ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ? github.com/google/syzkaller/pkg/debugtracer [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ? github.com/google/syzkaller/pkg/html/pages [no test files] ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ? github.com/google/syzkaller/pkg/report/crash [no test files] ? github.com/google/syzkaller/pkg/rpctype [no test files] ? github.com/google/syzkaller/pkg/signal [no test files] ? github.com/google/syzkaller/pkg/stats/syzbotstats [no test files] ? github.com/google/syzkaller/pkg/testutil [no test files] ? github.com/google/syzkaller/pkg/tools [no test files] ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/darwin [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/darwin/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ? github.com/google/syzkaller/syz-fuzzer [no test files] ? github.com/google/syzkaller/syz-runner [no test files] ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-fillreports [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-lore [no test files] ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-query-subsystems [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbed [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/cuttlefish [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/proxyapp/mocks [no test files] ? github.com/google/syzkaller/vm/proxyapp/proxyrpc [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ? github.com/google/syzkaller/vm/starnix [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] ? github.com/google/syzkaller/vm/vmm [no test files] ok github.com/google/syzkaller/executor 17.209s ok github.com/google/syzkaller/pkg/asset (cached) ok github.com/google/syzkaller/pkg/ast 1.346s ok github.com/google/syzkaller/pkg/auth (cached) ok github.com/google/syzkaller/pkg/bisect (cached) ok github.com/google/syzkaller/pkg/bisect/minimize (cached) ok github.com/google/syzkaller/pkg/build (cached) ok github.com/google/syzkaller/pkg/compiler 14.874s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/corpus (cached) ok github.com/google/syzkaller/pkg/cover (cached) ok github.com/google/syzkaller/pkg/cover/backend (cached) --- FAIL: TestGenerate (16.20s) --- FAIL: TestGenerate/test/64 (0.00s) testutil.go:33: seed=1710866716655527057 testutil.go:33: seed=1710866716658993754 --- FAIL: TestGenerate/test/64/3 (1.02s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :344:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor2464538819 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/2 (1.10s) csource_test.go:150: opts: {Threaded:true Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :338:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor266012611 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/6 (1.18s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :344:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor3046132332 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/0 (1.18s) csource_test.go:150: opts: {Threaded:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_one(void) { intptr_t res = 0; *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); syscall(SYS_test, 0, 0, 0, 0, 0, 0); syscall(SYS_test, 0, 0, 0, 0, 0, 0); res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; syscall(SYS_foo, /*res=*/r[1], 0, 0); memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); syz_errno(/*v=*/2); memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); syz_exit(/*status=*/0x3ff); syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); syz_sleep_ms(/*ms=*/0x7fffffff); syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :192:2: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor679899781 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/5 (1.31s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :346:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor13863367 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/12 (1.32s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :346:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1989922795 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/4 (1.46s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :344:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor271613974 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/9 (1.51s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:9223372036854775807 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :344:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1530328344 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/10 (1.15s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); do_sandbox_none(); return 0; } :331:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor3102511687 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/7 (1.02s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length11(&(0x7f0000000000)={0x7, 0x1, [0x9, 0x0, 0x1, 0xffff, 0x7595, 0x7, 0x6, 0x6]}, 0x30) (fail_nth: 1) test$length35(&(0x7f0000000040)={0x4, {0xffffff00}}) (async) test$csum_ipv4_tcp(&(0x7f0000000080)={{0x0, 0xfffff546, 0x7f}, {{}, "78b7769b4548658492de72d415bae18f3bbe4d64d78af20498c9f6b8f3f6a2be5597337e2eb3f96ca07a66c27b34e95f4e732539badce8967bce41589133785adeca4929de68c7a0fad0debcff1819ad3df1b40e14209da013af85893b81e1d17abb6deedf2d70566ac7b3fa0eed52d18211d249d1b7fb6881504a33150b91477e7cdead14818e83b0fa3564499123744ee80f92a7f9e0394dc7bb62b470ad1b88c3f6c6e984d28942e9f03a480e51ccb8d7bb51a124eeee795b094707821f5c44a6aabdc1d946aa91cb6d175d0df46b86e605ec66cd5bc8398ef7974302564440a81de373b35c79c1367af187b8df6956eebb8966abdf3d0fdfcf9e7b13ab64651e668346ec1f564f288b4026b81dde8a3e4ada81a1d280654e7ee52aef2553dc0d2597abcea0c67612b5c02080957c3847bd6c789847701a7ea36ca23f6f7feba0ddaa24616eebb4f9d3aa5218ec8a5a08fab4b353c891837dbb8e7734c92df391d41f0708f746a772d556f6086c972008357c5595e9908044ab8affa04454ade5d509e75843e97acd1f53a428ee9c35c91ba7f7551c6db983738973e16bfdae49aa7b7c718e468814d70d54d588bdc64f3267d180862bb458d7b90f58f4078f417df76904a21d2697b9653869f1572ed63e4781d1c3e506555ca746b6769fc0a97ca83bca63029286507efc11b8c217f83e7fc64a3be217aa71480983df1cdaa63d0481e9af631aba7a8f0fd48e836b69c5e826b020568ad82da9cd87baa094ae9f0c5f5149dba1b4f3b0340629bf8e19f93474e8a798a5ccf532db780b6dd9af5df914eae324ba02752d758e4f2a558a80ed89a61388c430c3acd7e2b76541d0a440fd18d85b70f651d04958c404ec41f5acaafa0d8f0f9e2ac94d98c7c22f5386642f4e028a0ae70627bee9ff92c7d31e8fe5cfefbfb7bb26b0871d83cd677ef3fa10bff5163e973f73a18d8ea8ee6358bf9b1912a2f60e9e128f35a70378333d119541d6f0f36753e5a6612a7718628b4faf656c246e71cace70c9b070d30c8453c9105573df3cbaa6386a2bc588d03b23a11b04b1c94ee905eea92d40850dbf270398d47dcc08e5b9575b5098f495f7df2970d828be230282122f30d22a152687c26c5ab221f8ef8ab6c1f340869a9b05d9bb198369994c36b28a4b6a67abfc6ce8d06168ce1fbd7deabae2615c9539c3a4f427f20489a1f04121f3b548bc0ec6daa9fd63b14f71e964f4c042a38caa25e1cf983ea9eedc7bc06faca01111d8a17a4ac083a1c55f4b4ae314ff09ecc0fefc77bf1d08ad54a9662e68eb33a57d43f154bba3b98a6678c974a8ddd66132a64ed8507993f926b6a86abb813ac38260c7935fba14cc64941bfbccc70baeaf92a77ed157359ff25385eab6d85ced6b73a8f34ee7f18dc46ef75f66e539efb37ba8e57e0ef653c62e87a367d90f324bb79530618cc6a05c3dda7767f390b77590a78ac488d6a3c1f4124b62e0da728d61e3cb8efec078883aeb04865ea9695da859855261087e9f36412d61b4ea0343d6d03dbdac09ba1748486a4d6263a62bc2b723b379134068c700cad7bc079999baad535741ad7e19b0c5d0a55e1e0da53476faff873bdef83e711f9555f043980a772aab3af39c9e1082ea2e3aba0b454c8922e2665096f73ac45550eeaf66e5d4e9df9c791f7ddbca38b558be75b39207ea04dc7fd47c363d5b80d9eaae7ba230be2633c070e5c9700f6c6fa7c230702c5ad4226e583f95b12ce2bdfc1b9212dfe1a908dc3e3bc6b13c857d7dab7b7d504297b206a2173e4c8c7a2dcd632de9c33b9dfcbca536c768bb154c563c67f2e7d1a7d3589a64b2eb72827ae026cdc90bd27e7ab7f0298967563dc27a4266c13cc64feffc708a46f9039c745a6b2dbc27b8aef8319dc225d8a06df2ea842627e5f1d4ee87faf2bf05f276abd27022cd2f5a8ca17f81f8fac0225163cc52ff78c32a857c1565af012bdff5a3cf74459467a1d1ad21802a69af0064601cf08c4971c691ae14d33fd3509bcd5596e6b6772d1deb8ab1860d13e2f4a6b7ac83e82a8ac911d2a002c06e1ceb2c6aa07b847a6cb1e7678dce46669b321bc37d7659a083005765ddaf4c618adfbb0d81b89bd1eb771b58c334b78be09441e2c7e8db900f56a0c7118a93e52ddfa571b12229be6ea4fd3a6b91089007c03458032f96d3379c8b178fb5ccec6fd276978619bfc7b97a3062e824fff9cee73f4a858ed6607089a4d6af56e27d0f520c151e68aed9692f1536e08a35f93e586a81ae491fa9640c36bcef8464f1ac7c0746021dd0debc155361b42757309a7c5a6a3c89e6b275b91e14772343ed0c0b84313d3ee0605b8fb9843c8dedeaec2f65544c38d2eeedecf332b5a01f60abdc62194b1f336219af843db7cfea881cbbe830b83c11792f51d0659df2efd514accc62be451da3d7de2052801f1b7133ec908a89ae20b8f067b16fa26cc785d7bbc770b4c00e6418aeab9158794d5ce3740ef5c78cfde85b0d5a81a85a2bf24f35e530912eceb079eff219e68e655d1ee33764e664b530a872817d0fe8c846eb889a1e067ed1c7915ed04c87757e3cfbdb421e5ab78aec228e9d9fba27bab125b0a53c6518a0b5411a928014eb1d93ba94cf89c19ae5ff1b00e21bd9f8c88185b88637e5db32e2e40208f262254bccadc2c85e83690fb7af64e9abfc19da42a31cf63b900953f184f334d605a1acab434acdfe74a3ff1c26ab7eb5f4c7d4e6ed88a4c0c07af5f9a69ce525cf77c5f70118cf4c9d71461853ee9d0b38aa8eef7a9267baa1da0a40d4bbf250e796ecaff7651098b5bebee1ce5c5b36b830204750298f5fffcf43875ac215d3efcdd576853c1be3604009802aa95cbf64974c9df8b1c9a4db7d032b0647970c08b66e0de7f5ec92b47a5858798bc1931ca7fc81484a4ed8df6bdf22e190da0f4b554e6378064b1894601f55c7e8c3adfcd3d6081cb7e8c3d6f68875643de661d372b29a4567926c2441a8b00ce2e1a30aa7d14a725f0580acea5853a4193b4eace288d042ba118a677cae6a7f701a98a72e12bb9f24594f774331c832e0c6d1cffb12a829e3677cc9676ac37b28c9e42de71ebcfd505fec67227c694c3be25f4029c0123f570a5209df235905dd58d4a934697173095fd1696e50032ea75052338fda286cd5fca344878d7ffaf2d069732a83f8ba7b974ed6951e197087e097c3a51a0d77b67edc98d1bd31744df4ca730f2e8052e855660394a2232fafe6148f4f1f6959e1e281e1edf6337cd6ad35fef78b83bab358abd8d11d303799de42b33818306ed8d4d8870023cf8a93ff7c7b12da251f3f7700d8a3c4370472791b264930b97d2aacb04fd4dee482bebf8fbbff6502d02b98249bf3f1229ffffbc8317005ef2daac3ece5621a01c625964a3674287358ddd81708394340c84fbda10d266b0d97e142b40601305357cf7f81f989ac3858ce1fcd946a1dabde0da9decf4a7ad851cdda20864c22986a2f57bb5809ab46cbc68ff02e3cc2085c0ecfbafaf50016343c67e23a7826006817524d6b0dd17d4562108dad977911732ec9d50b20d6c743887a0bf1d6b245c4ef3dd55f988c08961b763e568dca64cd5972c44238062f982135f3d84aacf611cdba1ebf1d3e9afbc09c835ceb2ecaee6f2794cceaa682e8cb4b0e6a96b3eb8c92d09672d37f6959fd38d4a7ca877d929f66ee4a508960623a23d840e224eee06132deb273e7296b46cf882e5300e42c1acac7452a0c4cf7bdbd4c9ef44c6bad6092186f2ef14d397c82a358c484fc91a035e2a085d8a17aa4f56d77288f0a288bfcb975e32f87c580a419aa8f7794913e3052f4ac24f29feb3b430e3d1a298ec0b0b486a194ed38574d860bdfa0c6b1a67d039ee0daed00dc50f76ddca6417876a677e80cb19f3a8d8bde266c4158e02fe922487db5fb60acdfdaf4175bf43a3d12f6bc29ddd317a275e12e6e3fff81a64e7dfe20abcc60a06e801d7ae7d041252e1cf8abaa7a38f7f39e61294ddb9d621feeae9946aa70f764e00be96b28bdbed89abf4fe360fd801921a388af23736d2a943c8ce1f620d7dad0a565fcfbcb8669d9fd78d1db48b7a1266ce305549dc776c12dd2dc400a4dc8b07624867dbbd94fc9bed0adc7ff5069951ebc2483058ba34550885f5f250e540aa37b940e8f901cb0f57aabf8e0f2a4ce113b60947da2a72303a69dacb17130f4ed8974f95250cdec5159aef41e380fd6360060b9288a88e2248b90c297fc4433e826e066ec48f0b478c75432cbd9f45830b01d6f903618b39d541a48807d4292e056bf99285fb0e2acf5b60eca7f79734411c33a01e41be24037022ea0f2c3fb2e5007aa2ed862a787aa667692ef919cbcdf8243de11e02812f8c2dfb79fda2e178729b5f2f0af8bfb7f178b0d8085117884fbde568794e3bb951726e8778b0af755ce7412b042892cc89477129715305d70caca553e4aab1204a869fd7dab7a7019d9172158e635de6c6dd801a7d0259ca4ef75ece26e1cb3645395924b5ed32cd1a8b015d5211519d0f2b85d5de2fcd52bf926adf57f67017eda0d3204cbe4b0352a41f5af815a97ebd008f381fa5e48ed6da0141d1812165ea6a6b1db84aeca826b0d1abba2f81015d8ca3e1a9f9cf76d227206212b90395168ced6c0476c81bfbb45fa8def8e97cddbdfc82596ec2258eb50d759b2a58ed0e855fa05c388b15f3b51fab298a283d5243b85ee78cedbce16b850abdc018761986753e2e7fe796320fbb98588c935c398fc6d427e019a59e00ae4db12f809b17b7838ec5a7929d479361b697d510d98692fc95d59ba7937544f1b612e41a9d794f418801733ab45400bef835a4257bd7fe061f01c0ca4bef4777a414694cf2517ded06587db0f08ccad34c57d2d6b97c55016ab6c025cdbf41b1e40695da2fac71290372e8861d127c5ac17cf7ddfd25a23c5d42b38c7b68ac8086c71af2c732cdb55bc317083cf6b297964e7d6e3c326a6f61a71a26bef067099bd01f3817075fed8922443188c7bb20223d1210be44949c17a8f58a8e15339e8a1b0f33534798d51f81a837596523ea1a44604fe3dc4068e0adcfa88111963db8394bc2e1497bc37c92261f5bb340301406055c8db946341473b17af96d2b131d238261d4f0c1979afd55f575af2096995bebfeebfc045f8b2609f8bec0e7a1a374bbe8810c609218c59870a80e183287e08b6ec104e27e4a91cd4122d881f1cd0ac6d3b199c36803c1f3494ce74e76829cd4214e6b0245f557600600be62335c8a839c383beaec8a1b664572a5007cc61ca95263771d9aaa6688cf82c9b7d03f7c2e182873b57a1704f9c51a1ceab21eea14f1b9a4c2d8226e1ce147345570ce8809b3b3659b8f155ed9d7314a01c45bbd31ac37328d35cbb8ef96f11b229a8828ad29fe6f27c4d8c5f408ed32249e96afb48de053c6d0e4b566371e336665bb9b75c62a4e376e212b9a77df31e341e7e7ba5d207dfd5d6d7651ace182d3b242dd199a631aa6b2488b3bcd76bdbcd3f2160cff3f82ed43e109cf7b743abc9621c3a4d8fd715ba4bbb3a11ffc63e092db2dacf93ad4b4cf89a5b34552139312e047f8f178478a109cba89537332942a4a599e131d3150979fe3db98d74d859c37b21d6f38f5ee911b9cfa0d5d941028cb219b6d12cb2870c225c309cac7a6c68faa3746dbb2c8a59c2d913d139378b005e3a199f01689d48bd7df35a461948ed6883707432791c920a02f1d6e021791c8a16ec3201876f645e574979"}}) (rerun: 4) test$length18(&(0x7f00000010c0)={0x111, 0x8, 0x4, 0x2, 0x1}) r0 = test$produce_subtype_of_common() test$consume_subtype_of_common(r0) test$produce_subtype_of_common() test$produce_subtype_of_common() r1 = foo$unsupported2_ctor(0xa) foo$unsupported2_use(r1) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@bf7={0x81, {0x8c, 0x5}}, 0x4) syz_compare_int$2(0x2, 0x4, 0xfffffffffffffffa) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="154805b768fb1b7da64aca305ff54edd7eef7a6ce6b3e15c9e2ba4c46ef01595046d8580cd5993118d09814c6ea820398a54") syz_exit(0x3ff) syz_mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_sleep_ms(0x7fffffff) syz_test_fuzzer1(0x4, 0x5, 0x7) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20000000 = 7; *(uint64_t*)0x20000008 = 1; *(uint32_t*)0x20000010 = 9; *(uint32_t*)0x20000014 = 0; *(uint32_t*)0x20000018 = 1; *(uint32_t*)0x2000001c = 0xffff; *(uint32_t*)0x20000020 = 0x7595; *(uint32_t*)0x20000024 = 7; *(uint32_t*)0x20000028 = 6; *(uint32_t*)0x2000002c = 6; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); break; case 1: *(uint32_t*)0x20000040 = 4; *(uint32_t*)0x20000044 = 0xffffff00; syscall(SYS_test, /*a0=*/0x20000040ul, 0, 0, 0, 0, 0); break; case 2: *(uint16_t*)0x20000080 = 0; *(uint32_t*)0x20000082 = htobe32(0xfffff546); *(uint32_t*)0x20000086 = htobe32(0x7f); *(uint16_t*)0x2000008a = 0; memcpy((void*)0x2000008c, "\x78\xb7\x76\x9b\x45\x48\x65\x84\x92\xde\x72\xd4\x15\xba\xe1\x8f\x3b\xbe\x4d\x64\xd7\x8a\xf2\x04\x98\xc9\xf6\xb8\xf3\xf6\xa2\xbe\x55\x97\x33\x7e\x2e\xb3\xf9\x6c\xa0\x7a\x66\xc2\x7b\x34\xe9\x5f\x4e\x73\x25\x39\xba\xdc\xe8\x96\x7b\xce\x41\x58\x91\x33\x78\x5a\xde\xca\x49\x29\xde\x68\xc7\xa0\xfa\xd0\xde\xbc\xff\x18\x19\xad\x3d\xf1\xb4\x0e\x14\x20\x9d\xa0\x13\xaf\x85\x89\x3b\x81\xe1\xd1\x7a\xbb\x6d\xee\xdf\x2d\x70\x56\x6a\xc7\xb3\xfa\x0e\xed\x52\xd1\x82\x11\xd2\x49\xd1\xb7\xfb\x68\x81\x50\x4a\x33\x15\x0b\x91\x47\x7e\x7c\xde\xad\x14\x81\x8e\x83\xb0\xfa\x35\x64\x49\x91\x23\x74\x4e\xe8\x0f\x92\xa7\xf9\xe0\x39\x4d\xc7\xbb\x62\xb4\x70\xad\x1b\x88\xc3\xf6\xc6\xe9\x84\xd2\x89\x42\xe9\xf0\x3a\x48\x0e\x51\xcc\xb8\xd7\xbb\x51\xa1\x24\xee\xee\x79\x5b\x09\x47\x07\x82\x1f\x5c\x44\xa6\xaa\xbd\xc1\xd9\x46\xaa\x91\xcb\x6d\x17\x5d\x0d\xf4\x6b\x86\xe6\x05\xec\x66\xcd\x5b\xc8\x39\x8e\xf7\x97\x43\x02\x56\x44\x40\xa8\x1d\xe3\x73\xb3\x5c\x79\xc1\x36\x7a\xf1\x87\xb8\xdf\x69\x56\xee\xbb\x89\x66\xab\xdf\x3d\x0f\xdf\xcf\x9e\x7b\x13\xab\x64\x65\x1e\x66\x83\x46\xec\x1f\x56\x4f\x28\x8b\x40\x26\xb8\x1d\xde\x8a\x3e\x4a\xda\x81\xa1\xd2\x80\x65\x4e\x7e\xe5\x2a\xef\x25\x53\xdc\x0d\x25\x97\xab\xce\xa0\xc6\x76\x12\xb5\xc0\x20\x80\x95\x7c\x38\x47\xbd\x6c\x78\x98\x47\x70\x1a\x7e\xa3\x6c\xa2\x3f\x6f\x7f\xeb\xa0\xdd\xaa\x24\x61\x6e\xeb\xb4\xf9\xd3\xaa\x52\x18\xec\x8a\x5a\x08\xfa\xb4\xb3\x53\xc8\x91\x83\x7d\xbb\x8e\x77\x34\xc9\x2d\xf3\x91\xd4\x1f\x07\x08\xf7\x46\xa7\x72\xd5\x56\xf6\x08\x6c\x97\x20\x08\x35\x7c\x55\x95\xe9\x90\x80\x44\xab\x8a\xff\xa0\x44\x54\xad\xe5\xd5\x09\xe7\x58\x43\xe9\x7a\xcd\x1f\x53\xa4\x28\xee\x9c\x35\xc9\x1b\xa7\xf7\x55\x1c\x6d\xb9\x83\x73\x89\x73\xe1\x6b\xfd\xae\x49\xaa\x7b\x7c\x71\x8e\x46\x88\x14\xd7\x0d\x54\xd5\x88\xbd\xc6\x4f\x32\x67\xd1\x80\x86\x2b\xb4\x58\xd7\xb9\x0f\x58\xf4\x07\x8f\x41\x7d\xf7\x69\x04\xa2\x1d\x26\x97\xb9\x65\x38\x69\xf1\x57\x2e\xd6\x3e\x47\x81\xd1\xc3\xe5\x06\x55\x5c\xa7\x46\xb6\x76\x9f\xc0\xa9\x7c\xa8\x3b\xca\x63\x02\x92\x86\x50\x7e\xfc\x11\xb8\xc2\x17\xf8\x3e\x7f\xc6\x4a\x3b\xe2\x17\xaa\x71\x48\x09\x83\xdf\x1c\xda\xa6\x3d\x04\x81\xe9\xaf\x63\x1a\xba\x7a\x8f\x0f\xd4\x8e\x83\x6b\x69\xc5\xe8\x26\xb0\x20\x56\x8a\xd8\x2d\xa9\xcd\x87\xba\xa0\x94\xae\x9f\x0c\x5f\x51\x49\xdb\xa1\xb4\xf3\xb0\x34\x06\x29\xbf\x8e\x19\xf9\x34\x74\xe8\xa7\x98\xa5\xcc\xf5\x32\xdb\x78\x0b\x6d\xd9\xaf\x5d\xf9\x14\xea\xe3\x24\xba\x02\x75\x2d\x75\x8e\x4f\x2a\x55\x8a\x80\xed\x89\xa6\x13\x88\xc4\x30\xc3\xac\xd7\xe2\xb7\x65\x41\xd0\xa4\x40\xfd\x18\xd8\x5b\x70\xf6\x51\xd0\x49\x58\xc4\x04\xec\x41\xf5\xac\xaa\xfa\x0d\x8f\x0f\x9e\x2a\xc9\x4d\x98\xc7\xc2\x2f\x53\x86\x64\x2f\x4e\x02\x8a\x0a\xe7\x06\x27\xbe\xe9\xff\x92\xc7\xd3\x1e\x8f\xe5\xcf\xef\xbf\xb7\xbb\x26\xb0\x87\x1d\x83\xcd\x67\x7e\xf3\xfa\x10\xbf\xf5\x16\x3e\x97\x3f\x73\xa1\x8d\x8e\xa8\xee\x63\x58\xbf\x9b\x19\x12\xa2\xf6\x0e\x9e\x12\x8f\x35\xa7\x03\x78\x33\x3d\x11\x95\x41\xd6\xf0\xf3\x67\x53\xe5\xa6\x61\x2a\x77\x18\x62\x8b\x4f\xaf\x65\x6c\x24\x6e\x71\xca\xce\x70\xc9\xb0\x70\xd3\x0c\x84\x53\xc9\x10\x55\x73\xdf\x3c\xba\xa6\x38\x6a\x2b\xc5\x88\xd0\x3b\x23\xa1\x1b\x04\xb1\xc9\x4e\xe9\x05\xee\xa9\x2d\x40\x85\x0d\xbf\x27\x03\x98\xd4\x7d\xcc\x08\xe5\xb9\x57\x5b\x50\x98\xf4\x95\xf7\xdf\x29\x70\xd8\x28\xbe\x23\x02\x82\x12\x2f\x30\xd2\x2a\x15\x26\x87\xc2\x6c\x5a\xb2\x21\xf8\xef\x8a\xb6\xc1\xf3\x40\x86\x9a\x9b\x05\xd9\xbb\x19\x83\x69\x99\x4c\x36\xb2\x8a\x4b\x6a\x67\xab\xfc\x6c\xe8\xd0\x61\x68\xce\x1f\xbd\x7d\xea\xba\xe2\x61\x5c\x95\x39\xc3\xa4\xf4\x27\xf2\x04\x89\xa1\xf0\x41\x21\xf3\xb5\x48\xbc\x0e\xc6\xda\xa9\xfd\x63\xb1\x4f\x71\xe9\x64\xf4\xc0\x42\xa3\x8c\xaa\x25\xe1\xcf\x98\x3e\xa9\xee\xdc\x7b\xc0\x6f\xac\xa0\x11\x11\xd8\xa1\x7a\x4a\xc0\x83\xa1\xc5\x5f\x4b\x4a\xe3\x14\xff\x09\xec\xc0\xfe\xfc\x77\xbf\x1d\x08\xad\x54\xa9\x66\x2e\x68\xeb\x33\xa5\x7d\x43\xf1\x54\xbb\xa3\xb9\x8a\x66\x78\xc9\x74\xa8\xdd\xd6\x61\x32\xa6\x4e\xd8\x50\x79\x93\xf9\x26\xb6\xa8\x6a\xbb\x81\x3a\xc3\x82\x60\xc7\x93\x5f\xba\x14\xcc\x64\x94\x1b\xfb\xcc\xc7\x0b\xae\xaf\x92\xa7\x7e\xd1\x57\x35\x9f\xf2\x53\x85\xea\xb6\xd8\x5c\xed\x6b\x73\xa8\xf3\x4e\xe7\xf1\x8d\xc4\x6e\xf7\x5f\x66\xe5\x39\xef\xb3\x7b\xa8\xe5\x7e\x0e\xf6\x53\xc6\x2e\x87\xa3\x67\xd9\x0f\x32\x4b\xb7\x95\x30\x61\x8c\xc6\xa0\x5c\x3d\xda\x77\x67\xf3\x90\xb7\x75\x90\xa7\x8a\xc4\x88\xd6\xa3\xc1\xf4\x12\x4b\x62\xe0\xda\x72\x8d\x61\xe3\xcb\x8e\xfe\xc0\x78\x88\x3a\xeb\x04\x86\x5e\xa9\x69\x5d\xa8\x59\x85\x52\x61\x08\x7e\x9f\x36\x41\x2d\x61\xb4\xea\x03\x43\xd6\xd0\x3d\xbd\xac\x09\xba\x17\x48\x48\x6a\x4d\x62\x63\xa6\x2b\xc2\xb7\x23\xb3\x79\x13\x40\x68\xc7\x00\xca\xd7\xbc\x07\x99\x99\xba\xad\x53\x57\x41\xad\x7e\x19\xb0\xc5\xd0\xa5\x5e\x1e\x0d\xa5\x34\x76\xfa\xff\x87\x3b\xde\xf8\x3e\x71\x1f\x95\x55\xf0\x43\x98\x0a\x77\x2a\xab\x3a\xf3\x9c\x9e\x10\x82\xea\x2e\x3a\xba\x0b\x45\x4c\x89\x22\xe2\x66\x50\x96\xf7\x3a\xc4\x55\x50\xee\xaf\x66\xe5\xd4\xe9\xdf\x9c\x79\x1f\x7d\xdb\xca\x38\xb5\x58\xbe\x75\xb3\x92\x07\xea\x04\xdc\x7f\xd4\x7c\x36\x3d\x5b\x80\xd9\xea\xae\x7b\xa2\x30\xbe\x26\x33\xc0\x70\xe5\xc9\x70\x0f\x6c\x6f\xa7\xc2\x30\x70\x2c\x5a\xd4\x22\x6e\x58\x3f\x95\xb1\x2c\xe2\xbd\xfc\x1b\x92\x12\xdf\xe1\xa9\x08\xdc\x3e\x3b\xc6\xb1\x3c\x85\x7d\x7d\xab\x7b\x7d\x50\x42\x97\xb2\x06\xa2\x17\x3e\x4c\x8c\x7a\x2d\xcd\x63\x2d\xe9\xc3\x3b\x9d\xfc\xbc\xa5\x36\xc7\x68\xbb\x15\x4c\x56\x3c\x67\xf2\xe7\xd1\xa7\xd3\x58\x9a\x64\xb2\xeb\x72\x82\x7a\xe0\x26\xcd\xc9\x0b\xd2\x7e\x7a\xb7\xf0\x29\x89\x67\x56\x3d\xc2\x7a\x42\x66\xc1\x3c\xc6\x4f\xef\xfc\x70\x8a\x46\xf9\x03\x9c\x74\x5a\x6b\x2d\xbc\x27\xb8\xae\xf8\x31\x9d\xc2\x25\xd8\xa0\x6d\xf2\xea\x84\x26\x27\xe5\xf1\xd4\xee\x87\xfa\xf2\xbf\x05\xf2\x76\xab\xd2\x70\x22\xcd\x2f\x5a\x8c\xa1\x7f\x81\xf8\xfa\xc0\x22\x51\x63\xcc\x52\xff\x78\xc3\x2a\x85\x7c\x15\x65\xaf\x01\x2b\xdf\xf5\xa3\xcf\x74\x45\x94\x67\xa1\xd1\xad\x21\x80\x2a\x69\xaf\x00\x64\x60\x1c\xf0\x8c\x49\x71\xc6\x91\xae\x14\xd3\x3f\xd3\x50\x9b\xcd\x55\x96\xe6\xb6\x77\x2d\x1d\xeb\x8a\xb1\x86\x0d\x13\xe2\xf4\xa6\xb7\xac\x83\xe8\x2a\x8a\xc9\x11\xd2\xa0\x02\xc0\x6e\x1c\xeb\x2c\x6a\xa0\x7b\x84\x7a\x6c\xb1\xe7\x67\x8d\xce\x46\x66\x9b\x32\x1b\xc3\x7d\x76\x59\xa0\x83\x00\x57\x65\xdd\xaf\x4c\x61\x8a\xdf\xbb\x0d\x81\xb8\x9b\xd1\xeb\x77\x1b\x58\xc3\x34\xb7\x8b\xe0\x94\x41\xe2\xc7\xe8\xdb\x90\x0f\x56\xa0\xc7\x11\x8a\x93\xe5\x2d\xdf\xa5\x71\xb1\x22\x29\xbe\x6e\xa4\xfd\x3a\x6b\x91\x08\x90\x07\xc0\x34\x58\x03\x2f\x96\xd3\x37\x9c\x8b\x17\x8f\xb5\xcc\xec\x6f\xd2\x76\x97\x86\x19\xbf\xc7\xb9\x7a\x30\x62\xe8\x24\xff\xf9\xce\xe7\x3f\x4a\x85\x8e\xd6\x60\x70\x89\xa4\xd6\xaf\x56\xe2\x7d\x0f\x52\x0c\x15\x1e\x68\xae\xd9\x69\x2f\x15\x36\xe0\x8a\x35\xf9\x3e\x58\x6a\x81\xae\x49\x1f\xa9\x64\x0c\x36\xbc\xef\x84\x64\xf1\xac\x7c\x07\x46\x02\x1d\xd0\xde\xbc\x15\x53\x61\xb4\x27\x57\x30\x9a\x7c\x5a\x6a\x3c\x89\xe6\xb2\x75\xb9\x1e\x14\x77\x23\x43\xed\x0c\x0b\x84\x31\x3d\x3e\xe0\x60\x5b\x8f\xb9\x84\x3c\x8d\xed\xea\xec\x2f\x65\x54\x4c\x38\xd2\xee\xed\xec\xf3\x32\xb5\xa0\x1f\x60\xab\xdc\x62\x19\x4b\x1f\x33\x62\x19\xaf\x84\x3d\xb7\xcf\xea\x88\x1c\xbb\xe8\x30\xb8\x3c\x11\x79\x2f\x51\xd0\x65\x9d\xf2\xef\xd5\x14\xac\xcc\x62\xbe\x45\x1d\xa3\xd7\xde\x20\x52\x80\x1f\x1b\x71\x33\xec\x90\x8a\x89\xae\x20\xb8\xf0\x67\xb1\x6f\xa2\x6c\xc7\x85\xd7\xbb\xc7\x70\xb4\xc0\x0e\x64\x18\xae\xab\x91\x58\x79\x4d\x5c\xe3\x74\x0e\xf5\xc7\x8c\xfd\xe8\x5b\x0d\x5a\x81\xa8\x5a\x2b\xf2\x4f\x35\xe5\x30\x91\x2e\xce\xb0\x79\xef\xf2\x19\xe6\x8e\x65\x5d\x1e\xe3\x37\x64\xe6\x64\xb5\x30\xa8\x72\x81\x7d\x0f\xe8\xc8\x46\xeb\x88\x9a\x1e\x06\x7e\xd1\xc7\x91\x5e\xd0\x4c\x87\x75\x7e\x3c\xfb\xdb\x42\x1e\x5a\xb7\x8a\xec\x22\x8e\x9d\x9f\xba\x27\xba\xb1\x25\xb0\xa5\x3c\x65\x18\xa0\xb5\x41\x1a\x92\x80\x14\xeb\x1d\x93\xba\x94\xcf\x89\xc1\x9a\xe5\xff\x1b\x00\xe2\x1b\xd9\xf8\xc8\x81\x85\xb8\x86\x37\xe5\xdb\x32\xe2\xe4\x02\x08\xf2\x62\x25\x4b\xcc\xad\xc2\xc8\x5e\x83\x69\x0f\xb7\xaf\x64\xe9\xab\xfc\x19\xda\x42\xa3\x1c\xf6\x3b\x90\x09\x53\xf1\x84\xf3\x34\xd6\x05\xa1\xac\xab\x43\x4a\xcd\xfe\x74\xa3\xff\x1c\x26\xab\x7e\xb5\xf4\xc7\xd4\xe6\xed\x88\xa4\xc0\xc0\x7a\xf5\xf9\xa6\x9c\xe5\x25\xcf\x77\xc5\xf7\x01\x18\xcf\x4c\x9d\x71\x46\x18\x53\xee\x9d\x0b\x38\xaa\x8e\xef\x7a\x92\x67\xba\xa1\xda\x0a\x40\xd4\xbb\xf2\x50\xe7\x96\xec\xaf\xf7\x65\x10\x98\xb5\xbe\xbe\xe1\xce\x5c\x5b\x36\xb8\x30\x20\x47\x50\x29\x8f\x5f\xff\xcf\x43\x87\x5a\xc2\x15\xd3\xef\xcd\xd5\x76\x85\x3c\x1b\xe3\x60\x40\x09\x80\x2a\xa9\x5c\xbf\x64\x97\x4c\x9d\xf8\xb1\xc9\xa4\xdb\x7d\x03\x2b\x06\x47\x97\x0c\x08\xb6\x6e\x0d\xe7\xf5\xec\x92\xb4\x7a\x58\x58\x79\x8b\xc1\x93\x1c\xa7\xfc\x81\x48\x4a\x4e\xd8\xdf\x6b\xdf\x22\xe1\x90\xda\x0f\x4b\x55\x4e\x63\x78\x06\x4b\x18\x94\x60\x1f\x55\xc7\xe8\xc3\xad\xfc\xd3\xd6\x08\x1c\xb7\xe8\xc3\xd6\xf6\x88\x75\x64\x3d\xe6\x61\xd3\x72\xb2\x9a\x45\x67\x92\x6c\x24\x41\xa8\xb0\x0c\xe2\xe1\xa3\x0a\xa7\xd1\x4a\x72\x5f\x05\x80\xac\xea\x58\x53\xa4\x19\x3b\x4e\xac\xe2\x88\xd0\x42\xba\x11\x8a\x67\x7c\xae\x6a\x7f\x70\x1a\x98\xa7\x2e\x12\xbb\x9f\x24\x59\x4f\x77\x43\x31\xc8\x32\xe0\xc6\xd1\xcf\xfb\x12\xa8\x29\xe3\x67\x7c\xc9\x67\x6a\xc3\x7b\x28\xc9\xe4\x2d\xe7\x1e\xbc\xfd\x50\x5f\xec\x67\x22\x7c\x69\x4c\x3b\xe2\x5f\x40\x29\xc0\x12\x3f\x57\x0a\x52\x09\xdf\x23\x59\x05\xdd\x58\xd4\xa9\x34\x69\x71\x73\x09\x5f\xd1\x69\x6e\x50\x03\x2e\xa7\x50\x52\x33\x8f\xda\x28\x6c\xd5\xfc\xa3\x44\x87\x8d\x7f\xfa\xf2\xd0\x69\x73\x2a\x83\xf8\xba\x7b\x97\x4e\xd6\x95\x1e\x19\x70\x87\xe0\x97\xc3\xa5\x1a\x0d\x77\xb6\x7e\xdc\x98\xd1\xbd\x31\x74\x4d\xf4\xca\x73\x0f\x2e\x80\x52\xe8\x55\x66\x03\x94\xa2\x23\x2f\xaf\xe6\x14\x8f\x4f\x1f\x69\x59\xe1\xe2\x81\xe1\xed\xf6\x33\x7c\xd6\xad\x35\xfe\xf7\x8b\x83\xba\xb3\x58\xab\xd8\xd1\x1d\x30\x37\x99\xde\x42\xb3\x38\x18\x30\x6e\xd8\xd4\xd8\x87\x00\x23\xcf\x8a\x93\xff\x7c\x7b\x12\xda\x25\x1f\x3f\x77\x00\xd8\xa3\xc4\x37\x04\x72\x79\x1b\x26\x49\x30\xb9\x7d\x2a\xac\xb0\x4f\xd4\xde\xe4\x82\xbe\xbf\x8f\xbb\xff\x65\x02\xd0\x2b\x98\x24\x9b\xf3\xf1\x22\x9f\xff\xfb\xc8\x31\x70\x05\xef\x2d\xaa\xc3\xec\xe5\x62\x1a\x01\xc6\x25\x96\x4a\x36\x74\x28\x73\x58\xdd\xd8\x17\x08\x39\x43\x40\xc8\x4f\xbd\xa1\x0d\x26\x6b\x0d\x97\xe1\x42\xb4\x06\x01\x30\x53\x57\xcf\x7f\x81\xf9\x89\xac\x38\x58\xce\x1f\xcd\x94\x6a\x1d\xab\xde\x0d\xa9\xde\xcf\x4a\x7a\xd8\x51\xcd\xda\x20\x86\x4c\x22\x98\x6a\x2f\x57\xbb\x58\x09\xab\x46\xcb\xc6\x8f\xf0\x2e\x3c\xc2\x08\x5c\x0e\xcf\xba\xfa\xf5\x00\x16\x34\x3c\x67\xe2\x3a\x78\x26\x00\x68\x17\x52\x4d\x6b\x0d\xd1\x7d\x45\x62\x10\x8d\xad\x97\x79\x11\x73\x2e\xc9\xd5\x0b\x20\xd6\xc7\x43\x88\x7a\x0b\xf1\xd6\xb2\x45\xc4\xef\x3d\xd5\x5f\x98\x8c\x08\x96\x1b\x76\x3e\x56\x8d\xca\x64\xcd\x59\x72\xc4\x42\x38\x06\x2f\x98\x21\x35\xf3\xd8\x4a\xac\xf6\x11\xcd\xba\x1e\xbf\x1d\x3e\x9a\xfb\xc0\x9c\x83\x5c\xeb\x2e\xca\xee\x6f\x27\x94\xcc\xea\xa6\x82\xe8\xcb\x4b\x0e\x6a\x96\xb3\xeb\x8c\x92\xd0\x96\x72\xd3\x7f\x69\x59\xfd\x38\xd4\xa7\xca\x87\x7d\x92\x9f\x66\xee\x4a\x50\x89\x60\x62\x3a\x23\xd8\x40\xe2\x24\xee\xe0\x61\x32\xde\xb2\x73\xe7\x29\x6b\x46\xcf\x88\x2e\x53\x00\xe4\x2c\x1a\xca\xc7\x45\x2a\x0c\x4c\xf7\xbd\xbd\x4c\x9e\xf4\x4c\x6b\xad\x60\x92\x18\x6f\x2e\xf1\x4d\x39\x7c\x82\xa3\x58\xc4\x84\xfc\x91\xa0\x35\xe2\xa0\x85\xd8\xa1\x7a\xa4\xf5\x6d\x77\x28\x8f\x0a\x28\x8b\xfc\xb9\x75\xe3\x2f\x87\xc5\x80\xa4\x19\xaa\x8f\x77\x94\x91\x3e\x30\x52\xf4\xac\x24\xf2\x9f\xeb\x3b\x43\x0e\x3d\x1a\x29\x8e\xc0\xb0\xb4\x86\xa1\x94\xed\x38\x57\x4d\x86\x0b\xdf\xa0\xc6\xb1\xa6\x7d\x03\x9e\xe0\xda\xed\x00\xdc\x50\xf7\x6d\xdc\xa6\x41\x78\x76\xa6\x77\xe8\x0c\xb1\x9f\x3a\x8d\x8b\xde\x26\x6c\x41\x58\xe0\x2f\xe9\x22\x48\x7d\xb5\xfb\x60\xac\xdf\xda\xf4\x17\x5b\xf4\x3a\x3d\x12\xf6\xbc\x29\xdd\xd3\x17\xa2\x75\xe1\x2e\x6e\x3f\xff\x81\xa6\x4e\x7d\xfe\x20\xab\xcc\x60\xa0\x6e\x80\x1d\x7a\xe7\xd0\x41\x25\x2e\x1c\xf8\xab\xaa\x7a\x38\xf7\xf3\x9e\x61\x29\x4d\xdb\x9d\x62\x1f\xee\xae\x99\x46\xaa\x70\xf7\x64\xe0\x0b\xe9\x6b\x28\xbd\xbe\xd8\x9a\xbf\x4f\xe3\x60\xfd\x80\x19\x21\xa3\x88\xaf\x23\x73\x6d\x2a\x94\x3c\x8c\xe1\xf6\x20\xd7\xda\xd0\xa5\x65\xfc\xfb\xcb\x86\x69\xd9\xfd\x78\xd1\xdb\x48\xb7\xa1\x26\x6c\xe3\x05\x54\x9d\xc7\x76\xc1\x2d\xd2\xdc\x40\x0a\x4d\xc8\xb0\x76\x24\x86\x7d\xbb\xd9\x4f\xc9\xbe\xd0\xad\xc7\xff\x50\x69\x95\x1e\xbc\x24\x83\x05\x8b\xa3\x45\x50\x88\x5f\x5f\x25\x0e\x54\x0a\xa3\x7b\x94\x0e\x8f\x90\x1c\xb0\xf5\x7a\xab\xf8\xe0\xf2\xa4\xce\x11\x3b\x60\x94\x7d\xa2\xa7\x23\x03\xa6\x9d\xac\xb1\x71\x30\xf4\xed\x89\x74\xf9\x52\x50\xcd\xec\x51\x59\xae\xf4\x1e\x38\x0f\xd6\x36\x00\x60\xb9\x28\x8a\x88\xe2\x24\x8b\x90\xc2\x97\xfc\x44\x33\xe8\x26\xe0\x66\xec\x48\xf0\xb4\x78\xc7\x54\x32\xcb\xd9\xf4\x58\x30\xb0\x1d\x6f\x90\x36\x18\xb3\x9d\x54\x1a\x48\x80\x7d\x42\x92\xe0\x56\xbf\x99\x28\x5f\xb0\xe2\xac\xf5\xb6\x0e\xca\x7f\x79\x73\x44\x11\xc3\x3a\x01\xe4\x1b\xe2\x40\x37\x02\x2e\xa0\xf2\xc3\xfb\x2e\x50\x07\xaa\x2e\xd8\x62\xa7\x87\xaa\x66\x76\x92\xef\x91\x9c\xbc\xdf\x82\x43\xde\x11\xe0\x28\x12\xf8\xc2\xdf\xb7\x9f\xda\x2e\x17\x87\x29\xb5\xf2\xf0\xaf\x8b\xfb\x7f\x17\x8b\x0d\x80\x85\x11\x78\x84\xfb\xde\x56\x87\x94\xe3\xbb\x95\x17\x26\xe8\x77\x8b\x0a\xf7\x55\xce\x74\x12\xb0\x42\x89\x2c\xc8\x94\x77\x12\x97\x15\x30\x5d\x70\xca\xca\x55\x3e\x4a\xab\x12\x04\xa8\x69\xfd\x7d\xab\x7a\x70\x19\xd9\x17\x21\x58\xe6\x35\xde\x6c\x6d\xd8\x01\xa7\xd0\x25\x9c\xa4\xef\x75\xec\xe2\x6e\x1c\xb3\x64\x53\x95\x92\x4b\x5e\xd3\x2c\xd1\xa8\xb0\x15\xd5\x21\x15\x19\xd0\xf2\xb8\x5d\x5d\xe2\xfc\xd5\x2b\xf9\x26\xad\xf5\x7f\x67\x01\x7e\xda\x0d\x32\x04\xcb\xe4\xb0\x35\x2a\x41\xf5\xaf\x81\x5a\x97\xeb\xd0\x08\xf3\x81\xfa\x5e\x48\xed\x6d\xa0\x14\x1d\x18\x12\x16\x5e\xa6\xa6\xb1\xdb\x84\xae\xca\x82\x6b\x0d\x1a\xbb\xa2\xf8\x10\x15\xd8\xca\x3e\x1a\x9f\x9c\xf7\x6d\x22\x72\x06\x21\x2b\x90\x39\x51\x68\xce\xd6\xc0\x47\x6c\x81\xbf\xbb\x45\xfa\x8d\xef\x8e\x97\xcd\xdb\xdf\xc8\x25\x96\xec\x22\x58\xeb\x50\xd7\x59\xb2\xa5\x8e\xd0\xe8\x55\xfa\x05\xc3\x88\xb1\x5f\x3b\x51\xfa\xb2\x98\xa2\x83\xd5\x24\x3b\x85\xee\x78\xce\xdb\xce\x16\xb8\x50\xab\xdc\x01\x87\x61\x98\x67\x53\xe2\xe7\xfe\x79\x63\x20\xfb\xb9\x85\x88\xc9\x35\xc3\x98\xfc\x6d\x42\x7e\x01\x9a\x59\xe0\x0a\xe4\xdb\x12\xf8\x09\xb1\x7b\x78\x38\xec\x5a\x79\x29\xd4\x79\x36\x1b\x69\x7d\x51\x0d\x98\x69\x2f\xc9\x5d\x59\xba\x79\x37\x54\x4f\x1b\x61\x2e\x41\xa9\xd7\x94\xf4\x18\x80\x17\x33\xab\x45\x40\x0b\xef\x83\x5a\x42\x57\xbd\x7f\xe0\x61\xf0\x1c\x0c\xa4\xbe\xf4\x77\x7a\x41\x46\x94\xcf\x25\x17\xde\xd0\x65\x87\xdb\x0f\x08\xcc\xad\x34\xc5\x7d\x2d\x6b\x97\xc5\x50\x16\xab\x6c\x02\x5c\xdb\xf4\x1b\x1e\x40\x69\x5d\xa2\xfa\xc7\x12\x90\x37\x2e\x88\x61\xd1\x27\xc5\xac\x17\xcf\x7d\xdf\xd2\x5a\x23\xc5\xd4\x2b\x38\xc7\xb6\x8a\xc8\x08\x6c\x71\xaf\x2c\x73\x2c\xdb\x55\xbc\x31\x70\x83\xcf\x6b\x29\x79\x64\xe7\xd6\xe3\xc3\x26\xa6\xf6\x1a\x71\xa2\x6b\xef\x06\x70\x99\xbd\x01\xf3\x81\x70\x75\xfe\xd8\x92\x24\x43\x18\x8c\x7b\xb2\x02\x23\xd1\x21\x0b\xe4\x49\x49\xc1\x7a\x8f\x58\xa8\xe1\x53\x39\xe8\xa1\xb0\xf3\x35\x34\x79\x8d\x51\xf8\x1a\x83\x75\x96\x52\x3e\xa1\xa4\x46\x04\xfe\x3d\xc4\x06\x8e\x0a\xdc\xfa\x88\x11\x19\x63\xdb\x83\x94\xbc\x2e\x14\x97\xbc\x37\xc9\x22\x61\xf5\xbb\x34\x03\x01\x40\x60\x55\xc8\xdb\x94\x63\x41\x47\x3b\x17\xaf\x96\xd2\xb1\x31\xd2\x38\x26\x1d\x4f\x0c\x19\x79\xaf\xd5\x5f\x57\x5a\xf2\x09\x69\x95\xbe\xbf\xee\xbf\xc0\x45\xf8\xb2\x60\x9f\x8b\xec\x0e\x7a\x1a\x37\x4b\xbe\x88\x10\xc6\x09\x21\x8c\x59\x87\x0a\x80\xe1\x83\x28\x7e\x08\xb6\xec\x10\x4e\x27\xe4\xa9\x1c\xd4\x12\x2d\x88\x1f\x1c\xd0\xac\x6d\x3b\x19\x9c\x36\x80\x3c\x1f\x34\x94\xce\x74\xe7\x68\x29\xcd\x42\x14\xe6\xb0\x24\x5f\x55\x76\x00\x60\x0b\xe6\x23\x35\xc8\xa8\x39\xc3\x83\xbe\xae\xc8\xa1\xb6\x64\x57\x2a\x50\x07\xcc\x61\xca\x95\x26\x37\x71\xd9\xaa\xa6\x68\x8c\xf8\x2c\x9b\x7d\x03\xf7\xc2\xe1\x82\x87\x3b\x57\xa1\x70\x4f\x9c\x51\xa1\xce\xab\x21\xee\xa1\x4f\x1b\x9a\x4c\x2d\x82\x26\xe1\xce\x14\x73\x45\x57\x0c\xe8\x80\x9b\x3b\x36\x59\xb8\xf1\x55\xed\x9d\x73\x14\xa0\x1c\x45\xbb\xd3\x1a\xc3\x73\x28\xd3\x5c\xbb\x8e\xf9\x6f\x11\xb2\x29\xa8\x82\x8a\xd2\x9f\xe6\xf2\x7c\x4d\x8c\x5f\x40\x8e\xd3\x22\x49\xe9\x6a\xfb\x48\xde\x05\x3c\x6d\x0e\x4b\x56\x63\x71\xe3\x36\x66\x5b\xb9\xb7\x5c\x62\xa4\xe3\x76\xe2\x12\xb9\xa7\x7d\xf3\x1e\x34\x1e\x7e\x7b\xa5\xd2\x07\xdf\xd5\xd6\xd7\x65\x1a\xce\x18\x2d\x3b\x24\x2d\xd1\x99\xa6\x31\xaa\x6b\x24\x88\xb3\xbc\xd7\x6b\xdb\xcd\x3f\x21\x60\xcf\xf3\xf8\x2e\xd4\x3e\x10\x9c\xf7\xb7\x43\xab\xc9\x62\x1c\x3a\x4d\x8f\xd7\x15\xba\x4b\xbb\x3a\x11\xff\xc6\x3e\x09\x2d\xb2\xda\xcf\x93\xad\x4b\x4c\xf8\x9a\x5b\x34\x55\x21\x39\x31\x2e\x04\x7f\x8f\x17\x84\x78\xa1\x09\xcb\xa8\x95\x37\x33\x29\x42\xa4\xa5\x99\xe1\x31\xd3\x15\x09\x79\xfe\x3d\xb9\x8d\x74\xd8\x59\xc3\x7b\x21\xd6\xf3\x8f\x5e\xe9\x11\xb9\xcf\xa0\xd5\xd9\x41\x02\x8c\xb2\x19\xb6\xd1\x2c\xb2\x87\x0c\x22\x5c\x30\x9c\xac\x7a\x6c\x68\xfa\xa3\x74\x6d\xbb\x2c\x8a\x59\xc2\xd9\x13\xd1\x39\x37\x8b\x00\x5e\x3a\x19\x9f\x01\x68\x9d\x48\xbd\x7d\xf3\x5a\x46\x19\x48\xed\x68\x83\x70\x74\x32\x79\x1c\x92\x0a\x02\xf1\xd6\xe0\x21\x79\x1c\x8a\x16\xec\x32\x01\x87\x6f\x64\x5e\x57\x49\x79", 4096); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000082, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000086, 4); uint16_t csum_1_chunk_2 = 0x600; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x210; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x2000008a, 4098); *(uint16_t*)0x2000008a = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x20000080, 10); *(uint16_t*)0x20000080 = csum_inet_digest(&csum_2); syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*a0=*/0x20000080ul, 0, 0, 0, 0, 0); } } break; case 3: *(uint32_t*)0x200010c0 = 0x111; *(uint8_t*)0x200010c4 = 8; *(uint8_t*)0x200010c5 = 4; *(uint8_t*)0x200010c6 = 2; *(uint8_t*)0x200010c7 = 1; syscall(SYS_test, /*a0=*/0x200010c0ul, 0, 0, 0, 0, 0); break; case 4: res = syscall(SYS_test, 0, 0, 0, 0, 0, 0); if (res != -1) r[0] = res; break; case 5: syscall(SYS_test, /*val=*/r[0], 0, 0, 0, 0, 0); break; case 6: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test, 0, 0, 0, 0, 0, 0); break; case 8: res = syscall(SYS_foo, /*cmd=*/0xaul, 0, 0); if (res != -1) r[1] = res; break; case 9: syscall(SYS_foo, /*res=*/r[1], 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint8_t*)0x20000040 = 0x81; *(uint8_t*)0x20000042 = 0x8c; STORE_BY_BITMASK(uint16_t, , 0x20000042, 5, 8, 4); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/4); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0xfffffffffffffffa, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x15\x48\x05\xb7\x68\xfb\x1b\x7d\xa6\x4a\xca\x30\x5f\xf5\x4e\xdd\x7e\xef\x7a\x6c\xe6\xb3\xe1\x5c\x9e\x2b\xa4\xc4\x6e\xf0\x15\x95\x04\x6d\x85\x80\xcd\x59\x93\x11\x8d\x09\x81\x4c\x6e\xa8\x20\x39\x8a\x54", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/0x3ff); break; case 15: syz_mmap(/*addr=*/0x20ffd000, /*len=*/0x1000); break; case 16: syz_sleep_ms(/*ms=*/0x7fffffff); break; case 17: syz_test_fuzzer1(/*a=*/4, /*b=*/5, /*c=*/7); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); loop(); return 0; } :337:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x30, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1666381934 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/13 (1.26s) csource_test.go:148: --- FAIL: TestGenerate/test/64/8 (1.16s) csource_test.go:148: --- FAIL: TestGenerate/test/64/14 (1.31s) csource_test.go:148: --- FAIL: TestGenerate/test/64/1 (1.21s) csource_test.go:148: FAIL FAIL github.com/google/syzkaller/pkg/csource 27.304s ok github.com/google/syzkaller/pkg/db (cached) ok github.com/google/syzkaller/pkg/email (cached) ok github.com/google/syzkaller/pkg/email/lore (cached) --- FAIL: TestFuzz (15.52s) fuzzer_test.go:265: failed to build program: // Copyright 2017 syzkaller project authors. All rights reserved. // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. // +build #include #include #include #include #include #include #include #include #include #include #include #if !GOOS_windows #include #endif #include "defs.h" #if defined(__GNUC__) #define SYSCALLAPI #define NORETURN __attribute__((noreturn)) #define PRINTF(fmt, args) __attribute__((format(printf, fmt, args))) #else // Assuming windows/cl. #define SYSCALLAPI WINAPI #define NORETURN __declspec(noreturn) #define PRINTF(fmt, args) #define __thread __declspec(thread) #endif #ifndef GIT_REVISION #define GIT_REVISION "unknown" #endif #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) // uint64 is impossible to printf without using the clumsy and verbose "%" PRId64. // So we define and use uint64. Note: pkg/csource does s/uint64/uint64/. // Also define uint32/16/8 for consistency. typedef unsigned long long uint64; typedef unsigned int uint32; typedef unsigned short uint16; typedef unsigned char uint8; // exit/_exit do not necessary work (e.g. if fuzzer sets seccomp filter that prohibits exit_group). // Use doexit instead. We must redefine exit to something that exists in stdlib, // because some standard libraries contain "using ::exit;", but has different signature. #define exit vsnprintf // Dynamic memory allocation reduces test reproducibility across different libc versions and kernels. // malloc will cause unspecified number of additional mmap's at unspecified locations. // For small objects prefer stack allocations, for larger -- either global objects (this may have // issues with concurrency), or controlled mmaps, or make the fuzzer allocate memory. #define malloc do_not_use_malloc #define calloc do_not_use_calloc // Note: zircon max fd is 256. // Some common_OS.h files know about this constant for RLIMIT_NOFILE. const int kMaxFd = 250; const int kMaxThreads = 32; const int kInPipeFd = kMaxFd - 1; // remapped from stdin const int kOutPipeFd = kMaxFd - 2; // remapped from stdout const int kCoverFd = kOutPipeFd - kMaxThreads; const int kExtraCoverFd = kCoverFd - 1; const int kMaxArgs = 9; const int kCoverSize = 256 << 10; const int kFailStatus = 67; // Two approaches of dealing with kcov memory. const int kCoverOptimizedCount = 12; // the number of kcov instances to be opened inside main() const int kCoverOptimizedPreMmap = 3; // this many will be mmapped inside main(), others - when needed. const int kCoverDefaultCount = 6; // otherwise we only init kcov instances inside main() // Logical error (e.g. invalid input program), use as an assert() alternative. // If such error happens 10+ times in a row, it will be detected as a bug by syz-fuzzer. // syz-fuzzer will fail and syz-manager will create a bug for this. // Note: err is used for bug deduplication, thus distinction between err (constant message) // and msg (varying part). static NORETURN void fail(const char* err); static NORETURN PRINTF(2, 3) void failmsg(const char* err, const char* msg, ...); // Just exit (e.g. due to temporal ENOMEM error). static NORETURN PRINTF(1, 2) void exitf(const char* msg, ...); static NORETURN void doexit(int status); #if !GOOS_fuchsia static NORETURN void doexit_thread(int status); #endif // Print debug output that is visible when running syz-manager/execprog with -debug flag. // Debug output is supposed to be relatively high-level (syscalls executed, return values, timing, etc) // and is intended mostly for end users. If you need to debug lower-level details, use debug_verbose // function and temporary enable it in your build by changing #if 0 below. // This function does not add \n at the end of msg as opposed to the previous functions. static PRINTF(1, 2) void debug(const char* msg, ...); void debug_dump_data(const char* data, int length); #if 0 #define debug_verbose(...) debug(__VA_ARGS__) #else #define debug_verbose(...) (void)0 #endif static void receive_execute(); static void reply_execute(int status); #if GOOS_akaros static void resend_execute(int fd); #endif #if SYZ_EXECUTOR_USES_FORK_SERVER static void receive_handshake(); static void reply_handshake(); #endif #if SYZ_EXECUTOR_USES_SHMEM // The output region is the only thing in executor process for which consistency matters. // If it is corrupted ipc package will fail to parse its contents and panic. // But fuzzer constantly invents new ways of how to corrupt the region, // so we map the region at a (hopefully) hard to guess address with random offset, // surrounded by unmapped pages. // The address chosen must also work on 32-bit kernels with 1GB user address space. const uint64 kOutputBase = 0x1b2bc20000ull; #if SYZ_EXECUTOR_USES_FORK_SERVER // Allocating (and forking) virtual memory for each executed process is expensive, so we only mmap // the amount we might possibly need for the specific received prog. const int kMaxOutputComparisons = 14 << 20; // executions with comparsions enabled are usually < 1% of all executions const int kMaxOutputCoverage = 6 << 20; // coverage is needed in ~ up to 1/3 of all executions (depending on corpus rotation) const int kMaxOutputSignal = 4 << 20; const int kMinOutput = 256 << 10; // if we don't need to send signal, the output is rather short. const int kInitialOutput = kMinOutput; // the minimal size to be allocated in the parent process #else // We don't fork and allocate the memory only once, so prepare for the worst case. const int kInitialOutput = 14 << 20; #endif // TODO: allocate a smaller amount of memory in the parent once we merge the patches that enable // prog execution with neither signal nor coverage. Likely 64kb will be enough in that case. const int kInFd = 3; const int kOutFd = 4; static uint32* output_data; static uint32* output_pos; static int output_size; static void mmap_output(int size); static uint32* write_output(uint32 v); static uint32* write_output_64(uint64 v); static void write_completed(uint32 completed); static uint32 hash(uint32 a); static bool dedup(uint32 sig); #endif // if SYZ_EXECUTOR_USES_SHMEM uint64 start_time_ms = 0; static bool flag_debug; static bool flag_coverage; static bool flag_sandbox_none; static bool flag_sandbox_setuid; static bool flag_sandbox_namespace; static bool flag_sandbox_android; static bool flag_extra_coverage; static bool flag_net_injection; static bool flag_net_devices; static bool flag_net_reset; static bool flag_cgroups; static bool flag_close_fds; static bool flag_devlink_pci; static bool flag_nic_vf; static bool flag_vhci_injection; static bool flag_wifi; static bool flag_delay_kcov_mmap; static bool flag_collect_cover; static bool flag_collect_signal; static bool flag_dedup_cover; static bool flag_threaded; static bool flag_coverage_filter; // If true, then executor should write the comparisons data to fuzzer. static bool flag_comparisons; // Tunable timeouts, received with execute_req. static uint64 syscall_timeout_ms; static uint64 program_timeout_ms; static uint64 slowdown_scale; // Can be used to disginguish whether we're at the initialization stage // or we already execute programs. static bool in_execute_one = false; #define SYZ_EXECUTOR 1 #include "common.h" const int kMaxInput = 4 << 20; // keep in sync with prog.ExecBufferSize const int kMaxCommands = 1000; // prog package knows about this constant (prog.execMaxCommands) const uint64 instr_eof = -1; const uint64 instr_copyin = -2; const uint64 instr_copyout = -3; const uint64 instr_setprops = -4; const uint64 arg_const = 0; const uint64 arg_result = 1; const uint64 arg_data = 2; const uint64 arg_csum = 3; const uint64 binary_format_native = 0; const uint64 binary_format_bigendian = 1; const uint64 binary_format_strdec = 2; const uint64 binary_format_strhex = 3; const uint64 binary_format_stroct = 4; const uint64 no_copyout = -1; static int running; uint32 completed; bool is_kernel_64_bit = true; static char* input_data; // Checksum kinds. static const uint64 arg_csum_inet = 0; // Checksum chunk kinds. static const uint64 arg_csum_chunk_data = 0; static const uint64 arg_csum_chunk_const = 1; typedef intptr_t(SYSCALLAPI* syscall_t)(intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t); struct call_t { const char* name; int sys_nr; call_attrs_t attrs; syscall_t call; }; struct cover_t { int fd; uint32 size; uint32 mmap_alloc_size; char* data; char* data_end; // Note: On everything but darwin the first value in data is the count of // recorded PCs, followed by the PCs. We therefore set data_offset to the // size of one PC. // On darwin data points to an instance of the ksancov_trace struct. Here we // set data_offset to the offset between data and the structs 'pcs' member, // which contains the PCs. intptr_t data_offset; // Note: On everything but darwin this is 0, as the PCs contained in data // are already correct. XNUs KSANCOV API, however, chose to always squeeze // PCs into 32 bit. To make the recorded PC fit, KSANCOV substracts a fixed // offset (VM_MIN_KERNEL_ADDRESS for AMD64) and then truncates the result to // uint32_t. We get this from the 'offset' member in ksancov_trace. intptr_t pc_offset; }; struct thread_t { int id; bool created; event_t ready; event_t done; uint64* copyout_pos; uint64 copyout_index; bool executing; int call_index; int call_num; int num_args; intptr_t args[kMaxArgs]; call_props_t call_props; intptr_t res; uint32 reserrno; bool fault_injected; cover_t cov; bool soft_fail_state; }; static thread_t threads[kMaxThreads]; static thread_t* last_scheduled; // Threads use this variable to access information about themselves. static __thread struct thread_t* current_thread; static cover_t extra_cov; struct res_t { bool executed; uint64 val; }; static res_t results[kMaxCommands]; const uint64 kInMagic = 0xbadc0ffeebadface; const uint32 kOutMagic = 0xbadf00d; struct handshake_req { uint64 magic; uint64 flags; // env flags uint64 pid; uint64 sandbox_arg; }; struct handshake_reply { uint32 magic; }; struct execute_req { uint64 magic; uint64 env_flags; uint64 exec_flags; uint64 pid; uint64 syscall_timeout_ms; uint64 program_timeout_ms; uint64 slowdown_scale; uint64 prog_size; }; struct execute_reply { uint32 magic; uint32 done; uint32 status; }; // call_reply.flags const uint32 call_flag_executed = 1 << 0; const uint32 call_flag_finished = 1 << 1; const uint32 call_flag_blocked = 1 << 2; const uint32 call_flag_fault_injected = 1 << 3; struct call_reply { execute_reply header; uint32 magic; uint32 call_index; uint32 call_num; uint32 reserrno; uint32 flags; uint32 signal_size; uint32 cover_size; uint32 comps_size; // signal/cover/comps follow }; enum { KCOV_CMP_CONST = 1, KCOV_CMP_SIZE1 = 0, KCOV_CMP_SIZE2 = 2, KCOV_CMP_SIZE4 = 4, KCOV_CMP_SIZE8 = 6, KCOV_CMP_SIZE_MASK = 6, }; struct kcov_comparison_t { // Note: comparisons are always 64-bits regardless of kernel bitness. uint64 type; uint64 arg1; uint64 arg2; uint64 pc; bool ignore() const; void write(); bool operator==(const struct kcov_comparison_t& other) const; bool operator<(const struct kcov_comparison_t& other) const; }; typedef char kcov_comparison_size[sizeof(kcov_comparison_t) == 4 * sizeof(uint64) ? 1 : -1]; struct feature_t { const char* name; void (*setup)(); }; static thread_t* schedule_call(int call_index, int call_num, uint64 copyout_index, uint64 num_args, uint64* args, uint64* pos, call_props_t call_props); static void handle_completion(thread_t* th); static void copyout_call_results(thread_t* th); static void write_call_output(thread_t* th, bool finished); static void write_extra_output(); static void execute_call(thread_t* th); static void thread_create(thread_t* th, int id, bool need_coverage); static void thread_mmap_cover(thread_t* th); static void* worker_thread(void* arg); static uint64 read_input(uint64** input_posp, bool peek = false); static uint64 read_arg(uint64** input_posp); static uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf, uint64* bf_off_p, uint64* bf_len_p); static uint64 read_result(uint64** input_posp); static uint64 swap(uint64 v, uint64 size, uint64 bf); static void copyin(char* addr, uint64 val, uint64 size, uint64 bf, uint64 bf_off, uint64 bf_len); static bool copyout(char* addr, uint64 size, uint64* res); static void setup_control_pipes(); static void setup_features(char** enable, int n); #include "syscalls.h" #if GOOS_linux #include "executor_linux.h" #elif GOOS_fuchsia #include "executor_fuchsia.h" #elif GOOS_akaros #include "executor_akaros.h" #elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd #include "executor_bsd.h" #elif GOOS_darwin #include "executor_darwin.h" #elif GOOS_windows #include "executor_windows.h" #elif GOOS_test #include "executor_test.h" #else #error "unknown OS" #endif #include "cov_filter.h" #include "test.h" #if SYZ_HAVE_SANDBOX_ANDROID static uint64 sandbox_arg = 0; #endif int main(int argc, char** argv) { if (argc == 2 && strcmp(argv[1], "version") == 0) { puts(GOOS " " GOARCH " " SYZ_REVISION " " GIT_REVISION); return 0; } if (argc >= 2 && strcmp(argv[1], "setup") == 0) { setup_features(argv + 2, argc - 2); return 0; } if (argc >= 2 && strcmp(argv[1], "leak") == 0) { #if SYZ_HAVE_LEAK_CHECK check_leaks(argv + 2, argc - 2); #else fail("leak checking is not implemented"); #endif return 0; } if (argc >= 2 && strcmp(argv[1], "setup_kcsan_filterlist") == 0) { #if SYZ_HAVE_KCSAN setup_kcsan_filterlist(argv + 2, argc - 2, true); #else fail("KCSAN is not implemented"); #endif return 0; } if (argc == 2 && strcmp(argv[1], "test") == 0) return run_tests(); if (argc < 2 || strcmp(argv[1], "exec") != 0) { fprintf(stderr, "unknown command"); return 1; } start_time_ms = current_time_ms(); os_init(argc, argv, (char*)SYZ_DATA_OFFSET, SYZ_NUM_PAGES * SYZ_PAGE_SIZE); current_thread = &threads[0]; #if SYZ_EXECUTOR_USES_SHMEM void* mmap_out = mmap(NULL, kMaxInput, PROT_READ, MAP_PRIVATE, kInFd, 0); #else void* mmap_out = mmap(NULL, kMaxInput, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); #endif if (mmap_out == MAP_FAILED) fail("mmap of input file failed"); input_data = static_cast(mmap_out); #if SYZ_EXECUTOR_USES_SHMEM mmap_output(kInitialOutput); // Prevent test programs to mess with these fds. // Due to races in collider mode, a program can e.g. ftruncate one of these fds, // which will cause fuzzer to crash. close(kInFd); #if !SYZ_EXECUTOR_USES_FORK_SERVER close(kOutFd); #endif // For SYZ_EXECUTOR_USES_FORK_SERVER, close(kOutFd) is invoked in the forked child, // after the program has been received. #endif // if SYZ_EXECUTOR_USES_SHMEM use_temporary_dir(); install_segv_handler(); setup_control_pipes(); #if SYZ_EXECUTOR_USES_FORK_SERVER receive_handshake(); #else receive_execute(); #endif if (flag_coverage) { int create_count = kCoverDefaultCount, mmap_count = create_count; if (flag_delay_kcov_mmap) { create_count = kCoverOptimizedCount; mmap_count = kCoverOptimizedPreMmap; } if (create_count > kMaxThreads) create_count = kMaxThreads; for (int i = 0; i < create_count; i++) { threads[i].cov.fd = kCoverFd + i; cover_open(&threads[i].cov, false); if (i < mmap_count) { // Pre-mmap coverage collection for some threads. This should be enough for almost // all programs, for the remaning few ones coverage will be set up when it's needed. thread_mmap_cover(&threads[i]); } } extra_cov.fd = kExtraCoverFd; cover_open(&extra_cov, true); cover_mmap(&extra_cov); cover_protect(&extra_cov); if (flag_extra_coverage) { // Don't enable comps because we don't use them in the fuzzer yet. cover_enable(&extra_cov, false, true); } char sep = '/'; #if GOOS_windows sep = '\\'; #endif char filename[1024] = {0}; char* end = strrchr(argv[0], sep); size_t len = end - argv[0]; strncpy(filename, argv[0], len + 1); strncat(filename, "syz-cover-bitmap", 17); filename[sizeof(filename) - 1] = '\0'; init_coverage_filter(filename); } int status = 0; if (flag_sandbox_none) status = do_sandbox_none(); #if SYZ_HAVE_SANDBOX_SETUID else if (flag_sandbox_setuid) status = do_sandbox_setuid(); #endif #if SYZ_HAVE_SANDBOX_NAMESPACE else if (flag_sandbox_namespace) status = do_sandbox_namespace(); #endif #if SYZ_HAVE_SANDBOX_ANDROID else if (flag_sandbox_android) status = do_sandbox_android(sandbox_arg); #endif else fail("unknown sandbox type"); #if SYZ_EXECUTOR_USES_FORK_SERVER fprintf(stderr, "loop exited with status %d\n", status); // Other statuses happen when fuzzer processes manages to kill loop, e.g. with: // ptrace(PTRACE_SEIZE, 1, 0, 0x100040) if (status != kFailStatus) status = 0; // If an external sandbox process wraps executor, the out pipe will be closed // before the sandbox process exits this will make ipc package kill the sandbox. // As the result sandbox process will exit with exit status 9 instead of the executor // exit status (notably kFailStatus). So we duplicate the exit status on the pipe. reply_execute(status); doexit(status); // Unreachable. return 1; #else reply_execute(status); return status; #endif } #if SYZ_EXECUTOR_USES_SHMEM // This method can be invoked as many times as one likes - MMAP_FIXED can overwrite the previous // mapping without any problems. The only precondition - kOutFd must not be closed. static void mmap_output(int size) { if (size <= output_size) return; if (size % SYZ_PAGE_SIZE != 0) failmsg("trying to mmap output area that is not divisible by page size", "page=%d,area=%d", SYZ_PAGE_SIZE, size); uint32* mmap_at = NULL; if (output_data == NULL) { // It's the first time we map output region - generate its location. output_data = mmap_at = (uint32*)(kOutputBase + (1 << 20) * (getpid() % 128)); } else { // We are expanding the mmapped region. Adjust the parameters to avoid mmapping already // mmapped area as much as possible. // There exists a mremap call that could have helped, but it's purely Linux-specific. mmap_at = (uint32*)((char*)(output_data) + output_size); } void* result = mmap(mmap_at, size - output_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, kOutFd, output_size); if (result != mmap_at) failmsg("mmap of output file failed", "want %p, got %p", mmap_at, result); output_size = size; } #endif void setup_control_pipes() { if (dup2(0, kInPipeFd) < 0) fail("dup2(0, kInPipeFd) failed"); if (dup2(1, kOutPipeFd) < 0) fail("dup2(1, kOutPipeFd) failed"); if (dup2(2, 1) < 0) fail("dup2(2, 1) failed"); // We used to close(0), but now we dup stderr to stdin to keep fd numbers // stable across executor and C programs generated by pkg/csource. if (dup2(2, 0) < 0) fail("dup2(2, 0) failed"); } void parse_env_flags(uint64 flags) { // Note: Values correspond to ordering in pkg/ipc/ipc.go, e.g. FlagSandboxNamespace flag_debug = flags & (1 << 0); flag_coverage = flags & (1 << 1); if (flags & (1 << 2)) flag_sandbox_setuid = true; else if (flags & (1 << 3)) flag_sandbox_namespace = true; else if (flags & (1 << 4)) flag_sandbox_android = true; else flag_sandbox_none = true; flag_extra_coverage = flags & (1 << 5); flag_net_injection = flags & (1 << 6); flag_net_devices = flags & (1 << 7); flag_net_reset = flags & (1 << 8); flag_cgroups = flags & (1 << 9); flag_close_fds = flags & (1 << 10); flag_devlink_pci = flags & (1 << 11); flag_vhci_injection = flags & (1 << 12); flag_wifi = flags & (1 << 13); flag_delay_kcov_mmap = flags & (1 << 14); flag_nic_vf = flags & (1 << 15); } #if SYZ_EXECUTOR_USES_FORK_SERVER void receive_handshake() { handshake_req req = {}; int n = read(kInPipeFd, &req, sizeof(req)); if (n != sizeof(req)) failmsg("handshake read failed", "read=%d", n); if (req.magic != kInMagic) failmsg("bad handshake magic", "magic=0x%llx", req.magic); #if SYZ_HAVE_SANDBOX_ANDROID sandbox_arg = req.sandbox_arg; #endif parse_env_flags(req.flags); procid = req.pid; } void reply_handshake() { handshake_reply reply = {}; reply.magic = kOutMagic; if (write(kOutPipeFd, &reply, sizeof(reply)) != sizeof(reply)) fail("control pipe write failed"); } #endif static execute_req last_execute_req; void receive_execute() { execute_req& req = last_execute_req; if (read(kInPipeFd, &req, sizeof(req)) != (ssize_t)sizeof(req)) fail("control pipe read failed"); if (req.magic != kInMagic) failmsg("bad execute request magic", "magic=0x%llx", req.magic); if (req.prog_size > kMaxInput) failmsg("bad execute prog size", "size=0x%llx", req.prog_size); parse_env_flags(req.env_flags); procid = req.pid; syscall_timeout_ms = req.syscall_timeout_ms; program_timeout_ms = req.program_timeout_ms; slowdown_scale = req.slowdown_scale; flag_collect_signal = req.exec_flags & (1 << 0); flag_collect_cover = req.exec_flags & (1 << 1); flag_dedup_cover = req.exec_flags & (1 << 2); flag_comparisons = req.exec_flags & (1 << 3); flag_threaded = req.exec_flags & (1 << 4); flag_coverage_filter = req.exec_flags & (1 << 5); debug("[%llums] exec opts: procid=%llu threaded=%d cover=%d comps=%d dedup=%d signal=%d" " timeouts=%llu/%llu/%llu prog=%llu filter=%d\n", current_time_ms() - start_time_ms, procid, flag_threaded, flag_collect_cover, flag_comparisons, flag_dedup_cover, flag_collect_signal, syscall_timeout_ms, program_timeout_ms, slowdown_scale, req.prog_size, flag_coverage_filter); if (syscall_timeout_ms == 0 || program_timeout_ms <= syscall_timeout_ms || slowdown_scale == 0) failmsg("bad timeouts", "syscall=%llu, program=%llu, scale=%llu", syscall_timeout_ms, program_timeout_ms, slowdown_scale); if (SYZ_EXECUTOR_USES_SHMEM) { if (req.prog_size) fail("need_prog: no program"); return; } if (req.prog_size == 0) fail("need_prog: no program"); uint64 pos = 0; for (;;) { ssize_t rv = read(kInPipeFd, input_data + pos, kMaxInput - pos); if (rv < 0) fail("read failed"); pos += rv; if (rv == 0 || pos >= req.prog_size) break; } if (pos != req.prog_size) failmsg("bad input size", "size=%lld, want=%lld", pos, req.prog_size); } bool cover_collection_required() { return flag_coverage && (flag_collect_signal || flag_collect_cover || flag_comparisons); } #if GOOS_akaros void resend_execute(int fd) { execute_req& req = last_execute_req; if (write(fd, &req, sizeof(req)) != sizeof(req)) fail("child pipe header write failed"); if (write(fd, input_data, req.prog_size) != (ssize_t)req.prog_size) fail("child pipe program write failed"); } #endif void reply_execute(int status) { execute_reply reply = {}; reply.magic = kOutMagic; reply.done = true; reply.status = status; if (write(kOutPipeFd, &reply, sizeof(reply)) != sizeof(reply)) fail("control pipe write failed"); } #if SYZ_EXECUTOR_USES_SHMEM void realloc_output_data() { #if SYZ_EXECUTOR_USES_FORK_SERVER if (flag_comparisons) mmap_output(kMaxOutputComparisons); else if (flag_collect_cover) mmap_output(kMaxOutputCoverage); else if (flag_collect_signal) mmap_output(kMaxOutputSignal); if (close(kOutFd) < 0) fail("failed to close kOutFd"); #endif } #endif // if SYZ_EXECUTOR_USES_SHMEM // execute_one executes program stored in input_data. void execute_one() { in_execute_one = true; #if SYZ_EXECUTOR_USES_SHMEM realloc_output_data(); output_pos = output_data; write_output(0); // Number of executed syscalls (updated later). #endif // if SYZ_EXECUTOR_USES_SHMEM uint64 start = current_time_ms(); uint64* input_pos = (uint64*)input_data; if (cover_collection_required()) { if (!flag_threaded) cover_enable(&threads[0].cov, flag_comparisons, false); if (flag_extra_coverage) cover_reset(&extra_cov); } int call_index = 0; uint64 prog_extra_timeout = 0; uint64 prog_extra_cover_timeout = 0; call_props_t call_props; memset(&call_props, 0, sizeof(call_props)); for (;;) { uint64 call_num = read_input(&input_pos); if (call_num == instr_eof) break; if (call_num == instr_copyin) { char* addr = (char*)read_input(&input_pos); uint64 typ = read_input(&input_pos); switch (typ) { case arg_const: { uint64 size, bf, bf_off, bf_len; uint64 arg = read_const_arg(&input_pos, &size, &bf, &bf_off, &bf_len); copyin(addr, arg, size, bf, bf_off, bf_len); break; } case arg_result: { uint64 meta = read_input(&input_pos); uint64 size = meta & 0xff; uint64 bf = meta >> 8; uint64 val = read_result(&input_pos); copyin(addr, val, size, bf, 0, 0); break; } case arg_data: { uint64 size = read_input(&input_pos); size &= ~(1ull << 63); // readable flag NONFAILING(memcpy(addr, input_pos, size)); // Read out the data. for (uint64 i = 0; i < (size + 7) / 8; i++) read_input(&input_pos); break; } case arg_csum: { debug_verbose("checksum found at %p\n", addr); uint64 size = read_input(&input_pos); char* csum_addr = addr; uint64 csum_kind = read_input(&input_pos); switch (csum_kind) { case arg_csum_inet: { if (size != 2) failmsg("bag inet checksum size", "size=%llu", size); debug_verbose("calculating checksum for %p\n", csum_addr); struct csum_inet csum; csum_inet_init(&csum); uint64 chunks_num = read_input(&input_pos); uint64 chunk; for (chunk = 0; chunk < chunks_num; chunk++) { uint64 chunk_kind = read_input(&input_pos); uint64 chunk_value = read_input(&input_pos); uint64 chunk_size = read_input(&input_pos); switch (chunk_kind) { case arg_csum_chunk_data: debug_verbose("#%lld: data chunk, addr: %llx, size: %llu\n", chunk, chunk_value, chunk_size); NONFAILING(csum_inet_update(&csum, (const uint8*)chunk_value, chunk_size)); break; case arg_csum_chunk_const: if (chunk_size != 2 && chunk_size != 4 && chunk_size != 8) failmsg("bad checksum const chunk size", "size=%lld", chunk_size); // Here we assume that const values come to us big endian. debug_verbose("#%lld: const chunk, value: %llx, size: %llu\n", chunk, chunk_value, chunk_size); csum_inet_update(&csum, (const uint8*)&chunk_value, chunk_size); break; default: failmsg("bad checksum chunk kind", "kind=%llu", chunk_kind); } } uint16 csum_value = csum_inet_digest(&csum); debug_verbose("writing inet checksum %hx to %p\n", csum_value, csum_addr); copyin(csum_addr, csum_value, 2, binary_format_native, 0, 0); break; } default: failmsg("bad checksum kind", "kind=%llu", csum_kind); } break; } default: failmsg("bad argument type", "type=%llu", typ); } continue; } if (call_num == instr_copyout) { read_input(&input_pos); // index read_input(&input_pos); // addr read_input(&input_pos); // size // The copyout will happen when/if the call completes. continue; } if (call_num == instr_setprops) { read_call_props_t(call_props, read_input(&input_pos, false)); continue; } // Normal syscall. if (call_num >= ARRAY_SIZE(syscalls)) failmsg("invalid syscall number", "call_num=%llu", call_num); const call_t* call = &syscalls[call_num]; if (call->attrs.disabled) failmsg("executing disabled syscall", "syscall=%s", call->name); if (prog_extra_timeout < call->attrs.prog_timeout) prog_extra_timeout = call->attrs.prog_timeout * slowdown_scale; if (strncmp(syscalls[call_num].name, "syz_usb", strlen("syz_usb")) == 0) prog_extra_cover_timeout = std::max(prog_extra_cover_timeout, 500 * slowdown_scale); if (strncmp(syscalls[call_num].name, "syz_80211_inject_frame", strlen("syz_80211_inject_frame")) == 0) prog_extra_cover_timeout = std::max(prog_extra_cover_timeout, 300 * slowdown_scale); uint64 copyout_index = read_input(&input_pos); uint64 num_args = read_input(&input_pos); if (num_args > kMaxArgs) failmsg("command has bad number of arguments", "args=%llu", num_args); uint64 args[kMaxArgs] = {}; for (uint64 i = 0; i < num_args; i++) args[i] = read_arg(&input_pos); for (uint64 i = num_args; i < kMaxArgs; i++) args[i] = 0; thread_t* th = schedule_call(call_index++, call_num, copyout_index, num_args, args, input_pos, call_props); if (call_props.async && flag_threaded) { // Don't wait for an async call to finish. We'll wait at the end. // If we're not in the threaded mode, just ignore the async flag - during repro simplification syzkaller // will anyway try to make it non-threaded. } else if (flag_threaded) { // Wait for call completion. uint64 timeout_ms = syscall_timeout_ms + call->attrs.timeout * slowdown_scale; // This is because of printing pre/post call. Ideally we print everything in the main thread // and then remove this (would also avoid intermixed output). if (flag_debug && timeout_ms < 1000) timeout_ms = 1000; if (event_timedwait(&th->done, timeout_ms)) handle_completion(th); // Check if any of previous calls have completed. for (int i = 0; i < kMaxThreads; i++) { th = &threads[i]; if (th->executing && event_isset(&th->done)) handle_completion(th); } } else { // Execute directly. if (th != &threads[0]) fail("using non-main thread in non-thread mode"); event_reset(&th->ready); execute_call(th); event_set(&th->done); handle_completion(th); } memset(&call_props, 0, sizeof(call_props)); } if (running > 0) { // Give unfinished syscalls some additional time. last_scheduled = 0; uint64 wait_start = current_time_ms(); uint64 wait_end = wait_start + 2 * syscall_timeout_ms; wait_end = std::max(wait_end, start + program_timeout_ms / 6); wait_end = std::max(wait_end, wait_start + prog_extra_timeout); while (running > 0 && current_time_ms() <= wait_end) { sleep_ms(1 * slowdown_scale); for (int i = 0; i < kMaxThreads; i++) { thread_t* th = &threads[i]; if (th->executing && event_isset(&th->done)) handle_completion(th); } } // Write output coverage for unfinished calls. if (running > 0) { for (int i = 0; i < kMaxThreads; i++) { thread_t* th = &threads[i]; if (th->executing) { if (cover_collection_required()) cover_collect(&th->cov); write_call_output(th, false); } } } } #if SYZ_HAVE_CLOSE_FDS close_fds(); #endif write_extra_output(); // Check for new extra coverage in small intervals to avoid situation // that we were killed on timeout before we write any. // Check for extra coverage is very cheap, effectively a memory load. const uint64 kSleepMs = 100; for (uint64 i = 0; i < prog_extra_cover_timeout / kSleepMs; i++) { sleep_ms(kSleepMs); write_extra_output(); } } thread_t* schedule_call(int call_index, int call_num, uint64 copyout_index, uint64 num_args, uint64* args, uint64* pos, call_props_t call_props) { // Find a spare thread to execute the call. int i = 0; for (; i < kMaxThreads; i++) { thread_t* th = &threads[i]; if (!th->created) thread_create(th, i, cover_collection_required()); if (event_isset(&th->done)) { if (th->executing) handle_completion(th); break; } } if (i == kMaxThreads) exitf("out of threads"); thread_t* th = &threads[i]; if (event_isset(&th->ready) || !event_isset(&th->done) || th->executing) exitf("bad thread state in schedule: ready=%d done=%d executing=%d", event_isset(&th->ready), event_isset(&th->done), th->executing); last_scheduled = th; th->copyout_pos = pos; th->copyout_index = copyout_index; event_reset(&th->done); th->executing = true; th->call_index = call_index; th->call_num = call_num; th->num_args = num_args; th->call_props = call_props; for (int i = 0; i < kMaxArgs; i++) th->args[i] = args[i]; event_set(&th->ready); running++; return th; } #if SYZ_EXECUTOR_USES_SHMEM template void write_coverage_signal(cover_t* cov, uint32* signal_count_pos, uint32* cover_count_pos) { // Write out feedback signals. // Currently it is code edges computed as xor of two subsequent basic block PCs. cover_data_t* cover_data = (cover_data_t*)(cov->data + cov->data_offset); if (flag_collect_signal) { uint32 nsig = 0; cover_data_t prev_pc = 0; bool prev_filter = true; for (uint32 i = 0; i < cov->size; i++) { cover_data_t pc = cover_data[i] + cov->pc_offset; uint32 sig = pc & 0xFFFFF000; if (use_cover_edges(pc)) { // Only hash the lower 12 bits so the hash is // independent of any module offsets. sig |= (pc & 0xFFF) ^ (hash(prev_pc & 0xFFF) & 0xFFF); } bool filter = coverage_filter(pc); // Ignore the edge only if both current and previous PCs are filtered out // to capture all incoming and outcoming edges into the interesting code. bool ignore = !filter && !prev_filter; prev_pc = pc; prev_filter = filter; if (ignore || dedup(sig)) continue; write_output(sig); nsig++; } // Write out number of signals. *signal_count_pos = nsig; } if (flag_collect_cover) { // Write out real coverage (basic block PCs). uint32 cover_size = cov->size; if (flag_dedup_cover) { cover_data_t* end = cover_data + cover_size; cover_unprotect(cov); std::sort(cover_data, end); cover_size = std::unique(cover_data, end) - cover_data; cover_protect(cov); } // Truncate PCs to uint32 assuming that they fit into 32-bits. // True for x86_64 and arm64 without KASLR. for (uint32 i = 0; i < cover_size; i++) write_output(cover_data[i] + cov->pc_offset); *cover_count_pos = cover_size; } } #endif // if SYZ_EXECUTOR_USES_SHMEM void handle_completion(thread_t* th) { if (event_isset(&th->ready) || !event_isset(&th->done) || !th->executing) exitf("bad thread state in completion: ready=%d done=%d executing=%d", event_isset(&th->ready), event_isset(&th->done), th->executing); if (th->res != (intptr_t)-1) copyout_call_results(th); write_call_output(th, true); write_extra_output(); th->executing = false; running--; if (running < 0) { // This fires periodically for the past 2 years (see issue #502). fprintf(stderr, "running=%d completed=%d flag_threaded=%d current=%d\n", running, completed, flag_threaded, th->id); for (int i = 0; i < kMaxThreads; i++) { thread_t* th1 = &threads[i]; fprintf(stderr, "th #%2d: created=%d executing=%d" " ready=%d done=%d call_index=%d res=%lld reserrno=%d\n", i, th1->created, th1->executing, event_isset(&th1->ready), event_isset(&th1->done), th1->call_index, (uint64)th1->res, th1->reserrno); } exitf("negative running"); } } void copyout_call_results(thread_t* th) { if (th->copyout_index != no_copyout) { if (th->copyout_index >= kMaxCommands) failmsg("result overflows kMaxCommands", "index=%lld", th->copyout_index); results[th->copyout_index].executed = true; results[th->copyout_index].val = th->res; } for (bool done = false; !done;) { uint64 instr = read_input(&th->copyout_pos); switch (instr) { case instr_copyout: { uint64 index = read_input(&th->copyout_pos); if (index >= kMaxCommands) failmsg("result overflows kMaxCommands", "index=%lld", index); char* addr = (char*)read_input(&th->copyout_pos); uint64 size = read_input(&th->copyout_pos); uint64 val = 0; if (copyout(addr, size, &val)) { results[index].executed = true; results[index].val = val; } debug_verbose("copyout 0x%llx from %p\n", val, addr); break; } default: done = true; break; } } } void write_call_output(thread_t* th, bool finished) { uint32 reserrno = 999; const bool blocked = finished && th != last_scheduled; uint32 call_flags = call_flag_executed | (blocked ? call_flag_blocked : 0); if (finished) { reserrno = th->res != -1 ? 0 : th->reserrno; call_flags |= call_flag_finished | (th->fault_injected ? call_flag_fault_injected : 0); } #if SYZ_EXECUTOR_USES_SHMEM write_output(kOutMagic); write_output(th->call_index); write_output(th->call_num); write_output(reserrno); write_output(call_flags); uint32* signal_count_pos = write_output(0); // filled in later uint32* cover_count_pos = write_output(0); // filled in later uint32* comps_count_pos = write_output(0); // filled in later if (flag_comparisons) { // Collect only the comparisons uint32 ncomps = th->cov.size; kcov_comparison_t* start = (kcov_comparison_t*)(th->cov.data + sizeof(uint64)); kcov_comparison_t* end = start + ncomps; if ((char*)end > th->cov.data_end) failmsg("too many comparisons", "ncomps=%u", ncomps); cover_unprotect(&th->cov); std::sort(start, end); ncomps = std::unique(start, end) - start; cover_protect(&th->cov); uint32 comps_size = 0; for (uint32 i = 0; i < ncomps; ++i) { if (start[i].ignore()) continue; comps_size++; start[i].write(); } // Write out number of comparisons. *comps_count_pos = comps_size; } else if (flag_collect_signal || flag_collect_cover) { if (is_kernel_64_bit) write_coverage_signal(&th->cov, signal_count_pos, cover_count_pos); else write_coverage_signal(&th->cov, signal_count_pos, cover_count_pos); } debug_verbose("out #%u: index=%u num=%u errno=%d finished=%d blocked=%d sig=%u cover=%u comps=%u\n", completed, th->call_index, th->call_num, reserrno, finished, blocked, *signal_count_pos, *cover_count_pos, *comps_count_pos); completed++; write_completed(completed); #else call_reply reply; reply.header.magic = kOutMagic; reply.header.done = 0; reply.header.status = 0; reply.magic = kOutMagic; reply.call_index = th->call_index; reply.call_num = th->call_num; reply.reserrno = reserrno; reply.flags = call_flags; reply.signal_size = 0; reply.cover_size = 0; reply.comps_size = 0; if (write(kOutPipeFd, &reply, sizeof(reply)) != sizeof(reply)) fail("control pipe call write failed"); debug_verbose("out: index=%u num=%u errno=%d finished=%d blocked=%d\n", th->call_index, th->call_num, reserrno, finished, blocked); #endif // if SYZ_EXECUTOR_USES_SHMEM } void write_extra_output() { #if SYZ_EXECUTOR_USES_SHMEM if (!cover_collection_required() || !flag_extra_coverage || flag_comparisons) return; cover_collect(&extra_cov); if (!extra_cov.size) return; write_output(kOutMagic); write_output(-1); // call index write_output(-1); // call num write_output(999); // errno write_output(0); // call flags uint32* signal_count_pos = write_output(0); // filled in later uint32* cover_count_pos = write_output(0); // filled in later write_output(0); // comps_count_pos if (is_kernel_64_bit) write_coverage_signal(&extra_cov, signal_count_pos, cover_count_pos); else write_coverage_signal(&extra_cov, signal_count_pos, cover_count_pos); cover_reset(&extra_cov); debug_verbose("extra: sig=%u cover=%u\n", *signal_count_pos, *cover_count_pos); completed++; write_completed(completed); #endif // if SYZ_EXECUTOR_USES_SHMEM } void thread_create(thread_t* th, int id, bool need_coverage) { th->created = true; th->id = id; th->executing = false; // Lazily set up coverage collection. // It is assumed that actually it's already initialized - with a few rare exceptions. if (need_coverage) { if (!th->cov.fd) exitf("out of opened kcov threads"); thread_mmap_cover(th); } event_init(&th->ready); event_init(&th->done); event_set(&th->done); if (flag_threaded) thread_start(worker_thread, th); } void thread_mmap_cover(thread_t* th) { if (th->cov.data != NULL) return; cover_mmap(&th->cov); cover_protect(&th->cov); } void* worker_thread(void* arg) { thread_t* th = (thread_t*)arg; current_thread = th; if (cover_collection_required()) cover_enable(&th->cov, flag_comparisons, false); for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th); event_set(&th->done); } return 0; } void execute_call(thread_t* th) { const call_t* call = &syscalls[th->call_num]; debug("#%d [%llums] -> %s(", th->id, current_time_ms() - start_time_ms, call->name); for (int i = 0; i < th->num_args; i++) { if (i != 0) debug(", "); debug("0x%llx", (uint64)th->args[i]); } debug(")\n"); int fail_fd = -1; th->soft_fail_state = false; if (th->call_props.fail_nth > 0) { if (th->call_props.rerun > 0) fail("both fault injection and rerun are enabled for the same call"); fail_fd = inject_fault(th->call_props.fail_nth); th->soft_fail_state = true; } if (flag_coverage) cover_reset(&th->cov); // For pseudo-syscalls and user-space functions NONFAILING can abort before assigning to th->res. // Arrange for res = -1 and errno = EFAULT result for such case. th->res = -1; errno = EFAULT; NONFAILING(th->res = execute_syscall(call, th->args)); th->reserrno = errno; // Our pseudo-syscalls may misbehave. if ((th->res == -1 && th->reserrno == 0) || call->attrs.ignore_return) th->reserrno = EINVAL; // Reset the flag before the first possible fail(). th->soft_fail_state = false; if (flag_coverage) { cover_collect(&th->cov); if (th->cov.size >= kCoverSize) failmsg("too much cover", "thr=%d, cov=%u", th->id, th->cov.size); } th->fault_injected = false; if (th->call_props.fail_nth > 0) th->fault_injected = fault_injected(fail_fd); // If required, run the syscall some more times. // But let's still return res, errno and coverage from the first execution. for (int i = 0; i < th->call_props.rerun; i++) NONFAILING(execute_syscall(call, th->args)); debug("#%d [%llums] <- %s=0x%llx", th->id, current_time_ms() - start_time_ms, call->name, (uint64)th->res); if (th->res == (intptr_t)-1) debug(" errno=%d", th->reserrno); if (flag_coverage) debug(" cover=%u", th->cov.size); if (th->call_props.fail_nth > 0) debug(" fault=%d", th->fault_injected); if (th->call_props.rerun > 0) debug(" rerun=%d", th->call_props.rerun); debug("\n"); } #if SYZ_EXECUTOR_USES_SHMEM static uint32 hash(uint32 a) { a = (a ^ 61) ^ (a >> 16); a = a + (a << 3); a = a ^ (a >> 4); a = a * 0x27d4eb2d; a = a ^ (a >> 15); return a; } const uint32 dedup_table_size = 8 << 10; uint32 dedup_table[dedup_table_size]; // Poorman's best-effort hashmap-based deduplication. // The hashmap is global which means that we deduplicate across different calls. // This is OK because we are interested only in new signals. static bool dedup(uint32 sig) { for (uint32 i = 0; i < 4; i++) { uint32 pos = (sig + i) % dedup_table_size; if (dedup_table[pos] == sig) return true; if (dedup_table[pos] == 0) { dedup_table[pos] = sig; return false; } } dedup_table[sig % dedup_table_size] = sig; return false; } #endif // if SYZ_EXECUTOR_USES_SHMEM template void copyin_int(char* addr, uint64 val, uint64 bf, uint64 bf_off, uint64 bf_len) { if (bf_off == 0 && bf_len == 0) { *(T*)addr = swap(val, sizeof(T), bf); return; } T x = swap(*(T*)addr, sizeof(T), bf); debug_verbose("copyin_int<%zu>: old x=0x%llx\n", sizeof(T), (uint64)x); #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ const uint64 shift = sizeof(T) * CHAR_BIT - bf_off - bf_len; #else const uint64 shift = bf_off; #endif x = (x & ~BITMASK(shift, bf_len)) | ((val << shift) & BITMASK(shift, bf_len)); debug_verbose("copyin_int<%zu>: new x=0x%llx\n", sizeof(T), (uint64)x); *(T*)addr = swap(x, sizeof(T), bf); } void copyin(char* addr, uint64 val, uint64 size, uint64 bf, uint64 bf_off, uint64 bf_len) { debug_verbose("copyin: addr=%p val=0x%llx size=%llu bf=%llu bf_off=%llu bf_len=%llu\n", addr, val, size, bf, bf_off, bf_len); if (bf != binary_format_native && bf != binary_format_bigendian && (bf_off != 0 || bf_len != 0)) failmsg("bitmask for string format", "off=%llu, len=%llu", bf_off, bf_len); switch (bf) { case binary_format_native: case binary_format_bigendian: NONFAILING(switch (size) { case 1: copyin_int(addr, val, bf, bf_off, bf_len); break; case 2: copyin_int(addr, val, bf, bf_off, bf_len); break; case 4: copyin_int(addr, val, bf, bf_off, bf_len); break; case 8: copyin_int(addr, val, bf, bf_off, bf_len); break; default: failmsg("copyin: bad argument size", "size=%llu", size); }); break; case binary_format_strdec: if (size != 20) failmsg("bad strdec size", "size=%llu", size); NONFAILING(sprintf((char*)addr, "%020llu", val)); break; case binary_format_strhex: if (size != 18) failmsg("bad strhex size", "size=%llu", size); NONFAILING(sprintf((char*)addr, "0x%016llx", val)); break; case binary_format_stroct: if (size != 23) failmsg("bad stroct size", "size=%llu", size); NONFAILING(sprintf((char*)addr, "%023llo", val)); break; default: failmsg("unknown binary format", "format=%llu", bf); } } bool copyout(char* addr, uint64 size, uint64* res) { return NONFAILING( switch (size) { case 1: *res = *(uint8*)addr; break; case 2: *res = *(uint16*)addr; break; case 4: *res = *(uint32*)addr; break; case 8: *res = *(uint64*)addr; break; default: failmsg("copyout: bad argument size", "size=%llu", size); }); } uint64 read_arg(uint64** input_posp) { uint64 typ = read_input(input_posp); switch (typ) { case arg_const: { uint64 size, bf, bf_off, bf_len; uint64 val = read_const_arg(input_posp, &size, &bf, &bf_off, &bf_len); if (bf != binary_format_native && bf != binary_format_bigendian) failmsg("bad argument binary format", "format=%llu", bf); if (bf_off != 0 || bf_len != 0) failmsg("bad argument bitfield", "off=%llu, len=%llu", bf_off, bf_len); return swap(val, size, bf); } case arg_result: { uint64 meta = read_input(input_posp); uint64 bf = meta >> 8; if (bf != binary_format_native) failmsg("bad result argument format", "format=%llu", bf); return read_result(input_posp); } default: failmsg("bad argument type", "type=%llu", typ); } } uint64 swap(uint64 v, uint64 size, uint64 bf) { if (bf == binary_format_native) return v; if (bf != binary_format_bigendian) failmsg("bad binary format in swap", "format=%llu", bf); switch (size) { case 2: return htobe16(v); case 4: return htobe32(v); case 8: return htobe64(v); default: failmsg("bad big-endian int size", "size=%llu", size); } } uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf_p, uint64* bf_off_p, uint64* bf_len_p) { uint64 meta = read_input(input_posp); uint64 val = read_input(input_posp); *size_p = meta & 0xff; uint64 bf = (meta >> 8) & 0xff; *bf_off_p = (meta >> 16) & 0xff; *bf_len_p = (meta >> 24) & 0xff; uint64 pid_stride = meta >> 32; val += pid_stride * procid; *bf_p = bf; return val; } uint64 read_result(uint64** input_posp) { uint64 idx = read_input(input_posp); uint64 op_div = read_input(input_posp); uint64 op_add = read_input(input_posp); uint64 arg = read_input(input_posp); if (idx >= kMaxCommands) failmsg("command refers to bad result", "result=%lld", idx); if (results[idx].executed) { arg = results[idx].val; if (op_div != 0) arg = arg / op_div; arg += op_add; } return arg; } uint64 read_input(uint64** input_posp, bool peek) { uint64* input_pos = *input_posp; if ((char*)input_pos >= input_data + kMaxInput) failmsg("input command overflows input", "pos=%p: [%p:%p)", input_pos, input_data, input_data + kMaxInput); if (!peek) *input_posp = input_pos + 1; return *input_pos; } #if SYZ_EXECUTOR_USES_SHMEM uint32* write_output(uint32 v) { if (output_pos < output_data || (char*)output_pos >= (char*)output_data + output_size) failmsg("output overflow", "pos=%p region=[%p:%p]", output_pos, output_data, (char*)output_data + output_size); *output_pos = v; return output_pos++; } uint32* write_output_64(uint64 v) { if (output_pos < output_data || (char*)(output_pos + 1) >= (char*)output_data + output_size) failmsg("output overflow", "pos=%p region=[%p:%p]", output_pos, output_data, (char*)output_data + output_size); *(uint64*)output_pos = v; output_pos += 2; return output_pos; } void write_completed(uint32 completed) { __atomic_store_n(output_data, completed, __ATOMIC_RELEASE); } #endif // if SYZ_EXECUTOR_USES_SHMEM #if SYZ_EXECUTOR_USES_SHMEM void kcov_comparison_t::write() { if (type > (KCOV_CMP_CONST | KCOV_CMP_SIZE_MASK)) failmsg("invalid kcov comp type", "type=%llx", type); // Write order: type arg1 arg2 pc. write_output((uint32)type); // KCOV converts all arguments of size x first to uintx_t and then to // uint64. We want to properly extend signed values, e.g we want // int8 c = 0xfe to be represented as 0xfffffffffffffffe. // Note that uint8 c = 0xfe will be represented the same way. // This is ok because during hints processing we will anyways try // the value 0x00000000000000fe. switch (type & KCOV_CMP_SIZE_MASK) { case KCOV_CMP_SIZE1: arg1 = (uint64)(long long)(signed char)arg1; arg2 = (uint64)(long long)(signed char)arg2; break; case KCOV_CMP_SIZE2: arg1 = (uint64)(long long)(short)arg1; arg2 = (uint64)(long long)(short)arg2; break; case KCOV_CMP_SIZE4: arg1 = (uint64)(long long)(int)arg1; arg2 = (uint64)(long long)(int)arg2; break; } bool is_size_8 = (type & KCOV_CMP_SIZE_MASK) == KCOV_CMP_SIZE8; if (!is_size_8) { write_output((uint32)arg1); write_output((uint32)arg2); } else { write_output_64(arg1); write_output_64(arg2); } } bool kcov_comparison_t::ignore() const { // Comparisons with 0 are not interesting, fuzzer should be able to guess 0's without help. if (arg1 == 0 && (arg2 == 0 || (type & KCOV_CMP_CONST))) return true; if ((type & KCOV_CMP_SIZE_MASK) == KCOV_CMP_SIZE8) { // This can be a pointer (assuming 64-bit kernel). // First of all, we want avert fuzzer from our output region. // Without this fuzzer manages to discover and corrupt it. uint64 out_start = (uint64)output_data; uint64 out_end = out_start + output_size; if (arg1 >= out_start && arg1 <= out_end) return true; if (arg2 >= out_start && arg2 <= out_end) return true; #if defined(GOOS_linux) // Filter out kernel physical memory addresses. // These are internal kernel comparisons and should not be interesting. // The range covers first 1TB of physical mapping. uint64 kmem_start = (uint64)0xffff880000000000ull; uint64 kmem_end = (uint64)0xffff890000000000ull; bool kptr1 = arg1 >= kmem_start && arg1 <= kmem_end; bool kptr2 = arg2 >= kmem_start && arg2 <= kmem_end; if (kptr1 && kptr2) return true; if (kptr1 && arg2 == 0) return true; if (kptr2 && arg1 == 0) return true; #endif } return !coverage_filter(pc); } bool kcov_comparison_t::operator==(const struct kcov_comparison_t& other) const { // We don't check for PC equality now, because it is not used. return type == other.type && arg1 == other.arg1 && arg2 == other.arg2; } bool kcov_comparison_t::operator<(const struct kcov_comparison_t& other) const { if (type != other.type) return type < other.type; if (arg1 != other.arg1) return arg1 < other.arg1; // We don't check for PC equality now, because it is not used. return arg2 < other.arg2; } #endif // if SYZ_EXECUTOR_USES_SHMEM void setup_features(char** enable, int n) { // This does any one-time setup for the requested features on the machine. // Note: this can be called multiple times and must be idempotent. flag_debug = true; #if SYZ_HAVE_FEATURES setup_sysctl(); setup_cgroups(); #endif #if SYZ_HAVE_SETUP_EXT // This can be defined in common_ext.h. setup_ext(); #endif for (int i = 0; i < n; i++) { bool found = false; #if SYZ_HAVE_FEATURES for (unsigned f = 0; f < sizeof(features) / sizeof(features[0]); f++) { if (strcmp(enable[i], features[f].name) == 0) { features[f].setup(); found = true; break; } } #endif if (!found) failmsg("setup features: unknown feature", "feature=%s", enable[i]); } } void failmsg(const char* err, const char* msg, ...) { int e = errno; fprintf(stderr, "SYZFAIL: %s\n", err); if (msg) { va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); } fprintf(stderr, " (errno %d: %s)\n", e, strerror(e)); // fail()'s are often used during the validation of kernel reactions to queries // that were issued by pseudo syscalls implementations. As fault injection may // cause the kernel not to succeed in handling these queries (e.g. socket writes // or reads may fail), this could ultimately lead to unwanted "lost connection to // test machine" crashes. // In order to avoid this and, on the other hand, to still have the ability to // signal a disastrous situation, the exit code of this function depends on the // current context. // All fail() invocations during system call execution with enabled fault injection // lead to termination with zero exit code. In all other cases, the exit code is // kFailStatus. if (current_thread && current_thread->soft_fail_state) doexit(0); doexit(kFailStatus); } void fail(const char* err) { failmsg(err, 0); } void exitf(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(0); } void debug(const char* msg, ...) { if (!flag_debug) return; int err = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fflush(stderr); errno = err; } void debug_dump_data(const char* data, int length) { if (!flag_debug) return; int i = 0; for (; i < length; i++) { debug("%02x ", data[i] & 0xff); if (i % 16 == 15) debug("\n"); } if (i % 16 != 0) debug("\n"); } ld: error: cannot open /usr/lib/clang/16/lib/openbsd/libclang_rt.ubsan_standalone-x86_64.a: No such file or directory ld: error: cannot open /usr/lib/clang/16/lib/openbsd/libclang_rt.ubsan_standalone_cxx-x86_64.a: No such file or directory c++: error: linker command failed with exit code 1 (use -v to see invocation) compiler invocation: c++ [-o /tmp/syz-executor3136551184 -DGOOS_test=1 -DGOARCH_64_fuzz=1 -DHOSTGOOS_openbsd=1 ../../executor/executor.cc -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fsanitize-coverage=trace-pc -g] FAIL FAIL github.com/google/syzkaller/pkg/fuzzer 15.829s ok github.com/google/syzkaller/pkg/gce (cached) ok github.com/google/syzkaller/pkg/host (cached) ok github.com/google/syzkaller/pkg/html (cached) ok github.com/google/syzkaller/pkg/ifuzz (cached) ok github.com/google/syzkaller/pkg/image (cached) ok github.com/google/syzkaller/pkg/instance (cached) ok github.com/google/syzkaller/pkg/ipc (cached) ok github.com/google/syzkaller/pkg/kconfig (cached) ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig (cached) ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro (cached) ok github.com/google/syzkaller/pkg/runtest (cached) ok github.com/google/syzkaller/pkg/serializer (cached) ok github.com/google/syzkaller/pkg/stats (cached) ok github.com/google/syzkaller/pkg/subsystem (cached) ok github.com/google/syzkaller/pkg/subsystem/linux (cached) ok github.com/google/syzkaller/pkg/subsystem/lists (cached) ok github.com/google/syzkaller/pkg/symbolizer (cached) ok github.com/google/syzkaller/pkg/tool (cached) --- FAIL: TestParse (0.00s) vcs_test.go:258: vcs.Recipients{ { Address: mail.Address{ - Name: "Foo Bar", + Name: "Foo (Maintainer) Bar", Address: "a@email.com", }, Type: s"To", }, { Address: mail.Address{ - Name: "Foo Bar", + Name: "Foo Bar(Reviewer)", Address: "b@email.com", }, Type: s"Cc", }, {Address: {Name: "Supporter Foo", Address: "c@email.com"}}, {Address: {Address: "linux-kernel@vger.kernel.org"}, Type: s"Cc"}, {Address: {Address: "somelist@list.com"}}, } FAIL FAIL github.com/google/syzkaller/pkg/vcs 30.929s ok github.com/google/syzkaller/prog (cached) ok github.com/google/syzkaller/prog/test (cached) ok github.com/google/syzkaller/sys/linux (cached) ok github.com/google/syzkaller/sys/netbsd (cached) ok github.com/google/syzkaller/sys/openbsd (cached) ok github.com/google/syzkaller/syz-ci (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state (cached) ok github.com/google/syzkaller/syz-manager (cached) ok github.com/google/syzkaller/syz-verifier (cached) ok github.com/google/syzkaller/tools/syz-kconf (cached) ok github.com/google/syzkaller/tools/syz-linter (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ok github.com/google/syzkaller/vm (cached) ok github.com/google/syzkaller/vm/isolated (cached) ok github.com/google/syzkaller/vm/proxyapp (cached) ok github.com/google/syzkaller/vm/vmimpl (cached) FAIL