ok github.com/google/syzkaller/dashboard/app 0.111s ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 0.395s ok github.com/google/syzkaller/pkg/ast 1.686s ok github.com/google/syzkaller/pkg/bisect 6.385s ok github.com/google/syzkaller/pkg/build 1.828s ok github.com/google/syzkaller/pkg/compiler 3.372s ok github.com/google/syzkaller/pkg/config 0.047s ok github.com/google/syzkaller/pkg/cover 4.834s ? github.com/google/syzkaller/pkg/cover/backend [no test files] --- FAIL: TestGenerate (5.94s) --- FAIL: TestGenerate/test/32_fork_shmem (0.01s) csource_test.go:68: seed=1611677910207240629 --- FAIL: TestGenerate/test/32_fork_shmem/3 (0.09s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); use_temporary_dir(); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :6: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor194436292 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/6 (0.16s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17 + procid*20); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor589086789 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/1 (0.18s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); use_temporary_dir(); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor211640062 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/0 (0.21s) csource_test.go:124: opts: {Threaded:false Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_one(void) { sprintf((char*)0x20000000, "%020llu", (long long)0x17); syscall(SYS_foo, 0x20000000, 0); memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); syscall(SYS_mutate2); *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); syscall(SYS_test_excessive_args1); memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); syz_compare_int(2, 9, 0x3ff, 0, 0); syz_errno(0xff); memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); syz_exit(0x3bc); syz_mmap(0x20003000, 0x2000); syz_sleep_ms(0xae); } int main(void) { syz_mmap(0x20000000, 0x1000000); use_temporary_dir(); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor491256659 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/10 (0.24s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:true Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) ({ int ok = 1; __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } else ok = 0; __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); ok; }) static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: NONFAILING(sprintf((char*)0x20000000, "%020llu", (long long)0x17)); syscall(SYS_foo, 0x20000000, 0); break; case 1: NONFAILING(memcpy((void*)0x20000040, "#\000", 2)); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: NONFAILING(memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92)); NONFAILING(memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10)); NONFAILING(memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096)); NONFAILING(memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126)); NONFAILING(memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121)); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: NONFAILING(*(uint8_t*)0x20001200 = 9); NONFAILING(*(uint8_t*)0x20001201 = 3); NONFAILING(*(uint8_t*)0x20001204 = 8); syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10)); NONFAILING(*(uint64_t*)0x20001248 = 3); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11)); NONFAILING(STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11)); NONFAILING(*(uint8_t*)0x20001258 = 0x80); syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: NONFAILING(*(uint64_t*)0x20001280 = 4); NONFAILING(*(uint64_t*)0x20001288 = 0x63aa); NONFAILING(*(uint8_t*)0x20001290 = 2); NONFAILING(*(uint8_t*)0x20001291 = 0x10); NONFAILING(*(uint8_t*)0x20001292 = 8); NONFAILING(*(uint8_t*)0x20001293 = 4); NONFAILING(*(uint8_t*)0x20001294 = 2); syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: NONFAILING(memcpy((void*)0x200012c0, "#\000", 2)); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: NONFAILING(memcpy((void*)0x20001300, "#\000", 2)); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: NONFAILING(memcpy((void*)0x20000000, ".-\000", 3)); NONFAILING(*(uint8_t*)0x20000040 = 8); NONFAILING(*(uint8_t*)0x20000048 = 6); NONFAILING(*(uint8_t*)0x20000049 = 5); NONFAILING(STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4)); NONFAILING(syz_compare(0x20000000, 3, 0x20000040, 0x10)); break; case 11: NONFAILING(syz_compare_int(2, 9, 0x3ff, 0, 0)); break; case 12: NONFAILING(syz_errno(0xff)); break; case 13: NONFAILING(memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50)); NONFAILING(syz_execute_func(0x20000080)); break; case 14: NONFAILING(syz_exit(0x3bc)); break; case 15: NONFAILING(syz_mmap(0x20003000, 0x2000)); break; case 16: NONFAILING(syz_sleep_ms(0xae)); break; } } int main(void) { NONFAILING(syz_mmap(0x20000000, 0x1000000)); install_segv_handler(); use_temporary_dir(); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor605175958 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/4 (0.24s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (; iter < 10; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); use_temporary_dir(); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor320225533 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/7 (0.25s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 15000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); use_temporary_dir(); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor797918264 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/13 (0.25s) csource_test.go:124: opts: {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; int collide = 0; again: for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17 + procid*20); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor535010871 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/9 (0.25s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:false HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :6: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor198500906 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/2 (0.25s) csource_test.go:124: opts: {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: foo$fmt3(&(0x7f0000000000)=0xd) test$str0(&(0x7f0000000040)='#\x00') test$length25(&(0x7f0000000080)=["f10715d4c9e5266c67931773e4a0f636ec65433db95fc97dfb6a7c246b9022eded40bd5b7bc21a67f92e898bdb77eb69e28492941cd278412ebeec4d09ae9c02694e2b96bfd466173cda3b722385fe87434a69cf53b4901014995915", "37655b5306334cb48687", "10fe01411f2a0853621183e03fd969e91dcde25ae5aedec27c41096a23d2738e3330156db39857e671916dc9e84a50147231d90b96e85a90a3ea36f88b40e714c4afdcb7c7ca327bc41e8b5f519920bf5c9ac9f9991166c973b145d866b00adc563effeea498989e12ca3b69a26d4690e0a7482bd1c89bf3956a1048c0fc31b2e74a1b9eeacb5f746dff9527514eaf5f5396a5bc73d9ed250656f870eaf6b6856393ad79e7f764608642452cf52844036e989325af0e00d4370f387948e00d0928e0820928cf445dd8aa3762901ecaf1d67caad240a0accb3b2b712f776f7c2c96f7f6f30f5cfa8dbb09d76ff92fd36556ea85268dd1e9447ea12a384e18e885c2fe1236243d0712df5e926543e59ac7525407dd790cea1f843a8ce4f3b4b70138584a56fba8861b8c9af1a9c20ec5e41fdcc075f9b19173cb2fffe893cfc209233c7a328b63c0b0343aa8c89a653aa1cb96a55f02653f9bb7c7b7665e256fba08be12fc7a17d1354e74e5fa5452e915bde73e8440ce9c7767594205c9e33ad9dc190bf89a9dc40f36e242d2002880040e5c8396e69a81fb0102ea79922d12fa1347ec508ef9f8a6aa09e4024b3e25624336611d42f7de410c513db066db8d4efcb961e889616034c8b0220db1c1ec111487ac10749aefcf6094fc662b79edbbb3005ac386e67a64f35ace7f8bb72d1208a5c92d5001630f6184eefedb60c3ebd93b8a7c5d79362c813700f3b5498264aa2e8f3424127dc46d5a20accc3d1423522eccf3465b907db3a10c04252173a44e4107e75864f6b2b14c6e57c1ffe800564362befd3cfcfa431ee490f9a8691b1fbf47b297e6b7c7e381ee2f50c43a4ba0ccd8c58a0ab9a2ad3aa8f740c70e8c88eb19f7ab58d94d7657de09cdc7e01c46d354f21d97b50d09d5222b4f1af7ad0bb625a2e0f52d68f96ddacd12e73c45b3ea144a601815451a8d613b13b2ec6e95dd408661f4c26c58f0e24ab3561b7ba1432405b5da96f10b47bbdf1ead6b6df645e533b02555f69fd8f9e209e374d45c2f2597dcd30e5dcff5bc4eb4dbd8415159bdce9c730b81baeccbb876413d90a5b51eb124b461ea51a7b0e4261f6331836c61398a5d4e6d3cbab148d4c353aa452d37b7046970566fa5bdb1cb962feaa0fd000d94f327cba925d08474a24e099c4534174352f2b1bb88bb688794643feadb6aef90e6807a9b6e5633a8e12d2b1a31f66cef9ef8972575e63214ea8b8d9fa8aa51d174293ddc391f9babf8c947e5d342159f327366e86701a11892ac00f907494ea4ae0b803d08bdb6fa12241bea85e8b006a0a562a2a13575334c8808db594916b0a0b4cd0dd1f4bf61826df52da8d9ba9d322a11e13eea369d9c6bd862dfc764d45152fe4a4d4d84c358864787013e80d075348bd8e1aaf90b8ae88231dfc60b325dcf105fba6f4f7bc6d6eb883ea94bc7951ab68a9fef16f79ba480c606d261a903f56e3c8e5717bfb36e60ebe454eb9bea91171e5ec7620ac1d56732f13dac52f338d0eb6c0be92ab951e3eafbc186f30f571b2677a45c3ba2b456ae65738418a7625336aa8697c84b803d7a7458c769c71302b19c620c7d2b46d75aa9661a7e6d6366f24622b370290edebb6b9bf1ad61f1dddfe93e44bd1e9c1888edba9a7a96e425b356bfc2a0009202445bc6468aa0a84f9f2299b75e632e43da31388097bd6888e491d085396d9829d5b31ed32069426107b5c93487700ff6e1479f85127780a069c047b8fd7eb9b2acb7d2e4fc8a5f5bd36d789d9fba0691fdada41e75fedd2df8b3afbde047cf9b6c452a272448a3e99ec0f5820168356cc8c9c40b40890273a66ceaa26c131745c4ea0c883b3ff400b5f76e76c42a2164a6d0180410f0e031f01741d1467e96319758891a7f615108c6a8bbc0c403faa33ca7c95dfaff911207f22f1b9d78325a0ccd1797397a91b4fae68eadb72c7c03a9dcaee224b8344fbc62e436cfd0d68b0492616a83efc3d30baff8ed4aa013aedcbb7830e4d52d9b02b06db3e60b27385dbd04feed6c48a0ae6ebe465704407cdeae4b562d0b1a44bdf65542998c8f4875d09d281f90548dfecbc3e570c4fb37d17f05ef484aa71e9b2651752c50b7f5c9235c3fb786dd68086a615f4baa7fb3b9f5067693080a9d64912372afc3d5f017e55eaabf1b6180ce2e28e20a6950abf5b65bdac7d915b0bb938057056f5d6314a283623d6a9be3b191a2873fd8eb7a258c4fe1da8d3e3f4e037c31ce4b72a966e450e97a447cb9129b104c5b2e00c7115e63bb784e71b1c235f736879bee83e2e5f390f314b51bb2f70827b742f9f960de2ec09b2fe8ce4352fd4d61258c68e8fec749ccb6d053ae84c5eff8a438087d423eb35ebcc0af40179922a69c83feaa9d426c3f3cf05412a70ca9559b62d69ed0411ca650c07e4a34068791d742bbf13676b51d400ecbe01f03d26ddf63eaf2dbeb1c9582f646d4207e340e7ea3b6a36d70b2513a288607da6b0f93c96940e284bdd6d69bac90bfc82d0160ddadc30e7f3b90173c57aabffd4881d6de07b0215066f66827a345119fb46250a292255f138a7c44093b1d6684c807c714653eabb42796d9be0b04a3f84aa006f98b9832f7714c6b39e811acc6a01becd5dd70570a03c6e75771746dc258f1942bca6d0d3b8588041b381072b8b8f89ebd07b74ca7f0341af5875c889c9a753ace87bee46d67690090309ec5b1c8c278828a33390002d73aade7c06af0560b6d8ed5cf60075cbe14b0c58757fbd75d25a13fbfa574fb3c6bd04ef84642c3aa2187f56ea3b5687b963804bb64d8e1bdb40edaec97a0199b6e5290ca2ec556d2a3436b687c53456f0c585602f6cc0dc8d4222d7f721b9d55877fd52a37758d521abb01c6fde683ab431e3c5aff7e0e8506a05a8c725ad5689c318014a1153fe10e66267c81bf788586bcb5a210d58524264bd963a56403d2c6ec28d643b7f9f5587e092f6108f3de1db727146f0458954b85ac448d386e045476d74ca3cf3950dfc2c5f556b5b4c2e148d740a396a4625ae5d7bf2468164d6119ccf3a3f20fbd68fc211b59d0092e9eb5d838ee2b24d94e2649ac4a344f41f73ecf7ea142e3970dea2cf0178ae97d1cb667fa5b7b3db23a6e56e72ec4c3d50d866187bc4e325ff9142422a59905ee5121ec01ef4f697aec1b81564dd27504aa7f06470d622643e24177c3ea5feae5523ea53f4ff3b44e77db4be9abba06a42bcc0896198fefb4645720d81db587dd9177d3e7d2431ee2ed7d929f973f0229fb039c868f0606a05c485c4cc2e810f3a9aafd6134a4e8adc1715018586ddb0d077c038ac28f0993a3ca027cd01616550dee732fb0afc68dbec1beebb31fdfca7ac947e7dc9c06b973f848bbc3c9c98641ac21974aec51102ee772e745bcab1cea858ee9e057f8f505ed0b36d3aee45a579c3632786bfad6d1ce3bcccf8166e2edaaba7c3139cc2ad3d9be7ba4bb80ba7bdf507c44415dd06cea5a83fb1b50d0d48d2bd4bdb36cd2dd05db6322b34cc7f04596d3407447d01c00cb70c996cd20e4d87e759e89c4a44973d965c3b43b7694da1ecbf9d6249ec66d74b0c3ed3624933afe0f30a5ff21dc4dababf007781b54f0535f92f1ed1555a417c54c18f2f3aee0701a2a96ed406ae3eb365500ba9961ffbe015f71c3baaf3735f3ecdc847e4539752c278a768bf02ddacc6b9edce7665e7ffa56d057ddb5d04975986e6b9ed4e319aaa53e01e149bf88bbd236ca22e8b6234765eb210c59cd84ba16993165b7c2c1c2ac8acd60765464f4a6bd4132d9a0279ebe657c1f41de50b09ad681ab477f737aea71605255dbfd9dd4c35f839914be29808ace17af801e4cb313c0d531522cf34c7d923d9232dfb039b0de3219accece6a6216c7b8b5c4ffcb3801aee0bd383ac65032afcd3d1c2540d2c56cd5bc116da1c36313ca9220239912f633b46458bf0ddd6e3289f25d8c3aac6a53dbfa35598b6e5739903334d970b3dd85a1b57810adc451e62979c6bc5f510743149be160699410d95beb393808cb0564196747cc6386b4a6fb26fa1f53d7c1d6bceb79c41fdcd8ed663b168587724208b46ef599894584bc35d6a8662b204bfc15a8cbecedc320ef5edb5f20fbd560c626843db24d6c8b7e55b61a47a3268ddb0fb523f56694378fd2c76dbc6182cb49afdd2aea2dc7f91fe9445b21c6b12b8f99baaf242ab0ff1e1413c7b1bcb38dda4de1fc9ac587434110f83ce2157c99018252e977df9e8ec0250519256ce5cdc8b7a795ae2662571bb4c3eb98aeb093584b17f0b1a6c026037d080aeba6a7b5b216903942a66eed37ed890dc5df1acd711205e19d016badda1ce37659a78a7d3fe006cff20df840353e6b96568dbc7acdca3889b885f4956ee7f5ea90532d71eb1b921180ea2e385a4c3551fded44419a3f373341a288247a136fd7be0c8afb5411bafba96a1ffeb53b12e7068d008d96f807cd878b775bd9614c9bf57f1d13fadc86c2f582db038ad24911b420b56ec1c6e4859d2311263bb68aaa072328a4d31484e14b7fdd1f27bdac94d85a3d6931a72ed880ba85a5aff033b9f490324f0072b36454622b9248de9dcf99e887d6759070296185e7949d0f94b3527b46e251c343149601adfe051489f9bfe2ae17a668df465414a28298fa0573866f305bdad7bf91da2207137bdf7ba5dfaf062b4ec7d5b9b9cc75869db70bd5c1d89ff0fec43ff92d1b93a93f0dfc94b00985bd97ecafd4395424bff8ea036b628f8e6b5b8b03724f09b7a462ac031b2b62189947a82d00b2434d4103ec6d59ea10e377f6fe98f7411f10baae6c71fc116a77ddd64f46148617c1598ee86feb58ba6a852f4c71187b4bdc5d84532809fb4786612895bee62b8992b45f760b821980261a88280db0e923d7b72162b1aafddee4ff61be8e49012758cb8663d3321c4b9c451ea09dc861c63f42da859999e514dc2e65a83d9f5217831bf0243ebdca6e484dfcface2376cd1166e95329db57790822f107e7387b2a393dd0cc81455a42adf7c78492ca741b0dc16bdc56273a389abff59487e3bb8b2226288fa62c62933de07830c3707f410fb79696f4edea3e72a17250aeb6d9cba954ce4426220195d64e753f825dfb9cab3f74bcd69c1a1222e6b6727bb419102fbb226bb6efc1d317cbb0d7e170a62031852f8cfa323805dd558afcdf35f8acccebd791e3caa39ce8b7bddd1e38227e58f798f97ec5781535385067d52a9d70e04a457a3eb85c28b9717cbba63ed05ac1ed0194c7096f5dc1c059bf5c4f53724852ca91396fb787da39101cb937b321250d06984bdabf1cd8333e266e2453d92119a426218e190228d60beb6b32212d1b0eee3a36f3de80dd0913e1806c4787f44d1d74fd30ff7f1edb3776e932b8584a61fa7c615aa098abdf9ff55c1384fac0bdb29e964ab76c879b31a8f9db46e71d6b04c55f4014ea69b371e95925f667d5acc72b4947693120c364b56544b887c9ae69573ee604afad7db65485d6719d1e443a7a2f5c0b4a6efcbe760455d72023ab9a9d11959fc8fe669285919b3c1ca7cf3d3a62bc0bd8f5dc19c9f50d508c560cf8d42693d429597fa36cb2588d463e51e19c65e054068090c354da2533541443f74895691b75c2011aaabb59811e9bc5d96eeeb21952d5b8bff2b79d6e642cf6be3c8d4ada2e64b18957303f4f757ab3f57584a3942aa2087fb03ee9703037a66ccc301cd59f63506cc9d296bcb4e27a84fabc5073049a66322191698f1e3f16afcf1ffa0f", "7f9ac5bfea591023d1c4ceaf7da53cdeca7f3cbebed9c43c9a424b387b5f939bed436f474cf3c9030d8f428229af5c3765ad3f0cd0f307cdbf00f007a1c0725312ca4ceee06ff1c4997beb9d9828b2a77502491ef9f27f5f8a2190a16a95a60963914559c0e0fa464b3b41c97328dca8779756f510dc4cd33d6531274cfa", "682cc780cfd8fae024501ff62729ab77cebe25caadf43985b30db8387ff377ed37033e09f335630f36aead37573d324072d9fb1a627ab3a3ca51d4a126b7f6a85fb49e27af493a4f0488a20731e7c3e5228ea79052bea76c12ad743bfcb9c962f36f55dadb59517b7c20ab848c458f11e00c1308a2f07ea1e3"], 0x5) test$align3(&(0x7f0000001200)={0x9, {0x3}, {0x8}}) test$bf0(&(0x7f0000001240)={0x0, 0x3, 0x2, 0x3c, 0x42, 0x20, 0x20, 0x80}) mutate2() test$length16(&(0x7f0000001280)={[0x4, 0x63aa], 0x2, 0x10, 0x8, 0x4, 0x2}) test_excessive_args1() test$str0(&(0x7f00000012c0)='#\x00') test$str0(&(0x7f0000001300)='#\x00') syz_compare(&(0x7f0000000000)='.-\x00', 0x3, &(0x7f0000000040)=@bf20={0x8, {0x6, 0x5, 0x6, 0x1, 0x6, 0x8}}, 0x10) syz_compare_int$2(0x2, 0x9, 0x3ff) syz_errno(0xff) syz_execute_func(&(0x7f0000000080)="9a81de5d928f1a60f17beb77b1f99a68af78907e1b40de1e910c3956a2a9497c8f05fbd7d7282e2344fc3c4a137dc02d3d14") syz_exit(0x3bc) syz_mmap(&(0x7f0000003000/0x2000)=nil, 0x2000) syz_sleep_ms(0xae) csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; int collide = 0; again: for (call = 0; call < 17; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_mutate2 #define SYS_mutate2 0 #endif #ifndef SYS_test #define SYS_test 0 #endif #ifndef SYS_test_excessive_args1 #define SYS_test_excessive_args1 0 #endif void execute_call(int call) { switch (call) { case 0: sprintf((char*)0x20000000, "%020llu", (long long)0x17); syscall(SYS_foo, 0x20000000, 0); break; case 1: memcpy((void*)0x20000040, "#\000", 2); syscall(SYS_test, 0x20000040, 0, 0, 0, 0, 0); break; case 2: memcpy((void*)0x20000080, "\xf1\x07\x15\xd4\xc9\xe5\x26\x6c\x67\x93\x17\x73\xe4\xa0\xf6\x36\xec\x65\x43\x3d\xb9\x5f\xc9\x7d\xfb\x6a\x7c\x24\x6b\x90\x22\xed\xed\x40\xbd\x5b\x7b\xc2\x1a\x67\xf9\x2e\x89\x8b\xdb\x77\xeb\x69\xe2\x84\x92\x94\x1c\xd2\x78\x41\x2e\xbe\xec\x4d\x09\xae\x9c\x02\x69\x4e\x2b\x96\xbf\xd4\x66\x17\x3c\xda\x3b\x72\x23\x85\xfe\x87\x43\x4a\x69\xcf\x53\xb4\x90\x10\x14\x99\x59\x15", 92); memcpy((void*)0x200000dc, "\x37\x65\x5b\x53\x06\x33\x4c\xb4\x86\x87", 10); memcpy((void*)0x200000e6, "\x10\xfe\x01\x41\x1f\x2a\x08\x53\x62\x11\x83\xe0\x3f\xd9\x69\xe9\x1d\xcd\xe2\x5a\xe5\xae\xde\xc2\x7c\x41\x09\x6a\x23\xd2\x73\x8e\x33\x30\x15\x6d\xb3\x98\x57\xe6\x71\x91\x6d\xc9\xe8\x4a\x50\x14\x72\x31\xd9\x0b\x96\xe8\x5a\x90\xa3\xea\x36\xf8\x8b\x40\xe7\x14\xc4\xaf\xdc\xb7\xc7\xca\x32\x7b\xc4\x1e\x8b\x5f\x51\x99\x20\xbf\x5c\x9a\xc9\xf9\x99\x11\x66\xc9\x73\xb1\x45\xd8\x66\xb0\x0a\xdc\x56\x3e\xff\xee\xa4\x98\x98\x9e\x12\xca\x3b\x69\xa2\x6d\x46\x90\xe0\xa7\x48\x2b\xd1\xc8\x9b\xf3\x95\x6a\x10\x48\xc0\xfc\x31\xb2\xe7\x4a\x1b\x9e\xea\xcb\x5f\x74\x6d\xff\x95\x27\x51\x4e\xaf\x5f\x53\x96\xa5\xbc\x73\xd9\xed\x25\x06\x56\xf8\x70\xea\xf6\xb6\x85\x63\x93\xad\x79\xe7\xf7\x64\x60\x86\x42\x45\x2c\xf5\x28\x44\x03\x6e\x98\x93\x25\xaf\x0e\x00\xd4\x37\x0f\x38\x79\x48\xe0\x0d\x09\x28\xe0\x82\x09\x28\xcf\x44\x5d\xd8\xaa\x37\x62\x90\x1e\xca\xf1\xd6\x7c\xaa\xd2\x40\xa0\xac\xcb\x3b\x2b\x71\x2f\x77\x6f\x7c\x2c\x96\xf7\xf6\xf3\x0f\x5c\xfa\x8d\xbb\x09\xd7\x6f\xf9\x2f\xd3\x65\x56\xea\x85\x26\x8d\xd1\xe9\x44\x7e\xa1\x2a\x38\x4e\x18\xe8\x85\xc2\xfe\x12\x36\x24\x3d\x07\x12\xdf\x5e\x92\x65\x43\xe5\x9a\xc7\x52\x54\x07\xdd\x79\x0c\xea\x1f\x84\x3a\x8c\xe4\xf3\xb4\xb7\x01\x38\x58\x4a\x56\xfb\xa8\x86\x1b\x8c\x9a\xf1\xa9\xc2\x0e\xc5\xe4\x1f\xdc\xc0\x75\xf9\xb1\x91\x73\xcb\x2f\xff\xe8\x93\xcf\xc2\x09\x23\x3c\x7a\x32\x8b\x63\xc0\xb0\x34\x3a\xa8\xc8\x9a\x65\x3a\xa1\xcb\x96\xa5\x5f\x02\x65\x3f\x9b\xb7\xc7\xb7\x66\x5e\x25\x6f\xba\x08\xbe\x12\xfc\x7a\x17\xd1\x35\x4e\x74\xe5\xfa\x54\x52\xe9\x15\xbd\xe7\x3e\x84\x40\xce\x9c\x77\x67\x59\x42\x05\xc9\xe3\x3a\xd9\xdc\x19\x0b\xf8\x9a\x9d\xc4\x0f\x36\xe2\x42\xd2\x00\x28\x80\x04\x0e\x5c\x83\x96\xe6\x9a\x81\xfb\x01\x02\xea\x79\x92\x2d\x12\xfa\x13\x47\xec\x50\x8e\xf9\xf8\xa6\xaa\x09\xe4\x02\x4b\x3e\x25\x62\x43\x36\x61\x1d\x42\xf7\xde\x41\x0c\x51\x3d\xb0\x66\xdb\x8d\x4e\xfc\xb9\x61\xe8\x89\x61\x60\x34\xc8\xb0\x22\x0d\xb1\xc1\xec\x11\x14\x87\xac\x10\x74\x9a\xef\xcf\x60\x94\xfc\x66\x2b\x79\xed\xbb\xb3\x00\x5a\xc3\x86\xe6\x7a\x64\xf3\x5a\xce\x7f\x8b\xb7\x2d\x12\x08\xa5\xc9\x2d\x50\x01\x63\x0f\x61\x84\xee\xfe\xdb\x60\xc3\xeb\xd9\x3b\x8a\x7c\x5d\x79\x36\x2c\x81\x37\x00\xf3\xb5\x49\x82\x64\xaa\x2e\x8f\x34\x24\x12\x7d\xc4\x6d\x5a\x20\xac\xcc\x3d\x14\x23\x52\x2e\xcc\xf3\x46\x5b\x90\x7d\xb3\xa1\x0c\x04\x25\x21\x73\xa4\x4e\x41\x07\xe7\x58\x64\xf6\xb2\xb1\x4c\x6e\x57\xc1\xff\xe8\x00\x56\x43\x62\xbe\xfd\x3c\xfc\xfa\x43\x1e\xe4\x90\xf9\xa8\x69\x1b\x1f\xbf\x47\xb2\x97\xe6\xb7\xc7\xe3\x81\xee\x2f\x50\xc4\x3a\x4b\xa0\xcc\xd8\xc5\x8a\x0a\xb9\xa2\xad\x3a\xa8\xf7\x40\xc7\x0e\x8c\x88\xeb\x19\xf7\xab\x58\xd9\x4d\x76\x57\xde\x09\xcd\xc7\xe0\x1c\x46\xd3\x54\xf2\x1d\x97\xb5\x0d\x09\xd5\x22\x2b\x4f\x1a\xf7\xad\x0b\xb6\x25\xa2\xe0\xf5\x2d\x68\xf9\x6d\xda\xcd\x12\xe7\x3c\x45\xb3\xea\x14\x4a\x60\x18\x15\x45\x1a\x8d\x61\x3b\x13\xb2\xec\x6e\x95\xdd\x40\x86\x61\xf4\xc2\x6c\x58\xf0\xe2\x4a\xb3\x56\x1b\x7b\xa1\x43\x24\x05\xb5\xda\x96\xf1\x0b\x47\xbb\xdf\x1e\xad\x6b\x6d\xf6\x45\xe5\x33\xb0\x25\x55\xf6\x9f\xd8\xf9\xe2\x09\xe3\x74\xd4\x5c\x2f\x25\x97\xdc\xd3\x0e\x5d\xcf\xf5\xbc\x4e\xb4\xdb\xd8\x41\x51\x59\xbd\xce\x9c\x73\x0b\x81\xba\xec\xcb\xb8\x76\x41\x3d\x90\xa5\xb5\x1e\xb1\x24\xb4\x61\xea\x51\xa7\xb0\xe4\x26\x1f\x63\x31\x83\x6c\x61\x39\x8a\x5d\x4e\x6d\x3c\xba\xb1\x48\xd4\xc3\x53\xaa\x45\x2d\x37\xb7\x04\x69\x70\x56\x6f\xa5\xbd\xb1\xcb\x96\x2f\xea\xa0\xfd\x00\x0d\x94\xf3\x27\xcb\xa9\x25\xd0\x84\x74\xa2\x4e\x09\x9c\x45\x34\x17\x43\x52\xf2\xb1\xbb\x88\xbb\x68\x87\x94\x64\x3f\xea\xdb\x6a\xef\x90\xe6\x80\x7a\x9b\x6e\x56\x33\xa8\xe1\x2d\x2b\x1a\x31\xf6\x6c\xef\x9e\xf8\x97\x25\x75\xe6\x32\x14\xea\x8b\x8d\x9f\xa8\xaa\x51\xd1\x74\x29\x3d\xdc\x39\x1f\x9b\xab\xf8\xc9\x47\xe5\xd3\x42\x15\x9f\x32\x73\x66\xe8\x67\x01\xa1\x18\x92\xac\x00\xf9\x07\x49\x4e\xa4\xae\x0b\x80\x3d\x08\xbd\xb6\xfa\x12\x24\x1b\xea\x85\xe8\xb0\x06\xa0\xa5\x62\xa2\xa1\x35\x75\x33\x4c\x88\x08\xdb\x59\x49\x16\xb0\xa0\xb4\xcd\x0d\xd1\xf4\xbf\x61\x82\x6d\xf5\x2d\xa8\xd9\xba\x9d\x32\x2a\x11\xe1\x3e\xea\x36\x9d\x9c\x6b\xd8\x62\xdf\xc7\x64\xd4\x51\x52\xfe\x4a\x4d\x4d\x84\xc3\x58\x86\x47\x87\x01\x3e\x80\xd0\x75\x34\x8b\xd8\xe1\xaa\xf9\x0b\x8a\xe8\x82\x31\xdf\xc6\x0b\x32\x5d\xcf\x10\x5f\xba\x6f\x4f\x7b\xc6\xd6\xeb\x88\x3e\xa9\x4b\xc7\x95\x1a\xb6\x8a\x9f\xef\x16\xf7\x9b\xa4\x80\xc6\x06\xd2\x61\xa9\x03\xf5\x6e\x3c\x8e\x57\x17\xbf\xb3\x6e\x60\xeb\xe4\x54\xeb\x9b\xea\x91\x17\x1e\x5e\xc7\x62\x0a\xc1\xd5\x67\x32\xf1\x3d\xac\x52\xf3\x38\xd0\xeb\x6c\x0b\xe9\x2a\xb9\x51\xe3\xea\xfb\xc1\x86\xf3\x0f\x57\x1b\x26\x77\xa4\x5c\x3b\xa2\xb4\x56\xae\x65\x73\x84\x18\xa7\x62\x53\x36\xaa\x86\x97\xc8\x4b\x80\x3d\x7a\x74\x58\xc7\x69\xc7\x13\x02\xb1\x9c\x62\x0c\x7d\x2b\x46\xd7\x5a\xa9\x66\x1a\x7e\x6d\x63\x66\xf2\x46\x22\xb3\x70\x29\x0e\xde\xbb\x6b\x9b\xf1\xad\x61\xf1\xdd\xdf\xe9\x3e\x44\xbd\x1e\x9c\x18\x88\xed\xba\x9a\x7a\x96\xe4\x25\xb3\x56\xbf\xc2\xa0\x00\x92\x02\x44\x5b\xc6\x46\x8a\xa0\xa8\x4f\x9f\x22\x99\xb7\x5e\x63\x2e\x43\xda\x31\x38\x80\x97\xbd\x68\x88\xe4\x91\xd0\x85\x39\x6d\x98\x29\xd5\xb3\x1e\xd3\x20\x69\x42\x61\x07\xb5\xc9\x34\x87\x70\x0f\xf6\xe1\x47\x9f\x85\x12\x77\x80\xa0\x69\xc0\x47\xb8\xfd\x7e\xb9\xb2\xac\xb7\xd2\xe4\xfc\x8a\x5f\x5b\xd3\x6d\x78\x9d\x9f\xba\x06\x91\xfd\xad\xa4\x1e\x75\xfe\xdd\x2d\xf8\xb3\xaf\xbd\xe0\x47\xcf\x9b\x6c\x45\x2a\x27\x24\x48\xa3\xe9\x9e\xc0\xf5\x82\x01\x68\x35\x6c\xc8\xc9\xc4\x0b\x40\x89\x02\x73\xa6\x6c\xea\xa2\x6c\x13\x17\x45\xc4\xea\x0c\x88\x3b\x3f\xf4\x00\xb5\xf7\x6e\x76\xc4\x2a\x21\x64\xa6\xd0\x18\x04\x10\xf0\xe0\x31\xf0\x17\x41\xd1\x46\x7e\x96\x31\x97\x58\x89\x1a\x7f\x61\x51\x08\xc6\xa8\xbb\xc0\xc4\x03\xfa\xa3\x3c\xa7\xc9\x5d\xfa\xff\x91\x12\x07\xf2\x2f\x1b\x9d\x78\x32\x5a\x0c\xcd\x17\x97\x39\x7a\x91\xb4\xfa\xe6\x8e\xad\xb7\x2c\x7c\x03\xa9\xdc\xae\xe2\x24\xb8\x34\x4f\xbc\x62\xe4\x36\xcf\xd0\xd6\x8b\x04\x92\x61\x6a\x83\xef\xc3\xd3\x0b\xaf\xf8\xed\x4a\xa0\x13\xae\xdc\xbb\x78\x30\xe4\xd5\x2d\x9b\x02\xb0\x6d\xb3\xe6\x0b\x27\x38\x5d\xbd\x04\xfe\xed\x6c\x48\xa0\xae\x6e\xbe\x46\x57\x04\x40\x7c\xde\xae\x4b\x56\x2d\x0b\x1a\x44\xbd\xf6\x55\x42\x99\x8c\x8f\x48\x75\xd0\x9d\x28\x1f\x90\x54\x8d\xfe\xcb\xc3\xe5\x70\xc4\xfb\x37\xd1\x7f\x05\xef\x48\x4a\xa7\x1e\x9b\x26\x51\x75\x2c\x50\xb7\xf5\xc9\x23\x5c\x3f\xb7\x86\xdd\x68\x08\x6a\x61\x5f\x4b\xaa\x7f\xb3\xb9\xf5\x06\x76\x93\x08\x0a\x9d\x64\x91\x23\x72\xaf\xc3\xd5\xf0\x17\xe5\x5e\xaa\xbf\x1b\x61\x80\xce\x2e\x28\xe2\x0a\x69\x50\xab\xf5\xb6\x5b\xda\xc7\xd9\x15\xb0\xbb\x93\x80\x57\x05\x6f\x5d\x63\x14\xa2\x83\x62\x3d\x6a\x9b\xe3\xb1\x91\xa2\x87\x3f\xd8\xeb\x7a\x25\x8c\x4f\xe1\xda\x8d\x3e\x3f\x4e\x03\x7c\x31\xce\x4b\x72\xa9\x66\xe4\x50\xe9\x7a\x44\x7c\xb9\x12\x9b\x10\x4c\x5b\x2e\x00\xc7\x11\x5e\x63\xbb\x78\x4e\x71\xb1\xc2\x35\xf7\x36\x87\x9b\xee\x83\xe2\xe5\xf3\x90\xf3\x14\xb5\x1b\xb2\xf7\x08\x27\xb7\x42\xf9\xf9\x60\xde\x2e\xc0\x9b\x2f\xe8\xce\x43\x52\xfd\x4d\x61\x25\x8c\x68\xe8\xfe\xc7\x49\xcc\xb6\xd0\x53\xae\x84\xc5\xef\xf8\xa4\x38\x08\x7d\x42\x3e\xb3\x5e\xbc\xc0\xaf\x40\x17\x99\x22\xa6\x9c\x83\xfe\xaa\x9d\x42\x6c\x3f\x3c\xf0\x54\x12\xa7\x0c\xa9\x55\x9b\x62\xd6\x9e\xd0\x41\x1c\xa6\x50\xc0\x7e\x4a\x34\x06\x87\x91\xd7\x42\xbb\xf1\x36\x76\xb5\x1d\x40\x0e\xcb\xe0\x1f\x03\xd2\x6d\xdf\x63\xea\xf2\xdb\xeb\x1c\x95\x82\xf6\x46\xd4\x20\x7e\x34\x0e\x7e\xa3\xb6\xa3\x6d\x70\xb2\x51\x3a\x28\x86\x07\xda\x6b\x0f\x93\xc9\x69\x40\xe2\x84\xbd\xd6\xd6\x9b\xac\x90\xbf\xc8\x2d\x01\x60\xdd\xad\xc3\x0e\x7f\x3b\x90\x17\x3c\x57\xaa\xbf\xfd\x48\x81\xd6\xde\x07\xb0\x21\x50\x66\xf6\x68\x27\xa3\x45\x11\x9f\xb4\x62\x50\xa2\x92\x25\x5f\x13\x8a\x7c\x44\x09\x3b\x1d\x66\x84\xc8\x07\xc7\x14\x65\x3e\xab\xb4\x27\x96\xd9\xbe\x0b\x04\xa3\xf8\x4a\xa0\x06\xf9\x8b\x98\x32\xf7\x71\x4c\x6b\x39\xe8\x11\xac\xc6\xa0\x1b\xec\xd5\xdd\x70\x57\x0a\x03\xc6\xe7\x57\x71\x74\x6d\xc2\x58\xf1\x94\x2b\xca\x6d\x0d\x3b\x85\x88\x04\x1b\x38\x10\x72\xb8\xb8\xf8\x9e\xbd\x07\xb7\x4c\xa7\xf0\x34\x1a\xf5\x87\x5c\x88\x9c\x9a\x75\x3a\xce\x87\xbe\xe4\x6d\x67\x69\x00\x90\x30\x9e\xc5\xb1\xc8\xc2\x78\x82\x8a\x33\x39\x00\x02\xd7\x3a\xad\xe7\xc0\x6a\xf0\x56\x0b\x6d\x8e\xd5\xcf\x60\x07\x5c\xbe\x14\xb0\xc5\x87\x57\xfb\xd7\x5d\x25\xa1\x3f\xbf\xa5\x74\xfb\x3c\x6b\xd0\x4e\xf8\x46\x42\xc3\xaa\x21\x87\xf5\x6e\xa3\xb5\x68\x7b\x96\x38\x04\xbb\x64\xd8\xe1\xbd\xb4\x0e\xda\xec\x97\xa0\x19\x9b\x6e\x52\x90\xca\x2e\xc5\x56\xd2\xa3\x43\x6b\x68\x7c\x53\x45\x6f\x0c\x58\x56\x02\xf6\xcc\x0d\xc8\xd4\x22\x2d\x7f\x72\x1b\x9d\x55\x87\x7f\xd5\x2a\x37\x75\x8d\x52\x1a\xbb\x01\xc6\xfd\xe6\x83\xab\x43\x1e\x3c\x5a\xff\x7e\x0e\x85\x06\xa0\x5a\x8c\x72\x5a\xd5\x68\x9c\x31\x80\x14\xa1\x15\x3f\xe1\x0e\x66\x26\x7c\x81\xbf\x78\x85\x86\xbc\xb5\xa2\x10\xd5\x85\x24\x26\x4b\xd9\x63\xa5\x64\x03\xd2\xc6\xec\x28\xd6\x43\xb7\xf9\xf5\x58\x7e\x09\x2f\x61\x08\xf3\xde\x1d\xb7\x27\x14\x6f\x04\x58\x95\x4b\x85\xac\x44\x8d\x38\x6e\x04\x54\x76\xd7\x4c\xa3\xcf\x39\x50\xdf\xc2\xc5\xf5\x56\xb5\xb4\xc2\xe1\x48\xd7\x40\xa3\x96\xa4\x62\x5a\xe5\xd7\xbf\x24\x68\x16\x4d\x61\x19\xcc\xf3\xa3\xf2\x0f\xbd\x68\xfc\x21\x1b\x59\xd0\x09\x2e\x9e\xb5\xd8\x38\xee\x2b\x24\xd9\x4e\x26\x49\xac\x4a\x34\x4f\x41\xf7\x3e\xcf\x7e\xa1\x42\xe3\x97\x0d\xea\x2c\xf0\x17\x8a\xe9\x7d\x1c\xb6\x67\xfa\x5b\x7b\x3d\xb2\x3a\x6e\x56\xe7\x2e\xc4\xc3\xd5\x0d\x86\x61\x87\xbc\x4e\x32\x5f\xf9\x14\x24\x22\xa5\x99\x05\xee\x51\x21\xec\x01\xef\x4f\x69\x7a\xec\x1b\x81\x56\x4d\xd2\x75\x04\xaa\x7f\x06\x47\x0d\x62\x26\x43\xe2\x41\x77\xc3\xea\x5f\xea\xe5\x52\x3e\xa5\x3f\x4f\xf3\xb4\x4e\x77\xdb\x4b\xe9\xab\xba\x06\xa4\x2b\xcc\x08\x96\x19\x8f\xef\xb4\x64\x57\x20\xd8\x1d\xb5\x87\xdd\x91\x77\xd3\xe7\xd2\x43\x1e\xe2\xed\x7d\x92\x9f\x97\x3f\x02\x29\xfb\x03\x9c\x86\x8f\x06\x06\xa0\x5c\x48\x5c\x4c\xc2\xe8\x10\xf3\xa9\xaa\xfd\x61\x34\xa4\xe8\xad\xc1\x71\x50\x18\x58\x6d\xdb\x0d\x07\x7c\x03\x8a\xc2\x8f\x09\x93\xa3\xca\x02\x7c\xd0\x16\x16\x55\x0d\xee\x73\x2f\xb0\xaf\xc6\x8d\xbe\xc1\xbe\xeb\xb3\x1f\xdf\xca\x7a\xc9\x47\xe7\xdc\x9c\x06\xb9\x73\xf8\x48\xbb\xc3\xc9\xc9\x86\x41\xac\x21\x97\x4a\xec\x51\x10\x2e\xe7\x72\xe7\x45\xbc\xab\x1c\xea\x85\x8e\xe9\xe0\x57\xf8\xf5\x05\xed\x0b\x36\xd3\xae\xe4\x5a\x57\x9c\x36\x32\x78\x6b\xfa\xd6\xd1\xce\x3b\xcc\xcf\x81\x66\xe2\xed\xaa\xba\x7c\x31\x39\xcc\x2a\xd3\xd9\xbe\x7b\xa4\xbb\x80\xba\x7b\xdf\x50\x7c\x44\x41\x5d\xd0\x6c\xea\x5a\x83\xfb\x1b\x50\xd0\xd4\x8d\x2b\xd4\xbd\xb3\x6c\xd2\xdd\x05\xdb\x63\x22\xb3\x4c\xc7\xf0\x45\x96\xd3\x40\x74\x47\xd0\x1c\x00\xcb\x70\xc9\x96\xcd\x20\xe4\xd8\x7e\x75\x9e\x89\xc4\xa4\x49\x73\xd9\x65\xc3\xb4\x3b\x76\x94\xda\x1e\xcb\xf9\xd6\x24\x9e\xc6\x6d\x74\xb0\xc3\xed\x36\x24\x93\x3a\xfe\x0f\x30\xa5\xff\x21\xdc\x4d\xab\xab\xf0\x07\x78\x1b\x54\xf0\x53\x5f\x92\xf1\xed\x15\x55\xa4\x17\xc5\x4c\x18\xf2\xf3\xae\xe0\x70\x1a\x2a\x96\xed\x40\x6a\xe3\xeb\x36\x55\x00\xba\x99\x61\xff\xbe\x01\x5f\x71\xc3\xba\xaf\x37\x35\xf3\xec\xdc\x84\x7e\x45\x39\x75\x2c\x27\x8a\x76\x8b\xf0\x2d\xda\xcc\x6b\x9e\xdc\xe7\x66\x5e\x7f\xfa\x56\xd0\x57\xdd\xb5\xd0\x49\x75\x98\x6e\x6b\x9e\xd4\xe3\x19\xaa\xa5\x3e\x01\xe1\x49\xbf\x88\xbb\xd2\x36\xca\x22\xe8\xb6\x23\x47\x65\xeb\x21\x0c\x59\xcd\x84\xba\x16\x99\x31\x65\xb7\xc2\xc1\xc2\xac\x8a\xcd\x60\x76\x54\x64\xf4\xa6\xbd\x41\x32\xd9\xa0\x27\x9e\xbe\x65\x7c\x1f\x41\xde\x50\xb0\x9a\xd6\x81\xab\x47\x7f\x73\x7a\xea\x71\x60\x52\x55\xdb\xfd\x9d\xd4\xc3\x5f\x83\x99\x14\xbe\x29\x80\x8a\xce\x17\xaf\x80\x1e\x4c\xb3\x13\xc0\xd5\x31\x52\x2c\xf3\x4c\x7d\x92\x3d\x92\x32\xdf\xb0\x39\xb0\xde\x32\x19\xac\xce\xce\x6a\x62\x16\xc7\xb8\xb5\xc4\xff\xcb\x38\x01\xae\xe0\xbd\x38\x3a\xc6\x50\x32\xaf\xcd\x3d\x1c\x25\x40\xd2\xc5\x6c\xd5\xbc\x11\x6d\xa1\xc3\x63\x13\xca\x92\x20\x23\x99\x12\xf6\x33\xb4\x64\x58\xbf\x0d\xdd\x6e\x32\x89\xf2\x5d\x8c\x3a\xac\x6a\x53\xdb\xfa\x35\x59\x8b\x6e\x57\x39\x90\x33\x34\xd9\x70\xb3\xdd\x85\xa1\xb5\x78\x10\xad\xc4\x51\xe6\x29\x79\xc6\xbc\x5f\x51\x07\x43\x14\x9b\xe1\x60\x69\x94\x10\xd9\x5b\xeb\x39\x38\x08\xcb\x05\x64\x19\x67\x47\xcc\x63\x86\xb4\xa6\xfb\x26\xfa\x1f\x53\xd7\xc1\xd6\xbc\xeb\x79\xc4\x1f\xdc\xd8\xed\x66\x3b\x16\x85\x87\x72\x42\x08\xb4\x6e\xf5\x99\x89\x45\x84\xbc\x35\xd6\xa8\x66\x2b\x20\x4b\xfc\x15\xa8\xcb\xec\xed\xc3\x20\xef\x5e\xdb\x5f\x20\xfb\xd5\x60\xc6\x26\x84\x3d\xb2\x4d\x6c\x8b\x7e\x55\xb6\x1a\x47\xa3\x26\x8d\xdb\x0f\xb5\x23\xf5\x66\x94\x37\x8f\xd2\xc7\x6d\xbc\x61\x82\xcb\x49\xaf\xdd\x2a\xea\x2d\xc7\xf9\x1f\xe9\x44\x5b\x21\xc6\xb1\x2b\x8f\x99\xba\xaf\x24\x2a\xb0\xff\x1e\x14\x13\xc7\xb1\xbc\xb3\x8d\xda\x4d\xe1\xfc\x9a\xc5\x87\x43\x41\x10\xf8\x3c\xe2\x15\x7c\x99\x01\x82\x52\xe9\x77\xdf\x9e\x8e\xc0\x25\x05\x19\x25\x6c\xe5\xcd\xc8\xb7\xa7\x95\xae\x26\x62\x57\x1b\xb4\xc3\xeb\x98\xae\xb0\x93\x58\x4b\x17\xf0\xb1\xa6\xc0\x26\x03\x7d\x08\x0a\xeb\xa6\xa7\xb5\xb2\x16\x90\x39\x42\xa6\x6e\xed\x37\xed\x89\x0d\xc5\xdf\x1a\xcd\x71\x12\x05\xe1\x9d\x01\x6b\xad\xda\x1c\xe3\x76\x59\xa7\x8a\x7d\x3f\xe0\x06\xcf\xf2\x0d\xf8\x40\x35\x3e\x6b\x96\x56\x8d\xbc\x7a\xcd\xca\x38\x89\xb8\x85\xf4\x95\x6e\xe7\xf5\xea\x90\x53\x2d\x71\xeb\x1b\x92\x11\x80\xea\x2e\x38\x5a\x4c\x35\x51\xfd\xed\x44\x41\x9a\x3f\x37\x33\x41\xa2\x88\x24\x7a\x13\x6f\xd7\xbe\x0c\x8a\xfb\x54\x11\xba\xfb\xa9\x6a\x1f\xfe\xb5\x3b\x12\xe7\x06\x8d\x00\x8d\x96\xf8\x07\xcd\x87\x8b\x77\x5b\xd9\x61\x4c\x9b\xf5\x7f\x1d\x13\xfa\xdc\x86\xc2\xf5\x82\xdb\x03\x8a\xd2\x49\x11\xb4\x20\xb5\x6e\xc1\xc6\xe4\x85\x9d\x23\x11\x26\x3b\xb6\x8a\xaa\x07\x23\x28\xa4\xd3\x14\x84\xe1\x4b\x7f\xdd\x1f\x27\xbd\xac\x94\xd8\x5a\x3d\x69\x31\xa7\x2e\xd8\x80\xba\x85\xa5\xaf\xf0\x33\xb9\xf4\x90\x32\x4f\x00\x72\xb3\x64\x54\x62\x2b\x92\x48\xde\x9d\xcf\x99\xe8\x87\xd6\x75\x90\x70\x29\x61\x85\xe7\x94\x9d\x0f\x94\xb3\x52\x7b\x46\xe2\x51\xc3\x43\x14\x96\x01\xad\xfe\x05\x14\x89\xf9\xbf\xe2\xae\x17\xa6\x68\xdf\x46\x54\x14\xa2\x82\x98\xfa\x05\x73\x86\x6f\x30\x5b\xda\xd7\xbf\x91\xda\x22\x07\x13\x7b\xdf\x7b\xa5\xdf\xaf\x06\x2b\x4e\xc7\xd5\xb9\xb9\xcc\x75\x86\x9d\xb7\x0b\xd5\xc1\xd8\x9f\xf0\xfe\xc4\x3f\xf9\x2d\x1b\x93\xa9\x3f\x0d\xfc\x94\xb0\x09\x85\xbd\x97\xec\xaf\xd4\x39\x54\x24\xbf\xf8\xea\x03\x6b\x62\x8f\x8e\x6b\x5b\x8b\x03\x72\x4f\x09\xb7\xa4\x62\xac\x03\x1b\x2b\x62\x18\x99\x47\xa8\x2d\x00\xb2\x43\x4d\x41\x03\xec\x6d\x59\xea\x10\xe3\x77\xf6\xfe\x98\xf7\x41\x1f\x10\xba\xae\x6c\x71\xfc\x11\x6a\x77\xdd\xd6\x4f\x46\x14\x86\x17\xc1\x59\x8e\xe8\x6f\xeb\x58\xba\x6a\x85\x2f\x4c\x71\x18\x7b\x4b\xdc\x5d\x84\x53\x28\x09\xfb\x47\x86\x61\x28\x95\xbe\xe6\x2b\x89\x92\xb4\x5f\x76\x0b\x82\x19\x80\x26\x1a\x88\x28\x0d\xb0\xe9\x23\xd7\xb7\x21\x62\xb1\xaa\xfd\xde\xe4\xff\x61\xbe\x8e\x49\x01\x27\x58\xcb\x86\x63\xd3\x32\x1c\x4b\x9c\x45\x1e\xa0\x9d\xc8\x61\xc6\x3f\x42\xda\x85\x99\x99\xe5\x14\xdc\x2e\x65\xa8\x3d\x9f\x52\x17\x83\x1b\xf0\x24\x3e\xbd\xca\x6e\x48\x4d\xfc\xfa\xce\x23\x76\xcd\x11\x66\xe9\x53\x29\xdb\x57\x79\x08\x22\xf1\x07\xe7\x38\x7b\x2a\x39\x3d\xd0\xcc\x81\x45\x5a\x42\xad\xf7\xc7\x84\x92\xca\x74\x1b\x0d\xc1\x6b\xdc\x56\x27\x3a\x38\x9a\xbf\xf5\x94\x87\xe3\xbb\x8b\x22\x26\x28\x8f\xa6\x2c\x62\x93\x3d\xe0\x78\x30\xc3\x70\x7f\x41\x0f\xb7\x96\x96\xf4\xed\xea\x3e\x72\xa1\x72\x50\xae\xb6\xd9\xcb\xa9\x54\xce\x44\x26\x22\x01\x95\xd6\x4e\x75\x3f\x82\x5d\xfb\x9c\xab\x3f\x74\xbc\xd6\x9c\x1a\x12\x22\xe6\xb6\x72\x7b\xb4\x19\x10\x2f\xbb\x22\x6b\xb6\xef\xc1\xd3\x17\xcb\xb0\xd7\xe1\x70\xa6\x20\x31\x85\x2f\x8c\xfa\x32\x38\x05\xdd\x55\x8a\xfc\xdf\x35\xf8\xac\xcc\xeb\xd7\x91\xe3\xca\xa3\x9c\xe8\xb7\xbd\xdd\x1e\x38\x22\x7e\x58\xf7\x98\xf9\x7e\xc5\x78\x15\x35\x38\x50\x67\xd5\x2a\x9d\x70\xe0\x4a\x45\x7a\x3e\xb8\x5c\x28\xb9\x71\x7c\xbb\xa6\x3e\xd0\x5a\xc1\xed\x01\x94\xc7\x09\x6f\x5d\xc1\xc0\x59\xbf\x5c\x4f\x53\x72\x48\x52\xca\x91\x39\x6f\xb7\x87\xda\x39\x10\x1c\xb9\x37\xb3\x21\x25\x0d\x06\x98\x4b\xda\xbf\x1c\xd8\x33\x3e\x26\x6e\x24\x53\xd9\x21\x19\xa4\x26\x21\x8e\x19\x02\x28\xd6\x0b\xeb\x6b\x32\x21\x2d\x1b\x0e\xee\x3a\x36\xf3\xde\x80\xdd\x09\x13\xe1\x80\x6c\x47\x87\xf4\x4d\x1d\x74\xfd\x30\xff\x7f\x1e\xdb\x37\x76\xe9\x32\xb8\x58\x4a\x61\xfa\x7c\x61\x5a\xa0\x98\xab\xdf\x9f\xf5\x5c\x13\x84\xfa\xc0\xbd\xb2\x9e\x96\x4a\xb7\x6c\x87\x9b\x31\xa8\xf9\xdb\x46\xe7\x1d\x6b\x04\xc5\x5f\x40\x14\xea\x69\xb3\x71\xe9\x59\x25\xf6\x67\xd5\xac\xc7\x2b\x49\x47\x69\x31\x20\xc3\x64\xb5\x65\x44\xb8\x87\xc9\xae\x69\x57\x3e\xe6\x04\xaf\xad\x7d\xb6\x54\x85\xd6\x71\x9d\x1e\x44\x3a\x7a\x2f\x5c\x0b\x4a\x6e\xfc\xbe\x76\x04\x55\xd7\x20\x23\xab\x9a\x9d\x11\x95\x9f\xc8\xfe\x66\x92\x85\x91\x9b\x3c\x1c\xa7\xcf\x3d\x3a\x62\xbc\x0b\xd8\xf5\xdc\x19\xc9\xf5\x0d\x50\x8c\x56\x0c\xf8\xd4\x26\x93\xd4\x29\x59\x7f\xa3\x6c\xb2\x58\x8d\x46\x3e\x51\xe1\x9c\x65\xe0\x54\x06\x80\x90\xc3\x54\xda\x25\x33\x54\x14\x43\xf7\x48\x95\x69\x1b\x75\xc2\x01\x1a\xaa\xbb\x59\x81\x1e\x9b\xc5\xd9\x6e\xee\xb2\x19\x52\xd5\xb8\xbf\xf2\xb7\x9d\x6e\x64\x2c\xf6\xbe\x3c\x8d\x4a\xda\x2e\x64\xb1\x89\x57\x30\x3f\x4f\x75\x7a\xb3\xf5\x75\x84\xa3\x94\x2a\xa2\x08\x7f\xb0\x3e\xe9\x70\x30\x37\xa6\x6c\xcc\x30\x1c\xd5\x9f\x63\x50\x6c\xc9\xd2\x96\xbc\xb4\xe2\x7a\x84\xfa\xbc\x50\x73\x04\x9a\x66\x32\x21\x91\x69\x8f\x1e\x3f\x16\xaf\xcf\x1f\xfa\x0f", 4096); memcpy((void*)0x200010e6, "\x7f\x9a\xc5\xbf\xea\x59\x10\x23\xd1\xc4\xce\xaf\x7d\xa5\x3c\xde\xca\x7f\x3c\xbe\xbe\xd9\xc4\x3c\x9a\x42\x4b\x38\x7b\x5f\x93\x9b\xed\x43\x6f\x47\x4c\xf3\xc9\x03\x0d\x8f\x42\x82\x29\xaf\x5c\x37\x65\xad\x3f\x0c\xd0\xf3\x07\xcd\xbf\x00\xf0\x07\xa1\xc0\x72\x53\x12\xca\x4c\xee\xe0\x6f\xf1\xc4\x99\x7b\xeb\x9d\x98\x28\xb2\xa7\x75\x02\x49\x1e\xf9\xf2\x7f\x5f\x8a\x21\x90\xa1\x6a\x95\xa6\x09\x63\x91\x45\x59\xc0\xe0\xfa\x46\x4b\x3b\x41\xc9\x73\x28\xdc\xa8\x77\x97\x56\xf5\x10\xdc\x4c\xd3\x3d\x65\x31\x27\x4c\xfa", 126); memcpy((void*)0x20001164, "\x68\x2c\xc7\x80\xcf\xd8\xfa\xe0\x24\x50\x1f\xf6\x27\x29\xab\x77\xce\xbe\x25\xca\xad\xf4\x39\x85\xb3\x0d\xb8\x38\x7f\xf3\x77\xed\x37\x03\x3e\x09\xf3\x35\x63\x0f\x36\xae\xad\x37\x57\x3d\x32\x40\x72\xd9\xfb\x1a\x62\x7a\xb3\xa3\xca\x51\xd4\xa1\x26\xb7\xf6\xa8\x5f\xb4\x9e\x27\xaf\x49\x3a\x4f\x04\x88\xa2\x07\x31\xe7\xc3\xe5\x22\x8e\xa7\x90\x52\xbe\xa7\x6c\x12\xad\x74\x3b\xfc\xb9\xc9\x62\xf3\x6f\x55\xda\xdb\x59\x51\x7b\x7c\x20\xab\x84\x8c\x45\x8f\x11\xe0\x0c\x13\x08\xa2\xf0\x7e\xa1\xe3", 121); syscall(SYS_test, 0x20000080, 5, 0, 0, 0, 0); break; case 3: *(uint8_t*)0x20001200 = 9; *(uint8_t*)0x20001201 = 3; *(uint8_t*)0x20001204 = 8; syscall(SYS_test, 0x20001200, 0, 0, 0, 0, 0); break; case 4: STORE_BY_BITMASK(uint16_t, , 0x20001240, 0, 0, 10); *(uint64_t*)0x20001248 = 3; STORE_BY_BITMASK(uint16_t, , 0x20001250, 2, 0, 5); STORE_BY_BITMASK(uint16_t, , 0x20001250, 0x3c, 5, 6); STORE_BY_BITMASK(uint32_t, , 0x20001250, 0x42, 11, 15); STORE_BY_BITMASK(uint16_t, , 0x20001254, 0x20, 0, 11); STORE_BY_BITMASK(uint16_t, htobe16, 0x20001256, 0x20, 0, 11); *(uint8_t*)0x20001258 = 0x80; syscall(SYS_test, 0x20001240, 0, 0, 0, 0, 0); break; case 5: syscall(SYS_mutate2); break; case 6: *(uint64_t*)0x20001280 = 4; *(uint64_t*)0x20001288 = 0x63aa; *(uint8_t*)0x20001290 = 2; *(uint8_t*)0x20001291 = 0x10; *(uint8_t*)0x20001292 = 8; *(uint8_t*)0x20001293 = 4; *(uint8_t*)0x20001294 = 2; syscall(SYS_test, 0x20001280, 0, 0, 0, 0, 0); break; case 7: syscall(SYS_test_excessive_args1); break; case 8: memcpy((void*)0x200012c0, "#\000", 2); syscall(SYS_test, 0x200012c0, 0, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001300, "#\000", 2); syscall(SYS_test, 0x20001300, 0, 0, 0, 0, 0); break; case 10: memcpy((void*)0x20000000, ".-\000", 3); *(uint8_t*)0x20000040 = 8; *(uint8_t*)0x20000048 = 6; *(uint8_t*)0x20000049 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000048, 6, 16, 4); STORE_BY_BITMASK(uint32_t, , 0x20000048, 1, 20, 4); STORE_BY_BITMASK(uint16_t, , 0x2000004a, 6, 8, 4); STORE_BY_BITMASK(uint8_t, , 0x2000004b, 8, 4, 4); syz_compare(0x20000000, 3, 0x20000040, 0x10); break; case 11: syz_compare_int(2, 9, 0x3ff, 0, 0); break; case 12: syz_errno(0xff); break; case 13: memcpy((void*)0x20000080, "\x9a\x81\xde\x5d\x92\x8f\x1a\x60\xf1\x7b\xeb\x77\xb1\xf9\x9a\x68\xaf\x78\x90\x7e\x1b\x40\xde\x1e\x91\x0c\x39\x56\xa2\xa9\x49\x7c\x8f\x05\xfb\xd7\xd7\x28\x2e\x23\x44\xfc\x3c\x4a\x13\x7d\xc0\x2d\x3d\x14", 50); syz_execute_func(0x20000080); break; case 14: syz_exit(0x3bc); break; case 15: syz_mmap(0x20003000, 0x2000); break; case 16: syz_sleep_ms(0xae); break; } } int main(void) { syz_mmap(0x20000000, 0x1000000); use_temporary_dir(); do_sandbox_none(); return 0; } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from :7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: gcc [-o /tmp/syz-executor734883201 -DGOOS_test=1 -DGOARCH_32_fork_shmem=1 -DHOSTGOOS_linux=1 -x c - -m32 -static -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-overflow] --- FAIL: TestGenerate/test/32_fork_shmem/8 (0.25s) csource_test.go:122: --- FAIL: TestGenerate/test/32_fork_shmem/12 (0.25s) csource_test.go:122: --- FAIL: TestGenerate/test/32_fork_shmem/11 (0.26s) csource_test.go:122: --- FAIL: TestGenerate/test/32_fork_shmem/5 (0.26s) csource_test.go:122: FAIL FAIL github.com/google/syzkaller/pkg/csource 8.005s ok github.com/google/syzkaller/pkg/db 1.123s ? github.com/google/syzkaller/pkg/debugtracer [no test files] ok github.com/google/syzkaller/pkg/email 0.081s ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host 6.749s ? github.com/google/syzkaller/pkg/html [no test files] ok github.com/google/syzkaller/pkg/ifuzz 0.623s ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ok github.com/google/syzkaller/pkg/instance 0.632s --- FAIL: TestExecutor (3.16s) --- FAIL: TestExecutor/386 (0.30s) ipc_test.go:28: failed to build program: // Copyright 2017 syzkaller project authors. All rights reserved. // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. // +build #include #include #include #include #include #include #include #include #include #include #include #if !GOOS_windows #include #endif #include "defs.h" #if defined(__GNUC__) #define SYSCALLAPI #define NORETURN __attribute__((noreturn)) #define ALIGNED(N) __attribute__((aligned(N))) #define PRINTF(fmt, args) __attribute__((format(printf, fmt, args))) #define INPUT_DATA_ALIGNMENT 64 << 10 #else // Assuming windows/cl. #define SYSCALLAPI WINAPI #define NORETURN __declspec(noreturn) #define INPUT_DATA_ALIGNMENT 4 << 10 #define ALIGNED(N) __declspec(align(N)) // here we are not aligning the value because of msvc reporting the value as an illegal value #define PRINTF(fmt, args) #define __thread __declspec(thread) #endif #ifndef GIT_REVISION #define GIT_REVISION "unknown" #endif #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) // uint64 is impossible to printf without using the clumsy and verbose "%" PRId64. // So we define and use uint64. Note: pkg/csource does s/uint64/uint64/. // Also define uint32/16/8 for consistency. typedef unsigned long long uint64; typedef unsigned int uint32; typedef unsigned short uint16; typedef unsigned char uint8; // exit/_exit do not necessary work (e.g. if fuzzer sets seccomp filter that prohibits exit_group). // Use doexit instead. We must redefine exit to something that exists in stdlib, // because some standard libraries contain "using ::exit;", but has different signature. #define exit vsnprintf // Dynamic memory allocation reduces test reproducibility across different libc versions and kernels. // malloc will cause unspecified number of additional mmap's at unspecified locations. // For small objects prefer stack allocations, for larger -- either global objects (this may have // issues with concurrency), or controlled mmaps, or make the fuzzer allocate memory. #define malloc do_not_use_malloc #define calloc do_not_use_calloc // Note: zircon max fd is 256. // Some common_OS.h files know about this constant for RLIMIT_NOFILE. const int kMaxFd = 250; const int kMaxThreads = 16; const int kInPipeFd = kMaxFd - 1; // remapped from stdin const int kOutPipeFd = kMaxFd - 2; // remapped from stdout const int kCoverFd = kOutPipeFd - kMaxThreads; const int kMaxArgs = 9; const int kCoverSize = 256 << 10; const int kFailStatus = 67; // Logical error (e.g. invalid input program), use as an assert() alternative. static NORETURN PRINTF(1, 2) void fail(const char* msg, ...); // Just exit (e.g. due to temporal ENOMEM error). static NORETURN PRINTF(1, 2) void exitf(const char* msg, ...); static NORETURN void doexit(int status); // Print debug output that is visible when running syz-manager/execprog with -debug flag. // Debug output is supposed to be relatively high-level (syscalls executed, return values, timing, etc) // and is intended mostly for end users. If you need to debug lower-level details, use debug_verbose // function and temporary enable it in your build by changing #if 0 below. // This function does not add \n at the end of msg as opposed to the previous functions. static PRINTF(1, 2) void debug(const char* msg, ...); void debug_dump_data(const char* data, int length); #if 0 #define debug_verbose(...) debug(__VA_ARGS__) #else #define debug_verbose(...) (void)0 #endif static void receive_execute(); static void reply_execute(int status); #if GOOS_akaros static void resend_execute(int fd); #endif #if SYZ_EXECUTOR_USES_FORK_SERVER static void receive_handshake(); static void reply_handshake(); #endif #if SYZ_EXECUTOR_USES_SHMEM const int kMaxOutput = 16 << 20; const int kInFd = 3; const int kOutFd = 4; static uint32* output_data; static uint32* output_pos; static uint32* write_output(uint32 v); static uint32* write_output_64(uint64 v); static void write_completed(uint32 completed); static uint32 hash(uint32 a); static bool dedup(uint32 sig); #endif uint64 start_time_ms = 0; static bool flag_debug; static bool flag_coverage; static bool flag_sandbox_none; static bool flag_sandbox_setuid; static bool flag_sandbox_namespace; static bool flag_sandbox_android; static bool flag_extra_coverage; static bool flag_net_injection; static bool flag_net_devices; static bool flag_net_reset; static bool flag_cgroups; static bool flag_close_fds; static bool flag_devlink_pci; static bool flag_vhci_injection; static bool flag_wifi; static bool flag_collect_cover; static bool flag_dedup_cover; static bool flag_threaded; static bool flag_collide; static bool flag_coverage_filter; // If true, then executor should write the comparisons data to fuzzer. static bool flag_comparisons; // Inject fault into flag_fault_nth-th operation in flag_fault_call-th syscall. static bool flag_fault; static int flag_fault_call; static int flag_fault_nth; // Tunable timeouts, received with execute_req. static uint64 syscall_timeout_ms; static uint64 program_timeout_ms; static uint64 slowdown_scale; #define SYZ_EXECUTOR 1 #include "common.h" const int kMaxInput = 4 << 20; // keep in sync with prog.ExecBufferSize const int kMaxCommands = 1000; const uint64 instr_eof = -1; const uint64 instr_copyin = -2; const uint64 instr_copyout = -3; const uint64 arg_const = 0; const uint64 arg_result = 1; const uint64 arg_data = 2; const uint64 arg_csum = 3; const uint64 binary_format_native = 0; const uint64 binary_format_bigendian = 1; const uint64 binary_format_strdec = 2; const uint64 binary_format_strhex = 3; const uint64 binary_format_stroct = 4; const uint64 no_copyout = -1; static int running; static bool collide; uint32 completed; bool is_kernel_64_bit = true; ALIGNED(INPUT_DATA_ALIGNMENT) static char input_data[kMaxInput]; // Checksum kinds. static const uint64 arg_csum_inet = 0; // Checksum chunk kinds. static const uint64 arg_csum_chunk_data = 0; static const uint64 arg_csum_chunk_const = 1; typedef intptr_t(SYSCALLAPI* syscall_t)(intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t, intptr_t); struct call_t { const char* name; int sys_nr; call_attrs_t attrs; syscall_t call; }; struct cover_t { int fd; uint32 size; char* data; char* data_end; }; struct thread_t { int id; bool created; event_t ready; event_t done; uint64* copyout_pos; uint64 copyout_index; bool colliding; bool executing; int call_index; int call_num; int num_args; intptr_t args[kMaxArgs]; intptr_t res; uint32 reserrno; bool fault_injected; cover_t cov; bool soft_fail_state; }; static thread_t threads[kMaxThreads]; static thread_t* last_scheduled; // Threads use this variable to access information about themselves. static __thread struct thread_t* current_thread; static cover_t extra_cov; struct res_t { bool executed; uint64 val; }; static res_t results[kMaxCommands]; const uint64 kInMagic = 0xbadc0ffeebadface; const uint32 kOutMagic = 0xbadf00d; struct handshake_req { uint64 magic; uint64 flags; // env flags uint64 pid; }; struct handshake_reply { uint32 magic; }; struct execute_req { uint64 magic; uint64 env_flags; uint64 exec_flags; uint64 pid; uint64 fault_call; uint64 fault_nth; uint64 syscall_timeout_ms; uint64 program_timeout_ms; uint64 slowdown_scale; uint64 prog_size; }; struct execute_reply { uint32 magic; uint32 done; uint32 status; }; // call_reply.flags const uint32 call_flag_executed = 1 << 0; const uint32 call_flag_finished = 1 << 1; const uint32 call_flag_blocked = 1 << 2; const uint32 call_flag_fault_injected = 1 << 3; struct call_reply { execute_reply header; uint32 call_index; uint32 call_num; uint32 reserrno; uint32 flags; uint32 signal_size; uint32 cover_size; uint32 comps_size; // signal/cover/comps follow }; enum { KCOV_CMP_CONST = 1, KCOV_CMP_SIZE1 = 0, KCOV_CMP_SIZE2 = 2, KCOV_CMP_SIZE4 = 4, KCOV_CMP_SIZE8 = 6, KCOV_CMP_SIZE_MASK = 6, }; struct kcov_comparison_t { // Note: comparisons are always 64-bits regardless of kernel bitness. uint64 type; uint64 arg1; uint64 arg2; uint64 pc; bool ignore() const; void write(); bool operator==(const struct kcov_comparison_t& other) const; bool operator<(const struct kcov_comparison_t& other) const; }; typedef char kcov_comparison_size[sizeof(kcov_comparison_t) == 4 * sizeof(uint64) ? 1 : -1]; struct feature_t { const char* name; void (*setup)(); }; static thread_t* schedule_call(int call_index, int call_num, bool colliding, uint64 copyout_index, uint64 num_args, uint64* args, uint64* pos); static void handle_completion(thread_t* th); static void copyout_call_results(thread_t* th); static void write_call_output(thread_t* th, bool finished); static void write_extra_output(); static void execute_call(thread_t* th); static void thread_create(thread_t* th, int id); static void* worker_thread(void* arg); static uint64 read_input(uint64** input_posp, bool peek = false); static uint64 read_arg(uint64** input_posp); static uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf, uint64* bf_off_p, uint64* bf_len_p); static uint64 read_result(uint64** input_posp); static uint64 swap(uint64 v, uint64 size, uint64 bf); static void copyin(char* addr, uint64 val, uint64 size, uint64 bf, uint64 bf_off, uint64 bf_len); static bool copyout(char* addr, uint64 size, uint64* res); static void setup_control_pipes(); static void setup_features(char** enable, int n); #include "syscalls.h" #if GOOS_linux #include "executor_linux.h" #elif GOOS_fuchsia #include "executor_fuchsia.h" #elif GOOS_akaros #include "executor_akaros.h" #elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd #include "executor_bsd.h" #elif GOOS_windows #include "executor_windows.h" #elif GOOS_test #include "executor_test.h" #else #error "unknown OS" #endif #include "cov_filter.h" #include "test.h" int main(int argc, char** argv) { if (argc == 2 && strcmp(argv[1], "version") == 0) { puts(GOOS " " GOARCH " " SYZ_REVISION " " GIT_REVISION); return 0; } if (argc >= 2 && strcmp(argv[1], "setup") == 0) { setup_features(argv + 2, argc - 2); return 0; } if (argc >= 2 && strcmp(argv[1], "leak") == 0) { #if SYZ_HAVE_LEAK_CHECK check_leaks(argv + 2, argc - 2); #else fail("leak checking is not implemented"); #endif return 0; } if (argc >= 2 && strcmp(argv[1], "setup_kcsan_filterlist") == 0) { #if SYZ_HAVE_KCSAN setup_kcsan_filterlist(argv + 2, argc - 2, true); #else fail("KCSAN is not implemented"); #endif return 0; } if (argc == 2 && strcmp(argv[1], "test") == 0) return run_tests(); start_time_ms = current_time_ms(); os_init(argc, argv, (char*)SYZ_DATA_OFFSET, SYZ_NUM_PAGES * SYZ_PAGE_SIZE); current_thread = &threads[0]; #if SYZ_EXECUTOR_USES_SHMEM if (mmap(&input_data[0], kMaxInput, PROT_READ, MAP_PRIVATE | MAP_FIXED, kInFd, 0) != &input_data[0]) fail("mmap of input file failed"); // The output region is the only thing in executor process for which consistency matters. // If it is corrupted ipc package will fail to parse its contents and panic. // But fuzzer constantly invents new ways of how to currupt the region, // so we map the region at a (hopefully) hard to guess address with random offset, // surrounded by unmapped pages. // The address chosen must also work on 32-bit kernels with 1GB user address space. void* preferred = (void*)(0x1b2bc20000ull + (1 << 20) * (getpid() % 128)); output_data = (uint32*)mmap(preferred, kMaxOutput, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, kOutFd, 0); if (output_data != preferred) fail("mmap of output file failed"); // Prevent test programs to mess with these fds. // Due to races in collider mode, a program can e.g. ftruncate one of these fds, // which will cause fuzzer to crash. close(kInFd); close(kOutFd); #endif use_temporary_dir(); install_segv_handler(); setup_control_pipes(); #if SYZ_EXECUTOR_USES_FORK_SERVER receive_handshake(); #else receive_execute(); #endif if (flag_coverage) { for (int i = 0; i < kMaxThreads; i++) { threads[i].cov.fd = kCoverFd + i; cover_open(&threads[i].cov, false); cover_protect(&threads[i].cov); } cover_open(&extra_cov, true); cover_protect(&extra_cov); if (flag_extra_coverage) { // Don't enable comps because we don't use them in the fuzzer yet. cover_enable(&extra_cov, false, true); } init_coverage_filter(); } int status = 0; if (flag_sandbox_none) status = do_sandbox_none(); #if SYZ_HAVE_SANDBOX_SETUID else if (flag_sandbox_setuid) status = do_sandbox_setuid(); #endif #if SYZ_HAVE_SANDBOX_NAMESPACE else if (flag_sandbox_namespace) status = do_sandbox_namespace(); #endif #if SYZ_HAVE_SANDBOX_ANDROID else if (flag_sandbox_android) status = do_sandbox_android(); #endif else fail("unknown sandbox type"); #if SYZ_EXECUTOR_USES_FORK_SERVER fprintf(stderr, "loop exited with status %d\n", status); // Other statuses happen when fuzzer processes manages to kill loop, e.g. with: // ptrace(PTRACE_SEIZE, 1, 0, 0x100040) if (status != kFailStatus) status = 0; // If an external sandbox process wraps executor, the out pipe will be closed // before the sandbox process exits this will make ipc package kill the sandbox. // As the result sandbox process will exit with exit status 9 instead of the executor // exit status (notably kFailStatus). So we duplicate the exit status on the pipe. reply_execute(status); doexit(status); // Unreachable. return 1; #else reply_execute(status); return status; #endif } void setup_control_pipes() { if (dup2(0, kInPipeFd) < 0) fail("dup2(0, kInPipeFd) failed"); if (dup2(1, kOutPipeFd) < 0) fail("dup2(1, kOutPipeFd) failed"); if (dup2(2, 1) < 0) fail("dup2(2, 1) failed"); // We used to close(0), but now we dup stderr to stdin to keep fd numbers // stable across executor and C programs generated by pkg/csource. if (dup2(2, 0) < 0) fail("dup2(2, 0) failed"); } void parse_env_flags(uint64 flags) { // Note: Values correspond to ordering in pkg/ipc/ipc.go, e.g. FlagSandboxNamespace flag_debug = flags & (1 << 0); flag_coverage = flags & (1 << 1); if (flags & (1 << 2)) flag_sandbox_setuid = true; else if (flags & (1 << 3)) flag_sandbox_namespace = true; else if (flags & (1 << 4)) flag_sandbox_android = true; else flag_sandbox_none = true; flag_extra_coverage = flags & (1 << 5); flag_net_injection = flags & (1 << 6); flag_net_devices = flags & (1 << 7); flag_net_reset = flags & (1 << 8); flag_cgroups = flags & (1 << 9); flag_close_fds = flags & (1 << 10); flag_devlink_pci = flags & (1 << 11); flag_vhci_injection = flags & (1 << 12); flag_wifi = flags & (1 << 13); } #if SYZ_EXECUTOR_USES_FORK_SERVER void receive_handshake() { handshake_req req = {}; int n = read(kInPipeFd, &req, sizeof(req)); if (n != sizeof(req)) fail("handshake read failed: %d", n); if (req.magic != kInMagic) fail("bad handshake magic 0x%llx", req.magic); parse_env_flags(req.flags); procid = req.pid; } void reply_handshake() { handshake_reply reply = {}; reply.magic = kOutMagic; if (write(kOutPipeFd, &reply, sizeof(reply)) != sizeof(reply)) fail("control pipe write failed"); } #endif static execute_req last_execute_req; void receive_execute() { execute_req& req = last_execute_req; if (read(kInPipeFd, &req, sizeof(req)) != (ssize_t)sizeof(req)) fail("control pipe read failed"); if (req.magic != kInMagic) fail("bad execute request magic 0x%llx", req.magic); if (req.prog_size > kMaxInput) fail("bad execute prog size 0x%llx", req.prog_size); parse_env_flags(req.env_flags); procid = req.pid; syscall_timeout_ms = req.syscall_timeout_ms; program_timeout_ms = req.program_timeout_ms; slowdown_scale = req.slowdown_scale; flag_collect_cover = req.exec_flags & (1 << 0); flag_dedup_cover = req.exec_flags & (1 << 1); flag_fault = req.exec_flags & (1 << 2); flag_comparisons = req.exec_flags & (1 << 3); flag_threaded = req.exec_flags & (1 << 4); flag_collide = req.exec_flags & (1 << 5); flag_coverage_filter = req.exec_flags & (1 << 6); flag_fault_call = req.fault_call; flag_fault_nth = req.fault_nth; if (!flag_threaded) flag_collide = false; debug("[%llums] exec opts: procid=%llu threaded=%d collide=%d cover=%d comps=%d dedup=%d fault=%d/%d/%d" " timeouts=%llu/%llu/%llu prog=%llu filter=%d\n", current_time_ms() - start_time_ms, procid, flag_threaded, flag_collide, flag_collect_cover, flag_comparisons, flag_dedup_cover, flag_fault, flag_fault_call, flag_fault_nth, syscall_timeout_ms, program_timeout_ms, slowdown_scale, req.prog_size, flag_coverage_filter); if (syscall_timeout_ms == 0 || program_timeout_ms <= syscall_timeout_ms || slowdown_scale == 0) fail("bad timeouts: %llu/%llu/%llu", syscall_timeout_ms, program_timeout_ms, slowdown_scale); if (SYZ_EXECUTOR_USES_SHMEM) { if (req.prog_size) fail("need_prog: no program"); return; } if (req.prog_size == 0) fail("need_prog: no program"); uint64 pos = 0; for (;;) { ssize_t rv = read(kInPipeFd, input_data + pos, sizeof(input_data) - pos); if (rv < 0) fail("read failed"); pos += rv; if (rv == 0 || pos >= req.prog_size) break; } if (pos != req.prog_size) fail("bad input size %lld, want %lld", pos, req.prog_size); } #if GOOS_akaros void resend_execute(int fd) { execute_req& req = last_execute_req; if (write(fd, &req, sizeof(req)) != sizeof(req)) fail("child pipe header write failed"); if (write(fd, input_data, req.prog_size) != (ssize_t)req.prog_size) fail("child pipe program write failed"); } #endif void reply_execute(int status) { execute_reply reply = {}; reply.magic = kOutMagic; reply.done = true; reply.status = status; if (write(kOutPipeFd, &reply, sizeof(reply)) != sizeof(reply)) fail("control pipe write failed"); } // execute_one executes program stored in input_data. void execute_one() { // Duplicate global collide variable on stack. // Fuzzer once come up with ioctl(fd, FIONREAD, 0x920000), // where 0x920000 was exactly collide address, so every iteration reset collide to 0. bool colliding = false; #if SYZ_EXECUTOR_USES_SHMEM output_pos = output_data; write_output(0); // Number of executed syscalls (updated later). #endif uint64 start = current_time_ms(); retry: uint64* input_pos = (uint64*)input_data; if (flag_coverage && !colliding) { if (!flag_threaded) cover_enable(&threads[0].cov, flag_comparisons, false); if (flag_extra_coverage) cover_reset(&extra_cov); } int call_index = 0; uint64 prog_extra_timeout = 0; uint64 prog_extra_cover_timeout = 0; for (;;) { uint64 call_num = read_input(&input_pos); if (call_num == instr_eof) break; if (call_num == instr_copyin) { char* addr = (char*)read_input(&input_pos); uint64 typ = read_input(&input_pos); switch (typ) { case arg_const: { uint64 size, bf, bf_off, bf_len; uint64 arg = read_const_arg(&input_pos, &size, &bf, &bf_off, &bf_len); copyin(addr, arg, size, bf, bf_off, bf_len); break; } case arg_result: { uint64 meta = read_input(&input_pos); uint64 size = meta & 0xff; uint64 bf = meta >> 8; uint64 val = read_result(&input_pos); copyin(addr, val, size, bf, 0, 0); break; } case arg_data: { uint64 size = read_input(&input_pos); size &= ~(1ull << 63); // readable flag NONFAILING(memcpy(addr, input_pos, size)); // Read out the data. for (uint64 i = 0; i < (size + 7) / 8; i++) read_input(&input_pos); break; } case arg_csum: { debug_verbose("checksum found at %p\n", addr); uint64 size = read_input(&input_pos); char* csum_addr = addr; uint64 csum_kind = read_input(&input_pos); switch (csum_kind) { case arg_csum_inet: { if (size != 2) fail("inet checksum must be 2 bytes, not %llu", size); debug_verbose("calculating checksum for %p\n", csum_addr); struct csum_inet csum; csum_inet_init(&csum); uint64 chunks_num = read_input(&input_pos); uint64 chunk; for (chunk = 0; chunk < chunks_num; chunk++) { uint64 chunk_kind = read_input(&input_pos); uint64 chunk_value = read_input(&input_pos); uint64 chunk_size = read_input(&input_pos); switch (chunk_kind) { case arg_csum_chunk_data: debug_verbose("#%lld: data chunk, addr: %llx, size: %llu\n", chunk, chunk_value, chunk_size); NONFAILING(csum_inet_update(&csum, (const uint8*)chunk_value, chunk_size)); break; case arg_csum_chunk_const: if (chunk_size != 2 && chunk_size != 4 && chunk_size != 8) { fail("bad checksum const chunk size %lld", chunk_size); } // Here we assume that const values come to us big endian. debug_verbose("#%lld: const chunk, value: %llx, size: %llu\n", chunk, chunk_value, chunk_size); csum_inet_update(&csum, (const uint8*)&chunk_value, chunk_size); break; default: fail("bad checksum chunk kind %llu", chunk_kind); } } uint16 csum_value = csum_inet_digest(&csum); debug_verbose("writing inet checksum %hx to %p\n", csum_value, csum_addr); copyin(csum_addr, csum_value, 2, binary_format_native, 0, 0); break; } default: fail("bad checksum kind %llu", csum_kind); } break; } default: fail("bad argument type %llu", typ); } continue; } if (call_num == instr_copyout) { read_input(&input_pos); // index read_input(&input_pos); // addr read_input(&input_pos); // size // The copyout will happen when/if the call completes. continue; } // Normal syscall. if (call_num >= ARRAY_SIZE(syscalls)) fail("invalid command number %llu", call_num); const call_t* call = &syscalls[call_num]; if (call->attrs.disabled) fail("executing disabled syscall %s", call->name); if (prog_extra_timeout < call->attrs.prog_timeout) prog_extra_timeout = call->attrs.prog_timeout * slowdown_scale; if (strncmp(syscalls[call_num].name, "syz_usb", strlen("syz_usb")) == 0) prog_extra_cover_timeout = std::max(prog_extra_cover_timeout, 500 * slowdown_scale); if (strncmp(syscalls[call_num].name, "syz_80211_inject_frame", strlen("syz_80211_inject_frame")) == 0) prog_extra_cover_timeout = std::max(prog_extra_cover_timeout, 300 * slowdown_scale); uint64 copyout_index = read_input(&input_pos); uint64 num_args = read_input(&input_pos); if (num_args > kMaxArgs) fail("command has bad number of arguments %llu", num_args); uint64 args[kMaxArgs] = {}; for (uint64 i = 0; i < num_args; i++) args[i] = read_arg(&input_pos); for (uint64 i = num_args; i < kMaxArgs; i++) args[i] = 0; thread_t* th = schedule_call(call_index++, call_num, colliding, copyout_index, num_args, args, input_pos); if (colliding && (call_index % 2) == 0) { // Don't wait for every other call. // We already have results from the previous execution. } else if (flag_threaded) { // Wait for call completion. uint64 timeout_ms = syscall_timeout_ms + call->attrs.timeout * slowdown_scale; // This is because of printing pre/post call. Ideally we print everything in the main thread // and then remove this (would also avoid intermixed output). if (flag_debug && timeout_ms < 1000) timeout_ms = 1000; if (event_timedwait(&th->done, timeout_ms)) handle_completion(th); // Check if any of previous calls have completed. for (int i = 0; i < kMaxThreads; i++) { th = &threads[i]; if (th->executing && event_isset(&th->done)) handle_completion(th); } } else { // Execute directly. if (th != &threads[0]) fail("using non-main thread in non-thread mode"); event_reset(&th->ready); execute_call(th); event_set(&th->done); handle_completion(th); } } if (!colliding && !collide && running > 0) { // Give unfinished syscalls some additional time. last_scheduled = 0; uint64 wait_start = current_time_ms(); uint64 wait_end = wait_start + 2 * syscall_timeout_ms; wait_end = std::max(wait_end, start + program_timeout_ms / 6); wait_end = std::max(wait_end, wait_start + prog_extra_timeout); while (running > 0 && current_time_ms() <= wait_end) { sleep_ms(1 * slowdown_scale); for (int i = 0; i < kMaxThreads; i++) { thread_t* th = &threads[i]; if (th->executing && event_isset(&th->done)) handle_completion(th); } } // Write output coverage for unfinished calls. if (running > 0) { for (int i = 0; i < kMaxThreads; i++) { thread_t* th = &threads[i]; if (th->executing) { if (flag_coverage) cover_collect(&th->cov); write_call_output(th, false); } } } } #if SYZ_HAVE_CLOSE_FDS close_fds(); #endif if (!colliding && !collide) { write_extra_output(); // Check for new extra coverage in small intervals to avoid situation // that we were killed on timeout before we write any. // Check for extra coverage is very cheap, effectively a memory load. const uint64 kSleepMs = 100; for (uint64 i = 0; i < prog_extra_cover_timeout / kSleepMs; i++) { sleep_ms(kSleepMs); write_extra_output(); } } if (flag_collide && !flag_fault && !colliding && !collide) { debug("enabling collider\n"); collide = colliding = true; goto retry; } } thread_t* schedule_call(int call_index, int call_num, bool colliding, uint64 copyout_index, uint64 num_args, uint64* args, uint64* pos) { // Find a spare thread to execute the call. int i = 0; for (; i < kMaxThreads; i++) { thread_t* th = &threads[i]; if (!th->created) thread_create(th, i); if (event_isset(&th->done)) { if (th->executing) handle_completion(th); break; } } if (i == kMaxThreads) exitf("out of threads"); thread_t* th = &threads[i]; if (event_isset(&th->ready) || !event_isset(&th->done) || th->executing) fail("bad thread state in schedule: ready=%d done=%d executing=%d", event_isset(&th->ready), event_isset(&th->done), th->executing); last_scheduled = th; th->colliding = colliding; th->copyout_pos = pos; th->copyout_index = copyout_index; event_reset(&th->done); th->executing = true; th->call_index = call_index; th->call_num = call_num; th->num_args = num_args; for (int i = 0; i < kMaxArgs; i++) th->args[i] = args[i]; event_set(&th->ready); running++; return th; } #if SYZ_EXECUTOR_USES_SHMEM template void write_coverage_signal(cover_t* cov, uint32* signal_count_pos, uint32* cover_count_pos) { // Write out feedback signals. // Currently it is code edges computed as xor of two subsequent basic block PCs. cover_data_t* cover_data = ((cover_data_t*)cov->data) + 1; uint32 nsig = 0; cover_data_t prev_pc = 0; bool prev_filter = true; for (uint32 i = 0; i < cov->size; i++) { cover_data_t pc = cover_data[i]; uint32 sig = pc; if (use_cover_edges(pc)) sig ^= hash(prev_pc); bool filter = coverage_filter(pc); // Ignore the edge only if both current and previous PCs are filtered out // to capture all incoming and outcoming edges into the interesting code. bool ignore = !filter && !prev_filter; prev_pc = pc; prev_filter = filter; if (ignore || dedup(sig)) continue; write_output(sig); nsig++; } // Write out number of signals. *signal_count_pos = nsig; if (!flag_collect_cover) return; // Write out real coverage (basic block PCs). uint32 cover_size = cov->size; if (flag_dedup_cover) { cover_data_t* end = cover_data + cover_size; cover_unprotect(cov); std::sort(cover_data, end); cover_size = std::unique(cover_data, end) - cover_data; cover_protect(cov); } // Truncate PCs to uint32 assuming that they fit into 32-bits. // True for x86_64 and arm64 without KASLR. for (uint32 i = 0; i < cover_size; i++) write_output(cover_data[i]); *cover_count_pos = cover_size; } #endif void handle_completion(thread_t* th) { if (event_isset(&th->ready) || !event_isset(&th->done) || !th->executing) fail("bad thread state in completion: ready=%d done=%d executing=%d", event_isset(&th->ready), event_isset(&th->done), th->executing); if (th->res != (intptr_t)-1) copyout_call_results(th); if (!collide && !th->colliding) { write_call_output(th, true); write_extra_output(); } th->executing = false; running--; if (running < 0) { // This fires periodically for the past 2 years (see issue #502). fprintf(stderr, "running=%d collide=%d completed=%d flag_threaded=%d flag_collide=%d current=%d\n", running, collide, completed, flag_threaded, flag_collide, th->id); for (int i = 0; i < kMaxThreads; i++) { thread_t* th1 = &threads[i]; fprintf(stderr, "th #%2d: created=%d executing=%d colliding=%d" " ready=%d done=%d call_index=%d res=%lld reserrno=%d\n", i, th1->created, th1->executing, th1->colliding, event_isset(&th1->ready), event_isset(&th1->done), th1->call_index, (uint64)th1->res, th1->reserrno); } fail("running = %d", running); } } void copyout_call_results(thread_t* th) { if (th->copyout_index != no_copyout) { if (th->copyout_index >= kMaxCommands) fail("result idx %lld overflows kMaxCommands", th->copyout_index); results[th->copyout_index].executed = true; results[th->copyout_index].val = th->res; } for (bool done = false; !done;) { uint64 instr = read_input(&th->copyout_pos); switch (instr) { case instr_copyout: { uint64 index = read_input(&th->copyout_pos); if (index >= kMaxCommands) fail("result idx %lld overflows kMaxCommands", index); char* addr = (char*)read_input(&th->copyout_pos); uint64 size = read_input(&th->copyout_pos); uint64 val = 0; if (copyout(addr, size, &val)) { results[index].executed = true; results[index].val = val; } debug_verbose("copyout 0x%llx from %p\n", val, addr); break; } default: done = true; break; } } } void write_call_output(thread_t* th, bool finished) { uint32 reserrno = 999; const bool blocked = finished && th != last_scheduled; uint32 call_flags = call_flag_executed | (blocked ? call_flag_blocked : 0); if (finished) { reserrno = th->res != -1 ? 0 : th->reserrno; call_flags |= call_flag_finished | (th->fault_injected ? call_flag_fault_injected : 0); } #if SYZ_EXECUTOR_USES_SHMEM write_output(th->call_index); write_output(th->call_num); write_output(reserrno); write_output(call_flags); uint32* signal_count_pos = write_output(0); // filled in later uint32* cover_count_pos = write_output(0); // filled in later uint32* comps_count_pos = write_output(0); // filled in later if (flag_comparisons) { // Collect only the comparisons uint32 ncomps = th->cov.size; kcov_comparison_t* start = (kcov_comparison_t*)(th->cov.data + sizeof(uint64)); kcov_comparison_t* end = start + ncomps; if ((char*)end > th->cov.data_end) fail("too many comparisons %u", ncomps); cover_unprotect(&th->cov); std::sort(start, end); ncomps = std::unique(start, end) - start; cover_protect(&th->cov); uint32 comps_size = 0; for (uint32 i = 0; i < ncomps; ++i) { if (start[i].ignore()) continue; comps_size++; start[i].write(); } // Write out number of comparisons. *comps_count_pos = comps_size; } else if (flag_coverage) { if (is_kernel_64_bit) write_coverage_signal(&th->cov, signal_count_pos, cover_count_pos); else write_coverage_signal(&th->cov, signal_count_pos, cover_count_pos); } debug_verbose("out #%u: index=%u num=%u errno=%d finished=%d blocked=%d sig=%u cover=%u comps=%u\n", completed, th->call_index, th->call_num, reserrno, finished, blocked, *signal_count_pos, *cover_count_pos, *comps_count_pos); completed++; write_completed(completed); #else call_reply reply; reply.header.magic = kOutMagic; reply.header.done = 0; reply.header.status = 0; reply.call_index = th->call_index; reply.call_num = th->call_num; reply.reserrno = reserrno; reply.flags = call_flags; reply.signal_size = 0; reply.cover_size = 0; reply.comps_size = 0; if (write(kOutPipeFd, &reply, sizeof(reply)) != sizeof(reply)) fail("control pipe call write failed"); debug_verbose("out: index=%u num=%u errno=%d finished=%d blocked=%d\n", th->call_index, th->call_num, reserrno, finished, blocked); #endif } void write_extra_output() { #if SYZ_EXECUTOR_USES_SHMEM if (!flag_coverage || !flag_extra_coverage || flag_comparisons) return; cover_collect(&extra_cov); if (!extra_cov.size) return; write_output(-1); // call index write_output(-1); // call num write_output(999); // errno write_output(0); // call flags uint32* signal_count_pos = write_output(0); // filled in later uint32* cover_count_pos = write_output(0); // filled in later write_output(0); // comps_count_pos if (is_kernel_64_bit) write_coverage_signal(&extra_cov, signal_count_pos, cover_count_pos); else write_coverage_signal(&extra_cov, signal_count_pos, cover_count_pos); cover_reset(&extra_cov); debug_verbose("extra: sig=%u cover=%u\n", *signal_count_pos, *cover_count_pos); completed++; write_completed(completed); #endif } void thread_create(thread_t* th, int id) { th->created = true; th->id = id; th->executing = false; event_init(&th->ready); event_init(&th->done); event_set(&th->done); if (flag_threaded) thread_start(worker_thread, th); } void* worker_thread(void* arg) { thread_t* th = (thread_t*)arg; current_thread = th; if (flag_coverage) cover_enable(&th->cov, flag_comparisons, false); for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th); event_set(&th->done); } return 0; } void execute_call(thread_t* th) { const call_t* call = &syscalls[th->call_num]; debug("#%d [%llums] -> %s(", th->id, current_time_ms() - start_time_ms, call->name); for (int i = 0; i < th->num_args; i++) { if (i != 0) debug(", "); debug("0x%llx", (uint64)th->args[i]); } debug(")\n"); int fail_fd = -1; th->soft_fail_state = false; if (flag_fault && th->call_index == flag_fault_call) { if (collide) fail("both collide and fault injection are enabled"); fail_fd = inject_fault(flag_fault_nth); th->soft_fail_state = true; } if (flag_coverage) cover_reset(&th->cov); // For pseudo-syscalls and user-space functions NONFAILING can abort before assigning to th->res. // Arrange for res = -1 and errno = EFAULT result for such case. th->res = -1; errno = EFAULT; NONFAILING(th->res = execute_syscall(call, th->args)); th->reserrno = errno; // Our pseudo-syscalls may misbehave. if ((th->res == -1 && th->reserrno == 0) || call->attrs.ignore_return) th->reserrno = EINVAL; // Reset the flag before the first possible fail(). th->soft_fail_state = false; if (flag_coverage) { cover_collect(&th->cov); if (th->cov.size >= kCoverSize) fail("#%d: too much cover %u", th->id, th->cov.size); } th->fault_injected = false; if (flag_fault && th->call_index == flag_fault_call) { th->fault_injected = fault_injected(fail_fd); } debug("#%d [%llums] <- %s=0x%llx errno=%d ", th->id, current_time_ms() - start_time_ms, call->name, (uint64)th->res, th->reserrno); if (flag_coverage) debug("cover=%u ", th->cov.size); if (flag_fault && th->call_index == flag_fault_call) debug("fault=%d ", th->fault_injected); debug("\n"); } #if SYZ_EXECUTOR_USES_SHMEM static uint32 hash(uint32 a) { a = (a ^ 61) ^ (a >> 16); a = a + (a << 3); a = a ^ (a >> 4); a = a * 0x27d4eb2d; a = a ^ (a >> 15); return a; } const uint32 dedup_table_size = 8 << 10; uint32 dedup_table[dedup_table_size]; // Poorman's best-effort hashmap-based deduplication. // The hashmap is global which means that we deduplicate across different calls. // This is OK because we are interested only in new signals. static bool dedup(uint32 sig) { for (uint32 i = 0; i < 4; i++) { uint32 pos = (sig + i) % dedup_table_size; if (dedup_table[pos] == sig) return true; if (dedup_table[pos] == 0) { dedup_table[pos] = sig; return false; } } dedup_table[sig % dedup_table_size] = sig; return false; } #endif template void copyin_int(char* addr, uint64 val, uint64 bf, uint64 bf_off, uint64 bf_len) { if (bf_off == 0 && bf_len == 0) { *(T*)addr = swap(val, sizeof(T), bf); return; } T x = swap(*(T*)addr, sizeof(T), bf); debug_verbose("copyin_int<%zu>: old x=0x%llx\n", sizeof(T), (uint64)x); #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ const uint64 shift = sizeof(T) * CHAR_BIT - bf_off - bf_len; #else const uint64 shift = bf_off; #endif x = (x & ~BITMASK(shift, bf_len)) | ((val << shift) & BITMASK(shift, bf_len)); debug_verbose("copyin_int<%zu>: new x=0x%llx\n", sizeof(T), (uint64)x); *(T*)addr = swap(x, sizeof(T), bf); } void copyin(char* addr, uint64 val, uint64 size, uint64 bf, uint64 bf_off, uint64 bf_len) { debug_verbose("copyin: addr=%p val=0x%llx size=%llu bf=%llu bf_off=%llu bf_len=%llu\n", addr, val, size, bf, bf_off, bf_len); if (bf != binary_format_native && bf != binary_format_bigendian && (bf_off != 0 || bf_len != 0)) fail("bitmask for string format %llu/%llu", bf_off, bf_len); switch (bf) { case binary_format_native: case binary_format_bigendian: NONFAILING(switch (size) { case 1: copyin_int(addr, val, bf, bf_off, bf_len); break; case 2: copyin_int(addr, val, bf, bf_off, bf_len); break; case 4: copyin_int(addr, val, bf, bf_off, bf_len); break; case 8: copyin_int(addr, val, bf, bf_off, bf_len); break; default: fail("copyin: bad argument size %llu", size); }); break; case binary_format_strdec: if (size != 20) fail("bad strdec size %llu", size); NONFAILING(sprintf((char*)addr, "%020llu", val)); break; case binary_format_strhex: if (size != 18) fail("bad strhex size %llu", size); NONFAILING(sprintf((char*)addr, "0x%016llx", val)); break; case binary_format_stroct: if (size != 23) fail("bad stroct size %llu", size); NONFAILING(sprintf((char*)addr, "%023llo", val)); break; default: fail("unknown binary format %llu", bf); } } bool copyout(char* addr, uint64 size, uint64* res) { return NONFAILING( switch (size) { case 1: *res = *(uint8*)addr; break; case 2: *res = *(uint16*)addr; break; case 4: *res = *(uint32*)addr; break; case 8: *res = *(uint64*)addr; break; default: fail("copyout: bad argument size %llu", size); }); } uint64 read_arg(uint64** input_posp) { uint64 typ = read_input(input_posp); switch (typ) { case arg_const: { uint64 size, bf, bf_off, bf_len; uint64 val = read_const_arg(input_posp, &size, &bf, &bf_off, &bf_len); if (bf != binary_format_native && bf != binary_format_bigendian) fail("bad argument binary format %llu", bf); if (bf_off != 0 || bf_len != 0) fail("bad argument bitfield %llu/%llu", bf_off, bf_len); return swap(val, size, bf); } case arg_result: { uint64 meta = read_input(input_posp); uint64 bf = meta >> 8; if (bf != binary_format_native) fail("bad result argument format %llu", bf); return read_result(input_posp); } default: fail("bad argument type %llu", typ); } } uint64 swap(uint64 v, uint64 size, uint64 bf) { if (bf == binary_format_native) return v; if (bf != binary_format_bigendian) fail("bad binary format in swap: %llu", bf); switch (size) { case 2: return htobe16(v); case 4: return htobe32(v); case 8: return htobe64(v); default: fail("bad big-endian int size %llu", size); } } uint64 read_const_arg(uint64** input_posp, uint64* size_p, uint64* bf_p, uint64* bf_off_p, uint64* bf_len_p) { uint64 meta = read_input(input_posp); uint64 val = read_input(input_posp); *size_p = meta & 0xff; uint64 bf = (meta >> 8) & 0xff; *bf_off_p = (meta >> 16) & 0xff; *bf_len_p = (meta >> 24) & 0xff; uint64 pid_stride = meta >> 32; val += pid_stride * procid; *bf_p = bf; return val; } uint64 read_result(uint64** input_posp) { uint64 idx = read_input(input_posp); uint64 op_div = read_input(input_posp); uint64 op_add = read_input(input_posp); uint64 arg = read_input(input_posp); if (idx >= kMaxCommands) fail("command refers to bad result %lld", idx); if (results[idx].executed) { arg = results[idx].val; if (op_div != 0) arg = arg / op_div; arg += op_add; } return arg; } uint64 read_input(uint64** input_posp, bool peek) { uint64* input_pos = *input_posp; if ((char*)input_pos >= input_data + kMaxInput) fail("input command overflows input %p: [%p:%p)", input_pos, input_data, input_data + kMaxInput); if (!peek) *input_posp = input_pos + 1; return *input_pos; } #if SYZ_EXECUTOR_USES_SHMEM uint32* write_output(uint32 v) { if (output_pos < output_data || (char*)output_pos >= (char*)output_data + kMaxOutput) fail("output overflow: pos=%p region=[%p:%p]", output_pos, output_data, (char*)output_data + kMaxOutput); *output_pos = v; return output_pos++; } uint32* write_output_64(uint64 v) { if (output_pos < output_data || (char*)(output_pos + 1) >= (char*)output_data + kMaxOutput) fail("output overflow: pos=%p region=[%p:%p]", output_pos, output_data, (char*)output_data + kMaxOutput); *(uint64*)output_pos = v; output_pos += 2; return output_pos; } void write_completed(uint32 completed) { __atomic_store_n(output_data, completed, __ATOMIC_RELEASE); } #endif #if SYZ_EXECUTOR_USES_SHMEM void kcov_comparison_t::write() { if (type > (KCOV_CMP_CONST | KCOV_CMP_SIZE_MASK)) fail("invalid kcov comp type %llx", type); // Write order: type arg1 arg2 pc. write_output((uint32)type); // KCOV converts all arguments of size x first to uintx_t and then to // uint64. We want to properly extend signed values, e.g we want // int8 c = 0xfe to be represented as 0xfffffffffffffffe. // Note that uint8 c = 0xfe will be represented the same way. // This is ok because during hints processing we will anyways try // the value 0x00000000000000fe. switch (type & KCOV_CMP_SIZE_MASK) { case KCOV_CMP_SIZE1: arg1 = (uint64)(long long)(signed char)arg1; arg2 = (uint64)(long long)(signed char)arg2; break; case KCOV_CMP_SIZE2: arg1 = (uint64)(long long)(short)arg1; arg2 = (uint64)(long long)(short)arg2; break; case KCOV_CMP_SIZE4: arg1 = (uint64)(long long)(int)arg1; arg2 = (uint64)(long long)(int)arg2; break; } bool is_size_8 = (type & KCOV_CMP_SIZE_MASK) == KCOV_CMP_SIZE8; if (!is_size_8) { write_output((uint32)arg1); write_output((uint32)arg2); } else { write_output_64(arg1); write_output_64(arg2); } } bool kcov_comparison_t::ignore() const { // Comparisons with 0 are not interesting, fuzzer should be able to guess 0's without help. if (arg1 == 0 && (arg2 == 0 || (type & KCOV_CMP_CONST))) return true; if ((type & KCOV_CMP_SIZE_MASK) == KCOV_CMP_SIZE8) { // This can be a pointer (assuming 64-bit kernel). // First of all, we want avert fuzzer from our output region. // Without this fuzzer manages to discover and corrupt it. uint64 out_start = (uint64)output_data; uint64 out_end = out_start + kMaxOutput; if (arg1 >= out_start && arg1 <= out_end) return true; if (arg2 >= out_start && arg2 <= out_end) return true; #if defined(GOOS_linux) // Filter out kernel physical memory addresses. // These are internal kernel comparisons and should not be interesting. // The range covers first 1TB of physical mapping. uint64 kmem_start = (uint64)0xffff880000000000ull; uint64 kmem_end = (uint64)0xffff890000000000ull; bool kptr1 = arg1 >= kmem_start && arg1 <= kmem_end; bool kptr2 = arg2 >= kmem_start && arg2 <= kmem_end; if (kptr1 && kptr2) return true; if (kptr1 && arg2 == 0) return true; if (kptr2 && arg1 == 0) return true; #endif } return !coverage_filter(pc); } bool kcov_comparison_t::operator==(const struct kcov_comparison_t& other) const { // We don't check for PC equality now, because it is not used. return type == other.type && arg1 == other.arg1 && arg2 == other.arg2; } bool kcov_comparison_t::operator<(const struct kcov_comparison_t& other) const { if (type != other.type) return type < other.type; if (arg1 != other.arg1) return arg1 < other.arg1; // We don't check for PC equality now, because it is not used. return arg2 < other.arg2; } #endif void setup_features(char** enable, int n) { // This does any one-time setup for the requested features on the machine. // Note: this can be called multiple times and must be idempotent. #if SYZ_HAVE_FEATURES setup_sysctl(); #endif for (int i = 0; i < n; i++) { bool found = false; #if SYZ_HAVE_FEATURES for (unsigned f = 0; f < sizeof(features) / sizeof(features[0]); f++) { if (strcmp(enable[i], features[f].name) == 0) { features[f].setup(); found = true; break; } } #endif if (!found) fail("unknown feature %s", enable[i]); } } void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); // fail()'s are often used during the validation of kernel reactions to queries // that were issued by pseudo syscalls implementations. As fault injection may // cause the kernel not to succeed in handling these queries (e.g. socket writes // or reads may fail), this could ultimately lead to unwanted "lost connection to // test machine" crashes. // In order to avoid this and, on the other hand, to still have the ability to // signal a disastrous situation, the exit code of this function depends on the // current context. // All fail() invocations during system call execution with enabled fault injection // lead to termination with zero exit code. In all other cases, the exit code is // kFailStatus. if (current_thread && current_thread->soft_fail_state) doexit(0); doexit(kFailStatus); } void exitf(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(0); } void debug(const char* msg, ...) { if (!flag_debug) return; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fflush(stderr); } void debug_dump_data(const char* data, int length) { if (!flag_debug) return; int i = 0; for (; i < length; i++) { debug("%02x ", data[i] & 0xff); if (i % 16 == 15) debug("\n"); } if (i % 16 != 0) debug("\n"); } In file included from /usr/include/bits/errno.h:26, from /usr/include/errno.h:28, from ../../executor/executor.cc:7: /usr/include/linux/errno.h:1:10: fatal error: asm/errno.h: No such file or directory 1 | #include | ^~~~~~~~~~~~~ compilation terminated. compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor530278542 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 ../../executor/executor.cc -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -Wno-overflow] FAIL FAIL github.com/google/syzkaller/pkg/ipc 6.583s ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ok github.com/google/syzkaller/pkg/kconfig 0.630s ok github.com/google/syzkaller/pkg/kd 0.028s ok github.com/google/syzkaller/pkg/log 0.037s ok github.com/google/syzkaller/pkg/mgrconfig 0.048s ok github.com/google/syzkaller/pkg/osutil 0.209s ok github.com/google/syzkaller/pkg/report 3.246s ok github.com/google/syzkaller/pkg/repro 0.106s ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest 34.088s ok github.com/google/syzkaller/pkg/serializer 0.047s ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/symbolizer 0.169s ok github.com/google/syzkaller/pkg/tool 0.061s ok github.com/google/syzkaller/pkg/vcs 2.645s ok github.com/google/syzkaller/prog 7.330s ok github.com/google/syzkaller/prog/test 0.539s ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ok github.com/google/syzkaller/sys/linux 0.099s ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd 0.108s ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci 0.701s ok github.com/google/syzkaller/syz-fuzzer 0.567s ok github.com/google/syzkaller/syz-hub 0.017s ok github.com/google/syzkaller/syz-hub/state 0.071s ok github.com/google/syzkaller/syz-manager 0.532s ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-imagegen [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-kconf [no test files] ok github.com/google/syzkaller/tools/syz-linter 1.583s ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser 0.008s ok github.com/google/syzkaller/tools/syz-trace2syz/proggen 0.248s ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm 8.058s ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ok github.com/google/syzkaller/vm/isolated 0.043s ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ok github.com/google/syzkaller/vm/vmimpl 0.140s ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] FAIL