20006e45 = 1; *(uint8_t*)0x20006e46 = 0x20; *(uint8_t*)0x20006e47 = 7; *(uint8_t*)0x20006e48 = 0x24; *(uint8_t*)0x20006e49 = 0x14; *(uint16_t*)0x20006e4a = 8; *(uint16_t*)0x20006e4c = 6; *(uint8_t*)0x20006e4e = 4; *(uint8_t*)0x20006e4f = 0x24; *(uint8_t*)0x20006e50 = 2; *(uint8_t*)0x20006e51 = 7; *(uint8_t*)0x20006e52 = 0xa; *(uint8_t*)0x20006e53 = 0x24; *(uint8_t*)0x20006e54 = 7; *(uint8_t*)0x20006e55 = 0x20; *(uint16_t*)0x20006e56 = 0xd57a; *(uint16_t*)0x20006e58 = 0x3ff; *(uint16_t*)0x20006e5a = 7; *(uint8_t*)0x20006e5c = 7; *(uint8_t*)0x20006e5d = 0x24; *(uint8_t*)0x20006e5e = 0xa; *(uint8_t*)0x20006e5f = 0x80; *(uint8_t*)0x20006e60 = 0; *(uint8_t*)0x20006e61 = 0xfc; *(uint8_t*)0x20006e62 = 6; *(uint8_t*)0x20006e63 = 9; *(uint8_t*)0x20006e64 = 5; *(uint8_t*)0x20006e65 = 0xc; *(uint8_t*)0x20006e66 = 0x10; *(uint16_t*)0x20006e67 = 0x400; *(uint8_t*)0x20006e69 = 0x80; *(uint8_t*)0x20006e6a = 0x3f; *(uint8_t*)0x20006e6b = 0; *(uint8_t*)0x20006e6c = 0xc0; *(uint8_t*)0x20006e6d = 0x23; memcpy((void*)0x20006e6e, "\x2f\xa6\x21\x6f\xa5\xb3\x4b\x3c\x34\x7a\x90\xd7\xc0\x9d\xee\x9e\x3b\xad\x4c\xef\xe7\xc1\x78\xd4\xc2\x48\xc1\x75\xd6\xe2\x65\xf0\xf1\x5b\x5d\xb2\xf1\xef\xac\xfb\xb4\x75\x80\x01\xa8\x95\xf8\x29\x6a\x82\xcc\x24\x3a\x7a\x71\xe6\xcf\xa5\x9d\x27\xd6\xba\x04\x08\x6b\x13\x18\xf3\x99\x7a\xee\x66\x3f\xb0\xb1\x88\xa9\x5e\x85\x05\xf2\x75\x8d\x8b\x43\xe5\x4d\xce\x1e\x61\x31\xac\x08\xc8\xf2\x9e\x40\xfd\xf1\x8b\xbc\xb5\x70\x4b\x23\x47\x1e\x1f\xa2\xbb\xa7\x64\x58\x1c\xe7\xdc\x0a\x1f\x88\x0b\x6a\xa4\xe3\x93\x0f\x95\x24\xba\xf7\xf5\x0f\x7c\xb5\x8d\xdb\xd7\xb0\x65\xbe\x27\x02\x27\xb4\x7e\x34\xa8\x27\xa2\xf0\x9e\x87\x65\x2c\x3b\x09\x33\x94\x5d\x95\xbc\xdc\x06\x2e\x78\x95\x3c\x6f\xef\x78\x19\x97\x36\xf6\x24\x70\xac\x62\x41\x40\xad\x40\x3c\x6f\x78\x8d\x52\xe1\x0e\x11\x03", 190); *(uint8_t*)0x20006f2c = 9; *(uint8_t*)0x20006f2d = 5; *(uint8_t*)0x20006f2e = 5; *(uint8_t*)0x20006f2f = 0; *(uint16_t*)0x20006f30 = 0x20; *(uint8_t*)0x20006f32 = 0x3f; *(uint8_t*)0x20006f33 = 0x7f; *(uint8_t*)0x20006f34 = 2; *(uint8_t*)0x20006f35 = 0x1a; *(uint8_t*)0x20006f36 = 0xc; memcpy((void*)0x20006f37, "\x1c\x2b\x9b\xf9\x18\x36\xba\x9e\x59\x50\x27\x9a\xa4\x49\xab\x26\x14\xf1\x7e\xc4\x78\xa5\xa7\x00", 24); *(uint8_t*)0x20006f4f = 0xc3; *(uint8_t*)0x20006f50 = 0xc; memcpy((void*)0x20006f51, "\x31\x39\xf5\x6a\x95\xcd\x9a\xcd\x2c\xaf\x28\x74\xda\x06\x4a\xdf\x8a\x3e\xa9\x3c\xbd\x32\xe1\x4f\x79\xb6\x83\x8a\x87\x5d\x2b\x1c\x72\x86\xc6\x17\xf7\x80\xe8\x3c\xd8\xac\x69\xa4\x71\x4e\x10\x41\xcf\x11\xa6\x98\x86\x60\x63\xe4\x4d\x74\xc6\xdf\xbe\xe8\x90\x55\xed\xa3\xb7\x01\x77\xaf\x2e\x4b\x13\x8e\xdb\xeb\x82\xf3\x46\x05\xc6\x14\xb3\xa5\xcb\x77\x50\xf2\x20\xc4\xc8\xbc\x45\x0a\x30\x09\xd9\xbd\x33\x00\x56\x14\x98\xc1\x64\xcf\x3b\x38\x00\xcd\xf5\x75\xf5\xee\x94\x56\xff\xec\x5a\xcc\x96\xed\x76\xe2\x26\xc3\x6e\x52\x50\x8d\x2f\xc0\x8e\x9f\x1e\xa6\xfe\x8c\xfc\x2c\x9a\x31\xb0\x9a\xc5\x56\xd2\xe4\x8e\x88\xdb\x31\x70\x50\x50\x52\xed\x76\xa4\x75\xaa\x82\xd6\x36\xd9\x7e\x10\xe7\xe3\xdd\x77\x12\x5f\x5d\xf8\xa7\x95\x7d\x3c\x3f\x94\xf1\xc7\x6c\xbc\x01\x36\x19\x26\x39\xd1\x76\x40", 193); *(uint8_t*)0x20007012 = 9; *(uint8_t*)0x20007013 = 5; *(uint8_t*)0x20007014 = 2; *(uint8_t*)0x20007015 = 2; *(uint16_t*)0x20007016 = 0x200; *(uint8_t*)0x20007018 = 0x48; *(uint8_t*)0x20007019 = 2; *(uint8_t*)0x2000701a = 4; *(uint8_t*)0x2000701b = 9; *(uint8_t*)0x2000701c = 5; *(uint8_t*)0x2000701d = 1; *(uint8_t*)0x2000701e = 0x10; *(uint16_t*)0x2000701f = 0x20; *(uint8_t*)0x20007021 = 0x6c; *(uint8_t*)0x20007022 = 1; *(uint8_t*)0x20007023 = 3; *(uint8_t*)0x20007024 = 0xce; *(uint8_t*)0x20007025 = 0x21; memcpy((void*)0x20007026, "\x06\xc1\x68\xe4\xec\x51\x8f\xa8\x4d\xd5\x1e\xa1\x69\x50\xaf\x04\x28\x9b\x85\x63\x92\x49\xe5\xb2\x76\x19\xa0\x30\x17\x47\x9c\xb3\x14\xd2\xff\xe9\xee\x81\xbe\x9e\xb0\x17\xcf\x98\x23\x4e\x8f\x72\x36\x18\xdf\xe3\x9f\x1f\x4c\xee\x3c\xa8\x42\xdd\x87\x02\x08\xe0\x1c\xcd\x1c\x6a\xe4\xd9\xa7\x1b\x28\x14\xb6\xaa\x79\x5f\xef\xda\x45\x07\x27\xb3\xbe\xb2\x66\xf7\xf3\x56\x20\xf0\x9a\x35\x08\xc2\x9f\xd6\x0d\x98\x47\x34\x2c\x29\x5b\x2b\xa8\x67\xe4\x9b\x8f\x0b\x74\x6d\x5b\x75\x2b\xe6\x9f\x4d\xa8\x8f\x93\x8d\xcb\xfe\x16\x90\x33\x3c\x46\x7c\xb8\x90\x05\x97\xad\x4a\xa4\x34\x40\x45\x39\x24\x3f\x3a\x64\xdb\xce\xd5\x55\x45\x62\x04\x2f\xb9\x8f\xd0\xa5\x55\x3a\xb0\xbd\xf0\xac\xcf\x16\x52\x5c\x4f\x84\x63\x4a\xee\x87\x63\xdb\x10\xe7\x0e\x77\xa8\x9a\x71\x42\x21\xad\x80\x5f\x53\x8a\x0d\x1a\x82\x4d\xcb\x6a\xaa\xc6\x1d\x3e\xa4\xbf\xe9", 204); *(uint8_t*)0x200070f2 = 7; *(uint8_t*)0x200070f3 = 0x25; *(uint8_t*)0x200070f4 = 1; *(uint8_t*)0x200070f5 = 3; *(uint8_t*)0x200070f6 = 0x80; *(uint16_t*)0x200070f7 = 5; *(uint8_t*)0x200070f9 = 9; *(uint8_t*)0x200070fa = 4; *(uint8_t*)0x200070fb = 0x6b; *(uint8_t*)0x200070fc = 3; *(uint8_t*)0x200070fd = 5; *(uint8_t*)0x200070fe = 0x3d; *(uint8_t*)0x200070ff = 0x21; *(uint8_t*)0x20007100 = 0xee; *(uint8_t*)0x20007101 = 0xc0; *(uint8_t*)0x20007102 = 9; *(uint8_t*)0x20007103 = 0x21; *(uint16_t*)0x20007104 = 0x848d; *(uint8_t*)0x20007106 = 0x1f; *(uint8_t*)0x20007107 = 1; *(uint8_t*)0x20007108 = 0x22; *(uint16_t*)0x20007109 = 0x3f6; *(uint8_t*)0x2000710b = 9; *(uint8_t*)0x2000710c = 5; *(uint8_t*)0x2000710d = 0xd; *(uint8_t*)0x2000710e = 0x10; *(uint16_t*)0x2000710f = 0x40; *(uint8_t*)0x20007111 = 0x7c; *(uint8_t*)0x20007112 = 6; *(uint8_t*)0x20007113 = 4; *(uint8_t*)0x20007114 = 7; *(uint8_t*)0x20007115 = 0x25; *(uint8_t*)0x20007116 = 1; *(uint8_t*)0x20007117 = 0x82; *(uint8_t*)0x20007118 = 0x69; *(uint16_t*)0x20007119 = 0x5fa4; *(uint8_t*)0x2000711b = 9; *(uint8_t*)0x2000711c = 5; *(uint8_t*)0x2000711d = 3; *(uint8_t*)0x2000711e = 0x1c; *(uint16_t*)0x2000711f = 0x3ff; *(uint8_t*)0x20007121 = 8; *(uint8_t*)0x20007122 = 0x81; *(uint8_t*)0x20007123 = 1; *(uint8_t*)0x20007124 = 7; *(uint8_t*)0x20007125 = 0x25; *(uint8_t*)0x20007126 = 1; *(uint8_t*)0x20007127 = 0x37; *(uint8_t*)0x20007128 = 3; *(uint16_t*)0x20007129 = 0xfff; *(uint8_t*)0x2000712b = 0xba; *(uint8_t*)0x2000712c = 9; memcpy((void*)0x2000712d, "\xb8\xe7\xe6\x10\xb0\x74\x32\x5b\x28\xa3\x8b\x1b\x5f\x75\x6c\xdd\xec\xec\x90\x26\xba\xed\xfb\x15\x8c\x2c\xe4\xd0\xe3\x48\xd2\x44\x73\xf7\xa1\xee\x74\xbd\xa8\xa6\xd5\x84\x5a\xcf\x5d\xe0\x95\x71\x3b\xb0\x20\xe1\x29\x2c\xc0\x80\xd9\xc8\x97\x44\xf8\xce\xd9\x69\x16\xbb\x20\x55\xa1\xa1\x76\x9f\x6a\x7b\x4d\x13\xb9\xf7\x40\x50\xa8\x22\x0d\xdf\x0d\x09\xa9\x4c\x3b\xfb\xaa\xb0\x6f\xdd\x2b\x5e\x0b\x19\x31\xb7\x7f\x42\x6c\x18\xe3\xc8\x8d\xa2\x5c\x52\xc0\x19\xdb\xfb\xdb\xb8\xbf\x0e\x5e\xe6\x28\xb5\xa4\x6d\x95\xb5\x39\x42\xfe\xb5\xbf\x7b\xfd\x58\x1f\x93\xa9\x45\xc8\x5d\xa3\x3b\x76\x3d\x2f\x0c\x33\x45\x89\x8c\x95\xe2\xa1\x22\x8e\x5e\x08\x40\x70\xa1\xe9\x6b\xce\xf7\x23\x7f\x0a\x03\x36\xc6\x30\x91\xbe\x6b\x87\xd3\xff\x68\xde\x36\xf6\xc9\xb0\xb2", 184); *(uint8_t*)0x200071e5 = 9; *(uint8_t*)0x200071e6 = 5; *(uint8_t*)0x200071e7 = 0; *(uint8_t*)0x200071e8 = 0x10; *(uint16_t*)0x200071e9 = 0; *(uint8_t*)0x200071eb = 0x40; *(uint8_t*)0x200071ec = 7; *(uint8_t*)0x200071ed = 0x22; *(uint8_t*)0x200071ee = 0xfc; *(uint8_t*)0x200071ef = 0x11; memcpy((void*)0x200071f0, "\xfb\xb0\xdd\xc3\x40\xe0\xee\x54\x66\x41\x5b\xab\xc5\x9d\x3b\xbf\x8a\x56\x91\x09\x35\x1e\x08\x9d\xf0\x59\x09\x4e\x3c\x5a\xef\x87\xf9\xe1\x31\x20\xdc\x04\x3a\x4d\xad\x91\x93\xdb\xea\x34\xae\xff\xbe\x3c\x0d\x94\x5d\x8a\x18\xd6\xc0\x55\xb7\x9c\xe5\x1a\xdb\x09\x82\x0e\xb6\x96\x5d\x78\x22\xf5\x53\xc5\x90\xfb\x93\x5c\xc1\x58\x0e\x2b\x0e\xf0\x39\x29\x0f\x87\xad\x62\xe2\x18\x1d\xd2\xbb\x24\xa7\x78\xed\x74\x23\x3d\x39\xc6\xb0\x15\x66\x72\x3d\x38\x6a\xcd\x2f\xf2\x42\x72\x0d\xa9\x5b\xf5\x44\x94\xdb\x06\x51\x6e\x40\xd1\x92\x76\xbe\x27\xf9\xe0\x78\xc7\x62\x1a\xbe\xc7\x9a\xf9\x0b\x12\xfd\x0d\xbf\x62\x8f\xa9\xf9\xa0\x94\x93\x8f\x29\x7a\x8f\x8c\x63\xff\xe5\x7d\x00\x40\x79\x2e\x86\xe8\xd2\x42\x5b\x2a\x50\xd3\x7c\xc1\xab\x39\x75\x22\x7e\xc4\xcd\x85\xc0\x2d\x73\x4b\x8e\xce\x89\x1b\x27\x49\x62\xc1\x13\x34\x9b\x2b\x06\xf2\xea\x19\x7a\xf2\x34\x72\xe2\xd1\xce\x4d\x93\x0c\xf8\x49\xf7\x7e\x61\x9c\x77\xb2\xe9\xb1\xdb\x97\x7c\x04\x0b\x42\x89\x33\xd8\x06\x6b\x59\x31\x28\x3d\x29\x49\xea\x81\x25\xc4\x65\x37\xa3\xe2", 250); *(uint8_t*)0x200072ea = 7; *(uint8_t*)0x200072eb = 0x25; *(uint8_t*)0x200072ec = 1; *(uint8_t*)0x200072ed = 0x5d; *(uint8_t*)0x200072ee = 7; *(uint16_t*)0x200072ef = 7; *(uint8_t*)0x200072f1 = 9; *(uint8_t*)0x200072f2 = 5; *(uint8_t*)0x200072f3 = 5; *(uint8_t*)0x200072f4 = 0; *(uint16_t*)0x200072f5 = 0x400; *(uint8_t*)0x200072f7 = 5; *(uint8_t*)0x200072f8 = 5; *(uint8_t*)0x200072f9 = 0x1f; *(uint8_t*)0x200072fa = 0xb3; *(uint8_t*)0x200072fb = 0xb; memcpy((void*)0x200072fc, "\x0a\x90\x26\x86\x4d\x79\xf2\x1b\x7a\x15\x0b\x9c\xaf\xf6\xd2\x23\x28\x7b\x8c\xa6\x7d\x8d\x62\xad\x24\x44\xad\x8a\xb2\x40\x35\xf8\x7b\xea\x38\x7a\x1c\x63\x16\xcd\xa6\x1d\x7f\x3d\x15\x2b\x50\x7d\xfe\xa1\x3e\xb6\x95\x48\x67\xd2\x49\xc9\x09\xaa\x46\xa7\x31\x77\x1b\xbc\x9d\xe9\x59\xdd\x60\xac\x85\x76\x69\xab\x68\x0a\xaf\x8c\x6f\x94\xb6\x47\x95\xdc\x7e\xc6\x0d\xa5\x53\x2b\xf5\x8f\x6b\xa5\xb8\xc7\x37\x2f\xf5\xf9\x5b\x31\x08\xe2\x9b\x13\xe6\x70\x9f\x81\x50\x16\xd3\x53\xc6\xde\xdb\xf5\x45\xdf\x03\xd5\x87\x4b\xe7\x15\x51\x3c\x36\xff\xfe\xea\x5b\xc1\xdf\x7b\xef\x3b\xf1\x99\x10\xb0\x15\x92\xc2\x35\xf3\xe8\x17\x74\x90\x84\xa3\x8b\xde\x9e\x19\x6e\x27\x37\xcd\xdd\xc6\xdb\xe1\x43\x13\x67\x9a\x0b\xe3\x21\x14\xa9\x35", 177); *(uint8_t*)0x200073ad = 0xcb; *(uint8_t*)0x200073ae = 9; memcpy((void*)0x200073af, "\x0e\x30\xd9\x67\xc4\xc4\x78\x8b\x63\x96\x45\x65\x05\x54\x46\x04\x9b\xb0\x57\xff\xe7\xfa\x48\x41\x37\xed\x94\x0e\xd6\x96\xd3\xdf\x82\x2d\x7f\xda\x84\xe0\x35\xfc\x02\xf2\x79\xaa\x40\x7f\xe5\x17\x92\x45\x64\x73\x44\x0d\xfa\xf2\xf6\xcf\x45\x2e\x0d\x53\x9d\x88\x95\x3e\xfd\xfb\xdb\xea\x71\xa7\xde\xf8\xbd\xc1\x06\xb8\x1f\x32\x5b\x00\xbd\x33\x2a\x3d\xc6\x9c\xba\x43\x29\xc3\x05\xbd\x46\x89\x2b\x30\xd4\x47\xec\xe1\x71\xba\x0b\x4a\x73\xc2\xa0\x8e\x64\x30\xa8\xed\xb6\xcf\xb5\xfb\x7a\xb5\xbc\xe3\x4b\xa2\x38\x5f\xc7\xab\x6a\x5d\x60\x2c\x69\x91\x92\xd9\xa9\x67\xdc\xf2\x55\xd2\xbd\x64\x53\xff\x27\xb3\xe4\x97\x8a\x81\x69\xf8\xf8\xd9\xe1\xd7\x42\xde\xa5\x53\x6e\xe6\xb5\xb8\x41\x1f\x4a\x7e\xea\xf5\x95\x9b\xba\xd4\xa2\x03\xde\x44\xcc\x50\xc1\x5d\x54\xac\x51\x0a\xfe\x7c\x69\xe7\x9f\x40\x14\x36\xdb\xc3\x65\x11\x4c", 201); *(uint8_t*)0x20007478 = 9; *(uint8_t*)0x20007479 = 5; *(uint8_t*)0x2000747a = 0xb; *(uint8_t*)0x2000747b = 0x16; *(uint16_t*)0x2000747c = 8; *(uint8_t*)0x2000747e = 5; *(uint8_t*)0x2000747f = 0; *(uint8_t*)0x20007480 = 3; *(uint8_t*)0x20007481 = 0x5f; *(uint8_t*)0x20007482 = 0xc; memcpy((void*)0x20007483, "\x7a\x83\xaa\x84\x2e\x67\xfc\x4a\x39\x31\x27\x22\xb0\x63\xb2\x9e\xd9\xd2\x08\x58\x58\x08\xb5\xdd\x26\xd2\xc9\x04\x3a\xc3\x04\xdc\x29\x86\x86\xd0\xcd\x8a\x9d\x62\x3e\x67\x8b\x98\x41\x0d\x54\xa5\xab\x43\xa7\x09\xa1\x62\x6f\x4d\x80\x47\x33\x5b\xa6\x2f\x79\x54\x59\x99\x0e\x70\x14\xec\xdc\x10\x49\x38\x63\x80\x36\x6f\x56\xe3\xd1\x0a\xf4\x24\xe1\xef\x08\x7b\x70\x70\xab\xb8\x93", 93); *(uint8_t*)0x200074e0 = 7; *(uint8_t*)0x200074e1 = 0x25; *(uint8_t*)0x200074e2 = 1; *(uint8_t*)0x200074e3 = 3; *(uint8_t*)0x200074e4 = 7; *(uint16_t*)0x200074e5 = 0x401; *(uint8_t*)0x200074e7 = 9; *(uint8_t*)0x200074e8 = 4; *(uint8_t*)0x200074e9 = 0x9d; *(uint8_t*)0x200074ea = 0xba; *(uint8_t*)0x200074eb = 1; *(uint8_t*)0x200074ec = -1; *(uint8_t*)0x200074ed = 2; *(uint8_t*)0x200074ee = 0x73; *(uint8_t*)0x200074ef = 0x7f; *(uint8_t*)0x200074f0 = 5; *(uint8_t*)0x200074f1 = 0x24; *(uint8_t*)0x200074f2 = 6; *(uint8_t*)0x200074f3 = 0; *(uint8_t*)0x200074f4 = 1; *(uint8_t*)0x200074f5 = 5; *(uint8_t*)0x200074f6 = 0x24; *(uint8_t*)0x200074f7 = 0; *(uint16_t*)0x200074f8 = 0xff80; *(uint8_t*)0x200074fa = 0xd; *(uint8_t*)0x200074fb = 0x24; *(uint8_t*)0x200074fc = 0xf; *(uint8_t*)0x200074fd = 1; *(uint32_t*)0x200074fe = 4; *(uint16_t*)0x20007502 = 0x3f; *(uint16_t*)0x20007504 = 0xa0; *(uint8_t*)0x20007506 = 0x81; *(uint8_t*)0x20007507 = 6; *(uint8_t*)0x20007508 = 0x24; *(uint8_t*)0x20007509 = 0x1a; *(uint16_t*)0x2000750a = 0x5118; *(uint8_t*)0x2000750c = 0x30; *(uint8_t*)0x2000750d = 0x15; *(uint8_t*)0x2000750e = 0x24; *(uint8_t*)0x2000750f = 0x12; *(uint16_t*)0x20007510 = 0x200; *(uint64_t*)0x20007512 = 0x14f5e048ba817a3; *(uint64_t*)0x2000751a = 0x2a397ecbffc007a6; *(uint8_t*)0x20007522 = 0xc; *(uint8_t*)0x20007523 = 0x24; *(uint8_t*)0x20007524 = 0x1b; *(uint16_t*)0x20007525 = 0x605; *(uint16_t*)0x20007527 = 0x3ff; *(uint8_t*)0x20007529 = 0x81; *(uint8_t*)0x2000752a = 4; *(uint16_t*)0x2000752b = 0xfffb; *(uint8_t*)0x2000752d = 2; *(uint8_t*)0x2000752e = 0x15; *(uint8_t*)0x2000752f = 0x24; *(uint8_t*)0x20007530 = 0x12; *(uint16_t*)0x20007531 = 0xb9; *(uint64_t*)0x20007533 = 0x14f5e048ba817a3; *(uint64_t*)0x2000753b = 0x2a397ecbffc007a6; *(uint8_t*)0x20007543 = 0xc; *(uint8_t*)0x20007544 = 0x24; *(uint8_t*)0x20007545 = 0x1b; *(uint16_t*)0x20007546 = 0x6e5; *(uint16_t*)0x20007548 = 0x200; *(uint8_t*)0x2000754a = 4; *(uint8_t*)0x2000754b = 0x6e; *(uint16_t*)0x2000754c = 0xce; *(uint8_t*)0x2000754e = 6; *(uint8_t*)0x2000754f = 0xc; *(uint8_t*)0x20007550 = 0x24; *(uint8_t*)0x20007551 = 0x1b; *(uint16_t*)0x20007552 = 0; *(uint16_t*)0x20007554 = 1; *(uint8_t*)0x20007556 = 2; *(uint8_t*)0x20007557 = 0x80; *(uint16_t*)0x20007558 = 6; *(uint8_t*)0x2000755a = 6; *(uint8_t*)0x2000755b = 9; *(uint8_t*)0x2000755c = 5; *(uint8_t*)0x2000755d = 3; *(uint8_t*)0x2000755e = 8; *(uint16_t*)0x2000755f = 0x10; *(uint8_t*)0x20007561 = 8; *(uint8_t*)0x20007562 = 1; *(uint8_t*)0x20007563 = 0x1f; *(uint8_t*)0x20007564 = 0xad; *(uint8_t*)0x20007565 = 2; memcpy((void*)0x20007566, "\xb0\x44\x85\x4e\xe1\x75\xc5\xf2\xbc\x2f\x67\x07\x5f\xf4\xfa\x04\x9f\x4d\xba\x9c\x23\x4b\xe8\xd4\x0e\x89\x5e\x8a\x2a\x79\x19\xb4\x8c\xc6\xc3\x04\x19\x01\x15\xe9\x93\x3e\xb1\xc9\x82\x42\x8c\x3a\x0d\x53\x36\x9e\xf7\x70\x92\xd6\x08\x1a\xa2\xbd\xf5\x46\x3d\xeb\x38\x45\x7f\x1d\x67\x44\xbb\x73\x4f\x03\xeb\xdf\x50\x76\x6b\x49\x53\x5c\x5e\xd1\xb3\x4b\x2e\x12\x85\x7c\x87\xbd\x89\xef\x45\x2a\x92\xeb\x07\x20\xb3\x9c\x06\xbc\x73\x67\xeb\x39\xfc\x6a\x1a\xf3\x7a\x88\x8f\xe0\x71\x01\x14\xe8\x78\x8d\xe4\xc8\x08\xbf\xd1\x19\x32\x6c\x6d\x2c\xf4\x94\x4b\x3a\x56\x89\xd0\x35\x93\x43\x6a\xa1\x07\x7e\xff\x8d\x2c\x94\xbd\x5d\xae\xbc\x9d\x86\xe5\xbb\xef\x65\x64\x04\x38\xb8\xc4\xfa\x73\xd8\x5c\xc7\xb2", 171); *(uint32_t*)0x20007840 = 0xa; *(uint32_t*)0x20007844 = 0x20007640; *(uint8_t*)0x20007640 = 0xa; *(uint8_t*)0x20007641 = 6; *(uint16_t*)0x20007642 = 0x110; *(uint8_t*)0x20007644 = 0x80; *(uint8_t*)0x20007645 = 9; *(uint8_t*)0x20007646 = 1; *(uint8_t*)0x20007647 = 0x10; *(uint8_t*)0x20007648 = 4; *(uint8_t*)0x20007649 = 0; *(uint32_t*)0x20007848 = 0x64; *(uint32_t*)0x2000784c = 0x20007680; *(uint8_t*)0x20007680 = 5; *(uint8_t*)0x20007681 = 0xf; *(uint16_t*)0x20007682 = 0x64; *(uint8_t*)0x20007684 = 6; *(uint8_t*)0x20007685 = 0x14; *(uint8_t*)0x20007686 = 0x10; *(uint8_t*)0x20007687 = 0xa; *(uint8_t*)0x20007688 = 0; STORE_BY_BITMASK(uint32_t, , 0x20007689, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20007689, 0, 5, 27); *(uint16_t*)0x2000768d = 0xf00; *(uint16_t*)0x2000768f = 4; *(uint32_t*)0x20007691 = 0xff0000; *(uint32_t*)0x20007695 = 0xc0; *(uint8_t*)0x20007699 = 0xa; *(uint8_t*)0x2000769a = 0x10; *(uint8_t*)0x2000769b = 3; *(uint8_t*)0x2000769c = 0; *(uint16_t*)0x2000769d = 1; *(uint8_t*)0x2000769f = 0; *(uint8_t*)0x200076a0 = 0x1f; *(uint16_t*)0x200076a1 = 9; *(uint8_t*)0x200076a3 = 0x20; *(uint8_t*)0x200076a4 = 0x10; *(uint8_t*)0x200076a5 = 0xa; *(uint8_t*)0x200076a6 = 0x81; STORE_BY_BITMASK(uint32_t, , 0x200076a7, 5, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x200076a7, 7, 5, 27); *(uint16_t*)0x200076ab = 0; *(uint16_t*)0x200076ad = 0x80; *(uint32_t*)0x200076af = 0; *(uint32_t*)0x200076b3 = 0x3f00; *(uint32_t*)0x200076b7 = 0; *(uint32_t*)0x200076bb = 0xc000; *(uint32_t*)0x200076bf = 0xffc0; *(uint8_t*)0x200076c3 = 3; *(uint8_t*)0x200076c4 = 0x10; *(uint8_t*)0x200076c5 = 0xb; *(uint8_t*)0x200076c6 = 0xa; *(uint8_t*)0x200076c7 = 0x10; *(uint8_t*)0x200076c8 = 3; *(uint8_t*)0x200076c9 = 2; *(uint16_t*)0x200076ca = 0xa; *(uint8_t*)0x200076cc = 0x80; *(uint8_t*)0x200076cd = 1; *(uint16_t*)0x200076ce = 0xf07a; *(uint8_t*)0x200076d0 = 0x14; *(uint8_t*)0x200076d1 = 0x10; *(uint8_t*)0x200076d2 = 4; *(uint8_t*)0x200076d3 = 1; memcpy((void*)0x200076d4, "\x16\xfa\x0c\xbc\xaf\x6e\x45\xfe\xf8\x91\x0f\xb5\x97\xfe\xa0\xeb", 16); *(uint32_t*)0x20007850 = 3; *(uint32_t*)0x20007854 = 0x9e; *(uint32_t*)0x20007858 = 0x20007700; *(uint8_t*)0x20007700 = 0x9e; *(uint8_t*)0x20007701 = 3; memcpy((void*)0x20007702, "\x34\x30\x1c\x3d\x32\xd7\xde\xf4\x67\x07\xec\x19\xf9\xc0\x6b\xbe\xea\x89\x88\x49\xd5\x69\x18\xf2\xd0\xf1\x0b\x7b\x72\x8f\x8d\x23\x2d\xe4\xe1\x22\x3c\xe4\x2f\x7d\x08\x67\x83\xba\x31\x0b\xaa\x68\xa2\x2d\x8a\xcf\xba\x4d\x52\x37\x5a\x16\xda\xca\xc7\x76\x1a\x3c\x95\x20\x92\x9d\x62\x39\xc1\x59\xe1\xda\x18\xcf\xc7\x80\xe3\xba\xe0\xa1\xe4\x74\x40\xbb\x15\xf6\xb6\x2f\x2b\x0e\xd3\x1f\x5c\xf2\x20\x7d\x40\x6b\xf7\x1d\xd3\x0a\x08\x9d\xbd\x71\x99\xbb\xb2\x1b\xfe\xbc\x4e\x35\x5e\xb5\x68\x02\xd9\x54\x25\x1c\xa9\x27\xdd\x11\x05\x1e\x83\xad\x0b\xf0\x91\x42\xb2\x53\x2b\xe8\xb2\x94\x46\x4a\x27\xa0\x75\xc4\xcc\xca\xe1\x91\xca\x85\x10\x49", 156); *(uint32_t*)0x2000785c = 0x15; *(uint32_t*)0x20007860 = 0x200077c0; *(uint8_t*)0x200077c0 = 0x15; *(uint8_t*)0x200077c1 = 3; memcpy((void*)0x200077c2, "\xee\xb2\x63\xc0\x0c\xe5\x8f\x49\x0a\x96\x56\x1b\x62\x60\x8f\xa1\x65\x52\x05", 19); *(uint32_t*)0x20007864 = 4; *(uint32_t*)0x20007868 = 0x20007800; *(uint8_t*)0x20007800 = 4; *(uint8_t*)0x20007801 = 3; *(uint16_t*)0x20007802 = 0x3416; res = -1; res = syz_usb_connect(4, 0xe11, 0x20006800, 0x20007840); if (res != -1) r[21] = res; break; case 44: *(uint8_t*)0x20007880 = 0x12; *(uint8_t*)0x20007881 = 1; *(uint16_t*)0x20007882 = 0x200; *(uint8_t*)0x20007884 = -1; *(uint8_t*)0x20007885 = -1; *(uint8_t*)0x20007886 = -1; *(uint8_t*)0x20007887 = 0x40; *(uint16_t*)0x20007888 = 0xcf3; *(uint16_t*)0x2000788a = 0x9271; *(uint16_t*)0x2000788c = 0x108; *(uint8_t*)0x2000788e = 1; *(uint8_t*)0x2000788f = 2; *(uint8_t*)0x20007890 = 3; *(uint8_t*)0x20007891 = 1; *(uint8_t*)0x20007892 = 9; *(uint8_t*)0x20007893 = 2; *(uint16_t*)0x20007894 = 0x48; *(uint8_t*)0x20007896 = 1; *(uint8_t*)0x20007897 = 1; *(uint8_t*)0x20007898 = 0; *(uint8_t*)0x20007899 = 0x80; *(uint8_t*)0x2000789a = 0xfa; *(uint8_t*)0x2000789b = 9; *(uint8_t*)0x2000789c = 4; *(uint8_t*)0x2000789d = 0; *(uint8_t*)0x2000789e = 0; *(uint8_t*)0x2000789f = 6; *(uint8_t*)0x200078a0 = -1; *(uint8_t*)0x200078a1 = 0; *(uint8_t*)0x200078a2 = 0; *(uint8_t*)0x200078a3 = 0; *(uint8_t*)0x200078a4 = 9; *(uint8_t*)0x200078a5 = 5; *(uint8_t*)0x200078a6 = 1; *(uint8_t*)0x200078a7 = 2; *(uint16_t*)0x200078a8 = 0x200; *(uint8_t*)0x200078aa = 0; *(uint8_t*)0x200078ab = 0; *(uint8_t*)0x200078ac = 0; *(uint8_t*)0x200078ad = 9; *(uint8_t*)0x200078ae = 5; *(uint8_t*)0x200078af = 0x82; *(uint8_t*)0x200078b0 = 2; *(uint16_t*)0x200078b1 = 0x200; *(uint8_t*)0x200078b3 = 0; *(uint8_t*)0x200078b4 = 0; *(uint8_t*)0x200078b5 = 0; *(uint8_t*)0x200078b6 = 9; *(uint8_t*)0x200078b7 = 5; *(uint8_t*)0x200078b8 = 0x83; *(uint8_t*)0x200078b9 = 3; *(uint16_t*)0x200078ba = 0x40; *(uint8_t*)0x200078bc = 1; *(uint8_t*)0x200078bd = 0; *(uint8_t*)0x200078be = 0; *(uint8_t*)0x200078bf = 9; *(uint8_t*)0x200078c0 = 5; *(uint8_t*)0x200078c1 = 4; *(uint8_t*)0x200078c2 = 3; *(uint16_t*)0x200078c3 = 0x40; *(uint8_t*)0x200078c5 = 1; *(uint8_t*)0x200078c6 = 0; *(uint8_t*)0x200078c7 = 0; *(uint8_t*)0x200078c8 = 9; *(uint8_t*)0x200078c9 = 5; *(uint8_t*)0x200078ca = 5; *(uint8_t*)0x200078cb = 2; *(uint16_t*)0x200078cc = 0x200; *(uint8_t*)0x200078ce = 0; *(uint8_t*)0x200078cf = 0; *(uint8_t*)0x200078d0 = 0; *(uint8_t*)0x200078d1 = 9; *(uint8_t*)0x200078d2 = 5; *(uint8_t*)0x200078d3 = 6; *(uint8_t*)0x200078d4 = 2; *(uint16_t*)0x200078d5 = 0x200; *(uint8_t*)0x200078d7 = 0; *(uint8_t*)0x200078d8 = 0; *(uint8_t*)0x200078d9 = 0; res = -1; res = syz_usb_connect_ath9k(3, 0x5a, 0x20007880, 0); if (res != -1) r[22] = res; break; case 45: *(uint32_t*)0x20007b00 = 0x18; *(uint32_t*)0x20007b04 = 0x20007900; *(uint8_t*)0x20007900 = 0x20; *(uint8_t*)0x20007901 = 0x21; *(uint32_t*)0x20007902 = 0x9a; *(uint8_t*)0x20007906 = 0x9a; *(uint8_t*)0x20007907 = 5; memcpy((void*)0x20007908, "\x0a\x16\x8b\x3c\x55\x88\x8f\x31\xc9\x26\xba\x29\x32\xa9\xd1\x37\xd8\xb1\x9a\xc2\x17\xf0\xd2\x22\xe0\x93\x82\x4f\x4b\x30\xec\x9e\x71\xc2\x63\x4e\xe0\xfb\x8f\xc2\x24\xad\xde\xfd\xba\x18\xc2\x2f\x1b\x78\xc6\xb4\x65\x11\x4b\xd2\x24\xc2\xaf\x0a\x37\x95\x37\xea\xe8\x7e\x76\xeb\xd9\x1d\x16\x06\x3f\x2e\xcc\xaf\xd3\x00\x90\x93\x6a\xfa\x29\xeb\xaa\xcd\x35\x08\x2c\xa5\xb7\xa2\xb7\x21\x5d\x54\xc7\x25\x55\x36\xc7\x7b\xd8\xdf\xb3\x4b\xf4\x0e\xc7\x57\x50\x83\x54\x8d\x95\xc5\x67\x77\x3c\xba\xc1\x87\xae\xaa\xf9\x8a\xfe\x5f\x50\x6e\x96\x09\x48\xb7\x5e\x62\xe2\x6a\x16\x57\x25\x84\x1b\x5b\x0c\x64\x36\x4a\x8f\x09\x09\x80", 152); *(uint32_t*)0x20007b08 = 0x200079c0; *(uint8_t*)0x200079c0 = 0; *(uint8_t*)0x200079c1 = 3; *(uint32_t*)0x200079c2 = 0x6e; *(uint8_t*)0x200079c6 = 0x6e; *(uint8_t*)0x200079c7 = 3; memcpy((void*)0x200079c8, "\xb5\xd2\x6a\xf6\x3c\x75\x39\x26\x99\xac\x83\xeb\x6a\xfa\x75\xb9\x21\xd7\x7e\x3f\xcf\x43\xef\x5e\x91\x9d\xf9\xbd\xca\x82\x84\x0c\xaf\x4c\xdf\x52\xbb\x7a\x8a\x23\x93\xa8\xb1\xa2\xa1\xb1\x7f\xc9\xfa\x42\x01\x35\x69\xea\xee\xac\xe8\xc9\x77\xcc\xd3\x08\xe3\x02\x6e\xc1\x28\x87\xb9\xb8\x82\xe4\x06\x8a\xdf\xe6\x9e\x7d\x2e\x10\x48\xa4\x52\x7a\xc6\xea\xb1\x62\xbc\x67\x00\x76\x48\xca\x3d\x0f\x3d\x8c\xeb\x3a\xe6\xff\x58\x09\x38\x04\x65\x4f", 108); *(uint32_t*)0x20007b0c = 0x20007a40; *(uint8_t*)0x20007a40 = 0; *(uint8_t*)0x20007a41 = 0xf; *(uint32_t*)0x20007a42 = 5; *(uint8_t*)0x20007a46 = 5; *(uint8_t*)0x20007a47 = 0xf; *(uint16_t*)0x20007a48 = 5; *(uint8_t*)0x20007a4a = 0; *(uint32_t*)0x20007b10 = 0x20007a80; *(uint8_t*)0x20007a80 = 0x20; *(uint8_t*)0x20007a81 = 0x29; *(uint32_t*)0x20007a82 = 0xf; *(uint8_t*)0x20007a86 = 0xf; *(uint8_t*)0x20007a87 = 0x29; *(uint8_t*)0x20007a88 = 0x80; *(uint16_t*)0x20007a89 = 4; *(uint8_t*)0x20007a8b = 8; *(uint8_t*)0x20007a8c = 2; memcpy((void*)0x20007a8d, "\x01\x8a\x11\xac", 4); memcpy((void*)0x20007a91, "\x98\x3b\x66\xd4", 4); *(uint32_t*)0x20007b14 = 0x20007ac0; *(uint8_t*)0x20007ac0 = 0x20; *(uint8_t*)0x20007ac1 = 0x2a; *(uint32_t*)0x20007ac2 = 0xc; *(uint8_t*)0x20007ac6 = 0xc; *(uint8_t*)0x20007ac7 = 0x2a; *(uint8_t*)0x20007ac8 = 3; *(uint16_t*)0x20007ac9 = 0x10; *(uint8_t*)0x20007acb = 0x20; *(uint8_t*)0x20007acc = 0x1f; *(uint8_t*)0x20007acd = 0x81; *(uint16_t*)0x20007ace = 8; *(uint16_t*)0x20007ad0 = 0; *(uint32_t*)0x20007f40 = 0x44; *(uint32_t*)0x20007f44 = 0x20007b40; *(uint8_t*)0x20007b40 = 0x20; *(uint8_t*)0x20007b41 = 9; *(uint32_t*)0x20007b42 = 0x10; memcpy((void*)0x20007b46, "\xce\xc6\x41\xd8\x1e\x53\xb2\xba\x4e\x01\xec\x10\x75\x8c\x40\xaa", 16); *(uint32_t*)0x20007f48 = 0x20007b80; *(uint8_t*)0x20007b80 = 0; *(uint8_t*)0x20007b81 = 0xa; *(uint32_t*)0x20007b82 = 1; *(uint8_t*)0x20007b86 = 8; *(uint32_t*)0x20007f4c = 0x20007bc0; *(uint8_t*)0x20007bc0 = 0; *(uint8_t*)0x20007bc1 = 8; *(uint32_t*)0x20007bc2 = 1; *(uint8_t*)0x20007bc6 = 0x1f; *(uint32_t*)0x20007f50 = 0x20007c00; *(uint8_t*)0x20007c00 = 0x20; *(uint8_t*)0x20007c01 = 0; *(uint32_t*)0x20007c02 = 4; *(uint16_t*)0x20007c06 = 1; *(uint16_t*)0x20007c08 = 2; *(uint32_t*)0x20007f54 = 0x20007c40; *(uint8_t*)0x20007c40 = 0x20; *(uint8_t*)0x20007c41 = 0; *(uint32_t*)0x20007c42 = 4; *(uint16_t*)0x20007c46 = 0x200; *(uint16_t*)0x20007c48 = 0x40; *(uint32_t*)0x20007f58 = 0x20007c80; *(uint8_t*)0x20007c80 = 0x40; *(uint8_t*)0x20007c81 = 7; *(uint32_t*)0x20007c82 = 2; *(uint16_t*)0x20007c86 = 9; *(uint32_t*)0x20007f5c = 0x20007cc0; *(uint8_t*)0x20007cc0 = 0x40; *(uint8_t*)0x20007cc1 = 9; *(uint32_t*)0x20007cc2 = 1; *(uint8_t*)0x20007cc6 = 0x12; *(uint32_t*)0x20007f60 = 0x20007d00; *(uint8_t*)0x20007d00 = 0x40; *(uint8_t*)0x20007d01 = 0xb; *(uint32_t*)0x20007d02 = 2; memcpy((void*)0x20007d06, "\xd8\x47", 2); *(uint32_t*)0x20007f64 = 0x20007d40; *(uint8_t*)0x20007d40 = 0x40; *(uint8_t*)0x20007d41 = 0xf; *(uint32_t*)0x20007d42 = 2; *(uint16_t*)0x20007d46 = 0x676; *(uint32_t*)0x20007f68 = 0x20007d80; *(uint8_t*)0x20007d80 = 0x40; *(uint8_t*)0x20007d81 = 0x13; *(uint32_t*)0x20007d82 = 6; *(uint8_t*)0x20007d86 = 0xaa; *(uint8_t*)0x20007d87 = 0xaa; *(uint8_t*)0x20007d88 = 0xaa; *(uint8_t*)0x20007d89 = 0xaa; *(uint8_t*)0x20007d8a = 0xaa; *(uint8_t*)0x20007d8b = 0xbb; *(uint32_t*)0x20007f6c = 0x20007dc0; *(uint8_t*)0x20007dc0 = 0x40; *(uint8_t*)0x20007dc1 = 0x17; *(uint32_t*)0x20007dc2 = 6; *(uint8_t*)0x20007dc6 = 1; *(uint8_t*)0x20007dc7 = 0x80; *(uint8_t*)0x20007dc8 = 0xc2; *(uint8_t*)0x20007dc9 = 0; *(uint8_t*)0x20007dca = 0; *(uint8_t*)0x20007dcb = 0; *(uint32_t*)0x20007f70 = 0x20007e00; *(uint8_t*)0x20007e00 = 0x40; *(uint8_t*)0x20007e01 = 0x19; *(uint32_t*)0x20007e02 = 2; memcpy((void*)0x20007e06, "aB", 2); *(uint32_t*)0x20007f74 = 0x20007e40; *(uint8_t*)0x20007e40 = 0x40; *(uint8_t*)0x20007e41 = 0x1a; *(uint32_t*)0x20007e42 = 2; *(uint16_t*)0x20007e46 = 4; *(uint32_t*)0x20007f78 = 0x20007e80; *(uint8_t*)0x20007e80 = 0x40; *(uint8_t*)0x20007e81 = 0x1c; *(uint32_t*)0x20007e82 = 1; *(uint8_t*)0x20007e86 = 0x70; *(uint32_t*)0x20007f7c = 0x20007ec0; *(uint8_t*)0x20007ec0 = 0x40; *(uint8_t*)0x20007ec1 = 0x1e; *(uint32_t*)0x20007ec2 = 1; *(uint8_t*)0x20007ec6 = 9; *(uint32_t*)0x20007f80 = 0x20007f00; *(uint8_t*)0x20007f00 = 0x40; *(uint8_t*)0x20007f01 = 0x21; *(uint32_t*)0x20007f02 = 1; *(uint8_t*)0x20007f06 = 0; syz_usb_control_io(r[22], 0x20007b00, 0x20007f40); break; case 46: syz_usb_disconnect(r[21]); break; case 47: syz_usb_ep_read(r[21], 0x20, 0x53, 0x20007fc0); break; case 48: *(uint8_t*)0x20008040 = 0x12; *(uint8_t*)0x20008041 = 1; *(uint16_t*)0x20008042 = 0x250; *(uint8_t*)0x20008044 = 0; *(uint8_t*)0x20008045 = 0; *(uint8_t*)0x20008046 = 0; *(uint8_t*)0x20008047 = 8; *(uint16_t*)0x20008048 = 0x1130; *(uint16_t*)0x2000804a = 0x3101; *(uint16_t*)0x2000804c = 0x40; *(uint8_t*)0x2000804e = 1; *(uint8_t*)0x2000804f = 2; *(uint8_t*)0x20008050 = 3; *(uint8_t*)0x20008051 = 1; *(uint8_t*)0x20008052 = 9; *(uint8_t*)0x20008053 = 2; *(uint16_t*)0x20008054 = 0x2d; *(uint8_t*)0x20008056 = 1; *(uint8_t*)0x20008057 = 1; *(uint8_t*)0x20008058 = 1; *(uint8_t*)0x20008059 = 0; *(uint8_t*)0x2000805a = 0x20; *(uint8_t*)0x2000805b = 9; *(uint8_t*)0x2000805c = 4; *(uint8_t*)0x2000805d = 0; *(uint8_t*)0x2000805e = 8; *(uint8_t*)0x2000805f = 1; *(uint8_t*)0x20008060 = 3; *(uint8_t*)0x20008061 = 1; *(uint8_t*)0x20008062 = 2; *(uint8_t*)0x20008063 = 1; *(uint8_t*)0x20008064 = 9; *(uint8_t*)0x20008065 = 0x21; *(uint16_t*)0x20008066 = 0x3ff; *(uint8_t*)0x20008068 = 2; *(uint8_t*)0x20008069 = 1; *(uint8_t*)0x2000806a = 0x22; *(uint16_t*)0x2000806b = 0xc2c; *(uint8_t*)0x2000806d = 9; *(uint8_t*)0x2000806e = 5; *(uint8_t*)0x2000806f = 0x81; *(uint8_t*)0x20008070 = 3; *(uint16_t*)0x20008071 = 0x200; *(uint8_t*)0x20008073 = 4; *(uint8_t*)0x20008074 = 0; *(uint8_t*)0x20008075 = 9; *(uint8_t*)0x20008076 = 9; *(uint8_t*)0x20008077 = 5; *(uint8_t*)0x20008078 = 2; *(uint8_t*)0x20008079 = 3; *(uint16_t*)0x2000807a = 8; *(uint8_t*)0x2000807c = 1; *(uint8_t*)0x2000807d = 0xfa; *(uint8_t*)0x2000807e = 0; *(uint32_t*)0x200084c0 = 0xa; *(uint32_t*)0x200084c4 = 0x20008080; *(uint8_t*)0x20008080 = 0xa; *(uint8_t*)0x20008081 = 6; *(uint16_t*)0x20008082 = 0; *(uint8_t*)0x20008084 = 0x11; *(uint8_t*)0x20008085 = 0xf2; *(uint8_t*)0x20008086 = 0x20; *(uint8_t*)0x20008087 = 0xbf; *(uint8_t*)0x20008088 = 0xe3; *(uint8_t*)0x20008089 = 0; *(uint32_t*)0x200084c8 = 0x35; *(uint32_t*)0x200084cc = 0x200080c0; *(uint8_t*)0x200080c0 = 5; *(uint8_t*)0x200080c1 = 0xf; *(uint16_t*)0x200080c2 = 0x35; *(uint8_t*)0x200080c4 = 5; *(uint8_t*)0x200080c5 = 3; *(uint8_t*)0x200080c6 = 0x10; *(uint8_t*)0x200080c7 = 0xb; *(uint8_t*)0x200080c8 = 0x14; *(uint8_t*)0x200080c9 = 0x10; *(uint8_t*)0x200080ca = 4; *(uint8_t*)0x200080cb = 3; memcpy((void*)0x200080cc, "\x81\xb3\xe8\x31\xd0\x5d\x61\x72\x4e\x7e\xfe\x59\xe3\xeb\x35\xa8", 16); *(uint8_t*)0x200080dc = 3; *(uint8_t*)0x200080dd = 0x10; *(uint8_t*)0x200080de = 0xb; *(uint8_t*)0x200080df = 0xb; *(uint8_t*)0x200080e0 = 0x10; *(uint8_t*)0x200080e1 = 1; *(uint8_t*)0x200080e2 = 4; *(uint16_t*)0x200080e3 = 0x20; *(uint8_t*)0x200080e5 = 9; *(uint8_t*)0x200080e6 = 5; *(uint16_t*)0x200080e7 = 0x232; *(uint8_t*)0x200080e9 = 1; *(uint8_t*)0x200080ea = 0xb; *(uint8_t*)0x200080eb = 0x10; *(uint8_t*)0x200080ec = 1; *(uint8_t*)0x200080ed = 6; *(uint16_t*)0x200080ee = 0x40; *(uint8_t*)0x200080f0 = 0x3f; *(uint8_t*)0x200080f1 = 1; *(uint16_t*)0x200080f2 = 0x1000; *(uint8_t*)0x200080f4 = 0x95; *(uint32_t*)0x200084d0 = 0xa; *(uint32_t*)0x200084d4 = 4; *(uint32_t*)0x200084d8 = 0x20008100; *(uint8_t*)0x20008100 = 4; *(uint8_t*)0x20008101 = 3; *(uint16_t*)0x20008102 = 0x437; *(uint32_t*)0x200084dc = 0x94; *(uint32_t*)0x200084e0 = 0x20008140; *(uint8_t*)0x20008140 = 0x94; *(uint8_t*)0x20008141 = 3; memcpy((void*)0x20008142, "\x0a\x2b\x55\xe2\x4c\x1e\x43\x9b\x99\xc4\xa7\xb6\xb7\x8a\x9e\x11\x99\xaf\x0f\xe5\xc7\x7d\x11\x9c\xaa\x1a\x26\x2a\x23\x23\xee\x85\xd4\x4c\xe5\x3c\xbc\x4f\x5b\xbf\x33\x95\xb8\xfc\x42\x68\x91\xdd\x21\xc2\xf6\x97\x20\xe4\x9d\x0f\xad\xd0\x34\xca\x35\x34\xb4\xf5\x2d\xf6\x84\x0f\x02\x75\x70\x5c\x82\x69\xc7\xe7\xfe\x3b\x1f\xeb\x95\x16\xea\xc7\xe5\x87\xde\x92\xb8\x90\x29\x30\x49\x14\xa6\x7f\x5b\xcc\x9f\x23\xf6\x09\x72\xb1\xc0\x3c\x7e\x6d\xd6\x49\x58\x7e\xc7\x80\xe8\x16\xd8\x65\x78\x1d\x19\xc1\x77\x76\x71\x41\x21\xe8\x7c\x91\x73\xfd\x96\xdb\xf3\xbd\xeb\x4b\x5f\x7e\x01\x2b\xb8\x27\x9f\x38", 146); *(uint32_t*)0x200084e4 = 0x44; *(uint32_t*)0x200084e8 = 0x20008200; *(uint8_t*)0x20008200 = 0x44; *(uint8_t*)0x20008201 = 3; memcpy((void*)0x20008202, "\x13\x5e\xa6\x24\x3a\x34\x97\xb7\xeb\x5c\x6f\x4b\xa0\xc3\x8c\x06\x84\x82\x17\xb0\x74\x3b\x8e\x74\xe6\x24\x95\xdd\xd2\x93\xaa\x49\xf0\xd2\x6f\x1b\x86\xbc\xde\x62\x55\x3a\x7e\x58\x7a\xef\x8c\x1e\xf0\xd8\xc1\x2b\xa3\xde\xc7\x57\x6f\x9e\x3e\x4f\x42\xec\xb1\xa1\x75\xca", 66); *(uint32_t*)0x200084ec = 4; *(uint32_t*)0x200084f0 = 0x20008280; *(uint8_t*)0x20008280 = 4; *(uint8_t*)0x20008281 = 3; *(uint16_t*)0x20008282 = 0x2c0a; *(uint32_t*)0x200084f4 = 4; *(uint32_t*)0x200084f8 = 0x200082c0; *(uint8_t*)0x200082c0 = 4; *(uint8_t*)0x200082c1 = 3; *(uint16_t*)0x200082c2 = 0x44b; *(uint32_t*)0x200084fc = 0x31; *(uint32_t*)0x20008500 = 0x20008300; *(uint8_t*)0x20008300 = 0x31; *(uint8_t*)0x20008301 = 3; memcpy((void*)0x20008302, "\x82\xc7\x02\x29\x05\x30\x20\xa3\x24\xb9\x8d\x14\xd5\x7b\x17\xa9\xb3\x44\x0c\x05\x1f\x56\xe3\xed\xd2\xf4\x96\x7b\xa5\x6e\x07\x5a\xa6\xf9\x88\x06\x3d\xe0\x7f\x08\xad\x93\xea\x70\x9b\xa6\x13", 47); *(uint32_t*)0x20008504 = 4; *(uint32_t*)0x20008508 = 0x20008340; *(uint8_t*)0x20008340 = 4; *(uint8_t*)0x20008341 = 3; *(uint16_t*)0x20008342 = 0x423; *(uint32_t*)0x2000850c = 4; *(uint32_t*)0x20008510 = 0x20008380; *(uint8_t*)0x20008380 = 4; *(uint8_t*)0x20008381 = 3; *(uint16_t*)0x20008382 = 0x430; *(uint32_t*)0x20008514 = 0x2c; *(uint32_t*)0x20008518 = 0x200083c0; *(uint8_t*)0x200083c0 = 0x2c; *(uint8_t*)0x200083c1 = 3; memcpy((void*)0x200083c2, "\xcd\x51\x8b\x3d\x76\xf8\x28\xb8\xd2\xd9\x8e\x57\x99\xa8\x29\x49\x6a\xf1\x48\x34\xd2\x49\xdc\x1c\xca\x0a\x1e\xcc\x5e\x98\x7c\x00\x8e\x50\xa3\xde\x8f\x93\x6a\xbd\x87\x28", 42); *(uint32_t*)0x2000851c = 0xa8; *(uint32_t*)0x20008520 = 0x20008400; *(uint8_t*)0x20008400 = 0xa8; *(uint8_t*)0x20008401 = 3; memcpy((void*)0x20008402, "\x95\x7f\xa0\x06\x47\xda\x8d\xf8\x45\x74\x7d\xea\xd5\x48\x2f\x41\x16\xe0\x44\x3b\xcb\x7b\x30\x3c\x0f\xcf\x35\xfc\xd1\x36\x7d\x8a\xd5\xe0\x69\xd0\xa3\x21\x76\x22\xe4\xdb\xe2\x01\x85\x55\xe1\x50\x6d\xad\xe1\xed\x57\x30\x8b\x80\x51\xad\xe8\x15\xe9\x25\x58\x1f\x82\xd3\xf3\xc5\xfe\x1d\xf8\x07\x02\xd0\x2c\x90\x74\xce\x05\x2e\x54\x2c\xf5\xcb\xc1\x0a\x22\xa0\x97\x65\xcb\x02\xc8\x7c\x14\xaa\x57\xb1\x92\xf9\x78\xea\x1a\x60\x02\xb1\x47\x60\x12\xc8\x8c\x87\x4e\x1b\x1c\xb7\xfc\x70\x93\x53\x16\xd3\x43\x00\xdd\xae\x42\x0a\x78\xe2\xe5\x3e\xb5\x30\x02\xf3\xb0\x3c\x9c\xd2\x75\x4b\x8c\xf0\x2f\x98\x41\xf8\xfb\x0e\x16\x8d\xc4\xe0\x0e\xea\x01\x4b\x30\xfe\x68\xa7\x00\xc6\x5c\x0c", 166); res = -1; res = syz_usb_connect(4, 0x3f, 0x20008040, 0x200084c0); if (res != -1) r[23] = res; break; case 49: memcpy((void*)0x20008540, "\x43\x4d\x22\xb9\x8f\x25\x94\x64\x3d", 9); syz_usb_ep_write(r[23], 9, 9, 0x20008540); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } : In function ‘syz_io_uring_setup’: :248:33: error: ‘__NR_io_uring_setup’ undeclared (first use in this function) :248:33: note: each undeclared identifier is reported only once for each function it appears in compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor334432907 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -static -Wno-overflow] --- FAIL: TestGenerate/linux/386/3 (0.25s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:false RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\xec\x2e\x7b\xc7\x2e\xa2\x42\xf6\xab\xc3\x2e\xc7\xa5\x13\xc2\xb3\xb3\xfc\x9f\xa5\xe4\x08\x68\x35\xe4\x7b\x30\xab\x60\x2d\x39\xfb\xfc\xa5\x4a\xd3\x43\x8e\x3d\xa0\x34\x5c\x29\xf8\x74\x76\x99\x04\x7e\x06\xc4\x68\x79\xa9\x4b\xef\x8f\xaa\x1b\x93\xde\xdb\xf8\xaa\xf7\x7e\x11\xda\x64\x96\x1b\x42\x92\xbd\x9e\x5b\xca\xe7\x7d\x1a\x4d\xd0\xa3\x71\x11\x49\x6b\x41\xa7\x91\x1a\x28\x6f\x1e\x80\xc8\x37\x42\x0d\x41\x62\x66\xe0\x5a\xaa\x11\x4d\x03\x1b\x68\xc1\xa7\xc7\x15\x37\x86\x9d\x6a\xd2\xad\x7c\x0d\x7d\x5c\xc8\xcc\x72\xc0\x54\x56\x9e\x15\x3d\x41\xd6\x0d\xd7\x49\xe0\x8e\x9c\x07\xb5\xc6\xf0\xdf\xd1\xe3\x9c\x03\xd7\xc0\xd4\xfa\x67\xe2\x8f\x32\x65\x67\xdf\x09\xbf\xdc\xd2\xff\xe2\x0d\x6b\xe1\x7c\xa0\xae\x00\x15\x57\xbf\xda\xf4\x11\x41\x0b\x45\x19\x74\x69\x6a\x32\xad\x65\x6a\x85\xf5\x01\x1f\xad\x89\x1e\xc4\xdd\x2a\xd2\xfa\x76\xeb\x91\x74\x92\xf6\x63\x50\xca\xaa\xe8\xdb\xb7\x62\xa0\xde\x4f\xfa\x4c\x35\xa6\x5f\x1e\xf5\x38\x8b\xeb\x9d\x30\x31\x3e\xb1\x20\x73\xbf\x69\xc5\x1b\x1e\xf1\x26\x97\x1f\x7b\xf2\x52\x51\xb2\x3c\xcd\x12\xb5\x9e\xa1\xde\x15\xe5\x2b\x90\x5e\x61\x46\x10\x40\x89\xd3\x73\x5a\xd0\x0e\x70\xc8\x8e\xb6\x57\x0a\x21\xdb\xa1\x6d\x05\xc8\xd8\x8a\xab\x82\xb9\x93\x3d\xec\x5b\xf6\xc5\x03\xa1\x4f\x1a\xf3\x33\x0e\x9b\xfd\x8e\x9a\xe7\x45\xf0\x46\x90\x53\xae\x9a\xb6\xe4\x6e\x8d\xda\x7c\x7c\x5c\xcc\xe8\x47\xd2\x8e\xf6\x8a\xd5\xd9\xbe\x21\xf2\x6a\xbf\xd6\x78\xfd\x60\x43\xa0\x72\x76\x8c\x0a\xb2\xf3\x18\x02\xc5\xd2\xee\x54\xa4\x26\x05\x3c\xd7\x74\xf7\xa1\x00\x53\x48\x7b\x56\x75\x02\xa4\x26\x2d\x63\xf0\x6f\xf9\x74\x92\xba\xc2\x70\x3c\xef\x66\x47\xc1\x91\x17\xd5\x84\x42\x84\xca\xe7\x94\x00\xe0\xc3\x67\x0d\x51\x75\xf9\x50\x49\x4c\x23\x30\x66\x13\x86\xf1\x0b\x57\xcb\x4b\x6e\xd2\xaa\x81\x12\x0a\x84\x26\x4f\xc9\x6e\xe2\xbf\x81\xd3\x80\xdc\x1c\x1b\xa7\x0d\xe9\x7a\x7f\xcc\x91\xdc\xcc\x42\xec\x90\xb2\x13\xcc\x3d\xb4\xf0\x88\x87\xdf\x8f\xa8\x0c\xb6\x48\x5a\xe8\x9b\x1a\x7d\x77\xb5\xc3\x9d\xcd\xf6\x2d\x79\x3a\x18\xf2\x9b\x5a\xc7\x35\xc0\x7b\x06\xe8\xf0\x09\x8b\xd9\x47\x40\x28\x49\x69\x52\x85\x91\x71\x35\xd2\xf6\x89\x16\x6b\x42\xcd\x14\x59\x9e\xe9\x17\x72\x56\xe7\xe4\x00\xc4\xed\xf7\x31\x7b\x6b\x30\xca\x6d\x9c\x2b\x7f\x28\x39\xf0\x96\xbd\x67\xd3\x34\x3f\xbe\x6c\xaa\x34\xdb\xd4\xb5\xcd\x33\x94\xb7\x07\xb6\x01\x79\x4b\x53\x11\xb2\xbb\x8e\xa8\xf7\x4e\x59\xfb\x66\x78\xa1\xde\x2e\xd8\xde\x44\x3a\x49\xf5\x31\x82\x99\xaa\x8a\x96\xd3\x4b\xa7\x53\xd7\xa8\xf9\xf9\x42\x95\xa4\xb7\xc4\x21\x9b\x5a\x1e\x11\x24\x6e\xbc\x65\x21\xc8\xe1\x86\xdf\x99\x3b\x9d\xa7\x9f\xa2\x39\x4b\x36\xa4\x53\xb0\xc5\xb5\xcc\xb6\xc2\x72\x93\x38\xac\x8e\x3a\x21\x53\xa4\xa3\x01\x2e\x8c\x43\x78\xfc\xbf\xd5\xe8\xb5\x6b\x04\x25\xcc\x23\x6c\x07\x31\x5c\x75\xba\xf6\x2b\xaf\x3b\x3b\x62\xc4\x13\xed\x9f\x5e\xc6\x6f\xf9\x8b\xbb\xe6\x1f\x2b\xda\x90\x6c\x8b\xde\xe0\xce\xc2\xde\x6d\x6e\x25\xa4\x9c\xef\xdf\xe3\xf3\xed\x53\xb1\x15\x41\x78\x39\x8c\x62\x87\xb8\x15\x8e\x1d\x7f\x81\x87\x68\x93\x8c\xcd\xcf\xad\x45\x8e\xe9\xb3\xa6\xea\x9a\x69\xa7\x86\x9d\x05\x95\x5d\xec\x71\xd8\x29\x09\xaf\x3e\x39\x30\xba\xb9\x8c\xd1\x75\x17\xd6\xbb\x16\x41\xce\xb9", 8192); *(uint32_t*)0x20004f00 = 0x20002200; *(uint32_t*)0x20002200 = 0x50; *(uint32_t*)0x20002204 = 0x48262fad; *(uint64_t*)0x20002208 = 0x1000; *(uint32_t*)0x20002210 = 7; *(uint32_t*)0x20002214 = 0x1f; *(uint32_t*)0x20002218 = 9; *(uint32_t*)0x2000221c = 0x200; *(uint16_t*)0x20002220 = 8; *(uint16_t*)0x20002222 = 0x1ff; *(uint32_t*)0x20002224 = 0xbb; *(uint32_t*)0x20002228 = 0xa; *(uint16_t*)0x2000222c = 0; *(uint16_t*)0x2000222e = 0; *(uint32_t*)0x20002230 = 0; *(uint32_t*)0x20002234 = 0; *(uint32_t*)0x20002238 = 0; *(uint32_t*)0x2000223c = 0; *(uint32_t*)0x20002240 = 0; *(uint32_t*)0x20002244 = 0; *(uint32_t*)0x20002248 = 0; *(uint32_t*)0x2000224c = 0; *(uint32_t*)0x20004f04 = 0x20002280; *(uint32_t*)0x20002280 = 0x18; *(uint32_t*)0x20002284 = 0xfffffff5; *(uint64_t*)0x20002288 = 2; *(uint64_t*)0x20002290 = 1; *(uint32_t*)0x20004f08 = 0x200022c0; *(uint32_t*)0x200022c0 = 0x18; *(uint32_t*)0x200022c4 = 0; *(uint64_t*)0x200022c8 = 4; *(uint64_t*)0x200022d0 = 7; *(uint32_t*)0x20004f0c = 0x20002300; *(uint32_t*)0x20002300 = 0x18; *(uint32_t*)0x20002304 = 0; *(uint64_t*)0x20002308 = 6; *(uint32_t*)0x20002310 = 0xfffffffb; *(uint32_t*)0x20002314 = 0; *(uint32_t*)0x20004f10 = 0x20002340; *(uint32_t*)0x20002340 = 0x18; *(uint32_t*)0x20002344 = 0xfffffffe; *(uint64_t*)0x20002348 = 0x401; *(uint32_t*)0x20002350 = 0x101; *(uint32_t*)0x20002354 = 0; *(uint32_t*)0x20004f14 = 0x200043c0; *(uint32_t*)0x200043c0 = 0x28; *(uint32_t*)0x200043c4 = 0xfffffffe; *(uint64_t*)0x200043c8 = 0xffffffffffff8000; *(uint64_t*)0x200043d0 = 0x1000; *(uint64_t*)0x200043d8 = 4; *(uint32_t*)0x200043e0 = 0; *(uint32_t*)0x200043e4 = r[6]; *(uint32_t*)0x20004f18 = 0x20004400; *(uint32_t*)0x20004400 = 0x60; *(uint32_t*)0x20004404 = 0; *(uint64_t*)0x20004408 = 0x8000; *(uint64_t*)0x20004410 = 0x19; *(uint64_t*)0x20004418 = 0; *(uint64_t*)0x20004420 = 0x4b; *(uint64_t*)0x20004428 = 3; *(uint64_t*)0x20004430 = 1; *(uint32_t*)0x20004438 = -1; *(uint32_t*)0x2000443c = 0x10001; *(uint32_t*)0x20004440 = 0x7fff; *(uint32_t*)0x20004444 = 0; *(uint32_t*)0x20004448 = 0; *(uint32_t*)0x2000444c = 0; *(uint32_t*)0x20004450 = 0; *(uint32_t*)0x20004454 = 0; *(uint32_t*)0x20004458 = 0; *(uint32_t*)0x2000445c = 0; *(uint32_t*)0x20004f1c = 0x20004480; *(uint32_t*)0x20004480 = 0x18; *(uint32_t*)0x20004484 = 0; *(uint64_t*)0x20004488 = 0xfffffffffffffffe; *(uint32_t*)0x20004490 = 1; *(uint32_t*)0x20004494 = 0; *(uint32_t*)0x20004f20 = 0x200044c0; *(uint32_t*)0x200044c0 = 0x2a; *(uint32_t*)0x200044c4 = 0; *(uint64_t*)0x200044c8 = 0; memcpy((void*)0x200044d0, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f24 = 0x20004500; *(uint32_t*)0x20004500 = 0x20; *(uint32_t*)0x20004504 = 0; *(uint64_t*)0x20004508 = 0xffffffff; *(uint64_t*)0x20004510 = 0; *(uint32_t*)0x20004518 = 5; *(uint32_t*)0x2000451c = 0; *(uint32_t*)0x20004f28 = 0x200047c0; *(uint32_t*)0x200047c0 = 0x78; *(uint32_t*)0x200047c4 = 0; *(uint64_t*)0x200047c8 = 0xfff; *(uint64_t*)0x200047d0 = 5; *(uint32_t*)0x200047d8 = 0; *(uint32_t*)0x200047dc = 0; *(uint64_t*)0x200047e0 = 0; *(uint64_t*)0x200047e8 = 0xfffffffffffffffb; *(uint64_t*)0x200047f0 = 5; *(uint64_t*)0x200047f8 = 0xfffffffffffffff9; *(uint64_t*)0x20004800 = 1; *(uint64_t*)0x20004808 = 9; *(uint32_t*)0x20004810 = 8; *(uint32_t*)0x20004814 = 0xff; *(uint32_t*)0x20004818 = 5; *(uint32_t*)0x2000481c = 0xc000; *(uint32_t*)0x20004820 = 0x7cc8; *(uint32_t*)0x20004824 = r[7]; *(uint32_t*)0x20004828 = r[8]; *(uint32_t*)0x2000482c = 0xf4a5; *(uint32_t*)0x20004830 = 9; *(uint32_t*)0x20004834 = 0; *(uint32_t*)0x20004f2c = 0x200048c0; *(uint32_t*)0x200048c0 = 0x90; *(uint32_t*)0x200048c4 = 0; *(uint64_t*)0x200048c8 = 0x100000001; *(uint64_t*)0x200048d0 = 5; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0x80000001; *(uint64_t*)0x200048e8 = 1; *(uint32_t*)0x200048f0 = 7; *(uint32_t*)0x200048f4 = 0x100; *(uint64_t*)0x200048f8 = 0; *(uint64_t*)0x20004900 = 0x3ff; *(uint64_t*)0x20004908 = 7; *(uint64_t*)0x20004910 = 6; *(uint64_t*)0x20004918 = 2; *(uint64_t*)0x20004920 = 0x200; *(uint32_t*)0x20004928 = 0x20; *(uint32_t*)0x2000492c = 6; *(uint32_t*)0x20004930 = 0xe07fd01; *(uint32_t*)0x20004934 = 0xc000; *(uint32_t*)0x20004938 = 9; *(uint32_t*)0x2000493c = r[9]; *(uint32_t*)0x20004940 = r[10]; *(uint32_t*)0x20004944 = 8; *(uint32_t*)0x20004948 = 1; *(uint32_t*)0x2000494c = 0; *(uint32_t*)0x20004f30 = 0x20004980; *(uint32_t*)0x20004980 = 0xa8; *(uint32_t*)0x20004984 = 0; *(uint64_t*)0x20004988 = 1; *(uint64_t*)0x20004990 = 0; *(uint64_t*)0x20004998 = 4; *(uint32_t*)0x200049a0 = 0x1a; *(uint32_t*)0x200049a4 = 0x3ff; memcpy((void*)0x200049a8, "bpf_lsm_post_notification\000", 26); *(uint64_t*)0x200049c8 = 2; *(uint64_t*)0x200049d0 = 0x80000000; *(uint32_t*)0x200049d8 = 4; *(uint32_t*)0x200049dc = 2; memcpy((void*)0x200049e0, "#(\\!", 4); *(uint64_t*)0x200049e8 = 2; *(uint64_t*)0x200049f0 = 0x80000001; *(uint32_t*)0x200049f8 = 1; *(uint32_t*)0x200049fc = 0x1ff; memcpy((void*)0x20004a00, "%", 1); *(uint64_t*)0x20004a08 = 2; *(uint64_t*)0x20004a10 = 0xff; *(uint32_t*)0x20004a18 = 1; *(uint32_t*)0x20004a1c = 0x8001; memcpy((void*)0x20004a20, "&", 1); *(uint32_t*)0x20004f34 = 0x20004bc0; *(uint32_t*)0x20004bc0 = 0xc8; *(uint32_t*)0x20004bc4 = 0; *(uint64_t*)0x20004bc8 = 0; *(uint64_t*)0x20004bd0 = 4; *(uint64_t*)0x20004bd8 = 3; *(uint64_t*)0x20004be0 = 9; *(uint64_t*)0x20004be8 = 4; *(uint32_t*)0x20004bf0 = 8; *(uint32_t*)0x20004bf4 = 5; *(uint64_t*)0x20004bf8 = 3; *(uint64_t*)0x20004c00 = 0x800; *(uint64_t*)0x20004c08 = 1; *(uint64_t*)0x20004c10 = 0x10001; *(uint64_t*)0x20004c18 = 8; *(uint64_t*)0x20004c20 = 1; *(uint32_t*)0x20004c28 = 0; *(uint32_t*)0x20004c2c = 0x401; *(uint32_t*)0x20004c30 = 0xfffffff7; *(uint32_t*)0x20004c34 = 0x6000; *(uint32_t*)0x20004c38 = 0x10001; *(uint32_t*)0x20004c3c = r[11]; *(uint32_t*)0x20004c40 = r[12]; *(uint32_t*)0x20004c44 = 6; *(uint32_t*)0x20004c48 = 0xf8; *(uint32_t*)0x20004c4c = 0; *(uint64_t*)0x20004c50 = 3; *(uint64_t*)0x20004c58 = 2; *(uint32_t*)0x20004c60 = 0x1a; *(uint32_t*)0x20004c64 = 9; memcpy((void*)0x20004c68, "bpf_lsm_post_notification\000", 26); *(uint32_t*)0x20004f38 = 0x20004e00; *(uint32_t*)0x20004e00 = 0xa0; *(uint32_t*)0x20004e04 = 0xfffffffe; *(uint64_t*)0x20004e08 = 9; *(uint64_t*)0x20004e10 = 4; *(uint64_t*)0x20004e18 = 0; *(uint64_t*)0x20004e20 = 0x3ff; *(uint64_t*)0x20004e28 = 0x80000000; *(uint32_t*)0x20004e30 = 0xfffffffd; *(uint32_t*)0x20004e34 = 8; *(uint64_t*)0x20004e38 = 1; *(uint64_t*)0x20004e40 = 7; *(uint64_t*)0x20004e48 = 0x401; *(uint64_t*)0x20004e50 = 7; *(uint64_t*)0x20004e58 = 0; *(uint64_t*)0x20004e60 = 5; *(uint32_t*)0x20004e68 = 7; *(uint32_t*)0x20004e6c = 6; *(uint32_t*)0x20004e70 = 0x40; *(uint32_t*)0x20004e74 = 0xa000; *(uint32_t*)0x20004e78 = 0x800; *(uint32_t*)0x20004e7c = r[13]; *(uint32_t*)0x20004e80 = r[14]; *(uint32_t*)0x20004e84 = 0x8001; *(uint32_t*)0x20004e88 = 0; *(uint32_t*)0x20004e8c = 0; *(uint64_t*)0x20004e90 = 0; *(uint32_t*)0x20004e98 = 0; *(uint32_t*)0x20004e9c = 0; *(uint32_t*)0x20004f3c = 0x20004ec0; *(uint32_t*)0x20004ec0 = 0x20; *(uint32_t*)0x20004ec4 = 0xfffffffe; *(uint64_t*)0x20004ec8 = 1; *(uint32_t*)0x20004ed0 = 5; *(uint32_t*)0x20004ed4 = 4; *(uint32_t*)0x20004ed8 = 5; *(uint32_t*)0x20004edc = 1; syz_fuse_handle_req(r[5], 0x20000200, 0x2000, 0x20004f00); break; case 26: memcpy((void*)0x20004f40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20004f40); break; case 27: syz_init_net_socket(3, 3, 0xca); break; case 28: res = -1; res = syz_io_uring_complete(0); if (res != -1) r[15] = res; break; case 29: *(uint32_t*)0x20004f84 = 0x2b11; *(uint32_t*)0x20004f88 = 1; *(uint32_t*)0x20004f8c = 1; *(uint32_t*)0x20004f90 = 0x5b; *(uint32_t*)0x20004f98 = r[5]; *(uint32_t*)0x20004f9c = 0; *(uint32_t*)0x20004fa0 = 0; *(uint32_t*)0x20004fa4 = 0; res = syscall(__NR_io_uring_setup, 0x19b4, 0x20004f80); if (res != -1) r[16] = res; break; case 30: *(uint32_t*)0x20005004 = 0x208b; *(uint32_t*)0x20005008 = 4; *(uint32_t*)0x2000500c = 0; *(uint32_t*)0x20005010 = 0x355; *(uint32_t*)0x20005018 = r[16]; *(uint32_t*)0x2000501c = 0; *(uint32_t*)0x20005020 = 0; *(uint32_t*)0x20005024 = 0; syz_io_uring_setup(0xf44, 0x20005000, 0x20ffa000, 0x20ffb000, 0x20005080, 0x200050c0); break; case 31: *(uint32_t*)0x20005104 = 0x7b7; *(uint32_t*)0x20005108 = 2; *(uint32_t*)0x2000510c = 3; *(uint32_t*)0x20005110 = 0x202; *(uint32_t*)0x20005118 = -1; *(uint32_t*)0x2000511c = 0; *(uint32_t*)0x20005120 = 0; *(uint32_t*)0x20005124 = 0; res = -1; res = syz_io_uring_setup(0x22f7, 0x20005100, 0x20ffb000, 0x20ff8000, 0x20005180, 0x200051c0); if (res != -1) r[17] = *(uint64_t*)0x20005180; break; case 32: *(uint8_t*)0x20005240 = 0xb; *(uint8_t*)0x20005241 = 1; *(uint16_t*)0x20005242 = 0; *(uint32_t*)0x20005244 = 0; *(uint64_t*)0x20005248 = 6; *(uint32_t*)0x20005250 = 0x20005200; *(uint32_t*)0x20005200 = 0; *(uint32_t*)0x20005204 = 0x3938700; *(uint32_t*)0x20005254 = 1; *(uint32_t*)0x20005258 = 1; *(uint64_t*)0x2000525c = 1; *(uint16_t*)0x20005264 = 0; *(uint16_t*)0x20005266 = 0; *(uint8_t*)0x20005268 = 0; *(uint8_t*)0x20005269 = 0; *(uint8_t*)0x2000526a = 0; *(uint8_t*)0x2000526b = 0; *(uint8_t*)0x2000526c = 0; *(uint8_t*)0x2000526d = 0; *(uint8_t*)0x2000526e = 0; *(uint8_t*)0x2000526f = 0; *(uint8_t*)0x20005270 = 0; *(uint8_t*)0x20005271 = 0; *(uint8_t*)0x20005272 = 0; *(uint8_t*)0x20005273 = 0; *(uint8_t*)0x20005274 = 0; *(uint8_t*)0x20005275 = 0; *(uint8_t*)0x20005276 = 0; *(uint8_t*)0x20005277 = 0; *(uint8_t*)0x20005278 = 0; *(uint8_t*)0x20005279 = 0; *(uint8_t*)0x2000527a = 0; *(uint8_t*)0x2000527b = 0; syz_io_uring_submit(r[17], 0, 0x20005240, 7); break; case 33: memcpy((void*)0x20005280, "/dev/btrfs-control\000", 19); res = syscall(__NR_openat, 0xffffff9c, 0x20005280, 0x2100, 0); if (res != -1) r[18] = res; break; case 34: *(uint32_t*)0x20005300 = 0; *(uint32_t*)0x20005304 = 0x200052c0; memcpy((void*)0x200052c0, "\x35\xac\x4c\x65\xd5\xd9\x24\x44\x3c\x56\xd3\xcd\xca\xcf\xf7\x45\xb9\xdf\x2c\x8d\x85\x5f\x77\xc7\xe8\xfb\x87\x5f\xc4\xc8\x39\x83\xf4\xec\x40\x4e\x6a\xd2\x10\xd7\x4b\x41\xfc\x04\xcd\x89\xa8\x8b\xc3\xb3", 50); *(uint32_t*)0x20005308 = 0x32; *(uint64_t*)0x20005340 = 1; *(uint64_t*)0x20005348 = 0; syz_kvm_setup_cpu(r[18], r[15], 0x20fe8000, 0x20005300, 1, 0, 0x20005340, 1); break; case 35: *(uint32_t*)0x20005384 = 0x8a2; *(uint32_t*)0x20005388 = 4; *(uint32_t*)0x2000538c = 0; *(uint32_t*)0x20005390 = 0x30f; *(uint32_t*)0x20005398 = -1; *(uint32_t*)0x2000539c = 0; *(uint32_t*)0x200053a0 = 0; *(uint32_t*)0x200053a4 = 0; res = -1; res = syz_io_uring_setup(0x2a84, 0x20005380, 0x20ffc000, 0x20feb000, 0x20005400, 0x20005440); if (res != -1) r[19] = *(uint64_t*)0x20005400; break; case 36: *(uint32_t*)0x20005480 = 1; syz_memcpy_off(r[19], 0x114, 0x20005480, 0, 4); break; case 37: memcpy((void*)0x20006580, "./file0\000", 8); res = syscall(__NR_stat, 0x20006580, 0x200065c0); if (res != -1) r[20] = *(uint32_t*)0x200065d0; break; case 38: memcpy((void*)0x200054c0, "afs\000", 4); memcpy((void*)0x20005500, "./file0\000", 8); *(uint32_t*)0x20006540 = 0x20005540; memcpy((void*)0x20005540, "\xd2\xc8\x4e\x32\xfc\xd2\x5d\x6d\x0c\x83\x4d\xb2\x19\x8a\x08\xcf\x7b\xf0\x74\xc8\x96\xdf\x4f\x91\xd7\xd7\x89\x08\x93\x10\xa8\x83\xa2\x32\xfe\x7e\x05\x8e\x17\x5a\xb0\x04\xde\xc5\x36\xa4\xe1\xd5\x8f\xdc\x29\x54\xa5\xc2\x6e\x70\x2e\xb2\xfb\x50\xfc\x05\x8d\x18\xcb\x90\xbb\xda\xdc\xc9\xfd\xa0\x26\x22\x81\xbb\x9f\xb6\x99\x6f\x60\x89\xe3\x36\xed\xea\xf5\xfb\x57\x28\x44\x7a\xf3\xd6\x5c\xc0\x3e\xb9\x4b\x3d\xc3\xeb\x1e\x24\xdc\x78\x41\x32\xc9\xd0\x36\xe4\x6f\xc3\x14\x6c\xdf\x58\xc1\x75\xe6\x5d\xcc\x7f\x39\x81\x44\x35\x7d\xd2\x5c\x15\x67\x11\x32\x17\xeb\x9b\x2a\xbd\xff\x8c\xb8\x21\x15\xea\x31\xf8\x41\xa3\x77\xb7\x75\xf7\x9f\xa8\x9a\x60\x47\x95\xf4\x87\x60\x5d\x74\x0e\xc6\x46\xd1\x4f\x9b\x80\x80\xf5\x1b\x8e\x24\xea\x8d\x62\x1e\x25\xf3\xcf\xc2\xd9\x27\x9b\x47\xfe\x3e\xa7\xe4\xd2\xb3\x07\x16\xa1\x8f\x68\x44\x3b\x23\x7e\x6b\x15\x2a\xba\xa0\x9d\xc6\xbf\x3b\x13\x01\xad\xfc\xd3\x7b\x9a\x8c\x06\x3c\x83\x0e\x37\x9a\x72\xbd\xb3\x82\x5b\x32\xf5\x3f\xfe\x10\xc7\xda\x81\xc3\x44\xd8\xe9\x8b\x62\x36\x37\x27\xdc\x41\xf0\x50\xfb\x6f\x44\x0d\x3a\x4b\x44\xe8\x49\xa7\x06\xae\xad\x91\x91\x85\x86\x5e\x74\xf9\x4d\x13\xe7\x38\x44\x80\x75\x4a\x1d\x69\x50\x22\xfd\xc2\x16\xe4\x13\xb1\x36\x2a\xdd\x89\x47\xe0\x9f\x4b\x87\xc0\xfa\x05\xd9\x68\x65\xe5\x4d\xf5\x74\x65\x10\x2f\x90\x49\xa0\xb3\x8f\x48\x0f\xd6\x23\xee\x12\x1c\xd6\x35\xc7\x20\xf5\xce\x66\x07\x20\x9d\x0a\x3b\x39\x42\x65\x4e\x73\x81\xc9\x41\xe5\x6e\x7a\x74\xf4\xe0\x36\xe3\xed\xce\x82\xb5\x59\x3a\xed\xab\xf8\x6d\xca\x3e\x49\x25\x33\x36\xc8\x06\xbf\xec\xec\x26\x94\x29\x4d\x19\xc9\x59\xc3\x86\xef\xb8\x38\xab\xdf\x2b\x43\x78\x6c\x09\xbe\xec\xfa\xbf\x72\x3e\x0b\x24\x3a\x8e\xa4\x72\xf6\x3d\xf6\x2e\xd1\x73\x87\x59\x03\x29\x19\xac\x09\xa1\xc1\xcf\x7d\x8f\xe3\x37\x65\x0c\x37\xbb\xec\x02\xb5\x8a\x30\x98\xd1\x47\x8a\x5d\x3a\xbb\x8e\xda\x06\x90\xc8\xa5\x34\x7e\x86\x0b\x57\xd0\x27\x7e\x64\x24\x81\x3e\x06\xf7\x08\x3f\xe3\x25\x3c\x08\x60\x53\x7c\x76\x68\x8c\x88\x77\x79\x51\x38\xe0\xf9\xb2\xe5\x57\xa6\xec\xc9\x98\x60\x24\xc4\xbb\x77\x21\xec\xca\x04\xbc\x92\x2b\x87\xb3\x0c\x1e\x54\x6b\x09\x40\x80\xfb\x15\x94\x64\x2a\x4e\x08\x8c\x3b\x65\xad\xb3\x65\x5f\xcc\x92\x52\xf7\x53\x21\x21\x01\xf4\x17\x30\xad\x16\x42\x78\x7e\x7f\xbe\x39\xe5\xfb\x4f\x91\xcf\x2c\x0d\x84\xd0\xec\x80\x11\x2a\x97\x41\xc0\xfc\x9c\x4b\xfe\x1c\x41\x3e\x0a\x23\x71\x4d\xe7\xeb\x4b\xa7\xe9\x8c\x1c\x25\xed\x3b\xd4\x1b\xa2\xf3\x2f\xa0\xb6\x7f\xd6\x42\xa0\x0e\x13\x4d\x02\x72\x2f\x26\x80\x56\xce\x1c\x62\xf6\x82\xf0\x90\x9b\xbd\x6f\xd3\x89\x6c\x3e\x37\xac\xe1\x8d\x4d\x8e\x97\x88\x05\x7d\xc4\x5b\x27\x57\xb6\x64\x62\x05\xea\x11\xc4\x35\x01\x00\xda\xe7\xcc\xc8\x65\x35\x47\x0b\x4d\x03\x47\xd6\x99\x08\x12\x50\x6e\x3a\x98\x16\xcb\xe2\x8c\x50\xa2\x9a\xb3\xa7\x1e\x05\x0e\xe8\xff\x4c\x8a\x0a\x9c\xdf\x14\x6b\x6e\x6f\x97\x64\x18\xb0\x8d\x12\x3e\xf3\x72\x8a\xa2\x8f\x40\x8f\xab\xc5\x78\xe6\x0c\x7b\xdf\xff\x0d\x18\xad\x41\x6e\xd6\x6d\x5b\xbc\x66\xae\x3a\xb2\xfd\xc0\xa4\xd7\xc7\xac\x14\xf7\x92\xf2\xeb\xaf\x91\x9c\x65\xc1\xf1\x01\x77\x88\x3c\x3d\xbd\xb5\x81\x52\x6f\x72\x86\x93\x62\x03\xb6\x46\x77\x06\x0a\x5a\xf5\xe3\xe3\xdd\x98\x49\x64\x80\x0d\x58\xc4\x6c\x55\xd8\x68\x81\xbe\x8c\x1d\xef\x9f\x95\x79\x53\xf0\xa4\x07\x8a\xc1\x76\x16\xa3\xb9\x4e\xb7\xb0\x26\xb1\x2e\x34\x6f\x8d\x8c\xfb\x13\x91\x91\x9e\x38\xf4\xd5\x09\x0a\xb9\xbf\x15\x5b\x7d\x9c\xfd\xeb\xd3\x63\xa0\x9c\xed\x58\x8f\x68\x21\x86\x7e\xe8\x53\x8d\xc4\x23\x47\xfd\x7f\xaa\x82\x99\x8f\xff\xf2\x8d\x7f\xa3\x43\x26\xea\x5c\x6e\xc3\x0e\xdf\x69\xc6\x24\x60\x7d\xd8\x2a\x56\x7d\xf7\x6f\x27\x3d\x10\x52\x20\x88\x4d\xb7\x18\x70\x28\x5d\x7d\xc9\xf4\x88\x07\x77\xee\x0f\xb6\xbc\xe6\x71\xa5\x83\xb8\x21\x2b\xab\xb7\xdf\xba\x86\xc7\x93\xa8\x6f\xd8\x8e\xe0\x42\xeb\x4d\xca\xb1\x0f\xbd\xc2\xfb\xdf\xc0\x35\x2d\x4b\x82\x3c\x80\xb3\x14\x76\x66\xe3\xa8\xc6\xe0\xb7\x4a\x6e\x39\xba\xf5\xa9\x26\xd8\x61\xd3\x9c\xed\x6c\x15\x09\x9d\x57\xc6\x44\xde\x45\x63\xde\xef\x39\xd8\x49\x86\x2a\x02\x07\x1f\x29\x56\x78\x71\x12\xf6\xe8\xe6\xb3\x24\xdf\x79\x45\x1e\x48\x33\x4c\xe3\x09\x74\x95\x59\x48\xe2\xfa\xd7\x87\xcc\xc6\x1a\x67\x5d\xb6\x65\x4d\xa2\x72\x1d\x2e\x27\xfd\xa6\x23\xae\xec\xc0\xe9\xc6\x47\x62\xf7\x44\x26\xc5\x66\xaf\x7c\xc2\x34\x77\x3e\x9f\x7b\x30\x24\x06\xff\x85\xa4\xad\x15\xd9\x48\xb7\x73\x64\xfb\x27\x42\xdb\x1d\x0c\xee\x24\xef\x37\x29\xf3\xb4\x0e\x7f\x7f\x0e\x1a\x89\x1c\x4a\x21\x3f\x59\x0e\x80\x4d\x30\x93\x58\xf1\xcb\x93\xf2\x1c\xd1\x74\xc3\x74\xfc\x35\x5d\x87\x30\x28\xa2\xe4\xf5\x16\x4f\x24\xb3\x5c\x52\x81\x44\xfe\x7c\x32\xb9\xe6\xa2\xac\x0f\x04\xe6\x0f\x11\x01\x3c\x3c\xae\x20\x42\x0b\x11\xe2\xeb\xad\x83\xa7\xe5\x71\x02\x27\x38\x2d\x72\x52\x5f\xc5\x2a\x8c\x8f\xb6\x49\x8a\xc2\x1e\x91\x31\x74\x22\x7c\x65\xe8\xc5\x87\x6a\xd6\xfc\x49\xb2\xc1\xed\x73\x3e\xa1\x86\xe9\xf4\xf5\x76\x6f\x39\x32\x56\x42\xf8\xa0\xb7\x22\x12\x92\xc5\xb0\x17\x99\x04\xb3\x39\x34\xb6\xfc\xb7\xa6\x4f\x17\x05\xad\x70\x02\x66\x24\x2f\xaf\x54\xcb\xf6\x3d\x25\x49\xd4\xf3\x05\x4c\xe1\x68\xe1\x75\x00\xf5\xf5\xc3\xca\x1e\xde\xfd\xb0\xc6\x0c\x2b\x4f\xb0\x1d\x7d\x0f\xc0\x7d\x86\x67\xe1\x0f\x2f\x80\xcc\x7b\x50\xae\x2e\xd5\x74\xfc\xd3\xf7\x77\x5a\xe1\x7a\x20\x05\x14\xfb\xb2\x19\x51\x80\xe3\x5d\x90\xb8\x94\xdf\x9a\x1c\x35\x54\x00\x73\x82\x47\xda\xf3\x15\xb7\xe1\xcf\x1c\xac\x31\x97\xec\x0d\x74\xd1\xe4\x41\x0c\xaf\x94\x35\xfd\x14\x95\x72\xc1\x8a\x7d\x92\xee\xbb\xc7\x96\x3f\x14\x50\x73\x8e\xc0\x54\x32\x52\x64\x09\x40\xef\x1c\x8c\xe2\x5c\x80\xab\x9e\xd7\x2e\x67\x0b\x40\x23\xe5\xe1\x36\x31\x42\xb4\x31\x44\xbe\x12\xe9\x95\x55\x4a\xf2\x43\x1b\x2e\x5a\x8e\x2a\x45\xc7\x6c\xa7\xe3\x1a\x92\x2c\x59\x2a\x6d\x1c\x5a\x7e\xa9\x40\x36\x5f\xdc\x48\xe1\xb2\xc7\x3f\x66\x18\x65\xdc\x4e\x90\xd0\x8d\x5a\x2c\x4d\xb6\xbc\x5e\x01\x86\xf2\x37\x45\x1d\xfc\x14\xbc\x76\xf0\xdd\x98\x04\x8e\xf9\x9a\x1a\x1c\xb1\x5c\x1b\x53\xbc\xc9\x25\x49\x2b\x87\x1f\xa7\xdb\xe2\xe8\x72\xf9\x35\x85\x24\x8d\x0f\x2b\xf9\x15\x52\x15\x7b\xf5\x57\x8c\xbf\x1b\x65\x3f\x9d\x36\xcc\x95\x2b\x54\xb0\x09\x26\x83\x57\x7c\x5b\xa1\x59\x26\x6a\x5d\xf6\x6e\x74\x94\x62\xe4\xfc\x5a\x06\xd1\xc2\x65\x64\x63\x59\x26\x13\x8d\x9a\x99\x80\x51\x9e\x5d\x73\xbf\xb8\x52\x26\x55\xeb\xc0\x7c\xc8\x11\xc0\x56\xa0\x35\x31\xeb\x29\x3d\x47\x9c\x95\xf7\x13\x75\xea\x29\x3c\x0f\x18\x60\x49\x9e\xa9\x87\x18\xa3\x75\x00\xc5\x4a\x29\xfd\x9b\x8d\x01\x97\x71\x06\x1f\x77\x87\x60\xfd\xec\x9e\x6f\xac\x3d\x3c\x83\x1a\xee\x19\xb5\x6c\x0a\x19\x47\xa0\x89\x65\x3a\x15\xc2\x87\x70\x8e\x84\x6e\xd6\x5e\x1c\x9d\xc4\x92\x9c\xbb\x44\x33\x38\xa9\x36\xfd\x37\x26\xb3\xa0\xce\x78\x71\xac\x3c\x8c\xd3\x26\x00\x77\xb5\xc9\x8d\x98\xaf\xb5\x33\xd2\x5a\x8b\x42\x98\x9b\x7e\xe5\x27\x4f\x72\xe6\x10\x90\xb9\x04\x36\xb3\x2d\xe2\x76\xbc\x86\x6e\x6b\x8c\xd2\x57\x60\xdd\xc6\xa4\x97\xc9\xe8\x4d\x7e\x85\xa8\xc5\xdb\x0d\xf2\x22\x29\x6a\x3a\xa3\x62\x40\xa7\xb7\x6b\x9d\xbf\xb2\x49\x64\x77\xa9\x71\x6d\x80\x05\x00\x52\xce\x3a\x47\x36\xfb\xcf\xff\x5e\xe6\x34\x22\x52\x8b\xe6\xb0\xa4\x78\xec\xc7\x80\x3e\x22\x7f\x88\x0e\x4f\xd0\x7d\xc6\xde\x88\x48\x5a\x39\x81\xe0\x91\x70\xf8\x91\x84\xcf\x62\x97\x04\x9c\xc3\x01\x75\x51\x9f\x73\x09\x43\x4b\x96\xbc\x1b\x09\x6e\x05\xff\x02\x87\xca\x29\x92\x96\x24\xe1\xc6\xf4\x27\x0e\x89\xe9\xbc\x1b\x4c\x27\x82\xf5\x8b\x9a\x36\x0a\x00\x81\x45\xd8\x08\x33\x70\x08\x6a\x13\x14\xc9\x2a\x61\x03\xb2\x06\xb6\xcd\x0f\x6e\x63\x41\x6b\x35\xe7\x53\xb7\x09\xa6\x3a\x9a\x41\xd6\x13\xcb\x99\x7e\x55\xa6\x3f\xbf\xf2\x8c\x05\x73\xba\x2b\x64\xbf\xbc\xb0\xec\x3d\xfc\x5c\x9d\xd1\x34\xf0\xf2\xeb\x51\x15\x1e\xb2\x83\x10\xe3\xdd\x7f\x8a\xe8\x16\xf8\x66\x95\x90\x8a\xc6\xdf\x04\x80\x4e\x01\xf5\x3e\x40\x2b\xcc\x44\x5e\x17\x0c\xf2\x61\x0e\x1e\x32\xd0\x2f\x9e\x0d\x81\x49\x98\x76\xc1\x38\x3e\xec\x77\x81\x5b\x13\x59\x46\x2d\x8f\x4f\x50\x08\xaf\x8b\xb6\x1a\xe3\x58\xd8\x3c\x07\x54\xb5\x2d\x3c\xeb\x9b\x22\xc0\xa1\xb3\x5a\xfd\x92\x1e\x00\xc1\xd0\x6c\xf5\x4f\x88\x2e\x14\x5b\xd6\x08\x45\x1c\xe8\xda\x2c\x80\x81\xe2\x7e\x9c\x8d\x08\x6b\x80\x97\xd4\xf7\x7f\x1c\x33\xf5\x02\x4e\xd7\xd8\x78\xc1\x29\xe5\x34\x05\x6b\x89\xea\x2d\x14\xbd\x70\xd0\xca\x78\x9c\x7e\x29\xcc\xd3\xd2\x7a\xf1\xc6\x05\x8e\x26\x6c\x29\xe2\xfc\xd6\xf0\x4b\xa5\xa3\xd9\xe2\xc1\x16\xf0\x4c\x40\x73\x37\x96\xa1\xfe\x1c\x01\xa0\x4f\x06\x22\x2c\xce\x35\x90\x01\x53\x1b\x1c\x8f\x61\x3d\x45\x20\x83\xde\xe5\x08\x86\x01\x7a\xca\x82\x21\xa9\xa3\x06\x6e\x77\x68\x7b\x3f\xbe\xb0\xe4\x61\x92\x1f\x29\x21\xba\xf1\xa6\x69\x3e\xf0\x37\xa1\xd8\x56\x5a\x18\x04\x1b\x31\xc2\x66\xfb\x22\x5d\xd1\x74\x84\x8a\x84\x9f\xd1\x8e\x4b\x4b\xfd\x97\x23\x15\xd9\xf6\xff\x65\x29\x4f\x83\x74\xe7\x4f\x8d\x48\xbc\x17\xb6\xbe\xff\x62\xc1\x01\x2b\x5b\x04\x7f\x85\xea\x95\x6f\x50\xe1\x84\xa2\x95\xd1\xb1\x3e\x02\xb8\xe3\x5e\xa2\x4a\x1c\x80\x3a\xb1\x3a\x2a\x32\x85\xdd\xc0\xc3\x58\xd3\x01\x36\x2f\x70\x26\x7e\x7c\x6f\xd8\x25\x25\x24\xbe\x99\x3c\x0b\x61\x3c\x88\x05\x82\xf2\x85\x5f\x66\xa5\x17\xaf\x4d\xf5\x4e\xfa\x63\x58\x1f\xdb\xf3\x2b\x21\x0a\x21\x37\x55\x32\x3c\xab\x26\xdb\xc9\x1d\x85\x03\xac\x84\x2f\xa7\xca\x11\xec\x4d\xc0\xb0\x17\x1a\x3b\x7d\xc5\x1e\xd7\x63\xa7\x34\x82\x4d\x15\xfe\xb4\xa8\x0d\x6b\xfa\xf8\xf7\xd2\xfc\x82\x9b\xfe\x8d\x0b\x4b\x1b\xb4\x28\xcd\xa0\xe9\x6e\x11\x7c\x87\xa3\x81\x60\x83\x7c\xd2\x31\x56\xaf\x49\x8e\x00\x60\x31\x91\x61\x7e\xcc\x06\xa9\xa1\x6e\xb9\x33\xf2\x21\x5e\x8a\x86\xf2\xfe\x3f\x62\x9c\xa1\xd1\x45\x61\x5d\xa9\x57\xbb\xa3\xe1\xdf\x17\x9a\x07\xab\xc4\x88\x9d\x95\x61\x8f\x14\x5a\xca\x14\xe0\xd8\x85\x5f\x60\xff\xa5\x73\x34\x89\xb7\x12\xf0\x54\x42\xc0\xfd\xd2\x63\xea\xa0\x6e\xfa\x9e\x81\xcf\x2e\xb2\x98\x29\xb8\x82\x69\xc6\x53\xaa\x89\xeb\x93\x5a\x6b\x98\xe6\x5e\x46\xc6\x23\xfe\x8d\xe2\x1c\x25\x07\x66\x06\x05\x29\x15\xdc\x7d\xc9\x8e\xbc\xe6\xa7\x55\xae\x43\xb5\x57\x46\x00\x73\xd9\x4c\x8a\x44\xf6\xb6\xf6\x3a\x8a\x86\x6c\xdb\x47\x59\x15\xf4\xab\x00\xe5\xc5\x07\x2c\x1a\xe6\x10\xa8\x00\xea\x8f\xa8\x14\x7c\x96\x68\x6c\x30\x77\xcd\xfe\x0d\x9c\x77\x05\x84\xf2\x17\xfa\xc4\x7e\x64\xe5\x17\x4b\x9e\xb0\xc6\x8c\xa1\x47\xc2\x33\xde\xc2\x5c\xc2\x42\xe8\xe4\x3e\xe7\x39\x4c\x78\x76\xd2\x5e\x04\x0f\xfe\x89\xac\x1f\x6b\x2a\xa2\x40\xb6\x66\x8f\xfc\x89\x83\xfb\x86\x24\xe6\x0b\x3c\xb9\x91\x1f\xc8\x24\x0d\x9d\x8c\xe3\x50\xa8\x92\x45\x42\x04\x96\xae\x75\x76\xe1\x4b\x57\x72\x7a\x52\xe5\x55\xc9\xc8\x8d\xdd\x5c\x53\xca\x3f\xde\xe8\x83\x41\x46\x4e\x83\xdc\x59\xae\x9d\x6e\x17\xf5\xf2\xf7\x63\xa3\x8c\x93\x7e\x32\x53\x32\xea\xc2\x56\x31\xcf\x83\x15\x0a\xfa\x67\x7a\x72\x61\x1e\x7f\xc1\x45\x1b\x3e\x5f\x4d\xcd\xdd\x40\x2c\xb3\x22\xfd\x12\x0d\x9d\x56\x83\x9c\x01\x5e\xbe\x47\xc4\x19\xc5\x53\xff\x0d\xed\x43\xd0\x30\xca\x1d\x10\xb3\xb3\x83\xe6\xc3\xcf\x34\x86\x02\x61\x8a\x56\xca\x51\xf7\x75\x72\x1b\xd3\x55\x71\x0b\x7a\x99\x5a\x13\x93\x1d\xc0\x82\x35\x58\x87\x99\x86\xae\x4c\xe8\x50\xcc\xc3\x73\x1e\x78\x22\x83\x96\x66\x66\x5a\xfc\x00\xa8\x73\xc5\x6c\xa9\xcf\x79\xc6\xd6\x00\xe9\x07\xe1\x50\xb4\x06\x83\xb5\x67\xda\x9c\x1c\xa5\x96\xfc\x02\x4a\xbb\x5e\xea\xf0\x1c\x67\xe0\x83\x75\xff\x15\xc4\x32\xad\xf6\xa4\x37\xd9\x67\xdd\xf1\xbb\xfc\x6c\xcf\x9c\xe7\xc2\x02\x1b\x15\x2c\xd4\xba\x7e\xca\x0e\x67\xcf\x12\x97\x15\x1a\xea\x04\xd9\xea\x9d\xc2\xbf\x84\x44\x13\x3f\x43\x66\xbf\x36\x0e\xe5\x22\x40\x88\xb1\x94\x5b\x5e\x5d\x6d\xe3\x86\x9f\x59\xb1\xac\x7c\xc3\x35\x35\xb1\x57\x6b\xe8\xfd\x7d\xe9\xf2\xca\x5a\x3c\x0e\xb2\x61\xcc\x18\x6b\x6b\x68\x28\x55\x47\xb2\x82\x42\x88\xdf\x77\xfd\x45\x6a\xb5\x2f\x6e\xa4\x8d\xa9\x48\x19\x3a\x42\x40\xa3\x1d\x3a\x7a\xa4\xe6\x7b\xe5\xf2\xa1\x53\xa0\x18\xd3\x2c\xc0\x11\x96\x2b\xb6\x82\xda\xb5\xd3\x43\x7e\x90\x34\x2c\x24\x36\xe5\x40\x91\x38\x82\x26\xf5\xc7\x68\x53\x5e\x02\x75\xeb\xac\x26\xab\x19\xd0\x0e\x90\x38\x55\x10\xa8\x4c\x7a\x72\x6f\x91\xba\xae\xc1\x11\x8a\x74\xe6\x51\x91\x4d\x99\xe3\xe5\x09\x32\x2f\x51\xd0\x95\xb8\x94\xc2\x09\x23\xd0\xfa\x98\xe4\x2c\x4e\xc6\x77\xd0\x95\x00\x8b\x59\x53\xf6\xba\x61\x53\x7a\xba\xe5\x43\xde\x69\xef\xca\x30\xe4\x5d\x7b\xc9\x3c\xaa\x20\x2c\xc8\xf6\x6e\x57\xca\xbd\x54\x9e\xf1\x09\x2f\x79\x6b\x4a\x35\x73\xbe\xf4\x41\x09\x48\x44\xb2\x3a\x3d\x86\xbd\x14\x90\x9b\x84\x1a\xea\x10\x82\x19\xd5\xea\x4a\x49\xc8\xa9\x9e\xaf\xc5\x07\x61\x3c\x1e\x37\xae\xa3\x15\xba\x89\x4f\xec\xc1\xef\x28\x09\x21\x3e\x42\xb1\x37\x48\x58\xcb\x4d\x77\x68\x46\x58\xcf\x41\x4a\xda\x5e\x76\x0f\x4a\xc8\x3b\xc9\x35\x7e\xf1\x45\xa3\xe9\x2d\x7c\x55\x7c\x5d\x94\x40\x24\x65\x9a\xfd\x6c\xaf\x01\xb2\x96\x0c\x6c\x4a\xb1\x47\xc0\xd8\x19\x75\x4b\xe8\x00\x66\xd1\x41\x92\xa4\x79\xc7\xdc\xea\xd0\x4d\x3f\xa1\xe6\x62\x48\xcf\x29\x27\x39\x31\x24\x2d\x12\xf2\xb0\x8c\x71\xe8\x2f\x52\x86\xba\xb6\x76\x7c\x3e\x89\xa3\x6f\x27\x04\x5e\xcc\xf6\xe1\xcf\x3a\xbb\xbd\x9b\x1a\x26\x3d\xa7\xc0\xc0\x10\xfc\x10\xaf\xfc\x50\x32\xd4\x71\x23\xe1\xe1\x14\x6b\x38\xcb\xff\x01\xd4\x78\x56\x36\x04\x99\x26\x6c\xb5\x64\x59\x01\xe2\xed\x04\x9f\x45\xb2\x4e\x79\x3e\xf0\x08\x5f\x0e\x50\x40\xff\x2e\xbc\xb1\xd8\xd7\x01\x96\xd3\xde\x63\x14\xea\xe7\xf4\xf3\xe5\x26\x2c\x67\x67\x41\x59\xc1\xde\x4a\x08\x61\xaa\xd8\x14\x3b\xd5\x9f\xb3\xc8\x87\xc3\x84\x0b\x1c\x12\xc7\x42\xf1\xfa\xd2\x4c\xd9\xac\x7f\xea\x0f\xba\x87\x1c\x1e\xbc\x62\x8b\x34\xd9\x60\x43\x88\x5a\xe8\x26\x42\xda\x04\xd8\x7d\xca\xb5\x9b\xc8\xdd\x87\x65\x87\x11\xf6\x35\xbd\x66\xf4\x25\x4f\x83\xa4\x5d\x5b\xc7\x5e\x31\xfb\x60\xe9\xd6\xa5\xe6\xfb\x8b\x66\x86\x4c\xc3\x0b\x39\x11\xab\x9f\x87\xa5\x9c\xad\x38\xf0\xcc\x91\xb9\x20\x37\xbf\x1e\xa6\x42\x34\xe1\x3f\xc7\xc4\x50\x4c\xf0\x30\x0f\x1a\x0d\xeb\x39\xe6\x30\xc7\x10\xda\x48\x85\x5d\x8c\x45\x1d\x72\x6c\xc4\xc6\xe4\x43\x02\x11\x81\x8a\xaf\x9d\xca\xd5\x71\xb8\xb8\x9c\x4e\x94\x44\xae\xba\xa6\x9b\x97\x68\x9a\x5c\xa6\x70\xf8\xfa\x5e\xea\x13\x2c\x12\x1c\xc1\xef\xd2\x76\xf5\xa0\xb0\x2b\x96\x12\xbd\xc9\x9c\x99\xbc\xc6\x3b\x37\xcb\x86\x62\xcc\xaf\x7c\x80\x28\xeb\x67\x3a\x5f\x4f\x5b\xee\xff\x2c\xa9\x0d\x7a\xfa\xa1\xc6\xab\x6e\xe2\x23\x85\xae\xf9\x80\xd6\xa0\xf4\x54\x49\x86\xfb\x99\xbf\xe4\x10\x23\xb2\x20\x19\x89\x6f\x87\x7a\xae\xe7\x5e\xec\x90\xba\xe1\x0d\x43\xda\xb3\x36\xbb\xe5\x21\x5d\x05\x78\xf0\xd5\xc2\x94\xf0\xfa\x3f\xa1\x6a\xcf\xa9\xb8\x69\xaa\xf7\x9b\x6e\x7e\xf8\xc3\x8b\x9a\x9a\x2c\xfe\x0a\x02\x3e\xf3\x11\xca\xfd\xae\x30\x31\xc8\x2c\x97\x51\x81\x33\x27\x5d\x81\xf8\xfa\x5d\x7e\x4c\x42\xcb\xdf\xcd\xec\xff\x1b\x2b\xf2\x91\x22\x3d\xcd\x30\x75\x0a\x56\xa8\x12\x82\x4a\x5d\xd1\x00\x58\x5f\x1f\xf5\x22\x84\x84\xde\xc4\xbb\x50\x0e\xfd\xb0\x51\x82\xc0\x85\x75\x1a\xce\x19\x84\x4f\xeb\x55\x96\x6b\xaa\x3e\xd4\x76\xbc\xcc\xcb\x50\x9b\x0a\x05\x03\xad\x20\x2f\xab\x29\x67\x38\x8a\xf0\x78\xa7\xa0\x34\x08\xcd\x99\x90\xa3\x6a\x4d\xa1\xca\xff\xc9\x81\xb4\xe1\xfa\xeb\xca\x9f\x33\x76\x8f\x67\x3a\x16\x63\x76\xaa\x4a\x64\x4e\x9f\xc2\x5e\x41\xe0\x8f\xfa\x08\xa5\x5e\x3d\xbc\x4d\xcf\xf9\xe8\x4c\xcf\xb0\xf2\x27\xf3\xe7\x61\x40\xb6\xb9\x55\x77\xec\x7a\x37\xfe\x1c\x3f\x30\x6a\xe6\xa9\x87\x57\x60\xb3\xca\x15\x11\x42\x99\xcc\x0b\xaa\xc7\x66\xad\xe9\x30\x2a\x9d\xfe\x47\xcc\x99\x0d\x36\xbf\x04\xc2\x83\xc6\xe3\xa2\x2d\x7c\xaf\x75\xc8\xff\x75\xd6\x6a\xa7\xed\x34\xf5\x2f\xe8\x44\x69\xe8\x0b\x49\x54\xd7\x4d\x2c\x7c\x20\x14\xec\x97\x17\xb0\x73\x4b\x70\x58\x89\x81\x63\x56\xa6\xe2\xea\x80\x29\xfb\x59\xc0\x0f\x7e\x51\x8b\x14\x65\xde\x12\x8f\x6a\xc9\x66\xbb\xa6\x98\xbe\xb0\xcc\x35\xae\x7b\x7c\x41\x6a\x42\xce\x3e\xf5\xe6\x43\x54\xe5\x34\xca\xee\x98\x4d\xb5\xdb\x34\x0a\x4b\x86\x97\x3f\x0f\xcd\xc6\x80\xbb\xe8\x2d\xfa\x4f\x5b\x2b\x20\x4d\xd3\x15\xa5\x31\x0b\xdd\x34\x0c\x26\x6d\x32\x52\xc5\xe5\x7e\x8b\x87\x5c\x63\xdd\x45\xbc\x0f\xc3\xb2\xb9\xd6\xc5\x8d\x58\x60\x39\x3e\xa1\x91\x9d\x8f\x6c\xfd\x1d\xd9\x5d\xa5\x11\x21\x4f\x68\x4c\xb6\x5f\x55\x92\x22\x21\x69\x82\xba\xe0\x03\xc8\x7b\x12\x4a\x61\xce\xe2\x0e\x0d\xa6\x17\x5b\x59\x06\x15\x7f\x52\x65\x51\x92\xaa\x17\xb8\x52\xbf\xc4\x82\xf9\x34\xc4\x96\xdd\xc2\xa7\xa5\xab\x4d\x24\x45\xa8\x59\xcd\x46\x15\x47\xcb\xb0\x98\x4f\x68\xec\x57\x9e\x84\xfa\x07\xa1\xbf\xb8\xad\x07\x99\xff\xd5\x5f\x98\xab\xce\xba\xff\xc2\x6d\x8b\x20\x9a\xf5\xc4\x94\x42\x99\x99\xfa\xdc\x21\x1d\xe1\x52\x69\x36\x0c\x84\x20\x55\xf5\xf0\x81\x42\x49\xdd\x1b\x97\xe6\x5c\xcf\x97\xf4\x7e\x9b\x3e\x7c\x11\xf3\x23\x82\xa5\x11\x6d\xd2\x41\x49\xdb\x66\x28\xe2\xa2\x54\xfc\x38\x5c\x70\x98\x3d\xfe\xf3\x15\xb4\x9d\xc2\xad\xc3\x30\x14\x0c\xf1\x45\x48\x9e\x8e\x71\x68\x4c\x4c\xd9\x78\xda\xe8\xfa\xe6\x8c\xeb\x64\xc1\xcc\x11\xbb\x13\xd7\xe1\xb5\x48\x5f\x6a\x1e\xaf\x58\x34\x2a\x76\xc1\x41\xe2\xc3\x93\x3e\x6c\x3e\xed\xa4\x18\xdb\x11\x4b\x6d\xcf\x65\xa4\x91\xc6\x35\x7f\x9d\xfc\x5d\x80\x62\xc8\x2b\x07\xad\x86\x17\x10\x42\xab\xd8\x8d\x96\x07\xcd\x71\x24\x06\x66\x0e\x9c\x21\x6e\x9e\xe8\x36\x7e\xf8\xd2\x5c\x3d\x80\x9a\x5d\x4d\xe5\xd4\xcf\x90\x96\x53\x4b\x08\x9e\x3f\xcd\xc1\x34\x29\xb5\x2a\xde\xd9\x38\x7f\xd1\x61\x46\x14\xde\xa2\xd4\xed\x01\x37\x6e\xba\xfc\x2e\xbb\x0c\x34\x87\x2f\xfe\x57\x18\x63\x4e\x2a\xdd\xa4\x64\xe7\x7f\xaa\xc4\x70\x88\xcd\x9c\x3c\x30\x83\x7f\xd3\x08\x32\x75\xe8\x5f\x82\x2d\x1b\xc5\x1b\x3e\xc9\xf8\x44\x23\xdd\x81\xf2\x0a\x84\x0e\x0c\x35\xb8\xa7\x39\x8f\xff\x0b\x4e\xdf\xe8\x58\x31\x01", 4096); *(uint32_t*)0x20006544 = 0x1000; *(uint32_t*)0x20006548 = 4; memcpy((void*)0x20006640, "autocell", 8); *(uint8_t*)0x20006648 = 0x2c; memcpy((void*)0x20006649, "flock=write", 11); *(uint8_t*)0x20006654 = 0x2c; memcpy((void*)0x20006655, "flock=write", 11); *(uint8_t*)0x20006660 = 0x2c; memcpy((void*)0x20006661, "dyn", 3); *(uint8_t*)0x20006664 = 0x2c; memcpy((void*)0x20006665, "appraise", 8); *(uint8_t*)0x2000666d = 0x2c; memcpy((void*)0x2000666e, "euid<", 5); sprintf((char*)0x20006673, "%020llu", (long long)r[20]); *(uint8_t*)0x20006687 = 0x2c; memcpy((void*)0x20006688, "fsuuid", 6); *(uint8_t*)0x2000668e = 0x3d; *(uint8_t*)0x2000668f = 0x36; *(uint8_t*)0x20006690 = 0x63; *(uint8_t*)0x20006691 = 0x33; *(uint8_t*)0x20006692 = 0x63; *(uint8_t*)0x20006693 = 0x66; *(uint8_t*)0x20006694 = 0x39; *(uint8_t*)0x20006695 = 0x38; *(uint8_t*)0x20006696 = 0x62; *(uint8_t*)0x20006697 = 0x2d; *(uint8_t*)0x20006698 = 0x63; *(uint8_t*)0x20006699 = 0x38; *(uint8_t*)0x2000669a = 0x62; *(uint8_t*)0x2000669b = 0x33; *(uint8_t*)0x2000669c = 0x2d; *(uint8_t*)0x2000669d = 0x61; *(uint8_t*)0x2000669e = 0x33; *(uint8_t*)0x2000669f = 0; *(uint8_t*)0x200066a0 = 0x30; *(uint8_t*)0x200066a1 = 0x2d; *(uint8_t*)0x200066a2 = 0x61; *(uint8_t*)0x200066a3 = 0x34; *(uint8_t*)0x200066a4 = 0x63; *(uint8_t*)0x200066a5 = 0x37; *(uint8_t*)0x200066a6 = 0x2d; *(uint8_t*)0x200066a7 = 0x37; *(uint8_t*)0x200066a8 = 0x36; *(uint8_t*)0x200066a9 = 0x31; *(uint8_t*)0x200066aa = 0x63; *(uint8_t*)0x200066ab = 0x39; *(uint8_t*)0x200066ac = 0x64; *(uint8_t*)0x200066ad = 0x61; *(uint8_t*)0x200066ae = 0x34; *(uint8_t*)0x200066af = 0x2c; *(uint8_t*)0x200066b0 = 0; syz_mount_image(0x200054c0, 0x20005500, 0x80000001, 1, 0x20006540, 0x40000, 0x20006640); break; case 39: memcpy((void*)0x200066c0, "/dev/i2c-#\000", 11); syz_open_dev(0x200066c0, 0xb6f4, 0x400202); break; case 40: memcpy((void*)0x20006700, "mounts\000", 7); syz_open_procfs(r[6], 0x20006700); break; case 41: syz_open_pts(-1, 0x13022679); break; case 42: *(uint32_t*)0x200067c0 = 0x20006740; memcpy((void*)0x20006740, "\xdb\x5a\x07\x9d\xd4\x30\x62\xf6\x98\x5b\x51\x4a\xd6\xb7\xac\x65\x29\x50\xf7\xe5\x31\x7a\x81\xed\x92\x43\x86\xc1\x08\x3a\x75\xb7\xe2\x67\x59\x67\xac\xdc\x58\x64\x42\x41\xb6\xde\x98\x1b\xa6\x5e\x75\x81\x6e\x07\x8f\x21\x21\x2c\xb8\x62\xa3\x39\x34\xc9\xb4\x72\x9a\x72\x21\x51\xfd\x15\x36\x1d\x77\x1e\x0c\x59\xe4\xb2\xa7\xb4\xae\x5a\xd6\xd4\x5a\x6b\xb5\x1f\xa6\xd0", 90); *(uint32_t*)0x200067c4 = 0x5a; *(uint32_t*)0x200067c8 = 0x10001; syz_read_part_table(1, 1, 0x200067c0); break; case 43: *(uint8_t*)0x20006800 = 0x12; *(uint8_t*)0x20006801 = 1; *(uint16_t*)0x20006802 = 0x201; *(uint8_t*)0x20006804 = 0x73; *(uint8_t*)0x20006805 = 0x54; *(uint8_t*)0x20006806 = 0x2d; *(uint8_t*)0x20006807 = 0x40; *(uint16_t*)0x20006808 = 0x572; *(uint16_t*)0x2000680a = 0x1324; *(uint16_t*)0x2000680c = 0x84d3; *(uint8_t*)0x2000680e = 1; *(uint8_t*)0x2000680f = 2; *(uint8_t*)0x20006810 = 3; *(uint8_t*)0x20006811 = 1; *(uint8_t*)0x20006812 = 9; *(uint8_t*)0x20006813 = 2; *(uint16_t*)0x20006814 = 0xdff; *(uint8_t*)0x20006816 = 4; *(uint8_t*)0x20006817 = 0; *(uint8_t*)0x20006818 = 4; *(uint8_t*)0x20006819 = 0x20; *(uint8_t*)0x2000681a = 5; *(uint8_t*)0x2000681b = 9; *(uint8_t*)0x2000681c = 4; *(uint8_t*)0x2000681d = 0x21; *(uint8_t*)0x2000681e = 6; *(uint8_t*)0x2000681f = 0xf; *(uint8_t*)0x20006820 = 0x13; *(uint8_t*)0x20006821 = 0xd5; *(uint8_t*)0x20006822 = 0xef; *(uint8_t*)0x20006823 = -1; *(uint8_t*)0x20006824 = 0x7f; *(uint8_t*)0x20006825 = 3; memcpy((void*)0x20006826, "\xff\x04\x19\x26\x1d\x95\x19\x66\xe9\x2d\x90\x6d\x4e\x26\x34\x29\x08\xf7\xc1\x48\xa2\xd9\xb1\xb9\xfe\x29\x1a\xd2\xef\x96\x37\x25\xab\x89\x5c\x81\xd7\xbb\xf8\xf9\xd4\xda\x5a\x4f\x8e\x43\x11\xa0\xbd\xfd\xab\x97\xf5\x08\x93\x9e\x62\x47\x0e\xae\x4d\xc1\x3f\x11\x32\x4f\x9b\x80\x8e\xb9\xc0\x6c\xec\x3f\x30\xa8\x6e\xf0\xfb\x2a\xb9\x0e\x7e\x04\x40\xe8\x7f\xf5\x22\x68\x87\x9d\x8a\xe0\xc9\x1a\x67\x35\x0e\x71\xaf\x1f\xb2\xd4\x90\x8d\x78\x22\x20\x08\xe8\xb6\x71\x15\x6b\x17\x90\x6f\x6a\x1e\x05\xe0\x2b\x6b\x37", 125); *(uint8_t*)0x200068a3 = 5; *(uint8_t*)0x200068a4 = 0x24; *(uint8_t*)0x200068a5 = 6; *(uint8_t*)0x200068a6 = 0; *(uint8_t*)0x200068a7 = 0; *(uint8_t*)0x200068a8 = 5; *(uint8_t*)0x200068a9 = 0x24; *(uint8_t*)0x200068aa = 0; *(uint16_t*)0x200068ab = 7; *(uint8_t*)0x200068ad = 0xd; *(uint8_t*)0x200068ae = 0x24; *(uint8_t*)0x200068af = 0xf; *(uint8_t*)0x200068b0 = 1; *(uint32_t*)0x200068b1 = 3; *(uint16_t*)0x200068b5 = 0; *(uint16_t*)0x200068b7 = 3; *(uint8_t*)0x200068b9 = 0x6a; *(uint8_t*)0x200068ba = 0xc0; *(uint8_t*)0x200068bb = 0x24; *(uint8_t*)0x200068bc = 0x13; *(uint8_t*)0x200068bd = 2; memcpy((void*)0x200068be, "\xf6\xe0\xbd\x71\x54\x25\x30\xd6\xc8\x82\xe5\x31\xf6\x0f\x2e\xef\xd0\x5d\x35\x63\x85\xc0\xa6\x22\xa1\x20\xa8\x16\x78\x85\x48\x55\xc2\x70\x40\x64\x5d\x6c\x24\x37\x27\x72\x10\x8a\xef\x34\xf2\xaf\x02\x26\xda\xa9\x9d\x3c\xec\xfe\x16\x8f\xc9\xfa\xe2\x8e\xd3\xbd\x29\x5c\x75\x43\x16\x6c\xe5\xf2\x52\xa2\x58\x4e\x73\xd2\x12\xd5\x87\x24\x5b\x8e\xbe\xfb\xae\x86\x93\xd8\x8f\x8f\xda\x2b\xbf\xbc\x96\x28\xa0\x8e\x7d\x81\xa1\x94\xb0\xc4\x9e\x82\xf6\xbc\x23\x01\x24\x57\x6b\x45\xb4\xcb\xc1\xd5\xc0\x2d\xcb\x3f\x94\x3d\xad\x75\xc6\xc2\xc5\x02\x3c\x1e\x67\x0f\xf6\x82\x5d\x8b\xa2\x3c\x20\x5a\x7e\xb9\xdc\x0b\xca\xc2\x8c\x35\x14\x07\x20\x78\xd2\xfa\x78\x2c\x31\x86\xd4\xb1\xed\x80\x40\xee\x1c\x76\x5b\xc2\x34\xaf\xcc\x52\xa9\x17\x22\x52\x7e\x5d\xbd\x90\x2d\xc2\x99\xd8", 188); *(uint8_t*)0x2000697a = 9; *(uint8_t*)0x2000697b = 5; *(uint8_t*)0x2000697c = 0; *(uint8_t*)0x2000697d = 0x10; *(uint16_t*)0x2000697e = 0; *(uint8_t*)0x20006980 = 2; *(uint8_t*)0x20006981 = 0x36; *(uint8_t*)0x20006982 = 0; *(uint8_t*)0x20006983 = 0x2a; *(uint8_t*)0x20006984 = 0x31; memcpy((void*)0x20006985, "\x71\xc3\xc3\xd6\x1b\xbd\x69\x65\xe0\xda\xb5\x13\xc1\x4e\x7d\x2a\x6d\x7d\x83\x46\x22\x8a\xf4\x6c\x61\x7a\x9c\x6f\x93\xe2\xc9\x23\x76\x7b\x9d\xcf\x1b\x1c\x65\x24", 40); *(uint8_t*)0x200069ad = 0x35; *(uint8_t*)0x200069ae = 8; memcpy((void*)0x200069af, "\x2e\xfa\xc1\x77\x7f\x97\xf0\x88\xcf\x4e\xa6\x90\x9a\x4a\xb8\x19\x54\x3a\x67\x8d\xbd\x61\x1b\xae\xbf\x76\x50\x0b\x0c\x10\xe0\x99\xa0\x98\x27\xed\xc9\x86\xbd\x1c\x1c\x58\xec\x92\x77\x82\x78\x78\x70\x0a\x60", 51); *(uint8_t*)0x200069e2 = 9; *(uint8_t*)0x200069e3 = 5; *(uint8_t*)0x200069e4 = 6; *(uint8_t*)0x200069e5 = 3; *(uint16_t*)0x200069e6 = 0x400; *(uint8_t*)0x200069e8 = 0x3f; *(uint8_t*)0x200069e9 = 2; *(uint8_t*)0x200069ea = 8; *(uint8_t*)0x200069eb = 2; *(uint8_t*)0x200069ec = 7; *(uint8_t*)0x200069ed = 7; *(uint8_t*)0x200069ee = 0x25; *(uint8_t*)0x200069ef = 1; *(uint8_t*)0x200069f0 = 0x81; *(uint8_t*)0x200069f1 = 0x40; *(uint16_t*)0x200069f2 = 4; *(uint8_t*)0x200069f4 = 9; *(uint8_t*)0x200069f5 = 5; *(uint8_t*)0x200069f6 = 8; *(uint8_t*)0x200069f7 = 0; *(uint16_t*)0x200069f8 = 0x400; *(uint8_t*)0x200069fa = 2; *(uint8_t*)0x200069fb = 8; *(uint8_t*)0x200069fc = 8; *(uint8_t*)0x200069fd = 9; *(uint8_t*)0x200069fe = 5; *(uint8_t*)0x200069ff = 0xe; *(uint8_t*)0x20006a00 = 1; *(uint16_t*)0x20006a01 = 0x200; *(uint8_t*)0x20006a03 = 2; *(uint8_t*)0x20006a04 = 4; *(uint8_t*)0x20006a05 = 9; *(uint8_t*)0x20006a06 = 9; *(uint8_t*)0x20006a07 = 5; *(uint8_t*)0x20006a08 = 0xc; *(uint8_t*)0x20006a09 = 0; *(uint16_t*)0x20006a0a = 0x400; *(uint8_t*)0x20006a0c = 0; *(uint8_t*)0x20006a0d = 4; *(uint8_t*)0x20006a0e = 0x20; *(uint8_t*)0x20006a0f = 7; *(uint8_t*)0x20006a10 = 0x25; *(uint8_t*)0x20006a11 = 1; *(uint8_t*)0x20006a12 = 0; *(uint8_t*)0x20006a13 = 0x7f; *(uint16_t*)0x20006a14 = 0x1ff; *(uint8_t*)0x20006a16 = 7; *(uint8_t*)0x20006a17 = 0x25; *(uint8_t*)0x20006a18 = 1; *(uint8_t*)0x20006a19 = 0x41; *(uint8_t*)0x20006a1a = 0xcb; *(uint16_t*)0x20006a1b = 0x102d; *(uint8_t*)0x20006a1d = 9; *(uint8_t*)0x20006a1e = 5; *(uint8_t*)0x20006a1f = 0xf; *(uint8_t*)0x20006a20 = 0x10; *(uint16_t*)0x20006a21 = 0x20; *(uint8_t*)0x20006a23 = 0x32; *(uint8_t*)0x20006a24 = 0; *(uint8_t*)0x20006a25 = 0; *(uint8_t*)0x20006a26 = 9; *(uint8_t*)0x20006a27 = 5; *(uint8_t*)0x20006a28 = 2; *(uint8_t*)0x20006a29 = 4; *(uint16_t*)0x20006a2a = 0x20; *(uint8_t*)0x20006a2c = 0x20; *(uint8_t*)0x20006a2d = 0x7f; *(uint8_t*)0x20006a2e = 0x7f; *(uint8_t*)0x20006a2f = 7; *(uint8_t*)0x20006a30 = 0x25; *(uint8_t*)0x20006a31 = 1; *(uint8_t*)0x20006a32 = 1; *(uint8_t*)0x20006a33 = 8; *(uint16_t*)0x20006a34 = 0x40; *(uint8_t*)0x20006a36 = 9; *(uint8_t*)0x20006a37 = 5; *(uint8_t*)0x20006a38 = 1; *(uint8_t*)0x20006a39 = 0; *(uint16_t*)0x20006a3a = 8; *(uint8_t*)0x20006a3c = 0xe0; *(uint8_t*)0x20006a3d = 0x80; *(uint8_t*)0x20006a3e = 1; *(uint8_t*)0x20006a3f = 9; *(uint8_t*)0x20006a40 = 5; *(uint8_t*)0x20006a41 = 0xd; *(uint8_t*)0x20006a42 = 0; *(uint16_t*)0x20006a43 = 0x7f7; *(uint8_t*)0x20006a45 = 8; *(uint8_t*)0x20006a46 = 4; *(uint8_t*)0x20006a47 = 0x20; *(uint8_t*)0x20006a48 = 7; *(uint8_t*)0x20006a49 = 0x25; *(uint8_t*)0x20006a4a = 1; *(uint8_t*)0x20006a4b = 2; *(uint8_t*)0x20006a4c = 6; *(uint16_t*)0x20006a4d = 3; *(uint8_t*)0x20006a4f = 0x5b; *(uint8_t*)0x20006a50 = 2; memcpy((void*)0x20006a51, "\xe2\x68\x16\x78\x8a\x1c\xc1\x88\x1a\x23\xc8\xf4\x1a\x67\xd7\x3b\xe6\xc2\x14\x67\xfa\x34\xc3\x2c\x9f\xb2\xf2\x08\xc2\x69\x29\xeb\x65\x27\x36\xf9\xd9\x1d\x3a\x85\xb6\x39\x1d\xdd\x8c\x23\xc3\x09\xf2\x0a\xa9\x6d\x84\xd4\x89\xfd\xc4\x25\xac\xea\x48\x48\x9f\xbd\x62\xf0\xf3\x65\x3d\x94\xee\x6b\x8e\x1d\xab\x83\xb1\x9e\xbc\xa6\xd7\x35\x78\x5a\xb9\xdd\x72\x4d\x66", 89); *(uint8_t*)0x20006aaa = 9; *(uint8_t*)0x20006aab = 5; *(uint8_t*)0x20006aac = 6; *(uint8_t*)0x20006aad = 2; *(uint16_t*)0x20006aae = 0x40; *(uint8_t*)0x20006ab0 = 0x80; *(uint8_t*)0x20006ab1 = 1; *(uint8_t*)0x20006ab2 = 0x1b; *(uint8_t*)0x20006ab3 = 7; *(uint8_t*)0x20006ab4 = 0x25; *(uint8_t*)0x20006ab5 = 1; *(uint8_t*)0x20006ab6 = 0; *(uint8_t*)0x20006ab7 = 7; *(uint16_t*)0x20006ab8 = 0x40; *(uint8_t*)0x20006aba = 9; *(uint8_t*)0x20006abb = 5; *(uint8_t*)0x20006abc = 9; *(uint8_t*)0x20006abd = 0x10; *(uint16_t*)0x20006abe = 8; *(uint8_t*)0x20006ac0 = 7; *(uint8_t*)0x20006ac1 = 4; *(uint8_t*)0x20006ac2 = 0x3f; *(uint8_t*)0x20006ac3 = 0xe8; *(uint8_t*)0x20006ac4 = 0xb; memcpy((void*)0x20006ac5, "\x8a\xfc\x39\xfa\xbf\x2e\x69\xef\xa6\x1b\x09\x26\x94\xe9\xe7\x01\x87\xbb\xd4\x34\x3a\x56\x66\xc1\xc2\xe1\xb5\xbe\xc1\x2b\xd1\xb1\x63\x32\x5b\x32\x04\x7e\x6f\xad\x04\x42\xc3\x70\x40\x7a\xd2\xdd\xd4\xeb\x56\x3a\x85\x40\x8b\xb4\x76\x2b\x8e\x46\xa4\x63\x43\xa9\xbf\x71\x84\x80\x5c\xd6\x0c\x0d\xa1\x01\x0d\xbd\x99\x5b\x1d\x79\x8e\x5b\x4a\x50\xa1\x0d\xc1\x1c\xd3\x95\x93\x2b\x5e\xd4\xf8\xe0\x6e\x56\x6a\x72\x6d\xe0\x3c\x04\x47\x58\x7e\x03\xd6\x55\xe7\x3c\x3e\x30\xe4\x3e\x8c\x21\x89\xd9\xf1\xfc\xbd\x1e\x3d\x45\x71\x2e\x92\x03\xad\x62\xe3\x4e\x8e\x27\x53\xc6\xf2\xd0\xfa\x95\x3d\x20\xdf\xd1\xbb\x42\x47\x9f\xc0\x33\x95\x9a\xac\x50\x43\x14\x9c\xed\xe9\x28\x6d\xce\x76\x3b\x3f\x20\xad\xaf\xee\x00\x5d\xc6\x83\x0d\xb8\x9c\xd5\x8f\x56\xa2\xf9\x7f\xb1\x0e\x0c\x37\xc0\xdd\x51\x63\xae\x61\x78\x38\x7a\x02\x84\xab\x98\x1a\x6c\xab\xcd\x05\xdb\x43\x14\x32\x63\x32\xe1\xd3\x2d\x69\xd9\xe5\x62\x4a\xc0\x86\x33\x32\x79\xb2\xdf\x93\xb7\x8c", 230); *(uint8_t*)0x20006bab = 9; *(uint8_t*)0x20006bac = 5; *(uint8_t*)0x20006bad = 2; *(uint8_t*)0x20006bae = 8; *(uint16_t*)0x20006baf = 0x3ff; *(uint8_t*)0x20006bb1 = 9; *(uint8_t*)0x20006bb2 = 4; *(uint8_t*)0x20006bb3 = 2; *(uint8_t*)0x20006bb4 = 0xf8; *(uint8_t*)0x20006bb5 = 3; memcpy((void*)0x20006bb6, "\xd2\xa3\x36\x68\x18\x43\xbe\xe6\x3f\x11\x81\xdd\xe5\x8c\xe1\x39\xc8\x7e\xb3\x9d\x3b\x1b\x13\xc8\x9f\x9c\x99\x42\x60\x3a\xbc\x8f\x40\x9b\x89\xed\xa8\xfb\x2c\x9c\x68\xe3\xce\xb4\x70\x7a\x75\x45\x08\x30\x06\x6c\xf2\x30\x91\x72\xcf\x06\x53\x0b\xe6\x25\x66\xc8\xc6\x28\x43\x6e\xde\x40\xb0\x63\x4b\x77\x58\xb6\x17\x7a\xb7\x9a\x5e\xf2\x50\x1a\x59\xd5\x80\xc5\x73\x29\x44\xb2\xf3\xbd\x51\x23\xfd\x15\x63\x5c\xfe\x84\x91\xa0\x3a\xb3\xd1\x0d\x42\x51\x80\x9a\xc6\xaf\x63\x5e\x91\x48\xf6\xc9\xb7\xe3\xb9\x3f\xd4\xbe\x33\x87\xd4\xce\x97\x08\xf9\x74\x1d\x7d\x24\x96\xf6\x06\x97\xdb\x79\x6d\x17\xbb\x9f\x55\xed\x9d\x12\xa4\xf5\x24\xc9\xae\x5d\xe2\x04\x4e\x86\x3c\x24\x37\x08\x2c\x82\xf7\x05\x03\x62\xb3\x8a\x90\xff\x56\x63\xe9\xa1\xca\x56\xd8\x99\xac\x46\x21\x20\x97\x09\x52\x83\x42\xac\x71\xba\xd0\x76\x61\xab\x43\x79\x99\xa7\x3a\x96\x72\x00\xb8\xbd\xc9\x75\xa7\x8f\x6e\xd6\xf8\xe6\xec\x81\xb6\x37\xbb\xde\x98\x53\x15\xc3\x2e\xaa\xea\x7d\xe9\x23\x25\xdf\xef\x74\x82\x22\x1b\x7a\x31\x21\x2a\x96\xcd", 246); *(uint8_t*)0x20006cac = 7; *(uint8_t*)0x20006cad = 0x25; *(uint8_t*)0x20006cae = 1; *(uint8_t*)0x20006caf = 0x81; *(uint8_t*)0x20006cb0 = 0x82; *(uint16_t*)0x20006cb1 = 0x7ff; *(uint8_t*)0x20006cb3 = 9; *(uint8_t*)0x20006cb4 = 5; *(uint8_t*)0x20006cb5 = 5; *(uint8_t*)0x20006cb6 = 2; *(uint16_t*)0x20006cb7 = 0x3ff; *(uint8_t*)0x20006cb9 = 0xe4; *(uint8_t*)0x20006cba = 0; *(uint8_t*)0x20006cbb = 1; *(uint8_t*)0x20006cbc = 0xab; *(uint8_t*)0x20006cbd = 9; memcpy((void*)0x20006cbe, "\xc6\xfe\x27\x36\x94\xb4\x05\x2a\x22\x09\x9e\x80\xc6\x7e\x2e\xb2\x7f\xde\xed\x48\xb1\x52\x75\x46\xe3\xa7\x40\x7a\xfc\x77\xae\x43\xbd\x82\x4d\x2f\xfd\x79\xec\x4a\x23\x13\xe6\xde\xcb\x22\x1d\x29\x55\x42\x04\x6d\x0e\x03\x11\xc0\xc0\x2e\x9f\x09\x73\xd4\x9f\x0b\x1b\xd4\x9d\xa2\x3a\xf4\xc4\x14\x49\xe8\xfd\x00\x5d\xde\xac\x5c\xb8\xc7\x3c\x95\x1a\x76\x62\x6e\xe8\x86\x0e\x18\xc8\x5c\xef\x48\xbb\x8b\x33\x50\x6f\x1a\x4f\x6b\xa4\x21\x21\x1b\xd0\x4f\x96\xdd\x24\x63\x65\x5b\x6e\xd4\x20\x6b\xcc\x04\x9e\xbc\x67\xa5\xa0\xac\xbf\xd5\xeb\x77\x05\x5f\x23\x2b\xdc\x5c\x33\xa9\x2f\xd8\x0e\xbb\xd2\xda\xd6\x7c\x47\x0a\x1e\xe4\x01\x28\x0c\x84\xbc\x45\xa2\x25\xab\xf7\xd7\xb7\xa8\xc4\xfd\xd7\x7c", 169); *(uint8_t*)0x20006d67 = 0x99; *(uint8_t*)0x20006d68 = 0x23; memcpy((void*)0x20006d69, "\x6a\xd2\x4c\x93\xae\x66\xaf\xc2\x43\xc8\x2a\x20\x22\x88\x5c\x51\x54\x35\xd3\xa6\xa8\xd0\xef\x67\x86\x6f\x48\x82\x4a\xae\x8e\x31\xc1\x3f\x45\x0c\xf1\x04\x77\xc7\xad\xd8\x14\xe0\xa2\x0d\x36\x90\xe3\x4f\x87\x60\xb7\x87\x53\x57\x60\x1e\x82\x07\x3a\x7a\x84\xd0\xf4\xb1\xe6\x4b\x33\x27\x6f\x3b\xbb\xce\x50\x4b\xdd\x2f\x2b\x38\xc1\x83\x77\x70\x87\x6e\xd0\x36\x7d\xbb\x28\x0f\xc1\x08\xa3\x8f\x3b\x1a\x38\x69\xcf\x03\x88\x71\xf5\xac\xd4\xe8\xde\xc2\xec\x99\xbf\xef\x6e\x25\x96\xdf\x56\x7f\xac\x26\xf3\x17\x37\x92\xc2\x0b\x5d\x1f\xe6\x71\x5e\xb4\xa9\xd9\x64\xaf\x6f\xcc\x73\x1d\x4a\xc6\xbe\x25\xd3\x21\x7f\x7d\x87", 151); *(uint8_t*)0x20006e00 = 9; *(uint8_t*)0x20006e01 = 5; *(uint8_t*)0x20006e02 = 0xd; *(uint8_t*)0x20006e03 = 0xc; *(uint16_t*)0x20006e04 = 0x200; *(uint8_t*)0x20006e06 = 0x3f; *(uint8_t*)0x20006e07 = 8; *(uint8_t*)0x20006e08 = 1; *(uint8_t*)0x20006e09 = 9; *(uint8_t*)0x20006e0a = 5; *(uint8_t*)0x20006e0b = 6; *(uint8_t*)0x20006e0c = 0; *(uint16_t*)0x20006e0d = 0x1df; *(uint8_t*)0x20006e0f = 4; *(uint8_t*)0x20006e10 = 0x3f; *(uint8_t*)0x20006e11 = 0xc5; *(uint8_t*)0x20006e12 = 7; *(uint8_t*)0x20006e13 = 0x25; *(uint8_t*)0x20006e14 = 1; *(uint8_t*)0x20006e15 = 0x80; *(uint8_t*)0x20006e16 = 1; *(uint16_t*)0x20006e17 = 0; *(uint8_t*)0x20006e19 = 9; *(uint8_t*)0x20006e1a = 4; *(uint8_t*)0x20006e1b = 0xb1; *(uint8_t*)0x20006e1c = -1; *(uint8_t*)0x20006e1d = 4; *(uint8_t*)0x20006e1e = 0xb0; *(uint8_t*)0x20006e1f = 0x15; *(uint8_t*)0x20006e20 = 0x7a; *(uint8_t*)0x20006e21 = 0xa9; *(uint8_t*)0x20006e22 = 7; *(uint8_t*)0x20006e23 = 0x24; *(uint8_t*)0x20006e24 = 6; *(uint8_t*)0x20006e25 = 0; *(uint8_t*)0x20006e26 = 0; memcpy((void*)0x20006e27, "\x25\x02", 2); *(uint8_t*)0x20006e29 = 5; *(uint8_t*)0x20006e2a = 0x24; *(uint8_t*)0x20006e2b = 0; *(uint16_t*)0x20006e2c = 0x96; *(uint8_t*)0x20006e2e = 0xd; *(uint8_t*)0x20006e2f = 0x24; *(uint8_t*)0x20006e30 = 0xf; *(uint8_t*)0x20006e31 = 1; *(uint32_t*)0x20006e32 = 0; *(uint16_t*)0x20006e36 = 1; *(uint16_t*)0x20006e38 = 7; *(uint8_t*)0x20006e3a = 1; *(uint8_t*)0x20006e3b = 7; *(uint8_t*)0x20006e3c = 0x24; *(uint8_t*)0x20006e3d = 0xa; *(uint8_t*)0x20006e3e = 0xde; *(uint8_t*)0x20006e3f = 1; *(uint8_t*)0x20006e40 = 3; *(uint8_t*)0x20006e41 = 0x84; *(uint8_t*)0x20006e42 = 5; *(uint8_t*)0x20006e43 = 0x24; *(uint8_t*)0x20006e44 = 1; *(uint8_t*)0x20006e45 = 1; *(uint8_t*)0x20006e46 = 0x20; *(uint8_t*)0x20006e47 = 7; *(uint8_t*)0x20006e48 = 0x24; *(uint8_t*)0x20006e49 = 0x14; *(uint16_t*)0x20006e4a = 8; *(uint16_t*)0x20006e4c = 6; *(uint8_t*)0x20006e4e = 4; *(uint8_t*)0x20006e4f = 0x24; *(uint8_t*)0x20006e50 = 2; *(uint8_t*)0x20006e51 = 7; *(uint8_t*)0x20006e52 = 0xa; *(uint8_t*)0x20006e53 = 0x24; *(uint8_t*)0x20006e54 = 7; *(uint8_t*)0x20006e55 = 0x20; *(uint16_t*)0x20006e56 = 0xd57a; *(uint16_t*)0x20006e58 = 0x3ff; *(uint16_t*)0x20006e5a = 7; *(uint8_t*)0x20006e5c = 7; *(uint8_t*)0x20006e5d = 0x24; *(uint8_t*)0x20006e5e = 0xa; *(uint8_t*)0x20006e5f = 0x80; *(uint8_t*)0x20006e60 = 0; *(uint8_t*)0x20006e61 = 0xfc; *(uint8_t*)0x20006e62 = 6; *(uint8_t*)0x20006e63 = 9; *(uint8_t*)0x20006e64 = 5; *(uint8_t*)0x20006e65 = 0xc; *(uint8_t*)0x20006e66 = 0x10; *(uint16_t*)0x20006e67 = 0x400; *(uint8_t*)0x20006e69 = 0x80; *(uint8_t*)0x20006e6a = 0x3f; *(uint8_t*)0x20006e6b = 0; *(uint8_t*)0x20006e6c = 0xc0; *(uint8_t*)0x20006e6d = 0x23; memcpy((void*)0x20006e6e, "\x2f\xa6\x21\x6f\xa5\xb3\x4b\x3c\x34\x7a\x90\xd7\xc0\x9d\xee\x9e\x3b\xad\x4c\xef\xe7\xc1\x78\xd4\xc2\x48\xc1\x75\xd6\xe2\x65\xf0\xf1\x5b\x5d\xb2\xf1\xef\xac\xfb\xb4\x75\x80\x01\xa8\x95\xf8\x29\x6a\x82\xcc\x24\x3a\x7a\x71\xe6\xcf\xa5\x9d\x27\xd6\xba\x04\x08\x6b\x13\x18\xf3\x99\x7a\xee\x66\x3f\xb0\xb1\x88\xa9\x5e\x85\x05\xf2\x75\x8d\x8b\x43\xe5\x4d\xce\x1e\x61\x31\xac\x08\xc8\xf2\x9e\x40\xfd\xf1\x8b\xbc\xb5\x70\x4b\x23\x47\x1e\x1f\xa2\xbb\xa7\x64\x58\x1c\xe7\xdc\x0a\x1f\x88\x0b\x6a\xa4\xe3\x93\x0f\x95\x24\xba\xf7\xf5\x0f\x7c\xb5\x8d\xdb\xd7\xb0\x65\xbe\x27\x02\x27\xb4\x7e\x34\xa8\x27\xa2\xf0\x9e\x87\x65\x2c\x3b\x09\x33\x94\x5d\x95\xbc\xdc\x06\x2e\x78\x95\x3c\x6f\xef\x78\x19\x97\x36\xf6\x24\x70\xac\x62\x41\x40\xad\x40\x3c\x6f\x78\x8d\x52\xe1\x0e\x11\x03", 190); *(uint8_t*)0x20006f2c = 9; *(uint8_t*)0x20006f2d = 5; *(uint8_t*)0x20006f2e = 5; *(uint8_t*)0x20006f2f = 0; *(uint16_t*)0x20006f30 = 0x20; *(uint8_t*)0x20006f32 = 0x3f; *(uint8_t*)0x20006f33 = 0x7f; *(uint8_t*)0x20006f34 = 2; *(uint8_t*)0x20006f35 = 0x1a; *(uint8_t*)0x20006f36 = 0xc; memcpy((void*)0x20006f37, "\x1c\x2b\x9b\xf9\x18\x36\xba\x9e\x59\x50\x27\x9a\xa4\x49\xab\x26\x14\xf1\x7e\xc4\x78\xa5\xa7\x00", 24); *(uint8_t*)0x20006f4f = 0xc3; *(uint8_t*)0x20006f50 = 0xc; memcpy((void*)0x20006f51, "\x31\x39\xf5\x6a\x95\xcd\x9a\xcd\x2c\xaf\x28\x74\xda\x06\x4a\xdf\x8a\x3e\xa9\x3c\xbd\x32\xe1\x4f\x79\xb6\x83\x8a\x87\x5d\x2b\x1c\x72\x86\xc6\x17\xf7\x80\xe8\x3c\xd8\xac\x69\xa4\x71\x4e\x10\x41\xcf\x11\xa6\x98\x86\x60\x63\xe4\x4d\x74\xc6\xdf\xbe\xe8\x90\x55\xed\xa3\xb7\x01\x77\xaf\x2e\x4b\x13\x8e\xdb\xeb\x82\xf3\x46\x05\xc6\x14\xb3\xa5\xcb\x77\x50\xf2\x20\xc4\xc8\xbc\x45\x0a\x30\x09\xd9\xbd\x33\x00\x56\x14\x98\xc1\x64\xcf\x3b\x38\x00\xcd\xf5\x75\xf5\xee\x94\x56\xff\xec\x5a\xcc\x96\xed\x76\xe2\x26\xc3\x6e\x52\x50\x8d\x2f\xc0\x8e\x9f\x1e\xa6\xfe\x8c\xfc\x2c\x9a\x31\xb0\x9a\xc5\x56\xd2\xe4\x8e\x88\xdb\x31\x70\x50\x50\x52\xed\x76\xa4\x75\xaa\x82\xd6\x36\xd9\x7e\x10\xe7\xe3\xdd\x77\x12\x5f\x5d\xf8\xa7\x95\x7d\x3c\x3f\x94\xf1\xc7\x6c\xbc\x01\x36\x19\x26\x39\xd1\x76\x40", 193); *(uint8_t*)0x20007012 = 9; *(uint8_t*)0x20007013 = 5; *(uint8_t*)0x20007014 = 2; *(uint8_t*)0x20007015 = 2; *(uint16_t*)0x20007016 = 0x200; *(uint8_t*)0x20007018 = 0x48; *(uint8_t*)0x20007019 = 2; *(uint8_t*)0x2000701a = 4; *(uint8_t*)0x2000701b = 9; *(uint8_t*)0x2000701c = 5; *(uint8_t*)0x2000701d = 1; *(uint8_t*)0x2000701e = 0x10; *(uint16_t*)0x2000701f = 0x20; *(uint8_t*)0x20007021 = 0x6c; *(uint8_t*)0x20007022 = 1; *(uint8_t*)0x20007023 = 3; *(uint8_t*)0x20007024 = 0xce; *(uint8_t*)0x20007025 = 0x21; memcpy((void*)0x20007026, "\x06\xc1\x68\xe4\xec\x51\x8f\xa8\x4d\xd5\x1e\xa1\x69\x50\xaf\x04\x28\x9b\x85\x63\x92\x49\xe5\xb2\x76\x19\xa0\x30\x17\x47\x9c\xb3\x14\xd2\xff\xe9\xee\x81\xbe\x9e\xb0\x17\xcf\x98\x23\x4e\x8f\x72\x36\x18\xdf\xe3\x9f\x1f\x4c\xee\x3c\xa8\x42\xdd\x87\x02\x08\xe0\x1c\xcd\x1c\x6a\xe4\xd9\xa7\x1b\x28\x14\xb6\xaa\x79\x5f\xef\xda\x45\x07\x27\xb3\xbe\xb2\x66\xf7\xf3\x56\x20\xf0\x9a\x35\x08\xc2\x9f\xd6\x0d\x98\x47\x34\x2c\x29\x5b\x2b\xa8\x67\xe4\x9b\x8f\x0b\x74\x6d\x5b\x75\x2b\xe6\x9f\x4d\xa8\x8f\x93\x8d\xcb\xfe\x16\x90\x33\x3c\x46\x7c\xb8\x90\x05\x97\xad\x4a\xa4\x34\x40\x45\x39\x24\x3f\x3a\x64\xdb\xce\xd5\x55\x45\x62\x04\x2f\xb9\x8f\xd0\xa5\x55\x3a\xb0\xbd\xf0\xac\xcf\x16\x52\x5c\x4f\x84\x63\x4a\xee\x87\x63\xdb\x10\xe7\x0e\x77\xa8\x9a\x71\x42\x21\xad\x80\x5f\x53\x8a\x0d\x1a\x82\x4d\xcb\x6a\xaa\xc6\x1d\x3e\xa4\xbf\xe9", 204); *(uint8_t*)0x200070f2 = 7; *(uint8_t*)0x200070f3 = 0x25; *(uint8_t*)0x200070f4 = 1; *(uint8_t*)0x200070f5 = 3; *(uint8_t*)0x200070f6 = 0x80; *(uint16_t*)0x200070f7 = 5; *(uint8_t*)0x200070f9 = 9; *(uint8_t*)0x200070fa = 4; *(uint8_t*)0x200070fb = 0x6b; *(uint8_t*)0x200070fc = 3; *(uint8_t*)0x200070fd = 5; *(uint8_t*)0x200070fe = 0x3d; *(uint8_t*)0x200070ff = 0x21; *(uint8_t*)0x20007100 = 0xee; *(uint8_t*)0x20007101 = 0xc0; *(uint8_t*)0x20007102 = 9; *(uint8_t*)0x20007103 = 0x21; *(uint16_t*)0x20007104 = 0x848d; *(uint8_t*)0x20007106 = 0x1f; *(uint8_t*)0x20007107 = 1; *(uint8_t*)0x20007108 = 0x22; *(uint16_t*)0x20007109 = 0x3f6; *(uint8_t*)0x2000710b = 9; *(uint8_t*)0x2000710c = 5; *(uint8_t*)0x2000710d = 0xd; *(uint8_t*)0x2000710e = 0x10; *(uint16_t*)0x2000710f = 0x40; *(uint8_t*)0x20007111 = 0x7c; *(uint8_t*)0x20007112 = 6; *(uint8_t*)0x20007113 = 4; *(uint8_t*)0x20007114 = 7; *(uint8_t*)0x20007115 = 0x25; *(uint8_t*)0x20007116 = 1; *(uint8_t*)0x20007117 = 0x82; *(uint8_t*)0x20007118 = 0x69; *(uint16_t*)0x20007119 = 0x5fa4; *(uint8_t*)0x2000711b = 9; *(uint8_t*)0x2000711c = 5; *(uint8_t*)0x2000711d = 3; *(uint8_t*)0x2000711e = 0x1c; *(uint16_t*)0x2000711f = 0x3ff; *(uint8_t*)0x20007121 = 8; *(uint8_t*)0x20007122 = 0x81; *(uint8_t*)0x20007123 = 1; *(uint8_t*)0x20007124 = 7; *(uint8_t*)0x20007125 = 0x25; *(uint8_t*)0x20007126 = 1; *(uint8_t*)0x20007127 = 0x37; *(uint8_t*)0x20007128 = 3; *(uint16_t*)0x20007129 = 0xfff; *(uint8_t*)0x2000712b = 0xba; *(uint8_t*)0x2000712c = 9; memcpy((void*)0x2000712d, "\xb8\xe7\xe6\x10\xb0\x74\x32\x5b\x28\xa3\x8b\x1b\x5f\x75\x6c\xdd\xec\xec\x90\x26\xba\xed\xfb\x15\x8c\x2c\xe4\xd0\xe3\x48\xd2\x44\x73\xf7\xa1\xee\x74\xbd\xa8\xa6\xd5\x84\x5a\xcf\x5d\xe0\x95\x71\x3b\xb0\x20\xe1\x29\x2c\xc0\x80\xd9\xc8\x97\x44\xf8\xce\xd9\x69\x16\xbb\x20\x55\xa1\xa1\x76\x9f\x6a\x7b\x4d\x13\xb9\xf7\x40\x50\xa8\x22\x0d\xdf\x0d\x09\xa9\x4c\x3b\xfb\xaa\xb0\x6f\xdd\x2b\x5e\x0b\x19\x31\xb7\x7f\x42\x6c\x18\xe3\xc8\x8d\xa2\x5c\x52\xc0\x19\xdb\xfb\xdb\xb8\xbf\x0e\x5e\xe6\x28\xb5\xa4\x6d\x95\xb5\x39\x42\xfe\xb5\xbf\x7b\xfd\x58\x1f\x93\xa9\x45\xc8\x5d\xa3\x3b\x76\x3d\x2f\x0c\x33\x45\x89\x8c\x95\xe2\xa1\x22\x8e\x5e\x08\x40\x70\xa1\xe9\x6b\xce\xf7\x23\x7f\x0a\x03\x36\xc6\x30\x91\xbe\x6b\x87\xd3\xff\x68\xde\x36\xf6\xc9\xb0\xb2", 184); *(uint8_t*)0x200071e5 = 9; *(uint8_t*)0x200071e6 = 5; *(uint8_t*)0x200071e7 = 0; *(uint8_t*)0x200071e8 = 0x10; *(uint16_t*)0x200071e9 = 0; *(uint8_t*)0x200071eb = 0x40; *(uint8_t*)0x200071ec = 7; *(uint8_t*)0x200071ed = 0x22; *(uint8_t*)0x200071ee = 0xfc; *(uint8_t*)0x200071ef = 0x11; memcpy((void*)0x200071f0, "\xfb\xb0\xdd\xc3\x40\xe0\xee\x54\x66\x41\x5b\xab\xc5\x9d\x3b\xbf\x8a\x56\x91\x09\x35\x1e\x08\x9d\xf0\x59\x09\x4e\x3c\x5a\xef\x87\xf9\xe1\x31\x20\xdc\x04\x3a\x4d\xad\x91\x93\xdb\xea\x34\xae\xff\xbe\x3c\x0d\x94\x5d\x8a\x18\xd6\xc0\x55\xb7\x9c\xe5\x1a\xdb\x09\x82\x0e\xb6\x96\x5d\x78\x22\xf5\x53\xc5\x90\xfb\x93\x5c\xc1\x58\x0e\x2b\x0e\xf0\x39\x29\x0f\x87\xad\x62\xe2\x18\x1d\xd2\xbb\x24\xa7\x78\xed\x74\x23\x3d\x39\xc6\xb0\x15\x66\x72\x3d\x38\x6a\xcd\x2f\xf2\x42\x72\x0d\xa9\x5b\xf5\x44\x94\xdb\x06\x51\x6e\x40\xd1\x92\x76\xbe\x27\xf9\xe0\x78\xc7\x62\x1a\xbe\xc7\x9a\xf9\x0b\x12\xfd\x0d\xbf\x62\x8f\xa9\xf9\xa0\x94\x93\x8f\x29\x7a\x8f\x8c\x63\xff\xe5\x7d\x00\x40\x79\x2e\x86\xe8\xd2\x42\x5b\x2a\x50\xd3\x7c\xc1\xab\x39\x75\x22\x7e\xc4\xcd\x85\xc0\x2d\x73\x4b\x8e\xce\x89\x1b\x27\x49\x62\xc1\x13\x34\x9b\x2b\x06\xf2\xea\x19\x7a\xf2\x34\x72\xe2\xd1\xce\x4d\x93\x0c\xf8\x49\xf7\x7e\x61\x9c\x77\xb2\xe9\xb1\xdb\x97\x7c\x04\x0b\x42\x89\x33\xd8\x06\x6b\x59\x31\x28\x3d\x29\x49\xea\x81\x25\xc4\x65\x37\xa3\xe2", 250); *(uint8_t*)0x200072ea = 7; *(uint8_t*)0x200072eb = 0x25; *(uint8_t*)0x200072ec = 1; *(uint8_t*)0x200072ed = 0x5d; *(uint8_t*)0x200072ee = 7; *(uint16_t*)0x200072ef = 7; *(uint8_t*)0x200072f1 = 9; *(uint8_t*)0x200072f2 = 5; *(uint8_t*)0x200072f3 = 5; *(uint8_t*)0x200072f4 = 0; *(uint16_t*)0x200072f5 = 0x400; *(uint8_t*)0x200072f7 = 5; *(uint8_t*)0x200072f8 = 5; *(uint8_t*)0x200072f9 = 0x1f; *(uint8_t*)0x200072fa = 0xb3; *(uint8_t*)0x200072fb = 0xb; memcpy((void*)0x200072fc, "\x0a\x90\x26\x86\x4d\x79\xf2\x1b\x7a\x15\x0b\x9c\xaf\xf6\xd2\x23\x28\x7b\x8c\xa6\x7d\x8d\x62\xad\x24\x44\xad\x8a\xb2\x40\x35\xf8\x7b\xea\x38\x7a\x1c\x63\x16\xcd\xa6\x1d\x7f\x3d\x15\x2b\x50\x7d\xfe\xa1\x3e\xb6\x95\x48\x67\xd2\x49\xc9\x09\xaa\x46\xa7\x31\x77\x1b\xbc\x9d\xe9\x59\xdd\x60\xac\x85\x76\x69\xab\x68\x0a\xaf\x8c\x6f\x94\xb6\x47\x95\xdc\x7e\xc6\x0d\xa5\x53\x2b\xf5\x8f\x6b\xa5\xb8\xc7\x37\x2f\xf5\xf9\x5b\x31\x08\xe2\x9b\x13\xe6\x70\x9f\x81\x50\x16\xd3\x53\xc6\xde\xdb\xf5\x45\xdf\x03\xd5\x87\x4b\xe7\x15\x51\x3c\x36\xff\xfe\xea\x5b\xc1\xdf\x7b\xef\x3b\xf1\x99\x10\xb0\x15\x92\xc2\x35\xf3\xe8\x17\x74\x90\x84\xa3\x8b\xde\x9e\x19\x6e\x27\x37\xcd\xdd\xc6\xdb\xe1\x43\x13\x67\x9a\x0b\xe3\x21\x14\xa9\x35", 177); *(uint8_t*)0x200073ad = 0xcb; *(uint8_t*)0x200073ae = 9; memcpy((void*)0x200073af, "\x0e\x30\xd9\x67\xc4\xc4\x78\x8b\x63\x96\x45\x65\x05\x54\x46\x04\x9b\xb0\x57\xff\xe7\xfa\x48\x41\x37\xed\x94\x0e\xd6\x96\xd3\xdf\x82\x2d\x7f\xda\x84\xe0\x35\xfc\x02\xf2\x79\xaa\x40\x7f\xe5\x17\x92\x45\x64\x73\x44\x0d\xfa\xf2\xf6\xcf\x45\x2e\x0d\x53\x9d\x88\x95\x3e\xfd\xfb\xdb\xea\x71\xa7\xde\xf8\xbd\xc1\x06\xb8\x1f\x32\x5b\x00\xbd\x33\x2a\x3d\xc6\x9c\xba\x43\x29\xc3\x05\xbd\x46\x89\x2b\x30\xd4\x47\xec\xe1\x71\xba\x0b\x4a\x73\xc2\xa0\x8e\x64\x30\xa8\xed\xb6\xcf\xb5\xfb\x7a\xb5\xbc\xe3\x4b\xa2\x38\x5f\xc7\xab\x6a\x5d\x60\x2c\x69\x91\x92\xd9\xa9\x67\xdc\xf2\x55\xd2\xbd\x64\x53\xff\x27\xb3\xe4\x97\x8a\x81\x69\xf8\xf8\xd9\xe1\xd7\x42\xde\xa5\x53\x6e\xe6\xb5\xb8\x41\x1f\x4a\x7e\xea\xf5\x95\x9b\xba\xd4\xa2\x03\xde\x44\xcc\x50\xc1\x5d\x54\xac\x51\x0a\xfe\x7c\x69\xe7\x9f\x40\x14\x36\xdb\xc3\x65\x11\x4c", 201); *(uint8_t*)0x20007478 = 9; *(uint8_t*)0x20007479 = 5; *(uint8_t*)0x2000747a = 0xb; *(uint8_t*)0x2000747b = 0x16; *(uint16_t*)0x2000747c = 8; *(uint8_t*)0x2000747e = 5; *(uint8_t*)0x2000747f = 0; *(uint8_t*)0x20007480 = 3; *(uint8_t*)0x20007481 = 0x5f; *(uint8_t*)0x20007482 = 0xc; memcpy((void*)0x20007483, "\x7a\x83\xaa\x84\x2e\x67\xfc\x4a\x39\x31\x27\x22\xb0\x63\xb2\x9e\xd9\xd2\x08\x58\x58\x08\xb5\xdd\x26\xd2\xc9\x04\x3a\xc3\x04\xdc\x29\x86\x86\xd0\xcd\x8a\x9d\x62\x3e\x67\x8b\x98\x41\x0d\x54\xa5\xab\x43\xa7\x09\xa1\x62\x6f\x4d\x80\x47\x33\x5b\xa6\x2f\x79\x54\x59\x99\x0e\x70\x14\xec\xdc\x10\x49\x38\x63\x80\x36\x6f\x56\xe3\xd1\x0a\xf4\x24\xe1\xef\x08\x7b\x70\x70\xab\xb8\x93", 93); *(uint8_t*)0x200074e0 = 7; *(uint8_t*)0x200074e1 = 0x25; *(uint8_t*)0x200074e2 = 1; *(uint8_t*)0x200074e3 = 3; *(uint8_t*)0x200074e4 = 7; *(uint16_t*)0x200074e5 = 0x401; *(uint8_t*)0x200074e7 = 9; *(uint8_t*)0x200074e8 = 4; *(uint8_t*)0x200074e9 = 0x9d; *(uint8_t*)0x200074ea = 0xba; *(uint8_t*)0x200074eb = 1; *(uint8_t*)0x200074ec = -1; *(uint8_t*)0x200074ed = 2; *(uint8_t*)0x200074ee = 0x73; *(uint8_t*)0x200074ef = 0x7f; *(uint8_t*)0x200074f0 = 5; *(uint8_t*)0x200074f1 = 0x24; *(uint8_t*)0x200074f2 = 6; *(uint8_t*)0x200074f3 = 0; *(uint8_t*)0x200074f4 = 1; *(uint8_t*)0x200074f5 = 5; *(uint8_t*)0x200074f6 = 0x24; *(uint8_t*)0x200074f7 = 0; *(uint16_t*)0x200074f8 = 0xff80; *(uint8_t*)0x200074fa = 0xd; *(uint8_t*)0x200074fb = 0x24; *(uint8_t*)0x200074fc = 0xf; *(uint8_t*)0x200074fd = 1; *(uint32_t*)0x200074fe = 4; *(uint16_t*)0x20007502 = 0x3f; *(uint16_t*)0x20007504 = 0xa0; *(uint8_t*)0x20007506 = 0x81; *(uint8_t*)0x20007507 = 6; *(uint8_t*)0x20007508 = 0x24; *(uint8_t*)0x20007509 = 0x1a; *(uint16_t*)0x2000750a = 0x5118; *(uint8_t*)0x2000750c = 0x30; *(uint8_t*)0x2000750d = 0x15; *(uint8_t*)0x2000750e = 0x24; *(uint8_t*)0x2000750f = 0x12; *(uint16_t*)0x20007510 = 0x200; *(uint64_t*)0x20007512 = 0x14f5e048ba817a3; *(uint64_t*)0x2000751a = 0x2a397ecbffc007a6; *(uint8_t*)0x20007522 = 0xc; *(uint8_t*)0x20007523 = 0x24; *(uint8_t*)0x20007524 = 0x1b; *(uint16_t*)0x20007525 = 0x605; *(uint16_t*)0x20007527 = 0x3ff; *(uint8_t*)0x20007529 = 0x81; *(uint8_t*)0x2000752a = 4; *(uint16_t*)0x2000752b = 0xfffb; *(uint8_t*)0x2000752d = 2; *(uint8_t*)0x2000752e = 0x15; *(uint8_t*)0x2000752f = 0x24; *(uint8_t*)0x20007530 = 0x12; *(uint16_t*)0x20007531 = 0xb9; *(uint64_t*)0x20007533 = 0x14f5e048ba817a3; *(uint64_t*)0x2000753b = 0x2a397ecbffc007a6; *(uint8_t*)0x20007543 = 0xc; *(uint8_t*)0x20007544 = 0x24; *(uint8_t*)0x20007545 = 0x1b; *(uint16_t*)0x20007546 = 0x6e5; *(uint16_t*)0x20007548 = 0x200; *(uint8_t*)0x2000754a = 4; *(uint8_t*)0x2000754b = 0x6e; *(uint16_t*)0x2000754c = 0xce; *(uint8_t*)0x2000754e = 6; *(uint8_t*)0x2000754f = 0xc; *(uint8_t*)0x20007550 = 0x24; *(uint8_t*)0x20007551 = 0x1b; *(uint16_t*)0x20007552 = 0; *(uint16_t*)0x20007554 = 1; *(uint8_t*)0x20007556 = 2; *(uint8_t*)0x20007557 = 0x80; *(uint16_t*)0x20007558 = 6; *(uint8_t*)0x2000755a = 6; *(uint8_t*)0x2000755b = 9; *(uint8_t*)0x2000755c = 5; *(uint8_t*)0x2000755d = 3; *(uint8_t*)0x2000755e = 8; *(uint16_t*)0x2000755f = 0x10; *(uint8_t*)0x20007561 = 8; *(uint8_t*)0x20007562 = 1; *(uint8_t*)0x20007563 = 0x1f; *(uint8_t*)0x20007564 = 0xad; *(uint8_t*)0x20007565 = 2; memcpy((void*)0x20007566, "\xb0\x44\x85\x4e\xe1\x75\xc5\xf2\xbc\x2f\x67\x07\x5f\xf4\xfa\x04\x9f\x4d\xba\x9c\x23\x4b\xe8\xd4\x0e\x89\x5e\x8a\x2a\x79\x19\xb4\x8c\xc6\xc3\x04\x19\x01\x15\xe9\x93\x3e\xb1\xc9\x82\x42\x8c\x3a\x0d\x53\x36\x9e\xf7\x70\x92\xd6\x08\x1a\xa2\xbd\xf5\x46\x3d\xeb\x38\x45\x7f\x1d\x67\x44\xbb\x73\x4f\x03\xeb\xdf\x50\x76\x6b\x49\x53\x5c\x5e\xd1\xb3\x4b\x2e\x12\x85\x7c\x87\xbd\x89\xef\x45\x2a\x92\xeb\x07\x20\xb3\x9c\x06\xbc\x73\x67\xeb\x39\xfc\x6a\x1a\xf3\x7a\x88\x8f\xe0\x71\x01\x14\xe8\x78\x8d\xe4\xc8\x08\xbf\xd1\x19\x32\x6c\x6d\x2c\xf4\x94\x4b\x3a\x56\x89\xd0\x35\x93\x43\x6a\xa1\x07\x7e\xff\x8d\x2c\x94\xbd\x5d\xae\xbc\x9d\x86\xe5\xbb\xef\x65\x64\x04\x38\xb8\xc4\xfa\x73\xd8\x5c\xc7\xb2", 171); *(uint32_t*)0x20007840 = 0xa; *(uint32_t*)0x20007844 = 0x20007640; *(uint8_t*)0x20007640 = 0xa; *(uint8_t*)0x20007641 = 6; *(uint16_t*)0x20007642 = 0x110; *(uint8_t*)0x20007644 = 0x80; *(uint8_t*)0x20007645 = 9; *(uint8_t*)0x20007646 = 1; *(uint8_t*)0x20007647 = 0x10; *(uint8_t*)0x20007648 = 4; *(uint8_t*)0x20007649 = 0; *(uint32_t*)0x20007848 = 0x64; *(uint32_t*)0x2000784c = 0x20007680; *(uint8_t*)0x20007680 = 5; *(uint8_t*)0x20007681 = 0xf; *(uint16_t*)0x20007682 = 0x64; *(uint8_t*)0x20007684 = 6; *(uint8_t*)0x20007685 = 0x14; *(uint8_t*)0x20007686 = 0x10; *(uint8_t*)0x20007687 = 0xa; *(uint8_t*)0x20007688 = 0; STORE_BY_BITMASK(uint32_t, , 0x20007689, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20007689, 0, 5, 27); *(uint16_t*)0x2000768d = 0xf00; *(uint16_t*)0x2000768f = 4; *(uint32_t*)0x20007691 = 0xff0000; *(uint32_t*)0x20007695 = 0xc0; *(uint8_t*)0x20007699 = 0xa; *(uint8_t*)0x2000769a = 0x10; *(uint8_t*)0x2000769b = 3; *(uint8_t*)0x2000769c = 0; *(uint16_t*)0x2000769d = 1; *(uint8_t*)0x2000769f = 0; *(uint8_t*)0x200076a0 = 0x1f; *(uint16_t*)0x200076a1 = 9; *(uint8_t*)0x200076a3 = 0x20; *(uint8_t*)0x200076a4 = 0x10; *(uint8_t*)0x200076a5 = 0xa; *(uint8_t*)0x200076a6 = 0x81; STORE_BY_BITMASK(uint32_t, , 0x200076a7, 5, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x200076a7, 7, 5, 27); *(uint16_t*)0x200076ab = 0; *(uint16_t*)0x200076ad = 0x80; *(uint32_t*)0x200076af = 0; *(uint32_t*)0x200076b3 = 0x3f00; *(uint32_t*)0x200076b7 = 0; *(uint32_t*)0x200076bb = 0xc000; *(uint32_t*)0x200076bf = 0xffc0; *(uint8_t*)0x200076c3 = 3; *(uint8_t*)0x200076c4 = 0x10; *(uint8_t*)0x200076c5 = 0xb; *(uint8_t*)0x200076c6 = 0xa; *(uint8_t*)0x200076c7 = 0x10; *(uint8_t*)0x200076c8 = 3; *(uint8_t*)0x200076c9 = 2; *(uint16_t*)0x200076ca = 0xa; *(uint8_t*)0x200076cc = 0x80; *(uint8_t*)0x200076cd = 1; *(uint16_t*)0x200076ce = 0xf07a; *(uint8_t*)0x200076d0 = 0x14; *(uint8_t*)0x200076d1 = 0x10; *(uint8_t*)0x200076d2 = 4; *(uint8_t*)0x200076d3 = 1; memcpy((void*)0x200076d4, "\x16\xfa\x0c\xbc\xaf\x6e\x45\xfe\xf8\x91\x0f\xb5\x97\xfe\xa0\xeb", 16); *(uint32_t*)0x20007850 = 3; *(uint32_t*)0x20007854 = 0x9e; *(uint32_t*)0x20007858 = 0x20007700; *(uint8_t*)0x20007700 = 0x9e; *(uint8_t*)0x20007701 = 3; memcpy((void*)0x20007702, "\x34\x30\x1c\x3d\x32\xd7\xde\xf4\x67\x07\xec\x19\xf9\xc0\x6b\xbe\xea\x89\x88\x49\xd5\x69\x18\xf2\xd0\xf1\x0b\x7b\x72\x8f\x8d\x23\x2d\xe4\xe1\x22\x3c\xe4\x2f\x7d\x08\x67\x83\xba\x31\x0b\xaa\x68\xa2\x2d\x8a\xcf\xba\x4d\x52\x37\x5a\x16\xda\xca\xc7\x76\x1a\x3c\x95\x20\x92\x9d\x62\x39\xc1\x59\xe1\xda\x18\xcf\xc7\x80\xe3\xba\xe0\xa1\xe4\x74\x40\xbb\x15\xf6\xb6\x2f\x2b\x0e\xd3\x1f\x5c\xf2\x20\x7d\x40\x6b\xf7\x1d\xd3\x0a\x08\x9d\xbd\x71\x99\xbb\xb2\x1b\xfe\xbc\x4e\x35\x5e\xb5\x68\x02\xd9\x54\x25\x1c\xa9\x27\xdd\x11\x05\x1e\x83\xad\x0b\xf0\x91\x42\xb2\x53\x2b\xe8\xb2\x94\x46\x4a\x27\xa0\x75\xc4\xcc\xca\xe1\x91\xca\x85\x10\x49", 156); *(uint32_t*)0x2000785c = 0x15; *(uint32_t*)0x20007860 = 0x200077c0; *(uint8_t*)0x200077c0 = 0x15; *(uint8_t*)0x200077c1 = 3; memcpy((void*)0x200077c2, "\xee\xb2\x63\xc0\x0c\xe5\x8f\x49\x0a\x96\x56\x1b\x62\x60\x8f\xa1\x65\x52\x05", 19); *(uint32_t*)0x20007864 = 4; *(uint32_t*)0x20007868 = 0x20007800; *(uint8_t*)0x20007800 = 4; *(uint8_t*)0x20007801 = 3; *(uint16_t*)0x20007802 = 0x3416; res = -1; res = syz_usb_connect(4, 0xe11, 0x20006800, 0x20007840); if (res != -1) r[21] = res; break; case 44: *(uint8_t*)0x20007880 = 0x12; *(uint8_t*)0x20007881 = 1; *(uint16_t*)0x20007882 = 0x200; *(uint8_t*)0x20007884 = -1; *(uint8_t*)0x20007885 = -1; *(uint8_t*)0x20007886 = -1; *(uint8_t*)0x20007887 = 0x40; *(uint16_t*)0x20007888 = 0xcf3; *(uint16_t*)0x2000788a = 0x9271; *(uint16_t*)0x2000788c = 0x108; *(uint8_t*)0x2000788e = 1; *(uint8_t*)0x2000788f = 2; *(uint8_t*)0x20007890 = 3; *(uint8_t*)0x20007891 = 1; *(uint8_t*)0x20007892 = 9; *(uint8_t*)0x20007893 = 2; *(uint16_t*)0x20007894 = 0x48; *(uint8_t*)0x20007896 = 1; *(uint8_t*)0x20007897 = 1; *(uint8_t*)0x20007898 = 0; *(uint8_t*)0x20007899 = 0x80; *(uint8_t*)0x2000789a = 0xfa; *(uint8_t*)0x2000789b = 9; *(uint8_t*)0x2000789c = 4; *(uint8_t*)0x2000789d = 0; *(uint8_t*)0x2000789e = 0; *(uint8_t*)0x2000789f = 6; *(uint8_t*)0x200078a0 = -1; *(uint8_t*)0x200078a1 = 0; *(uint8_t*)0x200078a2 = 0; *(uint8_t*)0x200078a3 = 0; *(uint8_t*)0x200078a4 = 9; *(uint8_t*)0x200078a5 = 5; *(uint8_t*)0x200078a6 = 1; *(uint8_t*)0x200078a7 = 2; *(uint16_t*)0x200078a8 = 0x200; *(uint8_t*)0x200078aa = 0; *(uint8_t*)0x200078ab = 0; *(uint8_t*)0x200078ac = 0; *(uint8_t*)0x200078ad = 9; *(uint8_t*)0x200078ae = 5; *(uint8_t*)0x200078af = 0x82; *(uint8_t*)0x200078b0 = 2; *(uint16_t*)0x200078b1 = 0x200; *(uint8_t*)0x200078b3 = 0; *(uint8_t*)0x200078b4 = 0; *(uint8_t*)0x200078b5 = 0; *(uint8_t*)0x200078b6 = 9; *(uint8_t*)0x200078b7 = 5; *(uint8_t*)0x200078b8 = 0x83; *(uint8_t*)0x200078b9 = 3; *(uint16_t*)0x200078ba = 0x40; *(uint8_t*)0x200078bc = 1; *(uint8_t*)0x200078bd = 0; *(uint8_t*)0x200078be = 0; *(uint8_t*)0x200078bf = 9; *(uint8_t*)0x200078c0 = 5; *(uint8_t*)0x200078c1 = 4; *(uint8_t*)0x200078c2 = 3; *(uint16_t*)0x200078c3 = 0x40; *(uint8_t*)0x200078c5 = 1; *(uint8_t*)0x200078c6 = 0; *(uint8_t*)0x200078c7 = 0; *(uint8_t*)0x200078c8 = 9; *(uint8_t*)0x200078c9 = 5; *(uint8_t*)0x200078ca = 5; *(uint8_t*)0x200078cb = 2; *(uint16_t*)0x200078cc = 0x200; *(uint8_t*)0x200078ce = 0; *(uint8_t*)0x200078cf = 0; *(uint8_t*)0x200078d0 = 0; *(uint8_t*)0x200078d1 = 9; *(uint8_t*)0x200078d2 = 5; *(uint8_t*)0x200078d3 = 6; *(uint8_t*)0x200078d4 = 2; *(uint16_t*)0x200078d5 = 0x200; *(uint8_t*)0x200078d7 = 0; *(uint8_t*)0x200078d8 = 0; *(uint8_t*)0x200078d9 = 0; res = -1; res = syz_usb_connect_ath9k(3, 0x5a, 0x20007880, 0); if (res != -1) r[22] = res; break; case 45: *(uint32_t*)0x20007b00 = 0x18; *(uint32_t*)0x20007b04 = 0x20007900; *(uint8_t*)0x20007900 = 0x20; *(uint8_t*)0x20007901 = 0x21; *(uint32_t*)0x20007902 = 0x9a; *(uint8_t*)0x20007906 = 0x9a; *(uint8_t*)0x20007907 = 5; memcpy((void*)0x20007908, "\x0a\x16\x8b\x3c\x55\x88\x8f\x31\xc9\x26\xba\x29\x32\xa9\xd1\x37\xd8\xb1\x9a\xc2\x17\xf0\xd2\x22\xe0\x93\x82\x4f\x4b\x30\xec\x9e\x71\xc2\x63\x4e\xe0\xfb\x8f\xc2\x24\xad\xde\xfd\xba\x18\xc2\x2f\x1b\x78\xc6\xb4\x65\x11\x4b\xd2\x24\xc2\xaf\x0a\x37\x95\x37\xea\xe8\x7e\x76\xeb\xd9\x1d\x16\x06\x3f\x2e\xcc\xaf\xd3\x00\x90\x93\x6a\xfa\x29\xeb\xaa\xcd\x35\x08\x2c\xa5\xb7\xa2\xb7\x21\x5d\x54\xc7\x25\x55\x36\xc7\x7b\xd8\xdf\xb3\x4b\xf4\x0e\xc7\x57\x50\x83\x54\x8d\x95\xc5\x67\x77\x3c\xba\xc1\x87\xae\xaa\xf9\x8a\xfe\x5f\x50\x6e\x96\x09\x48\xb7\x5e\x62\xe2\x6a\x16\x57\x25\x84\x1b\x5b\x0c\x64\x36\x4a\x8f\x09\x09\x80", 152); *(uint32_t*)0x20007b08 = 0x200079c0; *(uint8_t*)0x200079c0 = 0; *(uint8_t*)0x200079c1 = 3; *(uint32_t*)0x200079c2 = 0x6e; *(uint8_t*)0x200079c6 = 0x6e; *(uint8_t*)0x200079c7 = 3; memcpy((void*)0x200079c8, "\xb5\xd2\x6a\xf6\x3c\x75\x39\x26\x99\xac\x83\xeb\x6a\xfa\x75\xb9\x21\xd7\x7e\x3f\xcf\x43\xef\x5e\x91\x9d\xf9\xbd\xca\x82\x84\x0c\xaf\x4c\xdf\x52\xbb\x7a\x8a\x23\x93\xa8\xb1\xa2\xa1\xb1\x7f\xc9\xfa\x42\x01\x35\x69\xea\xee\xac\xe8\xc9\x77\xcc\xd3\x08\xe3\x02\x6e\xc1\x28\x87\xb9\xb8\x82\xe4\x06\x8a\xdf\xe6\x9e\x7d\x2e\x10\x48\xa4\x52\x7a\xc6\xea\xb1\x62\xbc\x67\x00\x76\x48\xca\x3d\x0f\x3d\x8c\xeb\x3a\xe6\xff\x58\x09\x38\x04\x65\x4f", 108); *(uint32_t*)0x20007b0c = 0x20007a40; *(uint8_t*)0x20007a40 = 0; *(uint8_t*)0x20007a41 = 0xf; *(uint32_t*)0x20007a42 = 5; *(uint8_t*)0x20007a46 = 5; *(uint8_t*)0x20007a47 = 0xf; *(uint16_t*)0x20007a48 = 5; *(uint8_t*)0x20007a4a = 0; *(uint32_t*)0x20007b10 = 0x20007a80; *(uint8_t*)0x20007a80 = 0x20; *(uint8_t*)0x20007a81 = 0x29; *(uint32_t*)0x20007a82 = 0xf; *(uint8_t*)0x20007a86 = 0xf; *(uint8_t*)0x20007a87 = 0x29; *(uint8_t*)0x20007a88 = 0x80; *(uint16_t*)0x20007a89 = 4; *(uint8_t*)0x20007a8b = 8; *(uint8_t*)0x20007a8c = 2; memcpy((void*)0x20007a8d, "\x01\x8a\x11\xac", 4); memcpy((void*)0x20007a91, "\x98\x3b\x66\xd4", 4); *(uint32_t*)0x20007b14 = 0x20007ac0; *(uint8_t*)0x20007ac0 = 0x20; *(uint8_t*)0x20007ac1 = 0x2a; *(uint32_t*)0x20007ac2 = 0xc; *(uint8_t*)0x20007ac6 = 0xc; *(uint8_t*)0x20007ac7 = 0x2a; *(uint8_t*)0x20007ac8 = 3; *(uint16_t*)0x20007ac9 = 0x10; *(uint8_t*)0x20007acb = 0x20; *(uint8_t*)0x20007acc = 0x1f; *(uint8_t*)0x20007acd = 0x81; *(uint16_t*)0x20007ace = 8; *(uint16_t*)0x20007ad0 = 0; *(uint32_t*)0x20007f40 = 0x44; *(uint32_t*)0x20007f44 = 0x20007b40; *(uint8_t*)0x20007b40 = 0x20; *(uint8_t*)0x20007b41 = 9; *(uint32_t*)0x20007b42 = 0x10; memcpy((void*)0x20007b46, "\xce\xc6\x41\xd8\x1e\x53\xb2\xba\x4e\x01\xec\x10\x75\x8c\x40\xaa", 16); *(uint32_t*)0x20007f48 = 0x20007b80; *(uint8_t*)0x20007b80 = 0; *(uint8_t*)0x20007b81 = 0xa; *(uint32_t*)0x20007b82 = 1; *(uint8_t*)0x20007b86 = 8; *(uint32_t*)0x20007f4c = 0x20007bc0; *(uint8_t*)0x20007bc0 = 0; *(uint8_t*)0x20007bc1 = 8; *(uint32_t*)0x20007bc2 = 1; *(uint8_t*)0x20007bc6 = 0x1f; *(uint32_t*)0x20007f50 = 0x20007c00; *(uint8_t*)0x20007c00 = 0x20; *(uint8_t*)0x20007c01 = 0; *(uint32_t*)0x20007c02 = 4; *(uint16_t*)0x20007c06 = 1; *(uint16_t*)0x20007c08 = 2; *(uint32_t*)0x20007f54 = 0x20007c40; *(uint8_t*)0x20007c40 = 0x20; *(uint8_t*)0x20007c41 = 0; *(uint32_t*)0x20007c42 = 4; *(uint16_t*)0x20007c46 = 0x200; *(uint16_t*)0x20007c48 = 0x40; *(uint32_t*)0x20007f58 = 0x20007c80; *(uint8_t*)0x20007c80 = 0x40; *(uint8_t*)0x20007c81 = 7; *(uint32_t*)0x20007c82 = 2; *(uint16_t*)0x20007c86 = 9; *(uint32_t*)0x20007f5c = 0x20007cc0; *(uint8_t*)0x20007cc0 = 0x40; *(uint8_t*)0x20007cc1 = 9; *(uint32_t*)0x20007cc2 = 1; *(uint8_t*)0x20007cc6 = 0x12; *(uint32_t*)0x20007f60 = 0x20007d00; *(uint8_t*)0x20007d00 = 0x40; *(uint8_t*)0x20007d01 = 0xb; *(uint32_t*)0x20007d02 = 2; memcpy((void*)0x20007d06, "\xd8\x47", 2); *(uint32_t*)0x20007f64 = 0x20007d40; *(uint8_t*)0x20007d40 = 0x40; *(uint8_t*)0x20007d41 = 0xf; *(uint32_t*)0x20007d42 = 2; *(uint16_t*)0x20007d46 = 0x676; *(uint32_t*)0x20007f68 = 0x20007d80; *(uint8_t*)0x20007d80 = 0x40; *(uint8_t*)0x20007d81 = 0x13; *(uint32_t*)0x20007d82 = 6; *(uint8_t*)0x20007d86 = 0xaa; *(uint8_t*)0x20007d87 = 0xaa; *(uint8_t*)0x20007d88 = 0xaa; *(uint8_t*)0x20007d89 = 0xaa; *(uint8_t*)0x20007d8a = 0xaa; *(uint8_t*)0x20007d8b = 0xbb; *(uint32_t*)0x20007f6c = 0x20007dc0; *(uint8_t*)0x20007dc0 = 0x40; *(uint8_t*)0x20007dc1 = 0x17; *(uint32_t*)0x20007dc2 = 6; *(uint8_t*)0x20007dc6 = 1; *(uint8_t*)0x20007dc7 = 0x80; *(uint8_t*)0x20007dc8 = 0xc2; *(uint8_t*)0x20007dc9 = 0; *(uint8_t*)0x20007dca = 0; *(uint8_t*)0x20007dcb = 0; *(uint32_t*)0x20007f70 = 0x20007e00; *(uint8_t*)0x20007e00 = 0x40; *(uint8_t*)0x20007e01 = 0x19; *(uint32_t*)0x20007e02 = 2; memcpy((void*)0x20007e06, "aB", 2); *(uint32_t*)0x20007f74 = 0x20007e40; *(uint8_t*)0x20007e40 = 0x40; *(uint8_t*)0x20007e41 = 0x1a; *(uint32_t*)0x20007e42 = 2; *(uint16_t*)0x20007e46 = 4; *(uint32_t*)0x20007f78 = 0x20007e80; *(uint8_t*)0x20007e80 = 0x40; *(uint8_t*)0x20007e81 = 0x1c; *(uint32_t*)0x20007e82 = 1; *(uint8_t*)0x20007e86 = 0x70; *(uint32_t*)0x20007f7c = 0x20007ec0; *(uint8_t*)0x20007ec0 = 0x40; *(uint8_t*)0x20007ec1 = 0x1e; *(uint32_t*)0x20007ec2 = 1; *(uint8_t*)0x20007ec6 = 9; *(uint32_t*)0x20007f80 = 0x20007f00; *(uint8_t*)0x20007f00 = 0x40; *(uint8_t*)0x20007f01 = 0x21; *(uint32_t*)0x20007f02 = 1; *(uint8_t*)0x20007f06 = 0; syz_usb_control_io(r[22], 0x20007b00, 0x20007f40); break; case 46: syz_usb_disconnect(r[21]); break; case 47: syz_usb_ep_read(r[21], 0x20, 0x53, 0x20007fc0); break; case 48: *(uint8_t*)0x20008040 = 0x12; *(uint8_t*)0x20008041 = 1; *(uint16_t*)0x20008042 = 0x250; *(uint8_t*)0x20008044 = 0; *(uint8_t*)0x20008045 = 0; *(uint8_t*)0x20008046 = 0; *(uint8_t*)0x20008047 = 8; *(uint16_t*)0x20008048 = 0x1130; *(uint16_t*)0x2000804a = 0x3101; *(uint16_t*)0x2000804c = 0x40; *(uint8_t*)0x2000804e = 1; *(uint8_t*)0x2000804f = 2; *(uint8_t*)0x20008050 = 3; *(uint8_t*)0x20008051 = 1; *(uint8_t*)0x20008052 = 9; *(uint8_t*)0x20008053 = 2; *(uint16_t*)0x20008054 = 0x2d; *(uint8_t*)0x20008056 = 1; *(uint8_t*)0x20008057 = 1; *(uint8_t*)0x20008058 = 1; *(uint8_t*)0x20008059 = 0; *(uint8_t*)0x2000805a = 0x20; *(uint8_t*)0x2000805b = 9; *(uint8_t*)0x2000805c = 4; *(uint8_t*)0x2000805d = 0; *(uint8_t*)0x2000805e = 8; *(uint8_t*)0x2000805f = 1; *(uint8_t*)0x20008060 = 3; *(uint8_t*)0x20008061 = 1; *(uint8_t*)0x20008062 = 2; *(uint8_t*)0x20008063 = 1; *(uint8_t*)0x20008064 = 9; *(uint8_t*)0x20008065 = 0x21; *(uint16_t*)0x20008066 = 0x3ff; *(uint8_t*)0x20008068 = 2; *(uint8_t*)0x20008069 = 1; *(uint8_t*)0x2000806a = 0x22; *(uint16_t*)0x2000806b = 0xc2c; *(uint8_t*)0x2000806d = 9; *(uint8_t*)0x2000806e = 5; *(uint8_t*)0x2000806f = 0x81; *(uint8_t*)0x20008070 = 3; *(uint16_t*)0x20008071 = 0x200; *(uint8_t*)0x20008073 = 4; *(uint8_t*)0x20008074 = 0; *(uint8_t*)0x20008075 = 9; *(uint8_t*)0x20008076 = 9; *(uint8_t*)0x20008077 = 5; *(uint8_t*)0x20008078 = 2; *(uint8_t*)0x20008079 = 3; *(uint16_t*)0x2000807a = 8; *(uint8_t*)0x2000807c = 1; *(uint8_t*)0x2000807d = 0xfa; *(uint8_t*)0x2000807e = 0; *(uint32_t*)0x200084c0 = 0xa; *(uint32_t*)0x200084c4 = 0x20008080; *(uint8_t*)0x20008080 = 0xa; *(uint8_t*)0x20008081 = 6; *(uint16_t*)0x20008082 = 0; *(uint8_t*)0x20008084 = 0x11; *(uint8_t*)0x20008085 = 0xf2; *(uint8_t*)0x20008086 = 0x20; *(uint8_t*)0x20008087 = 0xbf; *(uint8_t*)0x20008088 = 0xe3; *(uint8_t*)0x20008089 = 0; *(uint32_t*)0x200084c8 = 0x35; *(uint32_t*)0x200084cc = 0x200080c0; *(uint8_t*)0x200080c0 = 5; *(uint8_t*)0x200080c1 = 0xf; *(uint16_t*)0x200080c2 = 0x35; *(uint8_t*)0x200080c4 = 5; *(uint8_t*)0x200080c5 = 3; *(uint8_t*)0x200080c6 = 0x10; *(uint8_t*)0x200080c7 = 0xb; *(uint8_t*)0x200080c8 = 0x14; *(uint8_t*)0x200080c9 = 0x10; *(uint8_t*)0x200080ca = 4; *(uint8_t*)0x200080cb = 3; memcpy((void*)0x200080cc, "\x81\xb3\xe8\x31\xd0\x5d\x61\x72\x4e\x7e\xfe\x59\xe3\xeb\x35\xa8", 16); *(uint8_t*)0x200080dc = 3; *(uint8_t*)0x200080dd = 0x10; *(uint8_t*)0x200080de = 0xb; *(uint8_t*)0x200080df = 0xb; *(uint8_t*)0x200080e0 = 0x10; *(uint8_t*)0x200080e1 = 1; *(uint8_t*)0x200080e2 = 4; *(uint16_t*)0x200080e3 = 0x20; *(uint8_t*)0x200080e5 = 9; *(uint8_t*)0x200080e6 = 5; *(uint16_t*)0x200080e7 = 0x232; *(uint8_t*)0x200080e9 = 1; *(uint8_t*)0x200080ea = 0xb; *(uint8_t*)0x200080eb = 0x10; *(uint8_t*)0x200080ec = 1; *(uint8_t*)0x200080ed = 6; *(uint16_t*)0x200080ee = 0x40; *(uint8_t*)0x200080f0 = 0x3f; *(uint8_t*)0x200080f1 = 1; *(uint16_t*)0x200080f2 = 0x1000; *(uint8_t*)0x200080f4 = 0x95; *(uint32_t*)0x200084d0 = 0xa; *(uint32_t*)0x200084d4 = 4; *(uint32_t*)0x200084d8 = 0x20008100; *(uint8_t*)0x20008100 = 4; *(uint8_t*)0x20008101 = 3; *(uint16_t*)0x20008102 = 0x437; *(uint32_t*)0x200084dc = 0x94; *(uint32_t*)0x200084e0 = 0x20008140; *(uint8_t*)0x20008140 = 0x94; *(uint8_t*)0x20008141 = 3; memcpy((void*)0x20008142, "\x0a\x2b\x55\xe2\x4c\x1e\x43\x9b\x99\xc4\xa7\xb6\xb7\x8a\x9e\x11\x99\xaf\x0f\xe5\xc7\x7d\x11\x9c\xaa\x1a\x26\x2a\x23\x23\xee\x85\xd4\x4c\xe5\x3c\xbc\x4f\x5b\xbf\x33\x95\xb8\xfc\x42\x68\x91\xdd\x21\xc2\xf6\x97\x20\xe4\x9d\x0f\xad\xd0\x34\xca\x35\x34\xb4\xf5\x2d\xf6\x84\x0f\x02\x75\x70\x5c\x82\x69\xc7\xe7\xfe\x3b\x1f\xeb\x95\x16\xea\xc7\xe5\x87\xde\x92\xb8\x90\x29\x30\x49\x14\xa6\x7f\x5b\xcc\x9f\x23\xf6\x09\x72\xb1\xc0\x3c\x7e\x6d\xd6\x49\x58\x7e\xc7\x80\xe8\x16\xd8\x65\x78\x1d\x19\xc1\x77\x76\x71\x41\x21\xe8\x7c\x91\x73\xfd\x96\xdb\xf3\xbd\xeb\x4b\x5f\x7e\x01\x2b\xb8\x27\x9f\x38", 146); *(uint32_t*)0x200084e4 = 0x44; *(uint32_t*)0x200084e8 = 0x20008200; *(uint8_t*)0x20008200 = 0x44; *(uint8_t*)0x20008201 = 3; memcpy((void*)0x20008202, "\x13\x5e\xa6\x24\x3a\x34\x97\xb7\xeb\x5c\x6f\x4b\xa0\xc3\x8c\x06\x84\x82\x17\xb0\x74\x3b\x8e\x74\xe6\x24\x95\xdd\xd2\x93\xaa\x49\xf0\xd2\x6f\x1b\x86\xbc\xde\x62\x55\x3a\x7e\x58\x7a\xef\x8c\x1e\xf0\xd8\xc1\x2b\xa3\xde\xc7\x57\x6f\x9e\x3e\x4f\x42\xec\xb1\xa1\x75\xca", 66); *(uint32_t*)0x200084ec = 4; *(uint32_t*)0x200084f0 = 0x20008280; *(uint8_t*)0x20008280 = 4; *(uint8_t*)0x20008281 = 3; *(uint16_t*)0x20008282 = 0x2c0a; *(uint32_t*)0x200084f4 = 4; *(uint32_t*)0x200084f8 = 0x200082c0; *(uint8_t*)0x200082c0 = 4; *(uint8_t*)0x200082c1 = 3; *(uint16_t*)0x200082c2 = 0x44b; *(uint32_t*)0x200084fc = 0x31; *(uint32_t*)0x20008500 = 0x20008300; *(uint8_t*)0x20008300 = 0x31; *(uint8_t*)0x20008301 = 3; memcpy((void*)0x20008302, "\x82\xc7\x02\x29\x05\x30\x20\xa3\x24\xb9\x8d\x14\xd5\x7b\x17\xa9\xb3\x44\x0c\x05\x1f\x56\xe3\xed\xd2\xf4\x96\x7b\xa5\x6e\x07\x5a\xa6\xf9\x88\x06\x3d\xe0\x7f\x08\xad\x93\xea\x70\x9b\xa6\x13", 47); *(uint32_t*)0x20008504 = 4; *(uint32_t*)0x20008508 = 0x20008340; *(uint8_t*)0x20008340 = 4; *(uint8_t*)0x20008341 = 3; *(uint16_t*)0x20008342 = 0x423; *(uint32_t*)0x2000850c = 4; *(uint32_t*)0x20008510 = 0x20008380; *(uint8_t*)0x20008380 = 4; *(uint8_t*)0x20008381 = 3; *(uint16_t*)0x20008382 = 0x430; *(uint32_t*)0x20008514 = 0x2c; *(uint32_t*)0x20008518 = 0x200083c0; *(uint8_t*)0x200083c0 = 0x2c; *(uint8_t*)0x200083c1 = 3; memcpy((void*)0x200083c2, "\xcd\x51\x8b\x3d\x76\xf8\x28\xb8\xd2\xd9\x8e\x57\x99\xa8\x29\x49\x6a\xf1\x48\x34\xd2\x49\xdc\x1c\xca\x0a\x1e\xcc\x5e\x98\x7c\x00\x8e\x50\xa3\xde\x8f\x93\x6a\xbd\x87\x28", 42); *(uint32_t*)0x2000851c = 0xa8; *(uint32_t*)0x20008520 = 0x20008400; *(uint8_t*)0x20008400 = 0xa8; *(uint8_t*)0x20008401 = 3; memcpy((void*)0x20008402, "\x95\x7f\xa0\x06\x47\xda\x8d\xf8\x45\x74\x7d\xea\xd5\x48\x2f\x41\x16\xe0\x44\x3b\xcb\x7b\x30\x3c\x0f\xcf\x35\xfc\xd1\x36\x7d\x8a\xd5\xe0\x69\xd0\xa3\x21\x76\x22\xe4\xdb\xe2\x01\x85\x55\xe1\x50\x6d\xad\xe1\xed\x57\x30\x8b\x80\x51\xad\xe8\x15\xe9\x25\x58\x1f\x82\xd3\xf3\xc5\xfe\x1d\xf8\x07\x02\xd0\x2c\x90\x74\xce\x05\x2e\x54\x2c\xf5\xcb\xc1\x0a\x22\xa0\x97\x65\xcb\x02\xc8\x7c\x14\xaa\x57\xb1\x92\xf9\x78\xea\x1a\x60\x02\xb1\x47\x60\x12\xc8\x8c\x87\x4e\x1b\x1c\xb7\xfc\x70\x93\x53\x16\xd3\x43\x00\xdd\xae\x42\x0a\x78\xe2\xe5\x3e\xb5\x30\x02\xf3\xb0\x3c\x9c\xd2\x75\x4b\x8c\xf0\x2f\x98\x41\xf8\xfb\x0e\x16\x8d\xc4\xe0\x0e\xea\x01\x4b\x30\xfe\x68\xa7\x00\xc6\x5c\x0c", 166); res = -1; res = syz_usb_connect(4, 0x3f, 0x20008040, 0x200084c0); if (res != -1) r[23] = res; break; case 49: memcpy((void*)0x20008540, "\x43\x4d\x22\xb9\x8f\x25\x94\x64\x3d", 9); syz_usb_ep_write(r[23], 9, 9, 0x20008540); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } : In function ‘syz_io_uring_setup’: :246:33: error: ‘__NR_io_uring_setup’ undeclared (first use in this function) :246:33: note: each undeclared identifier is reported only once for each function it appears in compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor294503323 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -static -Wno-overflow] --- FAIL: TestGenerate/linux/386/7 (0.25s) csource_test.go:122: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox: Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x404800, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}]}, 0x1c}}, 0x8010) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x20000024) r2 = openat$nmem0(0xffffff9c, &(0x7f00000001c0)='/dev/nmem0\x00', 0x185001, 0x0) write$smackfs_change_rule(r2, &(0x7f0000000200)={'', 0x20, '/dev/vcsa\x00', 0x20, 'rwl', 0x20, 'xb'}, 0x13) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lchown(&(0x7f0000000240)='./file0\x00', r3, r4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000002380)) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000000)='bpf_lsm_post_notification\x00') syz_emit_ethernet(0x1e, &(0x7f0000000040)={@remote, @dev={[], 0x18}, @void, {@can={0xc, {{0x0, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "03084e275009633c"}}}}, &(0x7f0000000080)={0x0, 0x2, [0x3ca, 0x523, 0x65, 0x6d6]}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x41}, 0x2) syz_execute_func(&(0x7f0000000100)="c4c19d748fe2000000670faef7656536f0fe8b000001002e0ffe5cf59bc4c131f5641500c4e28d04c8c4e14fc29c653fb1000044c4c2153916c4e1485c9fae000000d397fd334620") syz_extract_tcp_res(&(0x7f0000000180), 0xffff, 0x625) r5 = openat$selinux_enforce(0xffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x400, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004540)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000004640)=0xe4) statx(0xffffffffffffffff, &(0x7f0000004680)='./file0\x00', 0x0, 0x7ff, &(0x7f00000046c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getuid() fstat(0xffffffffffffffff, &(0x7f0000004840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000004a40)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@private0}}, &(0x7f0000004b40)=0xe4) getgroups(0x4, &(0x7f0000004b80)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) statx(0xffffffffffffffff, &(0x7f0000004cc0)='./file0\x00', 0x4000, 0x400, &(0x7f0000004d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getgid() syz_fuse_handle_req(r5, &(0x7f0000000200)="ada83014eb2c80fe20e6d88cac3db00064a12f3f75acf4c11fa52977131d64ee5d2703728bba8197da613cf62c27cfab696d25f68af7b1f7f0abecb2258ec83fb6118691fe81b5a18262b04f795336252c7d97423bbde288aa009239e91241e8d7de4cb0407aff091e5266c92c4d61f4c7d8b7cfa4311d863bc02a2b5e38b3a6b0b4b9f69afb5d9b76beacc67bd544fd6322e342f331a86c9f3be93ce7248d0660be5dcff2e4787d2bb0f9552395e0c70558d8bafc83499d631a1c56f2fe66fd11144fa8d34c00c9cdc8ec25275f8faa85eea5c0652f449425b82cb6e9eca36af224484b9c72e815ad9937888533d94f0683b2e474e104a24ba68391fd8c468e491d1f5b409d9b79cece7830555956fa5d3152b01aeb5afd1afc32a10b4ebb90931c5329792503cf22cd5bff4fe32d4f8d7914e2c1628bda9e62205889e5c155fcb5bf7ef5559426d7df528a270fa16e97d61cb385ba86c48afad5dda07b0fec9a4312ff4a57441e36e014c051e7ae305c0253595dbefab545984f69d17a75b2fd2a15d1107f6cd50c0dd469f61ad7d7cf5e05b3aa58eada6e7b57e45784f60440216cf76436e4eb9b21a90779c4c838a3f235a47f860272e74576f36de7af63f2b4309d6da3a5809045807e1233622785ef139187af2208b0ae7c0dd082008f5a2e36fee9789377a21b30c771bde3ab08eb5ffe29902e8c80b33b38832daddae70a0d9e16e06a6cab04402c70c72662dbdeb954467f7b8fff128c4b7a3e645f215fa64d57e6776a3a4206cc85eaa1698c404eada828c450d0f53767abc23e466b777add8a347820d75bc40194ee490ec76f707452a8722fa89c1def43a0e04f16c8eb07e006b8a7ab6387821a507b738dc98287ac3f1863c3605827deb6d50b575f75df14de56d517828f7c91a125df2023209fc8c1765d81f8c0faf7bf598ee856ef043560f96d3d1fcad0388da92281d864a7b546bf8feb2d5b9219baaca016f0a2751f7f8f20c44e0fa240cfdc763ca984d5cf8b2ae041bb71dfb6c5d912db3ee6ae8ce44a98c65c74f7e3147f63b13e712a3091e532b38b5818ecffc4446a65bb52e2a20e593d7a095ece64f5b233bfc40a215f7ecd86c85a332ad6c538772b878ca146494958ec38b4aa09e8ea4dc61f0b7c9b7b9c2367f9efb92855948ed48bea1f903e72e9077ebc9b851145ca1d5cefbf8ed6c3c75aedc28edb7c932be6cab011ed2140fe20cc72499a9b3d80697805f33a04d3a4dd0492d0d5e00f90e1f2fcadaf0e3b311f5fa70b0b0663846b4236429fb9f43838da196152f72294e0a116f55de84d3dd383e709992df164040975bebc25846813fc6b4b477a446594d7aefffa65f57000eead79c8ea09a26a4a00341935d5b914b8e01db581daa0517a94543c6136ee162567f98e9ca971e1f2910677bfb9141d41cb7bd918c0851e36d661147c80545c93d1dcb53768369f0a3bd8e514f69fb46d76457dc8e867645d32adc6e00e1307466d668dfd4a278abc0e3cc34ef9f7d4fa0936ab99431984c5088410131eb8532f6aad9dd45e80eed3b57b4d1dbf26244001ea4960f84fd7bc72cf29fa82c807865d89b43d5871e53b10308d7d21538a6c47b1adf9bd9d26b6cfec6aa53e15aaaa8a7d723f6d4fde8f9b247200de3168860a6a495271dbff49cc6bbbc09050fc396f07ab60be910454f4be678d90e95ac3c688eae844b9500ce97b7763d0e7ef9517bcc7bb080de81c84ed175e2855c827cc634fd34268184a5ede8aef4c58499049824294a1fdc1f04355ca99e22fae101d27531d85ff61e628f100e4fcd8dfed795925fb9a98e9c6eb1c20a468adb0efad8b89554e58d9142aba6805d944ae57ad4521f40491eb392cbdd8a721ca84e7fd323fa0d9890e3949f3875c15566cccdd1db60f4a818baef5996942c6aa106b1b6a71e13ec43b40b65789a75b392f830e65e0fc93b713e1ded24ef7814a233ab1334eedb483f971dc5779d6d50d8c3f165199984684bc32336b6807c8a50f9a64b2d306ce41dac8ae2b63e4e9e6af25228f7b8e1d8e37ee095b417e87eb3dbec74a843e8ca45cb566e1e0a88bb0b6cd0c60242869ad325500247f4a07aeec8265ed9cd64cea00e5c933fc539047b57033d769b358aeab4f8cfd987f27843362f29b796528829fd8e6a13d17d7b5b3961ab65444828a08d6a4e417844c0fd54a39c1d469612e7098c5e6811614689b5d69757692f8b9a2da4844ef3dbfeefc8f7463c7fb95560c808d681e0f9538efece08ccfe811bb7c9f3fc1b2407032983748b736779469b7610f0a16e997233de247d1a2da18dece77199b6c7f460fa7a5c88c2dc863f714458fa4b35d0b889190a03f3199153f4008aea0a573ceaa079576c2eadcb1ca49c5b6447e86c01bd5794701873187bc158f43fc48220a0e26b00f6bef73ddf54aaabe3356c3468e729b487c88dcb071df6ce5f35e02fb161cfd7fb959e1c58f6401426ac9be60b2587600d72d0a252a799b093b34db84f8cebfda7c2ada8f58f878ba47bd29d023bea26a9dfc37f72dd693964d2ece003179791f049f98fed296f2521c48e76b3ca4ed06017ddd774a4bf486dd44aa6bdd9068c1b849b8fb100300b9d3333b95087f4511b7f869f9564750d55702003e44480c1334a954e772a1a49040a6ae194f2011916db3d0107e2fa37e30ae7e964712ea6dd127f132f2f2f93181a145c3f56755ebea80325a4f304103684cd527906f8ec2e0df0b2323788afb35fcbac93a76e5b22dd1355e3d793f5f1f874430d086f1e4b9e3c6f5c3fccbe7cda3a35c3a923416ef67832bf1d6287c0d2bd70e69c924ce97693c60aae3bcc35fca340f8755334f1852a06681c2986daa7291646f4cbc29d4defb4b00f327c66d201ec1331ef04f550b4769c64701d3fcc645140de285ecefdc88dc53e33c7477f5b97fb7ff85da432c084630279616d1674f9657be09dba3d7c9c7772f14288330d4f2204dc3402a6ca266a66090fe51535ac0c86b71e18a1c21eb982f2df1136fd9b6f1da62c368792bdff0494689a8c4f3beee9a5ad366d715ff8017f4890046c3e732a57c60e4631faad4cc3b3d20bf6133bf85dbb8b2e6168866cfbdaa2177e10d167c501b92c8f0c79fc2b84bae756ced6172be9ce8a4669e159e884975081e686db2cec28693fba5c43a1667534ceab304e05ac144b7ca7a403766cd306a36609ffa6a6300307f7ca1b2915c69d299de171ccbf539f5046baf4678dceb3132ad39e994bdb00565b8619036230f8f2b2ce8e42d5b3fc9e83db471053429bf0dd486a82b0275cc8cfabcbfc930d279f0cf9bb47e3f3425f198aa326a01df90c802eecebfe108adfdf3401339505c5eb4cdc0e0283f6a05fbfa5f1e1ad8bc7a237e7e6bd60fdec2134fc12bc67a1fe16f0b2f6bf967620177fd75e39b62d190302f62dca15b51434e5f4a759dd2ceaab2a0779a6635a99c5f30add5850f705c556ab3059692b11bdf6dcfb7a415ac22b62655239085c5e7b063684453f8f25d8ebc0d73042c4fb9b4e5cdb91cb9f8f49f667b58209fe977c6ed97bd6b9709990fe01a59cb4541761219ab823ace1a0591c6cf2ebd4a420c54a3f52badc658239cd354fdcef9c76e5341e4efa59763306103332ace4ea177fb28b42d7704c7b2ec65be1cfb1dc2c2f5da13dded126001cd779daa77c26cb22c36dd788328fb06897825cf039791d48b735a429f157371f4374fabf793c004f9fee768daa6707a20e8ebb0307e4ab26fc24160f2169f018e30600458c5eb679e6732fe9f3d70d960270bb4453d936b47a8250cf96dca212688ee6cb745331a0ac68f5f9e2002a39cd2ee3ada91a14b0305903ed3d662ca1d1ed524e721afd206789cfda8b88486d8a800b8e6f9fef0c6a1acafcefbbde51b7d5668476a0364b835fcc2431dffbbdbd20bf7b8040309219ab9d3fb8c576bcccf65f5127d2c58ff79e8682c5c45fc12a84320494f1333d3f365ae775b3bc511fd451399b79d2d0c69df6d381ba08198cfb502ed54e29c1cc062ca95cb50b265f04519de3fd58d3d35117aab1d7d96616d71070e78f2eb2ecde96ed5edfb94e5a094f1c53d8d95403bbad31e8a46a51e2e21e369a89925bc5b8f1e8ce9369ca708cd190c6f4733ef243347951cd6acd515d98c06cd9178615a27fc2f72b761a9fcdb8af47a638504f2da900dd9fd92241456ae4ebff3310e4bdac8b0fa7fb7715db3167a45979d466224ab168f5085489b8aab34c5e3c321c8a36278c89af4920813f91f49fa76ee3c8447129f8ced147d5af7c398ad51c403ab9a9412c7b15c526d712c62a16239cf703ee26be9add57fd5fc88c3990cc5cf308d7ed97efb2268ccd3a50e36c3963c38b9a769b8ca811f71493fe9705212d923fc26310f3fe81427d6a2d6cca989b47ece629e646092804a105f20b6e7a6e8b74b48c5230e5c319b2e525084478e24f996342e1197683a9e63ea8cabe0d6242a606b82baa7a85258ef320a1f954e71880722539c22016625c837cf323d0d0302215af51da42473c0514e727fbdaf3ed3aa242a7940d9ceccdf21854eeff85e347aa6814af2ca73c04d410ec4ed2ff5b4b46f21759fa05d0ee394c5f8065f87c316c2b591dfb6a9a0e2701f2c822a53c6439fe8a1fb1b9dbd5937b2b4421e14487db4dcc1b27503ea113cf7b3b818536249bb97b564844a8d4802ceaea468ca0d4315453506ccaaa4bc1d38959f8461ccd846025f57a42220b2cda3fffd6542eb06b5644ed448d787b8b4424e29870f9c661925edeb11f30be0dba5dfee434388795aba09312ff7755c8e8b78b5618f51e4a88ec135b6a051e57e6583583af4d370f270f32295ad4d371a88bab84ab692637b0b0453765e55454415a63c55b03c1dd272060213478003070d5c6f731f7dad3fd78b7f11967bcec9415eae8b98aca99820bf5ee16ec0911caf1b8f2bb3325304ec276920eb5729f5da348048bf13409ea5bd1ca76d771a53dcf9e82b92ce5832986267f58f35a6b002988edc5150f5b656494af8f728b1d39a38b834f9a55657b16ee5c7cbb138d12f28c104f21c13433a4e26c13760078d996bf4078c7524d365ca7ea15656d88200fbb76828c344a0e0f7f25fb71c3ffcc819ee39e98afea641526352a2cf4a516294132c33a93078e1d7493d7e6438427d0819beb4826be44368deb105f3fe2027983d84911dcfbd268ae39d8373f6f4b5291a9473ad7ad9ab3b754107f78d218bdacc926db3b9958b4aec679e35f71c10be30f1d47f9ebc36d298825d58e023bdf403582b6bc67362e5e8b0adc5cd1f4e88ecd3842fe1d7a9b727987fd1aa1ec88ff2b455139dd6bf94cfbb78db8933157082f1d0c635943ac8bf83cd35aeea851906eb2db3294e503d86dab5e084192fc048ccb0fc742030972219c4d74a37228a301768734bd8a1a339588719f346951c58b7b8a78b34b9d9ef83d01bf5cd86a0ca7bcaa337da654580284239c7f8ae82260b2e6b632c42dc12901d1053f2b10a380382673eda68f4c8663cb40b42041aad678f7c64c72e455b93cbc66706f02270e3cbf897b01a49348955c11137b5c71c9f516963d21d7e2e06be35419af4b28e5c807a63df287f844cc8bfabcf70b462dc2ed4ccdf82765cdf737e109dfbfe0273794ed959c6670290f8bae66c9b735593a90f135434979c8802934332a2a6c3e1a6f52152cbcb4dd5e6b7ec33d880daa946b98fa8da120b2e10be1f9fda52c5332dee98a89a3ddc0603d03dbb46f58d2669daf200dacf4f1d5584aac577de4be079599495df8e7890da55f3f953b1b5e44abc7838ff0ac424afb00ecd7a156417cbf94531f1d6815cfaeb6ed1c66ecb5d4a23d6d03ccc3a105ee8e9c9903c5f775b2422ba768cd40ab8cee4ee2a693e31a9d8bef0494dbb941875853b6ac51f9f84a2c09e16550793f4d3540072e529fd59f0ccfc7a99eb8bdf2e4312336d2f4562950a44c910dde622fd3209b4e3ec77e77e20a5318bd2271b13110d6484e195855e4dadb6cbb4db44abc18ea515bcb6f6e5321cc1a5190784f6da0d04d9f8e7b079cd3adf18351ffcf888f85bbc3a368f20cecd8d400c54cc73d9780da512485cff4e1af3c77aaa6307da305d0a439ab2ccaacf7b33bf395ee3f4fab04a4eb8912f4d55e6c27ffce222a3f84d64b1d0105b313d4d0627f8628474bc8945650bf7e79237cdcec63d0039e4243dfd0735de018d80fab0594f92a9d5f4ebcd59f8117371260dc3a7f0f1e2021989d9091073d044525199a698e1020606795b81a7a5f4b0609482a642ad0bbb1a58c27dd84710d7797805d9d8aee9a0daa13c60f4a191ca3142fbc12dc4a726f29559785eb1c6c24c20dca0faf776f0e313ede66edf25598899f9f20edb2755152811eb7112ea267bf3125f7fa2abb2b2b016f888ae8d954d66f62e6ec9952e90d521784951144ceab80d1ff4553e937cabe919bab1f200f74d128dd5147843492d7081411d28dfd19050a6ed2874a5d62f5f7ebde88b2670377dc3b7f4454f906e06def7c8a48482ec834b81902554469e114658c532adfc089adb0daf4fb84c3d63efacc586906d4ad8fdd6fb1fd8be760330352376a928bed6b75d1fcf641cea78f3c2d303744bf65ce0fd759ba779f7d5ba836a086524e1ca2a80eed5fc59b82e3fcb641d2db06b58a756f3bcd93630bdda48d18c41c84ffa62d4c31dbb66486d99ab17776207fe7d0b1f16ad70b72ff4d0d383d38139d9f4e658c9db651a4d521e8f469d16a3d6548d0b846063c0db48b16f14d2893dd0fba55352f6ac2497d91452797b8a0fe652810e9d0ca761fd0466dbdf5b5815fa95f342f28747485f97610039d19831831f39a9e92586a7ce0e0607a06ad6959c452beb98ea024beceb1674a21ba8e715508448aece53546966ed8e7195df639b22a3487a181eb003d848d57994ff3b3d15efa88188c7c5f150ac4bac13a18334c48361ded64f35c9ba9ee301ce46245c7d10164114ca1566383185f221585a0e7559c31f1993f5dea9a5cade9b45b22b08c28c056291859f1e3937b3f754fa7e3195a78fd8e0173337f2b84a5f0d3b79a949f47d9812a734a266aa1f889e6fcaa66dfc0118c6fa91380544a3c825d2d2808cc75bd0e2de76cffac484f7feaa267c973b163f7abb835820f87feb4c0142a9d3543df3d14e60f8cdb5e343accc0aa87f45b5c4fe3cba766217a2a2a879f29b90eab8e26b5a3546054026925a312b762e14d03f3bafb9b98018f1c6e5caa7fcc4cd974a9db261e574c50237680fde44bf4ddddc5f2875e2af3ea3bd809770ba16f8860e94ca991c93f9c8798b4d4dcaeb0321c4d2f4367391c9748be432d4dbb1acd583ad7e954878866e273f7da21f35045b91a4381b4530f92a76a445de5af7eae9745f320624026bfc8c984e4d071672dbbdaecee88ecbfebd43649fd37c0891c76897571b646c162ff387cb12300669c4e2b4fc20286539ae94d394ccaba3e397a992becf4bbc6f4d09ec079dfc007b9c57299a0cb59a5ee1b1a76a03cdd28bf7f076ab785da1f185c1b39cfca57d9671f85a1abbfaa4e42d454aab4915c896f3267c2e318b49e5ea23db816dd9f45ac51efdb8ad54d64cde3c363085b981b27433ff16f76a2994eb7a03b6c54c4f17c3446e348c7637ee408c474f615f525c5a853d5c2ddbbd8f9afcd37b2d64fc0980ce56f461fa1ccdca60aa0f6c8674d429a86ba1033c7a31334a218177ffc64a96d8ce996aabbd1ba1170f55ce2768e3d3aee50e9e09d3a28e09d93f6881a272020725620b4ffa7bfffcc8d5643caf97fba383a01f94d978125ec7986356dde767179e6012b9476ee57618e3492246487e8ef71b3551ad575b07efe20a266ec3fc2b9f716875159b0a92bc170f608906dd2edcc9b946ec4e5536ac269c99756263d807aae26b16eb5193fd2d464599fb2f83a08ebc21a5c36dcbb51551b712caafba210d6736d0edae10f6ae01faa04f2aa8fc7487a7185a44dce75cad1df498f2efee826f1863a97f377c466099a18d0a9592cf2d592b1b31ed5852f8e1a5082059c1f8d390f25f314275c516be4eb5ebec298b3b673b43602591d6859a9a44136457255a83546bf81915c87d3bcc5e95338b307edf71bf530a27ed998d7545c032d65af04e47775f0fa049fa7f7a298097d1be7e9f48c2f48b4915a04f40d15bce97b913b05e4e03f7919b741502b36a159633a98a3fb69524f4ba037e26a2d922c71360664bd7cdff4dcd3c021057385b5ea6966ae01227a3e1091e26d265c38bfdc5578445aa92bad580a3a42a3dcafa2f220f4f8246dfd95e0f5d4daf5edde480c0b6215b5458405f82c1f59aaa734178f15823a51df79a1793ab02753da75442092a2206f90cec47ea2a80a8eb88699a67e0110ae86a33d478ebdd30128664af4dcad13e58607c98a168c077992f9c87f3831d76dd820dc4e39f0a1814d3e9a4d6df11b3197f9656178f064d0f78137b4f9084173fe5fccfda15cd5290a2046817a7b5cdb14b9a5a884deceacfcbfd8f0436addee273338acdadf688fbf7d78c33b99b6c13229f9ab59c15236a79c76f9af58de291992479089b3b60998c39ae01df67a5e1cea579c2e16c61fa50bf30651c3409d9e0a63eb64edf74135f5dbe69f590e5e00eef784546cebecd08472c1c5a31fc58095a5339d6808c9254685b42db56bd67bcf8bda831a4952decd500b6126378b65c47226aa92fb896d613b3e0666dbeb0b0b3b227f33508536b841dfc5016715c30b913e383a0e20bc48f137dd2f6fd5b7b67601abe85d95f9626f26b6f7095ab241692ea587a8a275350a9ee29530a24ed79bcc6de3f5a43bccf5d2c7ef76cf8f666f20334849e3ffe6795eb67f32d977762423074b65a5c2534d49571d2d0ff9ea4ec526af3f50a298cf56294290d0f25e8f9a08cfcac74e72162c79af4decc38b4751f50375a37cfd0edc91e4af9dbaaaeedf6446899f5cd176a2de05027f9ebf593135057b2222c271921b464ab68e881f03835c909f5aa311c3d083d52d96b58051994879f1a9ba0003fcdb87f004f9af6c74fd934f6a7ea9c05cd1b0d538cb0b2c12658466f50b3e8611d5d3a46b5a9145f6cb987f1f234ba494b477fe65391bdd04dc69accdf684a758095c103160639b688aeddad06f4b222cd543cdd34da76be676de3b64317e7a98dcac4edec839853e0f325fe68cc420112cf7102be050d67c8547d0197ffd9874e84f178e43d511c83dd7026a899cf76fd71dc98ca4cda2e0da4c9e1c1d5829e67af2b317c37465513e28d24a7b080797f0a06901de9cc98aba4117f5d8bf741d84e0e5e628ecc05269d46d24a4b207d4e3589dfd77a8903c496f83bf9352f11e3ae027393467ee1ff3a267d20bc2b50cf92461f9c734f9e2fbec400cc3664d6d874517579060ea12eb8f118e10a3af5cdb04a1825c8a39103af72c03055eb7b6c72fddbf90672942d8852972e8019049526371becf45f633ee0cde74fb09dafd930288ed6ccd7039f0c93a3130b85a4a77ceecb5d693f0f371440311561368e798bbcf9d5f183a862fd9ad08b43cef90c068021350fed41839989fb121bada96fd18021b5702c009cd0a7e986b5fb299ebfe12131f721d5bc66e934b6bc17a16dfacd58ff2a6698b3e7036007b341f10ffd5b4f480e229ecf9e09e175519faacc8a2ef409d9afaad805e8ce4fbbb77539444605c555920189c5dd453ae03688707bcd01411aaafdba1ff31e70cdcba0e4b4aea0178099e8d4f4444f0a151fbf79dca26b079513db9adb32ab212efeffcbb741892aef265fd888f0c0e9ced4583fc68bf4c712bfe7f99ca440d79b83cccc936ce8d08c19c2ecdfaa7fbe47a2ce69418f209cdc2c952d47d678186beda6ed2c0a94e7dbe66b8a3e262f43134b525d277d3e6654318fe96b0be71cb26603a986df48a988b2a900a96cea8374a4eb56474c36ca496e5afb0b8a7b2fcc65f8f1efb8d3b272417ac7379d8651d02b7cbf60c3f7276aaeaa839a13ef2868dfe4f6aad7013376e9ce05979d4777ee5ccebcd3ea47d3e0620292f49c71adb753b2793d8decfa164077fe550780cd284206fa2abd2a42177115defaeb85de095633f94d13974d1b48b8a18300b4f4f36c325010e52ad85dd5acca6219ec008a8f9fc9806dbf55d32ebf80ab5a90371970d64dd916a318f6f44cfc1f5b3b0b0a4c228ec9a6636f5016847df2d89e7506ac667ace06ff2f4e6d18fc125cca3bea987160af602b93eb7b5b53f148a3af7d42c61b3ea1839af57d15247c5708397e091903a740a20709e5343e5c2b3c3d082ed376a661d84e1c1ddf3252409a6b9d783a118e63382a2aadad3bc8f2d92ccd7c3e28197e8e9f8976e0865adbb091d775d2f9ad2b2061677ae5bec3cb29505ff65870b2a3acf3b61e4bcba067298b45e769d43df41f56c122e69c1bf0ae8d5a60c284fa5f425d2617dd48a53e8e35c951e0c6db4cef2264ec2e7bc72ea242f6abc32ec7a513c2b3b3fc9fa5e4086835e47b30ab602d39fbfca54ad3438e3da0345c29f8747699047e06c46879a94bef8faa1b93dedbf8aaf77e11da64961b4292bd9e5bcae77d1a4dd0a37111496b41a7911a286f1e80c837420d416266e05aaa114d031b68c1a7c71537869d6ad2ad7c0d7d5cc8cc72c054569e153d41d60dd749e08e9c07b5c6f0dfd1e39c03d7c0d4fa67e28f326567df09bfdcd2ffe20d6be17ca0ae001557bfdaf411410b451974696a32ad656a85f5011fad891ec4dd2ad2fa76eb917492f66350caaae8dbb762a0de4ffa4c35a65f1ef5388beb9d30313eb12073bf69c51b1ef126971f7bf25251b23ccd12b59ea1de15e52b905e6146104089d3735ad00e70c88eb6570a21dba16d05c8d88aab82b9933dec5bf6c503a14f1af3330e9bfd8e9ae745f0469053ae9ab6e46e8dda7c7c5ccce847d28ef68ad5d9be21f26abfd678fd6043a072768c0ab2f31802c5d2ee54a426053cd774f7a10053487b567502a4262d63f06ff97492bac2703cef6647c19117d5844284cae79400e0c3670d5175f950494c2330661386f10b57cb4b6ed2aa81120a84264fc96ee2bf81d380dc1c1ba70de97a7fcc91dccc42ec90b213cc3db4f08887df8fa80cb6485ae89b1a7d77b5c39dcdf62d793a18f29b5ac735c07b06e8f0098bd947402849695285917135d2f689166b42cd14599ee9177256e7e400c4edf7317b6b30ca6d9c2b7f2839f096bd67d3343fbe6caa34dbd4b5cd3394b707b601794b5311b2bb8ea8f74e59fb6678a1de2ed8de443a49f5318299aa8a96d34ba753d7a8f9f94295a4b7c4219b5a1e11246ebc6521c8e186df993b9da79fa2394b36a453b0c5b5ccb6c2729338ac8e3a2153a4a3012e8c4378fcbfd5e8b56b0425cc236c07315c75baf62baf3b3b62c413ed9f5ec66ff98bbbe61f2bda906c8bdee0cec2de6d6e25a49cefdfe3f3ed53b1154178398c6287b8158e1d7f818768938ccdcfad458ee9b3a6ea9a69a7869d05955dec71d82909af3e3930bab98cd17517d6bb1641ceb9", 0x2000, &(0x7f0000004f00)={&(0x7f0000002200)={0x50, 0xa3d40b1948262fad, 0x1000, {0x7, 0x1f, 0x9, 0x200, 0x8, 0x1ff, 0xbb, 0xa}}, &(0x7f0000002280)={0x18, 0xfffffffffffffff5, 0x2, {0x1}}, &(0x7f00000022c0)={0x18, 0x0, 0x4, {0x7}}, &(0x7f0000002300)={0x18, 0x0, 0x6, {0xfffffffb}}, &(0x7f0000002340)={0x18, 0xfffffffffffffffe, 0x401, {0x101}}, &(0x7f00000043c0)={0x28, 0xfffffffffffffffe, 0xffffffffffff8000, {{0x1000, 0x4, 0x0, r6}}}, &(0x7f0000004400)={0x60, 0x0, 0x8000, {{0x19, 0x0, 0x4b, 0x3, 0x1, 0xffffffff, 0x10001, 0x7fff}}}, &(0x7f0000004480)={0x18, 0x0, 0xfffffffffffffffe, {0x1}}, &(0x7f00000044c0)={0x2a, 0x0, 0x0, {'bpf_lsm_post_notification\x00'}}, &(0x7f0000004500)={0x20, 0x0, 0xffffffff, {0x0, 0x5}}, &(0x7f00000047c0)={0x78, 0x0, 0xfff, {0x5, 0x0, 0x0, {0x0, 0xfffffffffffffffb, 0x5, 0xfffffffffffffff9, 0x1, 0x9, 0x8, 0xff, 0x5, 0xc000, 0x7cc8, r7, r8, 0xf4a5, 0x9}}}, &(0x7f00000048c0)={0x90, 0x0, 0x100000001, {0x5, 0x1, 0x80000001, 0x1, 0x7, 0x100, {0x0, 0x3ff, 0x7, 0x6, 0x2, 0x200, 0x20, 0x6, 0xe07fd01, 0xc000, 0x9, r9, r10, 0x8, 0x1}}}, &(0x7f0000004980)={0xa8, 0x0, 0x1, [{0x0, 0x4, 0x1a, 0x3ff, 'bpf_lsm_post_notification\x00'}, {0x2, 0x80000000, 0x4, 0x2, '#(\\!'}, {0x2, 0x80000001, 0x1, 0x1ff, '%'}, {0x2, 0xff, 0x1, 0x8001, '&'}]}, &(0x7f0000004bc0)={0xc8, 0x0, 0x0, [{{0x4, 0x3, 0x9, 0x4, 0x8, 0x5, {0x3, 0x800, 0x1, 0x10001, 0x8, 0x1, 0x0, 0x401, 0xfffffff7, 0x6000, 0x10001, r11, r12, 0x6, 0xf8}}, {0x3, 0x2, 0x1a, 0x9, 'bpf_lsm_post_notification\x00'}}]}, &(0x7f0000004e00)={0xa0, 0xfffffffffffffffe, 0x9, {{0x4, 0x0, 0x3ff, 0x80000000, 0xfffffffd, 0x8, {0x1, 0x7, 0x401, 0x7, 0x0, 0x5, 0x7, 0x6, 0x40, 0xa000, 0x800, r13, r14, 0x8001}}}}, &(0x7f0000004ec0)={0x20, 0xfffffffffffffffe, 0x1, {0x5, 0x4, 0x5, 0x1}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000004f40)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x3, 0xca) r15 = syz_io_uring_complete(0x0) r16 = io_uring_setup(0x19b4, &(0x7f0000004f80)={0x0, 0x2b11, 0x1, 0x1, 0x5b, 0x0, r5}) syz_io_uring_setup(0xf44, &(0x7f0000005000)={0x0, 0x208b, 0x4, 0x0, 0x355, 0x0, r16}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000005080), &(0x7f00000050c0)) syz_io_uring_setup(0x22f7, &(0x7f0000005100)={0x0, 0x7b7, 0x2, 0x3, 0x202}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000005180)=0x0, &(0x7f00000051c0)) syz_io_uring_submit(r17, 0x0, &(0x7f0000005240)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x6, &(0x7f0000005200)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x7) r18 = openat$btrfs_control(0xffffff9c, &(0x7f0000005280)='/dev/btrfs-control\x00', 0x2100, 0x0) syz_kvm_setup_cpu$arm64(r18, r15, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005300)=[{0x0, &(0x7f00000052c0)="35ac4c65d5d924443c56d3cdcacff745b9df2c8d855f77c7e8fb875fc4c83983f4ec404e6ad210d74b41fc04cd89a88bc3b3", 0x32}], 0x1, 0x0, &(0x7f0000005340)=[@featur2], 0x1) syz_io_uring_setup(0x2a84, &(0x7f0000005380)={0x0, 0x8a2, 0x4, 0x0, 0x30f}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000feb000/0x2000)=nil, &(0x7f0000005400)=0x0, &(0x7f0000005440)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r19, 0x114, &(0x7f0000005480)=0x1, 0x0, 0x4) stat(&(0x7f0000006580)='./file0\x00', &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$afs(&(0x7f00000054c0)='afs\x00', &(0x7f0000005500)='./file0\x00', 0x80000001, 0x1, &(0x7f0000006540)=[{&(0x7f0000005540)="d2c84e32fcd25d6d0c834db2198a08cf7bf074c896df4f91d7d789089310a883a232fe7e058e175ab004dec536a4e1d58fdc2954a5c26e702eb2fb50fc058d18cb90bbdadcc9fda0262281bb9fb6996f6089e336edeaf5fb5728447af3d65cc03eb94b3dc3eb1e24dc784132c9d036e46fc3146cdf58c175e65dcc7f398144357dd25c1567113217eb9b2abdff8cb82115ea31f841a377b775f79fa89a604795f487605d740ec646d14f9b8080f51b8e24ea8d621e25f3cfc2d9279b47fe3ea7e4d2b30716a18f68443b237e6b152abaa09dc6bf3b1301adfcd37b9a8c063c830e379a72bdb3825b32f53ffe10c7da81c344d8e98b62363727dc41f050fb6f440d3a4b44e849a706aead919185865e74f94d13e7384480754a1d695022fdc216e413b1362add8947e09f4b87c0fa05d96865e54df57465102f9049a0b38f480fd623ee121cd635c720f5ce6607209d0a3b3942654e7381c941e56e7a74f4e036e3edce82b5593aedabf86dca3e49253336c806bfecec2694294d19c959c386efb838abdf2b43786c09beecfabf723e0b243a8ea472f63df62ed1738759032919ac09a1c1cf7d8fe337650c37bbec02b58a3098d1478a5d3abb8eda0690c8a5347e860b57d0277e6424813e06f7083fe3253c0860537c76688c8877795138e0f9b2e557a6ecc9986024c4bb7721ecca04bc922b87b30c1e546b094080fb1594642a4e088c3b65adb3655fcc9252f753212101f41730ad1642787e7fbe39e5fb4f91cf2c0d84d0ec80112a9741c0fc9c4bfe1c413e0a23714de7eb4ba7e98c1c25ed3bd41ba2f32fa0b67fd642a00e134d02722f268056ce1c62f682f0909bbd6fd3896c3e37ace18d4d8e9788057dc45b2757b6646205ea11c4350100dae7ccc86535470b4d0347d6990812506e3a9816cbe28c50a29ab3a71e050ee8ff4c8a0a9cdf146b6e6f976418b08d123ef3728aa28f408fabc578e60c7bdfff0d18ad416ed66d5bbc66ae3ab2fdc0a4d7c7ac14f792f2ebaf919c65c1f10177883c3dbdb581526f7286936203b64677060a5af5e3e3dd984964800d58c46c55d86881be8c1def9f957953f0a4078ac17616a3b94eb7b026b12e346f8d8cfb1391919e38f4d5090ab9bf155b7d9cfdebd363a09ced588f6821867ee8538dc42347fd7faa82998ffff28d7fa34326ea5c6ec30edf69c624607dd82a567df76f273d105220884db71870285d7dc9f4880777ee0fb6bce671a583b8212babb7dfba86c793a86fd88ee042eb4dcab10fbdc2fbdfc0352d4b823c80b3147666e3a8c6e0b74a6e39baf5a926d861d39ced6c15099d57c644de4563deef39d849862a02071f2956787112f6e8e6b324df79451e48334ce30974955948e2fad787ccc61a675db6654da2721d2e27fda623aeecc0e9c64762f74426c566af7cc234773e9f7b302406ff85a4ad15d948b77364fb2742db1d0cee24ef3729f3b40e7f7f0e1a891c4a213f590e804d309358f1cb93f21cd174c374fc355d873028a2e4f5164f24b35c528144fe7c32b9e6a2ac0f04e60f11013c3cae20420b11e2ebad83a7e5710227382d72525fc52a8c8fb6498ac21e913174227c65e8c5876ad6fc49b2c1ed733ea186e9f4f5766f39325642f8a0b7221292c5b0179904b33934b6fcb7a64f1705ad700266242faf54cbf63d2549d4f3054ce168e17500f5f5c3ca1edefdb0c60c2b4fb01d7d0fc07d8667e10f2f80cc7b50ae2ed574fcd3f7775ae17a200514fbb2195180e35d90b894df9a1c355400738247daf315b7e1cf1cac3197ec0d74d1e4410caf9435fd149572c18a7d92eebbc7963f1450738ec0543252640940ef1c8ce25c80ab9ed72e670b4023e5e1363142b43144be12e995554af2431b2e5a8e2a45c76ca7e31a922c592a6d1c5a7ea940365fdc48e1b2c73f661865dc4e90d08d5a2c4db6bc5e0186f237451dfc14bc76f0dd98048ef99a1a1cb15c1b53bcc925492b871fa7dbe2e872f93585248d0f2bf91552157bf5578cbf1b653f9d36cc952b54b0092683577c5ba159266a5df66e749462e4fc5a06d1c26564635926138d9a9980519e5d73bfb8522655ebc07cc811c056a03531eb293d479c95f71375ea293c0f1860499ea98718a37500c54a29fd9b8d019771061f778760fdec9e6fac3d3c831aee19b56c0a1947a089653a15c287708e846ed65e1c9dc4929cbb443338a936fd3726b3a0ce7871ac3c8cd3260077b5c98d98afb533d25a8b42989b7ee5274f72e61090b90436b32de276bc866e6b8cd25760ddc6a497c9e84d7e85a8c5db0df222296a3aa36240a7b76b9dbfb2496477a9716d80050052ce3a4736fbcfff5ee63422528be6b0a478ecc7803e227f880e4fd07dc6de88485a3981e09170f89184cf6297049cc30175519f7309434b96bc1b096e05ff0287ca29929624e1c6f4270e89e9bc1b4c2782f58b9a360a008145d8083370086a1314c92a6103b206b6cd0f6e63416b35e753b709a63a9a41d613cb997e55a63fbff28c0573ba2b64bfbcb0ec3dfc5c9dd134f0f2eb51151eb28310e3dd7f8ae816f86695908ac6df04804e01f53e402bcc445e170cf2610e1e32d02f9e0d81499876c1383eec77815b1359462d8f4f5008af8bb61ae358d83c0754b52d3ceb9b22c0a1b35afd921e00c1d06cf54f882e145bd608451ce8da2c8081e27e9c8d086b8097d4f77f1c33f5024ed7d878c129e534056b89ea2d14bd70d0ca789c7e29ccd3d27af1c6058e266c29e2fcd6f04ba5a3d9e2c116f04c40733796a1fe1c01a04f06222cce359001531b1c8f613d452083dee50886017aca8221a9a3066e77687b3fbeb0e461921f2921baf1a6693ef037a1d8565a18041b31c266fb225dd174848a849fd18e4b4bfd972315d9f6ff65294f8374e74f8d48bc17b6beff62c1012b5b047f85ea956f50e184a295d1b13e02b8e35ea24a1c803ab13a2a3285ddc0c358d301362f70267e7c6fd8252524be993c0b613c880582f2855f66a517af4df54efa63581fdbf32b210a213755323cab26dbc91d8503ac842fa7ca11ec4dc0b0171a3b7dc51ed763a734824d15feb4a80d6bfaf8f7d2fc829bfe8d0b4b1bb428cda0e96e117c87a38160837cd23156af498e00603191617ecc06a9a16eb933f2215e8a86f2fe3f629ca1d145615da957bba3e1df179a07abc4889d95618f145aca14e0d8855f60ffa5733489b712f05442c0fdd263eaa06efa9e81cf2eb29829b88269c653aa89eb935a6b98e65e46c623fe8de21c25076606052915dc7dc98ebce6a755ae43b557460073d94c8a44f6b6f63a8a866cdb475915f4ab00e5c5072c1ae610a800ea8fa8147c96686c3077cdfe0d9c770584f217fac47e64e5174b9eb0c68ca147c233dec25cc242e8e43ee7394c7876d25e040ffe89ac1f6b2aa240b6668ffc8983fb8624e60b3cb9911fc8240d9d8ce350a89245420496ae7576e14b57727a52e555c9c88ddd5c53ca3fdee88341464e83dc59ae9d6e17f5f2f763a38c937e325332eac25631cf83150afa677a72611e7fc1451b3e5f4dcddd402cb322fd120d9d56839c015ebe47c419c553ff0ded43d030ca1d10b3b383e6c3cf348602618a56ca51f775721bd355710b7a995a13931dc0823558879986ae4ce850ccc3731e7822839666665afc00a873c56ca9cf79c6d600e907e150b40683b567da9c1ca596fc024abb5eeaf01c67e08375ff15c432adf6a437d967ddf1bbfc6ccf9ce7c2021b152cd4ba7eca0e67cf1297151aea04d9ea9dc2bf8444133f4366bf360ee5224088b1945b5e5d6de3869f59b1ac7cc33535b1576be8fd7de9f2ca5a3c0eb261cc186b6b68285547b2824288df77fd456ab52f6ea48da948193a4240a31d3a7aa4e67be5f2a153a018d32cc011962bb682dab5d3437e90342c2436e54091388226f5c768535e0275ebac26ab19d00e90385510a84c7a726f91baaec1118a74e651914d99e3e509322f51d095b894c20923d0fa98e42c4ec677d095008b5953f6ba61537abae543de69efca30e45d7bc93caa202cc8f66e57cabd549ef1092f796b4a3573bef441094844b23a3d86bd14909b841aea108219d5ea4a49c8a99eafc507613c1e37aea315ba894fecc1ef2809213e42b1374858cb4d77684658cf414ada5e760f4ac83bc9357ef145a3e92d7c557c5d944024659afd6caf01b2960c6c4ab147c0d819754be80066d14192a479c7dcead04d3fa1e66248cf29273931242d12f2b08c71e82f5286bab6767c3e89a36f27045eccf6e1cf3abbbd9b1a263da7c0c010fc10affc5032d47123e1e1146b38cbff01d47856360499266cb5645901e2ed049f45b24e793ef0085f0e5040ff2ebcb1d8d70196d3de6314eae7f4f3e5262c67674159c1de4a0861aad8143bd59fb3c887c3840b1c12c742f1fad24cd9ac7fea0fba871c1ebc628b34d96043885ae82642da04d87dcab59bc8dd87658711f635bd66f4254f83a45d5bc75e31fb60e9d6a5e6fb8b66864cc30b3911ab9f87a59cad38f0cc91b92037bf1ea64234e13fc7c4504cf0300f1a0deb39e630c710da48855d8c451d726cc4c6e4430211818aaf9dcad571b8b89c4e9444aebaa69b97689a5ca670f8fa5eea132c121cc1efd276f5a0b02b9612bdc99c99bcc63b37cb8662ccaf7c8028eb673a5f4f5beeff2ca90d7afaa1c6ab6ee22385aef980d6a0f4544986fb99bfe41023b22019896f877aaee75eec90bae10d43dab336bbe5215d0578f0d5c294f0fa3fa16acfa9b869aaf79b6e7ef8c38b9a9a2cfe0a023ef311cafdae3031c82c97518133275d81f8fa5d7e4c42cbdfcdecff1b2bf291223dcd30750a56a812824a5dd100585f1ff5228484dec4bb500efdb05182c085751ace19844feb55966baa3ed476bccccb509b0a0503ad202fab2967388af078a7a03408cd9990a36a4da1caffc981b4e1faebca9f33768f673a166376aa4a644e9fc25e41e08ffa08a55e3dbc4dcff9e84ccfb0f227f3e76140b6b95577ec7a37fe1c3f306ae6a9875760b3ca15114299cc0baac766ade9302a9dfe47cc990d36bf04c283c6e3a22d7caf75c8ff75d66aa7ed34f52fe84469e80b4954d74d2c7c2014ec9717b0734b705889816356a6e2ea8029fb59c00f7e518b1465de128f6ac966bba698beb0cc35ae7b7c416a42ce3ef5e64354e534caee984db5db340a4b86973f0fcdc680bbe82dfa4f5b2b204dd315a5310bdd340c266d3252c5e57e8b875c63dd45bc0fc3b2b9d6c58d5860393ea1919d8f6cfd1dd95da511214f684cb65f559222216982bae003c87b124a61cee20e0da6175b5906157f52655192aa17b852bfc482f934c496ddc2a7a5ab4d2445a859cd461547cbb0984f68ec579e84fa07a1bfb8ad0799ffd55f98abcebaffc26d8b209af5c494429999fadc211de15269360c842055f5f0814249dd1b97e65ccf97f47e9b3e7c11f32382a5116dd24149db6628e2a254fc385c70983dfef315b49dc2adc330140cf145489e8e71684c4cd978dae8fae68ceb64c1cc11bb13d7e1b5485f6a1eaf58342a76c141e2c3933e6c3eeda418db114b6dcf65a491c6357f9dfc5d8062c82b07ad86171042abd88d9607cd712406660e9c216e9ee8367ef8d25c3d809a5d4de5d4cf9096534b089e3fcdc13429b52aded9387fd1614614dea2d4ed01376ebafc2ebb0c34872ffe5718634e2adda464e77faac47088cd9c3c30837fd3083275e85f822d1bc51b3ec9f84423dd81f20a840e0c35b8a7398fff0b4edfe8583101", 0x1000, 0x4}], 0x40000, &(0x7f0000006640)={[{@autocell='autocell'}, {@flock_write='flock=write'}, {@flock_write='flock=write'}, {@dyn='dyn'}], [{@appraise='appraise'}, {@euid_lt={'euid<', r20}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x63, 0x33, 0x63, 0x66, 0x39, 0x38, 0x62], 0x2d, [0x63, 0x38, 0x62, 0x33], 0x2d, [0x61, 0x33, 0x0, 0x30], 0x2d, [0x61, 0x34, 0x63, 0x37], 0x2d, [0x37, 0x36, 0x31, 0x63, 0x39, 0x64, 0x61, 0x34]}}}]}) syz_open_dev$I2C(&(0x7f00000066c0)='/dev/i2c-#\x00', 0xb6f4, 0x400202) syz_open_procfs(r6, &(0x7f0000006700)='mounts\x00') syz_open_pts(0xffffffffffffffff, 0x4cc162f913022679) syz_read_part_table(0x1, 0x1, &(0x7f00000067c0)=[{&(0x7f0000006740)="db5a079dd43062f6985b514ad6b7ac652950f7e5317a81ed924386c1083a75b7e2675967acdc58644241b6de981ba65e75816e078f21212cb862a33934c9b4729a722151fd15361d771e0c59e4b2a7b4ae5ad6d45a6bb51fa6d0", 0x5a, 0x10001}]) r21 = syz_usb_connect(0x4, 0xe11, &(0x7f0000006800)={{0x12, 0x1, 0x201, 0x73, 0x54, 0x2d, 0x40, 0x572, 0x1324, 0x84d3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdff, 0x4, 0x0, 0x4, 0x20, 0x5, [{{0x9, 0x4, 0x21, 0x6, 0xf, 0x13, 0xd5, 0xef, 0xff, [@generic={0x7f, 0x3, "ff0419261d951966e92d906d4e26342908f7c148a2d9b1b9fe291ad2ef963725ab895c81d7bbf8f9d4da5a4f8e4311a0bdfdab97f508939e62470eae4dc13f11324f9b808eb9c06cec3f30a86ef0fb2ab90e7e0440e87ff52268879d8ae0c91a67350e71af1fb2d4908d78222008e8b671156b17906f6a1e05e02b6b37"}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x3, 0x6a}, [@mdlm_detail={0xc0, 0x24, 0x13, 0x2, "f6e0bd71542530d6c882e531f60f2eefd05d356385c0a622a120a81678854855c27040645d6c24372772108aef34f2af0226daa99d3cecfe168fc9fae28ed3bd295c7543166ce5f252a2584e73d212d587245b8ebefbae8693d88f8fda2bbfbc9628a08e7d81a194b0c49e82f6bc230124576b45b4cbc1d5c02dcb3f943dad75c6c2c5023c1e670ff6825d8ba23c205a7eb9dc0bcac28c3514072078d2fa782c3186d4b1ed8040ee1c765bc234afcc52a91722527e5dbd902dc299d8"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x0, 0x2, 0x36, 0x0, [@generic={0x2a, 0x31, "71c3c3d61bbd6965e0dab513c14e7d2a6d7d8346228af46c617a9c6f93e2c923767b9dcf1b1c6524"}, @generic={0x35, 0x8, "2efac1777f97f088cf4ea6909a4ab819543a678dbd611baebf76500b0c10e099a09827edc986bd1c1c58ec9277827878700a60"}]}}, {{0x9, 0x5, 0x6, 0x3, 0x400, 0x3f, 0x2, 0x8, [@generic={0x2, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x40, 0x4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x8, 0x8}}, {{0x9, 0x5, 0xe, 0x1, 0x200, 0x2, 0x4, 0x9}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x0, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x41, 0xcb, 0x102d}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x32}}, {{0x9, 0x5, 0x2, 0x4, 0x20, 0x20, 0x7f, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x40}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0xe0, 0x80, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x7f7, 0x8, 0x4, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @generic={0x5b, 0x2, "e26816788a1cc1881a23c8f41a67d73be6c21467fa34c32c9fb2f208c26929eb652736f9d91d3a85b6391ddd8c23c309f20aa96d84d489fdc425acea48489fbd62f0f3653d94ee6b8e1dab83b19ebca6d735785ab9dd724d66"}]}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x80, 0x1, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x40}]}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x7, 0x4, 0x3f, [@generic={0xe8, 0xb, "8afc39fabf2e69efa61b092694e9e70187bbd4343a5666c1c2e1b5bec12bd1b163325b32047e6fad0442c370407ad2ddd4eb563a85408bb4762b8e46a46343a9bf7184805cd60c0da1010dbd995b1d798e5b4a50a10dc11cd395932b5ed4f8e06e566a726de03c0447587e03d655e73c3e30e43e8c2189d9f1fcbd1e3d45712e9203ad62e34e8e2753c6f2d0fa953d20dfd1bb42479fc033959aac5043149cede9286dce763b3f20adafee005dc6830db89cd58f56a2f97fb10e0c37c0dd5163ae6178387a0284ab981a6cabcd05db4314326332e1d32d69d9e5624ac086333279b2df93b78c"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x4, 0x2, [@generic={0xf8, 0x3, "d2a336681843bee63f1181dde58ce139c87eb39d3b1b13c89f9c9942603abc8f409b89eda8fb2c9c68e3ceb4707a75450830066cf2309172cf06530be62566c8c628436ede40b0634b7758b6177ab79a5ef2501a59d580c5732944b2f3bd5123fd15635cfe8491a03ab3d10d4251809ac6af635e9148f6c9b7e3b93fd4be3387d4ce9708f9741d7d2496f60697db796d17bb9f55ed9d12a4f524c9ae5de2044e863c2437082c82f7050362b38a90ff5663e9a1ca56d899ac4621209709528342ac71bad07661ab437999a73a967200b8bdc975a78f6ed6f8e6ec81b637bbde985315c32eaaea7de92325dfef7482221b7a31212a96cd"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x82, 0x7ff}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0xe4, 0x0, 0x1, [@generic={0xab, 0x9, "c6fe273694b4052a22099e80c67e2eb27fdeed48b1527546e3a7407afc77ae43bd824d2ffd79ec4a2313e6decb221d295542046d0e0311c0c02e9f0973d49f0b1bd49da23af4c41449e8fd005ddeac5cb8c73c951a76626ee8860e18c85cef48bb8b33506f1a4f6ba421211bd04f96dd2463655b6ed4206bcc049ebc67a5a0acbfd5eb77055f232bdc5c33a92fd80ebbd2dad67c470a1ee401280c84bc45a225abf7d7b7a8c4fdd77c"}, @generic={0x99, 0x23, "6ad24c93ae66afc243c82a2022885c515435d3a6a8d0ef67866f48824aae8e31c13f450cf10477c7add814e0a20d3690e34f8760b7875357601e82073a7a84d0f4b1e64b33276f3bbbce504bdd2f2b38c1837770876ed0367dbb280fc108a38f3b1a3869cf038871f5acd4e8dec2ec99bfef6e2596df567fac26f3173792c20b5d1fe6715eb4a9d964af6fcc731d4ac6be25d3217f7d87"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x3f, 0x8, 0x1}}, {{0x9, 0x5, 0x6, 0x0, 0x1df, 0x4, 0x3f, 0xc5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1}]}}]}}, {{0x9, 0x4, 0xb1, 0xff, 0x4, 0xb0, 0x15, 0x7a, 0xa9, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "2502"}, {0x5, 0x24, 0x0, 0x96}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x1, 0x7, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0xde, 0x1, 0x3, 0x84}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x20}, @dmm={0x7, 0x24, 0x14, 0x8, 0x6}, @acm={0x4, 0x24, 0x2, 0x7}, @country_functional={0xa, 0x24, 0x7, 0x20, 0xd57a, [0x3ff, 0x7]}, @network_terminal={0x7, 0x24, 0xa, 0x80, 0x0, 0xfc, 0x6}]}], [{{0x9, 0x5, 0xc, 0x10, 0x400, 0x80, 0x3f, 0x0, [@generic={0xc0, 0x23, "2fa6216fa5b34b3c347a90d7c09dee9e3bad4cefe7c178d4c248c175d6e265f0f15b5db2f1efacfbb4758001a895f8296a82cc243a7a71e6cfa59d27d6ba04086b1318f3997aee663fb0b188a95e8505f2758d8b43e54dce1e6131ac08c8f29e40fdf18bbcb5704b23471e1fa2bba764581ce7dc0a1f880b6aa4e3930f9524baf7f50f7cb58ddbd7b065be270227b47e34a827a2f09e87652c3b0933945d95bcdc062e78953c6fef78199736f62470ac624140ad403c6f788d52e10e1103"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x20, 0x3f, 0x7f, 0x2, [@generic={0x1a, 0xc, "1c2b9bf91836ba9e5950279aa449ab2614f17ec478a5a700"}, @generic={0xc3, 0xc, "3139f56a95cd9acd2caf2874da064adf8a3ea93cbd32e14f79b6838a875d2b1c7286c617f780e83cd8ac69a4714e1041cf11a698866063e44d74c6dfbee89055eda3b70177af2e4b138edbeb82f34605c614b3a5cb7750f220c4c8bc450a3009d9bd3300561498c164cf3b3800cdf575f5ee9456ffec5acc96ed76e226c36e52508d2fc08e9f1ea6fe8cfc2c9a31b09ac556d2e48e88db3170505052ed76a475aa82d636d97e10e7e3dd77125f5df8a7957d3c3f94f1c76cbc0136192639d17640"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0x48, 0x2, 0x4}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x6c, 0x1, 0x3, [@generic={0xce, 0x21, "06c168e4ec518fa84dd51ea16950af04289b85639249e5b27619a03017479cb314d2ffe9ee81be9eb017cf98234e8f723618dfe39f1f4cee3ca842dd870208e01ccd1c6ae4d9a71b2814b6aa795fefda450727b3beb266f7f35620f09a3508c29fd60d9847342c295b2ba867e49b8f0b746d5b752be69f4da88f938dcbfe1690333c467cb8900597ad4aa434404539243f3a64dbced5554562042fb98fd0a5553ab0bdf0accf16525c4f84634aee8763db10e70e77a89a714221ad805f538a0d1a824dcb6aaac61d3ea4bfe9"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x5}]}}]}}, {{0x9, 0x4, 0x6b, 0x3, 0x5, 0x3d, 0x21, 0xee, 0xc0, [@hid_hid={0x9, 0x21, 0x848d, 0x1f, 0x1, {0x22, 0x3f6}}], [{{0x9, 0x5, 0xd, 0x10, 0x40, 0x7c, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x69, 0x5fa4}]}}, {{0x9, 0x5, 0x3, 0x1c, 0x3ff, 0x8, 0x81, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x7de74b8872483837, 0x3, 0xfff}, @generic={0xba, 0x9, "b8e7e610b074325b28a38b1b5f756cddecec9026baedfb158c2ce4d0e348d24473f7a1ee74bda8a6d5845acf5de095713bb020e1292cc080d9c89744f8ced96916bb2055a1a1769f6a7b4d13b9f74050a8220ddf0d09a94c3bfbaab06fdd2b5e0b1931b77f426c18e3c88da25c52c019dbfbdbb8bf0e5ee628b5a46d95b53942feb5bf7bfd581f93a945c85da33b763d2f0c3345898c95e2a1228e5e084070a1e96bcef7237f0a0336c63091be6b87d3ff68de36f6c9b0b2"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x40, 0x7, 0x22, [@generic={0xfc, 0x11, "fbb0ddc340e0ee5466415babc59d3bbf8a569109351e089df059094e3c5aef87f9e13120dc043a4dad9193dbea34aeffbe3c0d945d8a18d6c055b79ce51adb09820eb6965d7822f553c590fb935cc1580e2b0ef039290f87ad62e2181dd2bb24a778ed74233d39c6b01566723d386acd2ff242720da95bf54494db06516e40d19276be27f9e078c7621abec79af90b12fd0dbf628fa9f9a094938f297a8f8c63ffe57d0040792e86e8d2425b2a50d37cc1ab3975227ec4cd85c02d734b8ece891b274962c113349b2b06f2ea197af23472e2d1ce4d930cf849f77e619c77b2e9b1db977c040b428933d8066b5931283d2949ea8125c46537a3e2"}, @uac_iso={0x7, 0x25, 0x1, 0x48bab2644d8e755d, 0x7, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x400, 0x5, 0x5, 0x1f, [@generic={0xb3, 0xb, "0a9026864d79f21b7a150b9caff6d223287b8ca67d8d62ad2444ad8ab24035f87bea387a1c6316cda61d7f3d152b507dfea13eb6954867d249c909aa46a731771bbc9de959dd60ac857669ab680aaf8c6f94b64795dc7ec60da5532bf58f6ba5b8c7372ff5f95b3108e29b13e6709f815016d353c6dedbf545df03d5874be715513c36fffeea5bc1df7bef3bf19910b01592c235f3e817749084a38bde9e196e2737cdddc6dbe14313679a0be32114a935"}, @generic={0xcb, 0x9, "0e30d967c4c4788b63964565055446049bb057ffe7fa484137ed940ed696d3df822d7fda84e035fc02f279aa407fe51792456473440dfaf2f6cf452e0d539d88953efdfbdbea71a7def8bdc106b81f325b00bd332a3dc69cba4329c305bd46892b30d447ece171ba0b4a73c2a08e6430a8edb6cfb5fb7ab5bce34ba2385fc7ab6a5d602c699192d9a967dcf255d2bd6453ff27b3e4978a8169f8f8d9e1d742dea5536ee6b5b8411f4a7eeaf5959bbad4a203de44cc50c15d54ac510afe7c69e79f401436dbc365114c"}]}}, {{0x9, 0x5, 0xb, 0x16, 0x8, 0x5, 0x0, 0x3, [@generic={0x5f, 0xc, "7a83aa842e67fc4a39312722b063b29ed9d208585808b5dd26d2c9043ac304dc298686d0cd8a9d623e678b98410d54a5ab43a709a1626f4d8047335ba62f795459990e7014ecdc1049386380366f56e3d10af424e1ef087b7070abb893"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7, 0x401}]}}]}}, {{0x9, 0x4, 0x9d, 0xba, 0x1, 0xff, 0x2, 0x73, 0x7f, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xff80}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3f, 0xa0, 0x81}, {0x6, 0x24, 0x1a, 0x5118, 0x30}, [@mdlm={0x15, 0x24, 0x12, 0x200}, @mbim={0xc, 0x24, 0x1b, 0x605, 0x3ff, 0x81, 0x4, 0xfffb, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xb9}, @mbim={0xc, 0x24, 0x1b, 0x6e5, 0x200, 0x4, 0x6e, 0xce, 0x6}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1, 0x2, 0x80, 0x6, 0x6}]}], [{{0x9, 0x5, 0x3, 0x8, 0x10, 0x8, 0x1, 0x1f, [@generic={0xad, 0x2, "b044854ee175c5f2bc2f67075ff4fa049f4dba9c234be8d40e895e8a2a7919b48cc6c304190115e9933eb1c982428c3a0d53369ef77092d6081aa2bdf5463deb38457f1d6744bb734f03ebdf50766b49535c5ed1b34b2e12857c87bd89ef452a92eb0720b39c06bc7367eb39fc6a1af37a888fe0710114e8788de4c808bfd119326c6d2cf4944b3a5689d03593436aa1077eff8d2c94bd5daebc9d86e5bbef65640438b8c4fa73d85cc7b2"}]}}]}}]}}]}}, &(0x7f0000007840)={0xa, &(0x7f0000007640)={0xa, 0x6, 0x110, 0x80, 0x9, 0x1, 0x10, 0x4}, 0x64, &(0x7f0000007680)={0x5, 0xf, 0x64, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0xf00, 0x4, [0xff0000, 0xc0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x0, 0x1f, 0x9}, @ssp_cap={0x20, 0x10, 0xa, 0x81, 0x5, 0x7, 0x0, 0x80, [0x0, 0x3f00, 0x0, 0xc000, 0xffc0]}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x80, 0x1, 0xf07a}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "16fa0cbcaf6e45fef8910fb597fea0eb"}]}, 0x3, [{0x9e, &(0x7f0000007700)=@string={0x9e, 0x3, "34301c3d32d7def46707ec19f9c06bbeea898849d56918f2d0f10b7b728f8d232de4e1223ce42f7d086783ba310baa68a22d8acfba4d52375a16dacac7761a3c9520929d6239c159e1da18cfc780e3bae0a1e47440bb15f6b62f2b0ed31f5cf2207d406bf71dd30a089dbd7199bbb21bfebc4e355eb56802d954251ca927dd11051e83ad0bf09142b2532be8b294464a27a075c4cccae191ca851049"}}, {0x15, &(0x7f00000077c0)=@string={0x15, 0x3, "eeb263c00ce58f490a96561b62608fa1655205"}}, {0x4, &(0x7f0000007800)=@lang_id={0x4, 0x3, 0x3416}}]}) r22 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000007880)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f0000007b00)={0x18, &(0x7f0000007900)={0x20, 0x21, 0x9a, {0x9a, 0x5, "0a168b3c55888f31c926ba2932a9d137d8b19ac217f0d222e093824f4b30ec9e71c2634ee0fb8fc224addefdba18c22f1b78c6b465114bd224c2af0a379537eae87e76ebd91d16063f2eccafd30090936afa29ebaacd35082ca5b7a2b7215d54c7255536c77bd8dfb34bf40ec7575083548d95c567773cbac187aeaaf98afe5f506e960948b75e62e26a165725841b5b0c64364a8f090980"}}, &(0x7f00000079c0)={0x0, 0x3, 0x6e, @string={0x6e, 0x3, "b5d26af63c75392699ac83eb6afa75b921d77e3fcf43ef5e919df9bdca82840caf4cdf52bb7a8a2393a8b1a2a1b17fc9fa42013569eaeeace8c977ccd308e3026ec12887b9b882e4068adfe69e7d2e1048a4527ac6eab162bc67007648ca3d0f3d8ceb3ae6ff58093804654f"}}, &(0x7f0000007a40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000007a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x4, 0x8, 0x2, "018a11ac", "983b66d4"}}, &(0x7f0000007ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x10, 0x20, 0x1f, 0x81, 0x8}}}, &(0x7f0000007f40)={0x44, &(0x7f0000007b40)={0x20, 0x9, 0x10, "cec641d81e53b2ba4e01ec10758c40aa"}, &(0x7f0000007b80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000007bc0)={0x0, 0x8, 0x1, 0x1f}, &(0x7f0000007c00)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000007c40)={0x20, 0x0, 0x4, {0x200, 0x40}}, &(0x7f0000007c80)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000007cc0)={0x40, 0x9, 0x1, 0x12}, &(0x7f0000007d00)={0x40, 0xb, 0x2, "d847"}, &(0x7f0000007d40)={0x40, 0xf, 0x2, 0x676}, &(0x7f0000007d80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000007dc0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000007e00)={0x40, 0x19, 0x2, 'aB'}, &(0x7f0000007e40)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000007e80)={0x40, 0x1c, 0x1, 0x70}, &(0x7f0000007ec0)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000007f00)={0x40, 0x21, 0x1}}) syz_usb_disconnect(r21) syz_usb_ep_read(r21, 0x20, 0x53, &(0x7f0000007fc0)=""/83) r23 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000008040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x3ff, 0x2, 0x1, {0x22, 0xc2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0x0, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x1, 0xfa}}]}}}]}}]}}, &(0x7f00000084c0)={0xa, &(0x7f0000008080)={0xa, 0x6, 0x0, 0x11, 0xf2, 0x20, 0xbf, 0xe3}, 0x35, &(0x7f00000080c0)={0x5, 0xf, 0x35, 0x5, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "81b3e831d05d61724e7efe59e3eb35a8"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x9, 0x5, 0x232, 0x1}, @wireless={0xb, 0x10, 0x1, 0x6, 0x40, 0x3f, 0x1, 0x1000, 0x95}]}, 0xa, [{0x4, &(0x7f0000008100)=@lang_id={0x4, 0x3, 0x437}}, {0x94, &(0x7f0000008140)=@string={0x94, 0x3, "0a2b55e24c1e439b99c4a7b6b78a9e1199af0fe5c77d119caa1a262a2323ee85d44ce53cbc4f5bbf3395b8fc426891dd21c2f69720e49d0fadd034ca3534b4f52df6840f0275705c8269c7e7fe3b1feb9516eac7e587de92b89029304914a67f5bcc9f23f60972b1c03c7e6dd649587ec780e816d865781d19c17776714121e87c9173fd96dbf3bdeb4b5f7e012bb8279f38"}}, {0x44, &(0x7f0000008200)=@string={0x44, 0x3, "135ea6243a3497b7eb5c6f4ba0c38c06848217b0743b8e74e62495ddd293aa49f0d26f1b86bcde62553a7e587aef8c1ef0d8c12ba3dec7576f9e3e4f42ecb1a175ca"}}, {0x4, &(0x7f0000008280)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f00000082c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x31, &(0x7f0000008300)=@string={0x31, 0x3, "82c70229053020a324b98d14d57b17a9b3440c051f56e3edd2f4967ba56e075aa6f988063de07f08ad93ea709ba613"}}, {0x4, &(0x7f0000008340)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000008380)=@lang_id={0x4, 0x3, 0x430}}, {0x2c, &(0x7f00000083c0)=@string={0x2c, 0x3, "cd518b3d76f828b8d2d98e5799a829496af14834d249dc1cca0a1ecc5e987c008e50a3de8f936abd8728"}}, {0xa8, &(0x7f0000008400)=@string={0xa8, 0x3, "957fa00647da8df845747dead5482f4116e0443bcb7b303c0fcf35fcd1367d8ad5e069d0a3217622e4dbe2018555e1506dade1ed57308b8051ade815e925581f82d3f3c5fe1df80702d02c9074ce052e542cf5cbc10a22a09765cb02c87c14aa57b192f978ea1a6002b1476012c88c874e1b1cb7fc70935316d34300ddae420a78e2e53eb53002f3b03c9cd2754b8cf02f9841f8fb0e168dc4e00eea014b30fe68a700c65c0c"}}]}) syz_usb_ep_write(r23, 0x9, 0x9, &(0x7f0000008540)="434d22b98f2594643d") csource_test.go:123: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 239; #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { return syscall(__NR_socket, domain, type, proto); } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: out_hdr = req_out->write; break; case FUSE_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 50; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45 + (call == 10 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_fstat #define __NR_fstat 108 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getgroups #define __NR_getgroups 80 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_getuid #define __NR_getuid 24 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_lchown #define __NR_lchown 16 #endif #ifndef __NR_lstat #define __NR_lstat 107 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 345 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/vcsa\000", 10); res = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0x404800, 0); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000080, "batadv\000", 7); res = -1; res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[1] = res; break; case 2: *(uint32_t*)0x20000140 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x10000; *(uint32_t*)0x20000144 = 0xc; *(uint32_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x1c; *(uint16_t*)0x200000c4 = r[1]; *(uint16_t*)0x200000c6 = 0x10; *(uint32_t*)0x200000c8 = 0x70bd29; *(uint32_t*)0x200000cc = 0x25dfdbff; *(uint8_t*)0x200000d0 = 1; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 8; *(uint16_t*)0x200000d6 = 0x31; *(uint32_t*)0x200000d8 = 2; *(uint32_t*)0x20000104 = 0x1c; *(uint32_t*)0x2000014c = 1; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 0; *(uint32_t*)0x20000158 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x20000140, 0x8010); break; case 3: syscall(__NR_sendmmsg, -1, 0x20000180, 0, 0x20000024); break; case 4: memcpy((void*)0x200001c0, "/dev/nmem0\000", 11); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x185001, 0); if (res != -1) r[2] = res; break; case 5: *(uint8_t*)0x20000200 = 0x20; memcpy((void*)0x20000201, "/dev/vcsa\000", 10); *(uint8_t*)0x2000020b = 0x20; memcpy((void*)0x2000020c, "rwl", 3); *(uint8_t*)0x2000020f = 0x20; memcpy((void*)0x20000210, "xb", 2); *(uint8_t*)0x20000212 = 0; syscall(__NR_write, (intptr_t)r[2], 0x20000200, 0x13); break; case 6: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(__NR_lstat, 0x20000280, 0x200002c0); if (res != -1) r[3] = *(uint32_t*)0x200002d0; break; case 7: res = syscall(__NR_read, -1, 0x20000340, 0x2020); if (res != -1) r[4] = *(uint32_t*)0x20000354; break; case 8: memcpy((void*)0x20000240, "./file0\000", 8); syscall(__NR_lchown, 0x20000240, (intptr_t)r[3], (intptr_t)r[4]); break; case 9: syscall(__NR_ioctl, (intptr_t)r[0], 0xc0086420, 0x20002380); break; case 10: memcpy((void*)0x20000000, "bpf_lsm_post_notification\000", 26); syz_btf_id_by_name(0x20000000); break; case 11: *(uint8_t*)0x20000040 = 0xaa; *(uint8_t*)0x20000041 = 0xaa; *(uint8_t*)0x20000042 = 0xaa; *(uint8_t*)0x20000043 = 0xaa; *(uint8_t*)0x20000044 = 0xaa; *(uint8_t*)0x20000045 = 0xbb; *(uint8_t*)0x20000046 = 0xaa; *(uint8_t*)0x20000047 = 0xaa; *(uint8_t*)0x20000048 = 0xaa; *(uint8_t*)0x20000049 = 0xaa; *(uint8_t*)0x2000004a = 0xaa; *(uint8_t*)0x2000004b = 0x18; *(uint16_t*)0x2000004c = htobe16(0xc); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 0, 29); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 29, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 1, 30, 1); STORE_BY_BITMASK(uint32_t, , 0x2000004e, 0, 31, 1); *(uint8_t*)0x20000052 = 4; *(uint8_t*)0x20000053 = 2; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; memcpy((void*)0x20000056, "\x03\x08\x4e\x27\x50\x09\x63\x3c", 8); *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 2; *(uint32_t*)0x20000088 = 0x3ca; *(uint32_t*)0x2000008c = 0x523; *(uint32_t*)0x20000090 = 0x65; *(uint32_t*)0x20000094 = 0x6d6; break; case 12: *(uint8_t*)0x200000c0 = -1; *(uint8_t*)0x200000c1 = 0x41; break; case 13: memcpy((void*)0x20000100, "\xc4\xc1\x9d\x74\x8f\xe2\x00\x00\x00\x67\x0f\xae\xf7\x65\x65\x36\xf0\xfe\x8b\x00\x00\x01\x00\x2e\x0f\xfe\x5c\xf5\x9b\xc4\xc1\x31\xf5\x64\x15\x00\xc4\xe2\x8d\x04\xc8\xc4\xe1\x4f\xc2\x9c\x65\x3f\xb1\x00\x00\x44\xc4\xc2\x15\x39\x16\xc4\xe1\x48\x5c\x9f\xae\x00\x00\x00\xd3\x97\xfd\x33\x46\x20", 72); syz_execute_func(0x20000100); break; case 14: break; case 15: memcpy((void*)0x200001c0, "/selinux/enforce\000", 17); res = syscall(__NR_openat, 0xffffff9c, 0x200001c0, 0x400, 0); if (res != -1) r[5] = res; break; case 16: res = syscall(__NR_read, -1, 0x20002380, 0x2020); if (res != -1) r[6] = *(uint32_t*)0x20002398; break; case 17: *(uint32_t*)0x20004640 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20004540, 0x20004640); if (res != -1) r[7] = *(uint32_t*)0x20004574; break; case 18: memcpy((void*)0x20004680, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004680, 0, 0x7ff, 0x200046c0); if (res != -1) r[8] = *(uint32_t*)0x200046d8; break; case 19: res = syscall(__NR_getuid); if (res != -1) r[9] = res; break; case 20: res = syscall(__NR_fstat, -1, 0x20004840); if (res != -1) r[10] = *(uint32_t*)0x20004854; break; case 21: *(uint32_t*)0x20004b40 = 0xe4; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20004a40, 0x20004b40); if (res != -1) r[11] = *(uint32_t*)0x20004a74; break; case 22: *(uint32_t*)0x20004b80 = 0xee00; *(uint32_t*)0x20004b84 = -1; *(uint32_t*)0x20004b88 = 0xee01; *(uint32_t*)0x20004b8c = 0xee00; res = syscall(__NR_getgroups, 4, 0x20004b80); if (res != -1) r[12] = *(uint32_t*)0x20004b8c; break; case 23: memcpy((void*)0x20004cc0, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20004cc0, 0x4000, 0x400, 0x20004d00); if (res != -1) r[13] = *(uint32_t*)0x20004d14; break; case 24: res = syscall(__NR_getgid); if (res != -1) r[14] = res; break; case 25: memcpy((void*)0x20000200, "\xad\xa8\x30\x14\xeb\x2c\x80\xfe\x20\xe6\xd8\x8c\xac\x3d\xb0\x00\x64\xa1\x2f\x3f\x75\xac\xf4\xc1\x1f\xa5\x29\x77\x13\x1d\x64\xee\x5d\x27\x03\x72\x8b\xba\x81\x97\xda\x61\x3c\xf6\x2c\x27\xcf\xab\x69\x6d\x25\xf6\x8a\xf7\xb1\xf7\xf0\xab\xec\xb2\x25\x8e\xc8\x3f\xb6\x11\x86\x91\xfe\x81\xb5\xa1\x82\x62\xb0\x4f\x79\x53\x36\x25\x2c\x7d\x97\x42\x3b\xbd\xe2\x88\xaa\x00\x92\x39\xe9\x12\x41\xe8\xd7\xde\x4c\xb0\x40\x7a\xff\x09\x1e\x52\x66\xc9\x2c\x4d\x61\xf4\xc7\xd8\xb7\xcf\xa4\x31\x1d\x86\x3b\xc0\x2a\x2b\x5e\x38\xb3\xa6\xb0\xb4\xb9\xf6\x9a\xfb\x5d\x9b\x76\xbe\xac\xc6\x7b\xd5\x44\xfd\x63\x22\xe3\x42\xf3\x31\xa8\x6c\x9f\x3b\xe9\x3c\xe7\x24\x8d\x06\x60\xbe\x5d\xcf\xf2\xe4\x78\x7d\x2b\xb0\xf9\x55\x23\x95\xe0\xc7\x05\x58\xd8\xba\xfc\x83\x49\x9d\x63\x1a\x1c\x56\xf2\xfe\x66\xfd\x11\x14\x4f\xa8\xd3\x4c\x00\xc9\xcd\xc8\xec\x25\x27\x5f\x8f\xaa\x85\xee\xa5\xc0\x65\x2f\x44\x94\x25\xb8\x2c\xb6\xe9\xec\xa3\x6a\xf2\x24\x48\x4b\x9c\x72\xe8\x15\xad\x99\x37\x88\x85\x33\xd9\x4f\x06\x83\xb2\xe4\x74\xe1\x04\xa2\x4b\xa6\x83\x91\xfd\x8c\x46\x8e\x49\x1d\x1f\x5b\x40\x9d\x9b\x79\xce\xce\x78\x30\x55\x59\x56\xfa\x5d\x31\x52\xb0\x1a\xeb\x5a\xfd\x1a\xfc\x32\xa1\x0b\x4e\xbb\x90\x93\x1c\x53\x29\x79\x25\x03\xcf\x22\xcd\x5b\xff\x4f\xe3\x2d\x4f\x8d\x79\x14\xe2\xc1\x62\x8b\xda\x9e\x62\x20\x58\x89\xe5\xc1\x55\xfc\xb5\xbf\x7e\xf5\x55\x94\x26\xd7\xdf\x52\x8a\x27\x0f\xa1\x6e\x97\xd6\x1c\xb3\x85\xba\x86\xc4\x8a\xfa\xd5\xdd\xa0\x7b\x0f\xec\x9a\x43\x12\xff\x4a\x57\x44\x1e\x36\xe0\x14\xc0\x51\xe7\xae\x30\x5c\x02\x53\x59\x5d\xbe\xfa\xb5\x45\x98\x4f\x69\xd1\x7a\x75\xb2\xfd\x2a\x15\xd1\x10\x7f\x6c\xd5\x0c\x0d\xd4\x69\xf6\x1a\xd7\xd7\xcf\x5e\x05\xb3\xaa\x58\xea\xda\x6e\x7b\x57\xe4\x57\x84\xf6\x04\x40\x21\x6c\xf7\x64\x36\xe4\xeb\x9b\x21\xa9\x07\x79\xc4\xc8\x38\xa3\xf2\x35\xa4\x7f\x86\x02\x72\xe7\x45\x76\xf3\x6d\xe7\xaf\x63\xf2\xb4\x30\x9d\x6d\xa3\xa5\x80\x90\x45\x80\x7e\x12\x33\x62\x27\x85\xef\x13\x91\x87\xaf\x22\x08\xb0\xae\x7c\x0d\xd0\x82\x00\x8f\x5a\x2e\x36\xfe\xe9\x78\x93\x77\xa2\x1b\x30\xc7\x71\xbd\xe3\xab\x08\xeb\x5f\xfe\x29\x90\x2e\x8c\x80\xb3\x3b\x38\x83\x2d\xad\xda\xe7\x0a\x0d\x9e\x16\xe0\x6a\x6c\xab\x04\x40\x2c\x70\xc7\x26\x62\xdb\xde\xb9\x54\x46\x7f\x7b\x8f\xff\x12\x8c\x4b\x7a\x3e\x64\x5f\x21\x5f\xa6\x4d\x57\xe6\x77\x6a\x3a\x42\x06\xcc\x85\xea\xa1\x69\x8c\x40\x4e\xad\xa8\x28\xc4\x50\xd0\xf5\x37\x67\xab\xc2\x3e\x46\x6b\x77\x7a\xdd\x8a\x34\x78\x20\xd7\x5b\xc4\x01\x94\xee\x49\x0e\xc7\x6f\x70\x74\x52\xa8\x72\x2f\xa8\x9c\x1d\xef\x43\xa0\xe0\x4f\x16\xc8\xeb\x07\xe0\x06\xb8\xa7\xab\x63\x87\x82\x1a\x50\x7b\x73\x8d\xc9\x82\x87\xac\x3f\x18\x63\xc3\x60\x58\x27\xde\xb6\xd5\x0b\x57\x5f\x75\xdf\x14\xde\x56\xd5\x17\x82\x8f\x7c\x91\xa1\x25\xdf\x20\x23\x20\x9f\xc8\xc1\x76\x5d\x81\xf8\xc0\xfa\xf7\xbf\x59\x8e\xe8\x56\xef\x04\x35\x60\xf9\x6d\x3d\x1f\xca\xd0\x38\x8d\xa9\x22\x81\xd8\x64\xa7\xb5\x46\xbf\x8f\xeb\x2d\x5b\x92\x19\xba\xac\xa0\x16\xf0\xa2\x75\x1f\x7f\x8f\x20\xc4\x4e\x0f\xa2\x40\xcf\xdc\x76\x3c\xa9\x84\xd5\xcf\x8b\x2a\xe0\x41\xbb\x71\xdf\xb6\xc5\xd9\x12\xdb\x3e\xe6\xae\x8c\xe4\x4a\x98\xc6\x5c\x74\xf7\xe3\x14\x7f\x63\xb1\x3e\x71\x2a\x30\x91\xe5\x32\xb3\x8b\x58\x18\xec\xff\xc4\x44\x6a\x65\xbb\x52\xe2\xa2\x0e\x59\x3d\x7a\x09\x5e\xce\x64\xf5\xb2\x33\xbf\xc4\x0a\x21\x5f\x7e\xcd\x86\xc8\x5a\x33\x2a\xd6\xc5\x38\x77\x2b\x87\x8c\xa1\x46\x49\x49\x58\xec\x38\xb4\xaa\x09\xe8\xea\x4d\xc6\x1f\x0b\x7c\x9b\x7b\x9c\x23\x67\xf9\xef\xb9\x28\x55\x94\x8e\xd4\x8b\xea\x1f\x90\x3e\x72\xe9\x07\x7e\xbc\x9b\x85\x11\x45\xca\x1d\x5c\xef\xbf\x8e\xd6\xc3\xc7\x5a\xed\xc2\x8e\xdb\x7c\x93\x2b\xe6\xca\xb0\x11\xed\x21\x40\xfe\x20\xcc\x72\x49\x9a\x9b\x3d\x80\x69\x78\x05\xf3\x3a\x04\xd3\xa4\xdd\x04\x92\xd0\xd5\xe0\x0f\x90\xe1\xf2\xfc\xad\xaf\x0e\x3b\x31\x1f\x5f\xa7\x0b\x0b\x06\x63\x84\x6b\x42\x36\x42\x9f\xb9\xf4\x38\x38\xda\x19\x61\x52\xf7\x22\x94\xe0\xa1\x16\xf5\x5d\xe8\x4d\x3d\xd3\x83\xe7\x09\x99\x2d\xf1\x64\x04\x09\x75\xbe\xbc\x25\x84\x68\x13\xfc\x6b\x4b\x47\x7a\x44\x65\x94\xd7\xae\xff\xfa\x65\xf5\x70\x00\xee\xad\x79\xc8\xea\x09\xa2\x6a\x4a\x00\x34\x19\x35\xd5\xb9\x14\xb8\xe0\x1d\xb5\x81\xda\xa0\x51\x7a\x94\x54\x3c\x61\x36\xee\x16\x25\x67\xf9\x8e\x9c\xa9\x71\xe1\xf2\x91\x06\x77\xbf\xb9\x14\x1d\x41\xcb\x7b\xd9\x18\xc0\x85\x1e\x36\xd6\x61\x14\x7c\x80\x54\x5c\x93\xd1\xdc\xb5\x37\x68\x36\x9f\x0a\x3b\xd8\xe5\x14\xf6\x9f\xb4\x6d\x76\x45\x7d\xc8\xe8\x67\x64\x5d\x32\xad\xc6\xe0\x0e\x13\x07\x46\x6d\x66\x8d\xfd\x4a\x27\x8a\xbc\x0e\x3c\xc3\x4e\xf9\xf7\xd4\xfa\x09\x36\xab\x99\x43\x19\x84\xc5\x08\x84\x10\x13\x1e\xb8\x53\x2f\x6a\xad\x9d\xd4\x5e\x80\xee\xd3\xb5\x7b\x4d\x1d\xbf\x26\x24\x40\x01\xea\x49\x60\xf8\x4f\xd7\xbc\x72\xcf\x29\xfa\x82\xc8\x07\x86\x5d\x89\xb4\x3d\x58\x71\xe5\x3b\x10\x30\x8d\x7d\x21\x53\x8a\x6c\x47\xb1\xad\xf9\xbd\x9d\x26\xb6\xcf\xec\x6a\xa5\x3e\x15\xaa\xaa\x8a\x7d\x72\x3f\x6d\x4f\xde\x8f\x9b\x24\x72\x00\xde\x31\x68\x86\x0a\x6a\x49\x52\x71\xdb\xff\x49\xcc\x6b\xbb\xc0\x90\x50\xfc\x39\x6f\x07\xab\x60\xbe\x91\x04\x54\xf4\xbe\x67\x8d\x90\xe9\x5a\xc3\xc6\x88\xea\xe8\x44\xb9\x50\x0c\xe9\x7b\x77\x63\xd0\xe7\xef\x95\x17\xbc\xc7\xbb\x08\x0d\xe8\x1c\x84\xed\x17\x5e\x28\x55\xc8\x27\xcc\x63\x4f\xd3\x42\x68\x18\x4a\x5e\xde\x8a\xef\x4c\x58\x49\x90\x49\x82\x42\x94\xa1\xfd\xc1\xf0\x43\x55\xca\x99\xe2\x2f\xae\x10\x1d\x27\x53\x1d\x85\xff\x61\xe6\x28\xf1\x00\xe4\xfc\xd8\xdf\xed\x79\x59\x25\xfb\x9a\x98\xe9\xc6\xeb\x1c\x20\xa4\x68\xad\xb0\xef\xad\x8b\x89\x55\x4e\x58\xd9\x14\x2a\xba\x68\x05\xd9\x44\xae\x57\xad\x45\x21\xf4\x04\x91\xeb\x39\x2c\xbd\xd8\xa7\x21\xca\x84\xe7\xfd\x32\x3f\xa0\xd9\x89\x0e\x39\x49\xf3\x87\x5c\x15\x56\x6c\xcc\xdd\x1d\xb6\x0f\x4a\x81\x8b\xae\xf5\x99\x69\x42\xc6\xaa\x10\x6b\x1b\x6a\x71\xe1\x3e\xc4\x3b\x40\xb6\x57\x89\xa7\x5b\x39\x2f\x83\x0e\x65\xe0\xfc\x93\xb7\x13\xe1\xde\xd2\x4e\xf7\x81\x4a\x23\x3a\xb1\x33\x4e\xed\xb4\x83\xf9\x71\xdc\x57\x79\xd6\xd5\x0d\x8c\x3f\x16\x51\x99\x98\x46\x84\xbc\x32\x33\x6b\x68\x07\xc8\xa5\x0f\x9a\x64\xb2\xd3\x06\xce\x41\xda\xc8\xae\x2b\x63\xe4\xe9\xe6\xaf\x25\x22\x8f\x7b\x8e\x1d\x8e\x37\xee\x09\x5b\x41\x7e\x87\xeb\x3d\xbe\xc7\x4a\x84\x3e\x8c\xa4\x5c\xb5\x66\xe1\xe0\xa8\x8b\xb0\xb6\xcd\x0c\x60\x24\x28\x69\xad\x32\x55\x00\x24\x7f\x4a\x07\xae\xec\x82\x65\xed\x9c\xd6\x4c\xea\x00\xe5\xc9\x33\xfc\x53\x90\x47\xb5\x70\x33\xd7\x69\xb3\x58\xae\xab\x4f\x8c\xfd\x98\x7f\x27\x84\x33\x62\xf2\x9b\x79\x65\x28\x82\x9f\xd8\xe6\xa1\x3d\x17\xd7\xb5\xb3\x96\x1a\xb6\x54\x44\x82\x8a\x08\xd6\xa4\xe4\x17\x84\x4c\x0f\xd5\x4a\x39\xc1\xd4\x69\x61\x2e\x70\x98\xc5\xe6\x81\x16\x14\x68\x9b\x5d\x69\x75\x76\x92\xf8\xb9\xa2\xda\x48\x44\xef\x3d\xbf\xee\xfc\x8f\x74\x63\xc7\xfb\x95\x56\x0c\x80\x8d\x68\x1e\x0f\x95\x38\xef\xec\xe0\x8c\xcf\xe8\x11\xbb\x7c\x9f\x3f\xc1\xb2\x40\x70\x32\x98\x37\x48\xb7\x36\x77\x94\x69\xb7\x61\x0f\x0a\x16\xe9\x97\x23\x3d\xe2\x47\xd1\xa2\xda\x18\xde\xce\x77\x19\x9b\x6c\x7f\x46\x0f\xa7\xa5\xc8\x8c\x2d\xc8\x63\xf7\x14\x45\x8f\xa4\xb3\x5d\x0b\x88\x91\x90\xa0\x3f\x31\x99\x15\x3f\x40\x08\xae\xa0\xa5\x73\xce\xaa\x07\x95\x76\xc2\xea\xdc\xb1\xca\x49\xc5\xb6\x44\x7e\x86\xc0\x1b\xd5\x79\x47\x01\x87\x31\x87\xbc\x15\x8f\x43\xfc\x48\x22\x0a\x0e\x26\xb0\x0f\x6b\xef\x73\xdd\xf5\x4a\xaa\xbe\x33\x56\xc3\x46\x8e\x72\x9b\x48\x7c\x88\xdc\xb0\x71\xdf\x6c\xe5\xf3\x5e\x02\xfb\x16\x1c\xfd\x7f\xb9\x59\xe1\xc5\x8f\x64\x01\x42\x6a\xc9\xbe\x60\xb2\x58\x76\x00\xd7\x2d\x0a\x25\x2a\x79\x9b\x09\x3b\x34\xdb\x84\xf8\xce\xbf\xda\x7c\x2a\xda\x8f\x58\xf8\x78\xba\x47\xbd\x29\xd0\x23\xbe\xa2\x6a\x9d\xfc\x37\xf7\x2d\xd6\x93\x96\x4d\x2e\xce\x00\x31\x79\x79\x1f\x04\x9f\x98\xfe\xd2\x96\xf2\x52\x1c\x48\xe7\x6b\x3c\xa4\xed\x06\x01\x7d\xdd\x77\x4a\x4b\xf4\x86\xdd\x44\xaa\x6b\xdd\x90\x68\xc1\xb8\x49\xb8\xfb\x10\x03\x00\xb9\xd3\x33\x3b\x95\x08\x7f\x45\x11\xb7\xf8\x69\xf9\x56\x47\x50\xd5\x57\x02\x00\x3e\x44\x48\x0c\x13\x34\xa9\x54\xe7\x72\xa1\xa4\x90\x40\xa6\xae\x19\x4f\x20\x11\x91\x6d\xb3\xd0\x10\x7e\x2f\xa3\x7e\x30\xae\x7e\x96\x47\x12\xea\x6d\xd1\x27\xf1\x32\xf2\xf2\xf9\x31\x81\xa1\x45\xc3\xf5\x67\x55\xeb\xea\x80\x32\x5a\x4f\x30\x41\x03\x68\x4c\xd5\x27\x90\x6f\x8e\xc2\xe0\xdf\x0b\x23\x23\x78\x8a\xfb\x35\xfc\xba\xc9\x3a\x76\xe5\xb2\x2d\xd1\x35\x5e\x3d\x79\x3f\x5f\x1f\x87\x44\x30\xd0\x86\xf1\xe4\xb9\xe3\xc6\xf5\xc3\xfc\xcb\xe7\xcd\xa3\xa3\x5c\x3a\x92\x34\x16\xef\x67\x83\x2b\xf1\xd6\x28\x7c\x0d\x2b\xd7\x0e\x69\xc9\x24\xce\x97\x69\x3c\x60\xaa\xe3\xbc\xc3\x5f\xca\x34\x0f\x87\x55\x33\x4f\x18\x52\xa0\x66\x81\xc2\x98\x6d\xaa\x72\x91\x64\x6f\x4c\xbc\x29\xd4\xde\xfb\x4b\x00\xf3\x27\xc6\x6d\x20\x1e\xc1\x33\x1e\xf0\x4f\x55\x0b\x47\x69\xc6\x47\x01\xd3\xfc\xc6\x45\x14\x0d\xe2\x85\xec\xef\xdc\x88\xdc\x53\xe3\x3c\x74\x77\xf5\xb9\x7f\xb7\xff\x85\xda\x43\x2c\x08\x46\x30\x27\x96\x16\xd1\x67\x4f\x96\x57\xbe\x09\xdb\xa3\xd7\xc9\xc7\x77\x2f\x14\x28\x83\x30\xd4\xf2\x20\x4d\xc3\x40\x2a\x6c\xa2\x66\xa6\x60\x90\xfe\x51\x53\x5a\xc0\xc8\x6b\x71\xe1\x8a\x1c\x21\xeb\x98\x2f\x2d\xf1\x13\x6f\xd9\xb6\xf1\xda\x62\xc3\x68\x79\x2b\xdf\xf0\x49\x46\x89\xa8\xc4\xf3\xbe\xee\x9a\x5a\xd3\x66\xd7\x15\xff\x80\x17\xf4\x89\x00\x46\xc3\xe7\x32\xa5\x7c\x60\xe4\x63\x1f\xaa\xd4\xcc\x3b\x3d\x20\xbf\x61\x33\xbf\x85\xdb\xb8\xb2\xe6\x16\x88\x66\xcf\xbd\xaa\x21\x77\xe1\x0d\x16\x7c\x50\x1b\x92\xc8\xf0\xc7\x9f\xc2\xb8\x4b\xae\x75\x6c\xed\x61\x72\xbe\x9c\xe8\xa4\x66\x9e\x15\x9e\x88\x49\x75\x08\x1e\x68\x6d\xb2\xce\xc2\x86\x93\xfb\xa5\xc4\x3a\x16\x67\x53\x4c\xea\xb3\x04\xe0\x5a\xc1\x44\xb7\xca\x7a\x40\x37\x66\xcd\x30\x6a\x36\x60\x9f\xfa\x6a\x63\x00\x30\x7f\x7c\xa1\xb2\x91\x5c\x69\xd2\x99\xde\x17\x1c\xcb\xf5\x39\xf5\x04\x6b\xaf\x46\x78\xdc\xeb\x31\x32\xad\x39\xe9\x94\xbd\xb0\x05\x65\xb8\x61\x90\x36\x23\x0f\x8f\x2b\x2c\xe8\xe4\x2d\x5b\x3f\xc9\xe8\x3d\xb4\x71\x05\x34\x29\xbf\x0d\xd4\x86\xa8\x2b\x02\x75\xcc\x8c\xfa\xbc\xbf\xc9\x30\xd2\x79\xf0\xcf\x9b\xb4\x7e\x3f\x34\x25\xf1\x98\xaa\x32\x6a\x01\xdf\x90\xc8\x02\xee\xce\xbf\xe1\x08\xad\xfd\xf3\x40\x13\x39\x50\x5c\x5e\xb4\xcd\xc0\xe0\x28\x3f\x6a\x05\xfb\xfa\x5f\x1e\x1a\xd8\xbc\x7a\x23\x7e\x7e\x6b\xd6\x0f\xde\xc2\x13\x4f\xc1\x2b\xc6\x7a\x1f\xe1\x6f\x0b\x2f\x6b\xf9\x67\x62\x01\x77\xfd\x75\xe3\x9b\x62\xd1\x90\x30\x2f\x62\xdc\xa1\x5b\x51\x43\x4e\x5f\x4a\x75\x9d\xd2\xce\xaa\xb2\xa0\x77\x9a\x66\x35\xa9\x9c\x5f\x30\xad\xd5\x85\x0f\x70\x5c\x55\x6a\xb3\x05\x96\x92\xb1\x1b\xdf\x6d\xcf\xb7\xa4\x15\xac\x22\xb6\x26\x55\x23\x90\x85\xc5\xe7\xb0\x63\x68\x44\x53\xf8\xf2\x5d\x8e\xbc\x0d\x73\x04\x2c\x4f\xb9\xb4\xe5\xcd\xb9\x1c\xb9\xf8\xf4\x9f\x66\x7b\x58\x20\x9f\xe9\x77\xc6\xed\x97\xbd\x6b\x97\x09\x99\x0f\xe0\x1a\x59\xcb\x45\x41\x76\x12\x19\xab\x82\x3a\xce\x1a\x05\x91\xc6\xcf\x2e\xbd\x4a\x42\x0c\x54\xa3\xf5\x2b\xad\xc6\x58\x23\x9c\xd3\x54\xfd\xce\xf9\xc7\x6e\x53\x41\xe4\xef\xa5\x97\x63\x30\x61\x03\x33\x2a\xce\x4e\xa1\x77\xfb\x28\xb4\x2d\x77\x04\xc7\xb2\xec\x65\xbe\x1c\xfb\x1d\xc2\xc2\xf5\xda\x13\xdd\xed\x12\x60\x01\xcd\x77\x9d\xaa\x77\xc2\x6c\xb2\x2c\x36\xdd\x78\x83\x28\xfb\x06\x89\x78\x25\xcf\x03\x97\x91\xd4\x8b\x73\x5a\x42\x9f\x15\x73\x71\xf4\x37\x4f\xab\xf7\x93\xc0\x04\xf9\xfe\xe7\x68\xda\xa6\x70\x7a\x20\xe8\xeb\xb0\x30\x7e\x4a\xb2\x6f\xc2\x41\x60\xf2\x16\x9f\x01\x8e\x30\x60\x04\x58\xc5\xeb\x67\x9e\x67\x32\xfe\x9f\x3d\x70\xd9\x60\x27\x0b\xb4\x45\x3d\x93\x6b\x47\xa8\x25\x0c\xf9\x6d\xca\x21\x26\x88\xee\x6c\xb7\x45\x33\x1a\x0a\xc6\x8f\x5f\x9e\x20\x02\xa3\x9c\xd2\xee\x3a\xda\x91\xa1\x4b\x03\x05\x90\x3e\xd3\xd6\x62\xca\x1d\x1e\xd5\x24\xe7\x21\xaf\xd2\x06\x78\x9c\xfd\xa8\xb8\x84\x86\xd8\xa8\x00\xb8\xe6\xf9\xfe\xf0\xc6\xa1\xac\xaf\xce\xfb\xbd\xe5\x1b\x7d\x56\x68\x47\x6a\x03\x64\xb8\x35\xfc\xc2\x43\x1d\xff\xbb\xdb\xd2\x0b\xf7\xb8\x04\x03\x09\x21\x9a\xb9\xd3\xfb\x8c\x57\x6b\xcc\xcf\x65\xf5\x12\x7d\x2c\x58\xff\x79\xe8\x68\x2c\x5c\x45\xfc\x12\xa8\x43\x20\x49\x4f\x13\x33\xd3\xf3\x65\xae\x77\x5b\x3b\xc5\x11\xfd\x45\x13\x99\xb7\x9d\x2d\x0c\x69\xdf\x6d\x38\x1b\xa0\x81\x98\xcf\xb5\x02\xed\x54\xe2\x9c\x1c\xc0\x62\xca\x95\xcb\x50\xb2\x65\xf0\x45\x19\xde\x3f\xd5\x8d\x3d\x35\x11\x7a\xab\x1d\x7d\x96\x61\x6d\x71\x07\x0e\x78\xf2\xeb\x2e\xcd\xe9\x6e\xd5\xed\xfb\x94\xe5\xa0\x94\xf1\xc5\x3d\x8d\x95\x40\x3b\xba\xd3\x1e\x8a\x46\xa5\x1e\x2e\x21\xe3\x69\xa8\x99\x25\xbc\x5b\x8f\x1e\x8c\xe9\x36\x9c\xa7\x08\xcd\x19\x0c\x6f\x47\x33\xef\x24\x33\x47\x95\x1c\xd6\xac\xd5\x15\xd9\x8c\x06\xcd\x91\x78\x61\x5a\x27\xfc\x2f\x72\xb7\x61\xa9\xfc\xdb\x8a\xf4\x7a\x63\x85\x04\xf2\xda\x90\x0d\xd9\xfd\x92\x24\x14\x56\xae\x4e\xbf\xf3\x31\x0e\x4b\xda\xc8\xb0\xfa\x7f\xb7\x71\x5d\xb3\x16\x7a\x45\x97\x9d\x46\x62\x24\xab\x16\x8f\x50\x85\x48\x9b\x8a\xab\x34\xc5\xe3\xc3\x21\xc8\xa3\x62\x78\xc8\x9a\xf4\x92\x08\x13\xf9\x1f\x49\xfa\x76\xee\x3c\x84\x47\x12\x9f\x8c\xed\x14\x7d\x5a\xf7\xc3\x98\xad\x51\xc4\x03\xab\x9a\x94\x12\xc7\xb1\x5c\x52\x6d\x71\x2c\x62\xa1\x62\x39\xcf\x70\x3e\xe2\x6b\xe9\xad\xd5\x7f\xd5\xfc\x88\xc3\x99\x0c\xc5\xcf\x30\x8d\x7e\xd9\x7e\xfb\x22\x68\xcc\xd3\xa5\x0e\x36\xc3\x96\x3c\x38\xb9\xa7\x69\xb8\xca\x81\x1f\x71\x49\x3f\xe9\x70\x52\x12\xd9\x23\xfc\x26\x31\x0f\x3f\xe8\x14\x27\xd6\xa2\xd6\xcc\xa9\x89\xb4\x7e\xce\x62\x9e\x64\x60\x92\x80\x4a\x10\x5f\x20\xb6\xe7\xa6\xe8\xb7\x4b\x48\xc5\x23\x0e\x5c\x31\x9b\x2e\x52\x50\x84\x47\x8e\x24\xf9\x96\x34\x2e\x11\x97\x68\x3a\x9e\x63\xea\x8c\xab\xe0\xd6\x24\x2a\x60\x6b\x82\xba\xa7\xa8\x52\x58\xef\x32\x0a\x1f\x95\x4e\x71\x88\x07\x22\x53\x9c\x22\x01\x66\x25\xc8\x37\xcf\x32\x3d\x0d\x03\x02\x21\x5a\xf5\x1d\xa4\x24\x73\xc0\x51\x4e\x72\x7f\xbd\xaf\x3e\xd3\xaa\x24\x2a\x79\x40\xd9\xce\xcc\xdf\x21\x85\x4e\xef\xf8\x5e\x34\x7a\xa6\x81\x4a\xf2\xca\x73\xc0\x4d\x41\x0e\xc4\xed\x2f\xf5\xb4\xb4\x6f\x21\x75\x9f\xa0\x5d\x0e\xe3\x94\xc5\xf8\x06\x5f\x87\xc3\x16\xc2\xb5\x91\xdf\xb6\xa9\xa0\xe2\x70\x1f\x2c\x82\x2a\x53\xc6\x43\x9f\xe8\xa1\xfb\x1b\x9d\xbd\x59\x37\xb2\xb4\x42\x1e\x14\x48\x7d\xb4\xdc\xc1\xb2\x75\x03\xea\x11\x3c\xf7\xb3\xb8\x18\x53\x62\x49\xbb\x97\xb5\x64\x84\x4a\x8d\x48\x02\xce\xae\xa4\x68\xca\x0d\x43\x15\x45\x35\x06\xcc\xaa\xa4\xbc\x1d\x38\x95\x9f\x84\x61\xcc\xd8\x46\x02\x5f\x57\xa4\x22\x20\xb2\xcd\xa3\xff\xfd\x65\x42\xeb\x06\xb5\x64\x4e\xd4\x48\xd7\x87\xb8\xb4\x42\x4e\x29\x87\x0f\x9c\x66\x19\x25\xed\xeb\x11\xf3\x0b\xe0\xdb\xa5\xdf\xee\x43\x43\x88\x79\x5a\xba\x09\x31\x2f\xf7\x75\x5c\x8e\x8b\x78\xb5\x61\x8f\x51\xe4\xa8\x8e\xc1\x35\xb6\xa0\x51\xe5\x7e\x65\x83\x58\x3a\xf4\xd3\x70\xf2\x70\xf3\x22\x95\xad\x4d\x37\x1a\x88\xba\xb8\x4a\xb6\x92\x63\x7b\x0b\x04\x53\x76\x5e\x55\x45\x44\x15\xa6\x3c\x55\xb0\x3c\x1d\xd2\x72\x06\x02\x13\x47\x80\x03\x07\x0d\x5c\x6f\x73\x1f\x7d\xad\x3f\xd7\x8b\x7f\x11\x96\x7b\xce\xc9\x41\x5e\xae\x8b\x98\xac\xa9\x98\x20\xbf\x5e\xe1\x6e\xc0\x91\x1c\xaf\x1b\x8f\x2b\xb3\x32\x53\x04\xec\x27\x69\x20\xeb\x57\x29\xf5\xda\x34\x80\x48\xbf\x13\x40\x9e\xa5\xbd\x1c\xa7\x6d\x77\x1a\x53\xdc\xf9\xe8\x2b\x92\xce\x58\x32\x98\x62\x67\xf5\x8f\x35\xa6\xb0\x02\x98\x8e\xdc\x51\x50\xf5\xb6\x56\x49\x4a\xf8\xf7\x28\xb1\xd3\x9a\x38\xb8\x34\xf9\xa5\x56\x57\xb1\x6e\xe5\xc7\xcb\xb1\x38\xd1\x2f\x28\xc1\x04\xf2\x1c\x13\x43\x3a\x4e\x26\xc1\x37\x60\x07\x8d\x99\x6b\xf4\x07\x8c\x75\x24\xd3\x65\xca\x7e\xa1\x56\x56\xd8\x82\x00\xfb\xb7\x68\x28\xc3\x44\xa0\xe0\xf7\xf2\x5f\xb7\x1c\x3f\xfc\xc8\x19\xee\x39\xe9\x8a\xfe\xa6\x41\x52\x63\x52\xa2\xcf\x4a\x51\x62\x94\x13\x2c\x33\xa9\x30\x78\xe1\xd7\x49\x3d\x7e\x64\x38\x42\x7d\x08\x19\xbe\xb4\x82\x6b\xe4\x43\x68\xde\xb1\x05\xf3\xfe\x20\x27\x98\x3d\x84\x91\x1d\xcf\xbd\x26\x8a\xe3\x9d\x83\x73\xf6\xf4\xb5\x29\x1a\x94\x73\xad\x7a\xd9\xab\x3b\x75\x41\x07\xf7\x8d\x21\x8b\xda\xcc\x92\x6d\xb3\xb9\x95\x8b\x4a\xec\x67\x9e\x35\xf7\x1c\x10\xbe\x30\xf1\xd4\x7f\x9e\xbc\x36\xd2\x98\x82\x5d\x58\xe0\x23\xbd\xf4\x03\x58\x2b\x6b\xc6\x73\x62\xe5\xe8\xb0\xad\xc5\xcd\x1f\x4e\x88\xec\xd3\x84\x2f\xe1\xd7\xa9\xb7\x27\x98\x7f\xd1\xaa\x1e\xc8\x8f\xf2\xb4\x55\x13\x9d\xd6\xbf\x94\xcf\xbb\x78\xdb\x89\x33\x15\x70\x82\xf1\xd0\xc6\x35\x94\x3a\xc8\xbf\x83\xcd\x35\xae\xea\x85\x19\x06\xeb\x2d\xb3\x29\x4e\x50\x3d\x86\xda\xb5\xe0\x84\x19\x2f\xc0\x48\xcc\xb0\xfc\x74\x20\x30\x97\x22\x19\xc4\xd7\x4a\x37\x22\x8a\x30\x17\x68\x73\x4b\xd8\xa1\xa3\x39\x58\x87\x19\xf3\x46\x95\x1c\x58\xb7\xb8\xa7\x8b\x34\xb9\xd9\xef\x83\xd0\x1b\xf5\xcd\x86\xa0\xca\x7b\xca\xa3\x37\xda\x65\x45\x80\x28\x42\x39\xc7\xf8\xae\x82\x26\x0b\x2e\x6b\x63\x2c\x42\xdc\x12\x90\x1d\x10\x53\xf2\xb1\x0a\x38\x03\x82\x67\x3e\xda\x68\xf4\xc8\x66\x3c\xb4\x0b\x42\x04\x1a\xad\x67\x8f\x7c\x64\xc7\x2e\x45\x5b\x93\xcb\xc6\x67\x06\xf0\x22\x70\xe3\xcb\xf8\x97\xb0\x1a\x49\x34\x89\x55\xc1\x11\x37\xb5\xc7\x1c\x9f\x51\x69\x63\xd2\x1d\x7e\x2e\x06\xbe\x35\x41\x9a\xf4\xb2\x8e\x5c\x80\x7a\x63\xdf\x28\x7f\x84\x4c\xc8\xbf\xab\xcf\x70\xb4\x62\xdc\x2e\xd4\xcc\xdf\x82\x76\x5c\xdf\x73\x7e\x10\x9d\xfb\xfe\x02\x73\x79\x4e\xd9\x59\xc6\x67\x02\x90\xf8\xba\xe6\x6c\x9b\x73\x55\x93\xa9\x0f\x13\x54\x34\x97\x9c\x88\x02\x93\x43\x32\xa2\xa6\xc3\xe1\xa6\xf5\x21\x52\xcb\xcb\x4d\xd5\xe6\xb7\xec\x33\xd8\x80\xda\xa9\x46\xb9\x8f\xa8\xda\x12\x0b\x2e\x10\xbe\x1f\x9f\xda\x52\xc5\x33\x2d\xee\x98\xa8\x9a\x3d\xdc\x06\x03\xd0\x3d\xbb\x46\xf5\x8d\x26\x69\xda\xf2\x00\xda\xcf\x4f\x1d\x55\x84\xaa\xc5\x77\xde\x4b\xe0\x79\x59\x94\x95\xdf\x8e\x78\x90\xda\x55\xf3\xf9\x53\xb1\xb5\xe4\x4a\xbc\x78\x38\xff\x0a\xc4\x24\xaf\xb0\x0e\xcd\x7a\x15\x64\x17\xcb\xf9\x45\x31\xf1\xd6\x81\x5c\xfa\xeb\x6e\xd1\xc6\x6e\xcb\x5d\x4a\x23\xd6\xd0\x3c\xcc\x3a\x10\x5e\xe8\xe9\xc9\x90\x3c\x5f\x77\x5b\x24\x22\xba\x76\x8c\xd4\x0a\xb8\xce\xe4\xee\x2a\x69\x3e\x31\xa9\xd8\xbe\xf0\x49\x4d\xbb\x94\x18\x75\x85\x3b\x6a\xc5\x1f\x9f\x84\xa2\xc0\x9e\x16\x55\x07\x93\xf4\xd3\x54\x00\x72\xe5\x29\xfd\x59\xf0\xcc\xfc\x7a\x99\xeb\x8b\xdf\x2e\x43\x12\x33\x6d\x2f\x45\x62\x95\x0a\x44\xc9\x10\xdd\xe6\x22\xfd\x32\x09\xb4\xe3\xec\x77\xe7\x7e\x20\xa5\x31\x8b\xd2\x27\x1b\x13\x11\x0d\x64\x84\xe1\x95\x85\x5e\x4d\xad\xb6\xcb\xb4\xdb\x44\xab\xc1\x8e\xa5\x15\xbc\xb6\xf6\xe5\x32\x1c\xc1\xa5\x19\x07\x84\xf6\xda\x0d\x04\xd9\xf8\xe7\xb0\x79\xcd\x3a\xdf\x18\x35\x1f\xfc\xf8\x88\xf8\x5b\xbc\x3a\x36\x8f\x20\xce\xcd\x8d\x40\x0c\x54\xcc\x73\xd9\x78\x0d\xa5\x12\x48\x5c\xff\x4e\x1a\xf3\xc7\x7a\xaa\x63\x07\xda\x30\x5d\x0a\x43\x9a\xb2\xcc\xaa\xcf\x7b\x33\xbf\x39\x5e\xe3\xf4\xfa\xb0\x4a\x4e\xb8\x91\x2f\x4d\x55\xe6\xc2\x7f\xfc\xe2\x22\xa3\xf8\x4d\x64\xb1\xd0\x10\x5b\x31\x3d\x4d\x06\x27\xf8\x62\x84\x74\xbc\x89\x45\x65\x0b\xf7\xe7\x92\x37\xcd\xce\xc6\x3d\x00\x39\xe4\x24\x3d\xfd\x07\x35\xde\x01\x8d\x80\xfa\xb0\x59\x4f\x92\xa9\xd5\xf4\xeb\xcd\x59\xf8\x11\x73\x71\x26\x0d\xc3\xa7\xf0\xf1\xe2\x02\x19\x89\xd9\x09\x10\x73\xd0\x44\x52\x51\x99\xa6\x98\xe1\x02\x06\x06\x79\x5b\x81\xa7\xa5\xf4\xb0\x60\x94\x82\xa6\x42\xad\x0b\xbb\x1a\x58\xc2\x7d\xd8\x47\x10\xd7\x79\x78\x05\xd9\xd8\xae\xe9\xa0\xda\xa1\x3c\x60\xf4\xa1\x91\xca\x31\x42\xfb\xc1\x2d\xc4\xa7\x26\xf2\x95\x59\x78\x5e\xb1\xc6\xc2\x4c\x20\xdc\xa0\xfa\xf7\x76\xf0\xe3\x13\xed\xe6\x6e\xdf\x25\x59\x88\x99\xf9\xf2\x0e\xdb\x27\x55\x15\x28\x11\xeb\x71\x12\xea\x26\x7b\xf3\x12\x5f\x7f\xa2\xab\xb2\xb2\xb0\x16\xf8\x88\xae\x8d\x95\x4d\x66\xf6\x2e\x6e\xc9\x95\x2e\x90\xd5\x21\x78\x49\x51\x14\x4c\xea\xb8\x0d\x1f\xf4\x55\x3e\x93\x7c\xab\xe9\x19\xba\xb1\xf2\x00\xf7\x4d\x12\x8d\xd5\x14\x78\x43\x49\x2d\x70\x81\x41\x1d\x28\xdf\xd1\x90\x50\xa6\xed\x28\x74\xa5\xd6\x2f\x5f\x7e\xbd\xe8\x8b\x26\x70\x37\x7d\xc3\xb7\xf4\x45\x4f\x90\x6e\x06\xde\xf7\xc8\xa4\x84\x82\xec\x83\x4b\x81\x90\x25\x54\x46\x9e\x11\x46\x58\xc5\x32\xad\xfc\x08\x9a\xdb\x0d\xaf\x4f\xb8\x4c\x3d\x63\xef\xac\xc5\x86\x90\x6d\x4a\xd8\xfd\xd6\xfb\x1f\xd8\xbe\x76\x03\x30\x35\x23\x76\xa9\x28\xbe\xd6\xb7\x5d\x1f\xcf\x64\x1c\xea\x78\xf3\xc2\xd3\x03\x74\x4b\xf6\x5c\xe0\xfd\x75\x9b\xa7\x79\xf7\xd5\xba\x83\x6a\x08\x65\x24\xe1\xca\x2a\x80\xee\xd5\xfc\x59\xb8\x2e\x3f\xcb\x64\x1d\x2d\xb0\x6b\x58\xa7\x56\xf3\xbc\xd9\x36\x30\xbd\xda\x48\xd1\x8c\x41\xc8\x4f\xfa\x62\xd4\xc3\x1d\xbb\x66\x48\x6d\x99\xab\x17\x77\x62\x07\xfe\x7d\x0b\x1f\x16\xad\x70\xb7\x2f\xf4\xd0\xd3\x83\xd3\x81\x39\xd9\xf4\xe6\x58\xc9\xdb\x65\x1a\x4d\x52\x1e\x8f\x46\x9d\x16\xa3\xd6\x54\x8d\x0b\x84\x60\x63\xc0\xdb\x48\xb1\x6f\x14\xd2\x89\x3d\xd0\xfb\xa5\x53\x52\xf6\xac\x24\x97\xd9\x14\x52\x79\x7b\x8a\x0f\xe6\x52\x81\x0e\x9d\x0c\xa7\x61\xfd\x04\x66\xdb\xdf\x5b\x58\x15\xfa\x95\xf3\x42\xf2\x87\x47\x48\x5f\x97\x61\x00\x39\xd1\x98\x31\x83\x1f\x39\xa9\xe9\x25\x86\xa7\xce\x0e\x06\x07\xa0\x6a\xd6\x95\x9c\x45\x2b\xeb\x98\xea\x02\x4b\xec\xeb\x16\x74\xa2\x1b\xa8\xe7\x15\x50\x84\x48\xae\xce\x53\x54\x69\x66\xed\x8e\x71\x95\xdf\x63\x9b\x22\xa3\x48\x7a\x18\x1e\xb0\x03\xd8\x48\xd5\x79\x94\xff\x3b\x3d\x15\xef\xa8\x81\x88\xc7\xc5\xf1\x50\xac\x4b\xac\x13\xa1\x83\x34\xc4\x83\x61\xde\xd6\x4f\x35\xc9\xba\x9e\xe3\x01\xce\x46\x24\x5c\x7d\x10\x16\x41\x14\xca\x15\x66\x38\x31\x85\xf2\x21\x58\x5a\x0e\x75\x59\xc3\x1f\x19\x93\xf5\xde\xa9\xa5\xca\xde\x9b\x45\xb2\x2b\x08\xc2\x8c\x05\x62\x91\x85\x9f\x1e\x39\x37\xb3\xf7\x54\xfa\x7e\x31\x95\xa7\x8f\xd8\xe0\x17\x33\x37\xf2\xb8\x4a\x5f\x0d\x3b\x79\xa9\x49\xf4\x7d\x98\x12\xa7\x34\xa2\x66\xaa\x1f\x88\x9e\x6f\xca\xa6\x6d\xfc\x01\x18\xc6\xfa\x91\x38\x05\x44\xa3\xc8\x25\xd2\xd2\x80\x8c\xc7\x5b\xd0\xe2\xde\x76\xcf\xfa\xc4\x84\xf7\xfe\xaa\x26\x7c\x97\x3b\x16\x3f\x7a\xbb\x83\x58\x20\xf8\x7f\xeb\x4c\x01\x42\xa9\xd3\x54\x3d\xf3\xd1\x4e\x60\xf8\xcd\xb5\xe3\x43\xac\xcc\x0a\xa8\x7f\x45\xb5\xc4\xfe\x3c\xba\x76\x62\x17\xa2\xa2\xa8\x79\xf2\x9b\x90\xea\xb8\xe2\x6b\x5a\x35\x46\x05\x40\x26\x92\x5a\x31\x2b\x76\x2e\x14\xd0\x3f\x3b\xaf\xb9\xb9\x80\x18\xf1\xc6\xe5\xca\xa7\xfc\xc4\xcd\x97\x4a\x9d\xb2\x61\xe5\x74\xc5\x02\x37\x68\x0f\xde\x44\xbf\x4d\xdd\xdc\x5f\x28\x75\xe2\xaf\x3e\xa3\xbd\x80\x97\x70\xba\x16\xf8\x86\x0e\x94\xca\x99\x1c\x93\xf9\xc8\x79\x8b\x4d\x4d\xca\xeb\x03\x21\xc4\xd2\xf4\x36\x73\x91\xc9\x74\x8b\xe4\x32\xd4\xdb\xb1\xac\xd5\x83\xad\x7e\x95\x48\x78\x86\x6e\x27\x3f\x7d\xa2\x1f\x35\x04\x5b\x91\xa4\x38\x1b\x45\x30\xf9\x2a\x76\xa4\x45\xde\x5a\xf7\xea\xe9\x74\x5f\x32\x06\x24\x02\x6b\xfc\x8c\x98\x4e\x4d\x07\x16\x72\xdb\xbd\xae\xce\xe8\x8e\xcb\xfe\xbd\x43\x64\x9f\xd3\x7c\x08\x91\xc7\x68\x97\x57\x1b\x64\x6c\x16\x2f\xf3\x87\xcb\x12\x30\x06\x69\xc4\xe2\xb4\xfc\x20\x28\x65\x39\xae\x94\xd3\x94\xcc\xab\xa3\xe3\x97\xa9\x92\xbe\xcf\x4b\xbc\x6f\x4d\x09\xec\x07\x9d\xfc\x00\x7b\x9c\x57\x29\x9a\x0c\xb5\x9a\x5e\xe1\xb1\xa7\x6a\x03\xcd\xd2\x8b\xf7\xf0\x76\xab\x78\x5d\xa1\xf1\x85\xc1\xb3\x9c\xfc\xa5\x7d\x96\x71\xf8\x5a\x1a\xbb\xfa\xa4\xe4\x2d\x45\x4a\xab\x49\x15\xc8\x96\xf3\x26\x7c\x2e\x31\x8b\x49\xe5\xea\x23\xdb\x81\x6d\xd9\xf4\x5a\xc5\x1e\xfd\xb8\xad\x54\xd6\x4c\xde\x3c\x36\x30\x85\xb9\x81\xb2\x74\x33\xff\x16\xf7\x6a\x29\x94\xeb\x7a\x03\xb6\xc5\x4c\x4f\x17\xc3\x44\x6e\x34\x8c\x76\x37\xee\x40\x8c\x47\x4f\x61\x5f\x52\x5c\x5a\x85\x3d\x5c\x2d\xdb\xbd\x8f\x9a\xfc\xd3\x7b\x2d\x64\xfc\x09\x80\xce\x56\xf4\x61\xfa\x1c\xcd\xca\x60\xaa\x0f\x6c\x86\x74\xd4\x29\xa8\x6b\xa1\x03\x3c\x7a\x31\x33\x4a\x21\x81\x77\xff\xc6\x4a\x96\xd8\xce\x99\x6a\xab\xbd\x1b\xa1\x17\x0f\x55\xce\x27\x68\xe3\xd3\xae\xe5\x0e\x9e\x09\xd3\xa2\x8e\x09\xd9\x3f\x68\x81\xa2\x72\x02\x07\x25\x62\x0b\x4f\xfa\x7b\xff\xfc\xc8\xd5\x64\x3c\xaf\x97\xfb\xa3\x83\xa0\x1f\x94\xd9\x78\x12\x5e\xc7\x98\x63\x56\xdd\xe7\x67\x17\x9e\x60\x12\xb9\x47\x6e\xe5\x76\x18\xe3\x49\x22\x46\x48\x7e\x8e\xf7\x1b\x35\x51\xad\x57\x5b\x07\xef\xe2\x0a\x26\x6e\xc3\xfc\x2b\x9f\x71\x68\x75\x15\x9b\x0a\x92\xbc\x17\x0f\x60\x89\x06\xdd\x2e\xdc\xc9\xb9\x46\xec\x4e\x55\x36\xac\x26\x9c\x99\x75\x62\x63\xd8\x07\xaa\xe2\x6b\x16\xeb\x51\x93\xfd\x2d\x46\x45\x99\xfb\x2f\x83\xa0\x8e\xbc\x21\xa5\xc3\x6d\xcb\xb5\x15\x51\xb7\x12\xca\xaf\xba\x21\x0d\x67\x36\xd0\xed\xae\x10\xf6\xae\x01\xfa\xa0\x4f\x2a\xa8\xfc\x74\x87\xa7\x18\x5a\x44\xdc\xe7\x5c\xad\x1d\xf4\x98\xf2\xef\xee\x82\x6f\x18\x63\xa9\x7f\x37\x7c\x46\x60\x99\xa1\x8d\x0a\x95\x92\xcf\x2d\x59\x2b\x1b\x31\xed\x58\x52\xf8\xe1\xa5\x08\x20\x59\xc1\xf8\xd3\x90\xf2\x5f\x31\x42\x75\xc5\x16\xbe\x4e\xb5\xeb\xec\x29\x8b\x3b\x67\x3b\x43\x60\x25\x91\xd6\x85\x9a\x9a\x44\x13\x64\x57\x25\x5a\x83\x54\x6b\xf8\x19\x15\xc8\x7d\x3b\xcc\x5e\x95\x33\x8b\x30\x7e\xdf\x71\xbf\x53\x0a\x27\xed\x99\x8d\x75\x45\xc0\x32\xd6\x5a\xf0\x4e\x47\x77\x5f\x0f\xa0\x49\xfa\x7f\x7a\x29\x80\x97\xd1\xbe\x7e\x9f\x48\xc2\xf4\x8b\x49\x15\xa0\x4f\x40\xd1\x5b\xce\x97\xb9\x13\xb0\x5e\x4e\x03\xf7\x91\x9b\x74\x15\x02\xb3\x6a\x15\x96\x33\xa9\x8a\x3f\xb6\x95\x24\xf4\xba\x03\x7e\x26\xa2\xd9\x22\xc7\x13\x60\x66\x4b\xd7\xcd\xff\x4d\xcd\x3c\x02\x10\x57\x38\x5b\x5e\xa6\x96\x6a\xe0\x12\x27\xa3\xe1\x09\x1e\x26\xd2\x65\xc3\x8b\xfd\xc5\x57\x84\x45\xaa\x92\xba\xd5\x80\xa3\xa4\x2a\x3d\xca\xfa\x2f\x22\x0f\x4f\x82\x46\xdf\xd9\x5e\x0f\x5d\x4d\xaf\x5e\xdd\xe4\x80\xc0\xb6\x21\x5b\x54\x58\x40\x5f\x82\xc1\xf5\x9a\xaa\x73\x41\x78\xf1\x58\x23\xa5\x1d\xf7\x9a\x17\x93\xab\x02\x75\x3d\xa7\x54\x42\x09\x2a\x22\x06\xf9\x0c\xec\x47\xea\x2a\x80\xa8\xeb\x88\x69\x9a\x67\xe0\x11\x0a\xe8\x6a\x33\xd4\x78\xeb\xdd\x30\x12\x86\x64\xaf\x4d\xca\xd1\x3e\x58\x60\x7c\x98\xa1\x68\xc0\x77\x99\x2f\x9c\x87\xf3\x83\x1d\x76\xdd\x82\x0d\xc4\xe3\x9f\x0a\x18\x14\xd3\xe9\xa4\xd6\xdf\x11\xb3\x19\x7f\x96\x56\x17\x8f\x06\x4d\x0f\x78\x13\x7b\x4f\x90\x84\x17\x3f\xe5\xfc\xcf\xda\x15\xcd\x52\x90\xa2\x04\x68\x17\xa7\xb5\xcd\xb1\x4b\x9a\x5a\x88\x4d\xec\xea\xcf\xcb\xfd\x8f\x04\x36\xad\xde\xe2\x73\x33\x8a\xcd\xad\xf6\x88\xfb\xf7\xd7\x8c\x33\xb9\x9b\x6c\x13\x22\x9f\x9a\xb5\x9c\x15\x23\x6a\x79\xc7\x6f\x9a\xf5\x8d\xe2\x91\x99\x24\x79\x08\x9b\x3b\x60\x99\x8c\x39\xae\x01\xdf\x67\xa5\xe1\xce\xa5\x79\xc2\xe1\x6c\x61\xfa\x50\xbf\x30\x65\x1c\x34\x09\xd9\xe0\xa6\x3e\xb6\x4e\xdf\x74\x13\x5f\x5d\xbe\x69\xf5\x90\xe5\xe0\x0e\xef\x78\x45\x46\xce\xbe\xcd\x08\x47\x2c\x1c\x5a\x31\xfc\x58\x09\x5a\x53\x39\xd6\x80\x8c\x92\x54\x68\x5b\x42\xdb\x56\xbd\x67\xbc\xf8\xbd\xa8\x31\xa4\x95\x2d\xec\xd5\x00\xb6\x12\x63\x78\xb6\x5c\x47\x22\x6a\xa9\x2f\xb8\x96\xd6\x13\xb3\xe0\x66\x6d\xbe\xb0\xb0\xb3\xb2\x27\xf3\x35\x08\x53\x6b\x84\x1d\xfc\x50\x16\x71\x5c\x30\xb9\x13\xe3\x83\xa0\xe2\x0b\xc4\x8f\x13\x7d\xd2\xf6\xfd\x5b\x7b\x67\x60\x1a\xbe\x85\xd9\x5f\x96\x26\xf2\x6b\x6f\x70\x95\xab\x24\x16\x92\xea\x58\x7a\x8a\x27\x53\x50\xa9\xee\x29\x53\x0a\x24\xed\x79\xbc\xc6\xde\x3f\x5a\x43\xbc\xcf\x5d\x2c\x7e\xf7\x6c\xf8\xf6\x66\xf2\x03\x34\x84\x9e\x3f\xfe\x67\x95\xeb\x67\xf3\x2d\x97\x77\x62\x42\x30\x74\xb6\x5a\x5c\x25\x34\xd4\x95\x71\xd2\xd0\xff\x9e\xa4\xec\x52\x6a\xf3\xf5\x0a\x29\x8c\xf5\x62\x94\x29\x0d\x0f\x25\xe8\xf9\xa0\x8c\xfc\xac\x74\xe7\x21\x62\xc7\x9a\xf4\xde\xcc\x38\xb4\x75\x1f\x50\x37\x5a\x37\xcf\xd0\xed\xc9\x1e\x4a\xf9\xdb\xaa\xae\xed\xf6\x44\x68\x99\xf5\xcd\x17\x6a\x2d\xe0\x50\x27\xf9\xeb\xf5\x93\x13\x50\x57\xb2\x22\x2c\x27\x19\x21\xb4\x64\xab\x68\xe8\x81\xf0\x38\x35\xc9\x09\xf5\xaa\x31\x1c\x3d\x08\x3d\x52\xd9\x6b\x58\x05\x19\x94\x87\x9f\x1a\x9b\xa0\x00\x3f\xcd\xb8\x7f\x00\x4f\x9a\xf6\xc7\x4f\xd9\x34\xf6\xa7\xea\x9c\x05\xcd\x1b\x0d\x53\x8c\xb0\xb2\xc1\x26\x58\x46\x6f\x50\xb3\xe8\x61\x1d\x5d\x3a\x46\xb5\xa9\x14\x5f\x6c\xb9\x87\xf1\xf2\x34\xba\x49\x4b\x47\x7f\xe6\x53\x91\xbd\xd0\x4d\xc6\x9a\xcc\xdf\x68\x4a\x75\x80\x95\xc1\x03\x16\x06\x39\xb6\x88\xae\xdd\xad\x06\xf4\xb2\x22\xcd\x54\x3c\xdd\x34\xda\x76\xbe\x67\x6d\xe3\xb6\x43\x17\xe7\xa9\x8d\xca\xc4\xed\xec\x83\x98\x53\xe0\xf3\x25\xfe\x68\xcc\x42\x01\x12\xcf\x71\x02\xbe\x05\x0d\x67\xc8\x54\x7d\x01\x97\xff\xd9\x87\x4e\x84\xf1\x78\xe4\x3d\x51\x1c\x83\xdd\x70\x26\xa8\x99\xcf\x76\xfd\x71\xdc\x98\xca\x4c\xda\x2e\x0d\xa4\xc9\xe1\xc1\xd5\x82\x9e\x67\xaf\x2b\x31\x7c\x37\x46\x55\x13\xe2\x8d\x24\xa7\xb0\x80\x79\x7f\x0a\x06\x90\x1d\xe9\xcc\x98\xab\xa4\x11\x7f\x5d\x8b\xf7\x41\xd8\x4e\x0e\x5e\x62\x8e\xcc\x05\x26\x9d\x46\xd2\x4a\x4b\x20\x7d\x4e\x35\x89\xdf\xd7\x7a\x89\x03\xc4\x96\xf8\x3b\xf9\x35\x2f\x11\xe3\xae\x02\x73\x93\x46\x7e\xe1\xff\x3a\x26\x7d\x20\xbc\x2b\x50\xcf\x92\x46\x1f\x9c\x73\x4f\x9e\x2f\xbe\xc4\x00\xcc\x36\x64\xd6\xd8\x74\x51\x75\x79\x06\x0e\xa1\x2e\xb8\xf1\x18\xe1\x0a\x3a\xf5\xcd\xb0\x4a\x18\x25\xc8\xa3\x91\x03\xaf\x72\xc0\x30\x55\xeb\x7b\x6c\x72\xfd\xdb\xf9\x06\x72\x94\x2d\x88\x52\x97\x2e\x80\x19\x04\x95\x26\x37\x1b\xec\xf4\x5f\x63\x3e\xe0\xcd\xe7\x4f\xb0\x9d\xaf\xd9\x30\x28\x8e\xd6\xcc\xd7\x03\x9f\x0c\x93\xa3\x13\x0b\x85\xa4\xa7\x7c\xee\xcb\x5d\x69\x3f\x0f\x37\x14\x40\x31\x15\x61\x36\x8e\x79\x8b\xbc\xf9\xd5\xf1\x83\xa8\x62\xfd\x9a\xd0\x8b\x43\xce\xf9\x0c\x06\x80\x21\x35\x0f\xed\x41\x83\x99\x89\xfb\x12\x1b\xad\xa9\x6f\xd1\x80\x21\xb5\x70\x2c\x00\x9c\xd0\xa7\xe9\x86\xb5\xfb\x29\x9e\xbf\xe1\x21\x31\xf7\x21\xd5\xbc\x66\xe9\x34\xb6\xbc\x17\xa1\x6d\xfa\xcd\x58\xff\x2a\x66\x98\xb3\xe7\x03\x60\x07\xb3\x41\xf1\x0f\xfd\x5b\x4f\x48\x0e\x22\x9e\xcf\x9e\x09\xe1\x75\x51\x9f\xaa\xcc\x8a\x2e\xf4\x09\xd9\xaf\xaa\xd8\x05\xe8\xce\x4f\xbb\xb7\x75\x39\x44\x46\x05\xc5\x55\x92\x01\x89\xc5\xdd\x45\x3a\xe0\x36\x88\x70\x7b\xcd\x01\x41\x1a\xaa\xfd\xba\x1f\xf3\x1e\x70\xcd\xcb\xa0\xe4\xb4\xae\xa0\x17\x80\x99\xe8\xd4\xf4\x44\x4f\x0a\x15\x1f\xbf\x79\xdc\xa2\x6b\x07\x95\x13\xdb\x9a\xdb\x32\xab\x21\x2e\xfe\xff\xcb\xb7\x41\x89\x2a\xef\x26\x5f\xd8\x88\xf0\xc0\xe9\xce\xd4\x58\x3f\xc6\x8b\xf4\xc7\x12\xbf\xe7\xf9\x9c\xa4\x40\xd7\x9b\x83\xcc\xcc\x93\x6c\xe8\xd0\x8c\x19\xc2\xec\xdf\xaa\x7f\xbe\x47\xa2\xce\x69\x41\x8f\x20\x9c\xdc\x2c\x95\x2d\x47\xd6\x78\x18\x6b\xed\xa6\xed\x2c\x0a\x94\xe7\xdb\xe6\x6b\x8a\x3e\x26\x2f\x43\x13\x4b\x52\x5d\x27\x7d\x3e\x66\x54\x31\x8f\xe9\x6b\x0b\xe7\x1c\xb2\x66\x03\xa9\x86\xdf\x48\xa9\x88\xb2\xa9\x00\xa9\x6c\xea\x83\x74\xa4\xeb\x56\x47\x4c\x36\xca\x49\x6e\x5a\xfb\x0b\x8a\x7b\x2f\xcc\x65\xf8\xf1\xef\xb8\xd3\xb2\x72\x41\x7a\xc7\x37\x9d\x86\x51\xd0\x2b\x7c\xbf\x60\xc3\xf7\x27\x6a\xae\xaa\x83\x9a\x13\xef\x28\x68\xdf\xe4\xf6\xaa\xd7\x01\x33\x76\xe9\xce\x05\x97\x9d\x47\x77\xee\x5c\xce\xbc\xd3\xea\x47\xd3\xe0\x62\x02\x92\xf4\x9c\x71\xad\xb7\x53\xb2\x79\x3d\x8d\xec\xfa\x16\x40\x77\xfe\x55\x07\x80\xcd\x28\x42\x06\xfa\x2a\xbd\x2a\x42\x17\x71\x15\xde\xfa\xeb\x85\xde\x09\x56\x33\xf9\x4d\x13\x97\x4d\x1b\x48\xb8\xa1\x83\x00\xb4\xf4\xf3\x6c\x32\x50\x10\xe5\x2a\xd8\x5d\xd5\xac\xca\x62\x19\xec\x00\x8a\x8f\x9f\xc9\x80\x6d\xbf\x55\xd3\x2e\xbf\x80\xab\x5a\x90\x37\x19\x70\xd6\x4d\xd9\x16\xa3\x18\xf6\xf4\x4c\xfc\x1f\x5b\x3b\x0b\x0a\x4c\x22\x8e\xc9\xa6\x63\x6f\x50\x16\x84\x7d\xf2\xd8\x9e\x75\x06\xac\x66\x7a\xce\x06\xff\x2f\x4e\x6d\x18\xfc\x12\x5c\xca\x3b\xea\x98\x71\x60\xaf\x60\x2b\x93\xeb\x7b\x5b\x53\xf1\x48\xa3\xaf\x7d\x42\xc6\x1b\x3e\xa1\x83\x9a\xf5\x7d\x15\x24\x7c\x57\x08\x39\x7e\x09\x19\x03\xa7\x40\xa2\x07\x09\xe5\x34\x3e\x5c\x2b\x3c\x3d\x08\x2e\xd3\x76\xa6\x61\xd8\x4e\x1c\x1d\xdf\x32\x52\x40\x9a\x6b\x9d\x78\x3a\x11\x8e\x63\x38\x2a\x2a\xad\xad\x3b\xc8\xf2\xd9\x2c\xcd\x7c\x3e\x28\x19\x7e\x8e\x9f\x89\x76\xe0\x86\x5a\xdb\xb0\x91\xd7\x75\xd2\xf9\xad\x2b\x20\x61\x67\x7a\xe5\xbe\xc3\xcb\x29\x50\x5f\xf6\x58\x70\xb2\xa3\xac\xf3\xb6\x1e\x4b\xcb\xa0\x67\x29\x8b\x45\xe7\x69\xd4\x3d\xf4\x1f\x56\xc1\x22\xe6\x9c\x1b\xf0\xae\x8d\x5a\x60\xc2\x84\xfa\x5f\x42\x5d\x26\x17\xdd\x48\xa5\x3e\x8e\x35\xc9\x51\xe0\xc6\xdb\x4c\xef\x22\x64\x