ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 0.563s ok github.com/google/syzkaller/pkg/ast 2.701s ok github.com/google/syzkaller/pkg/auth (cached) ok github.com/google/syzkaller/pkg/bisect 16.151s ok github.com/google/syzkaller/pkg/build 31.858s ok github.com/google/syzkaller/pkg/compiler 9.290s ? github.com/google/syzkaller/pkg/config [no test files] ok github.com/google/syzkaller/pkg/cover 44.592s ok github.com/google/syzkaller/pkg/cover/backend (cached) --- FAIL: TestGenerate (37.02s) --- FAIL: TestGenerate/linux/386 (2.02s) csource_test.go:52: seed=1633617774536450098 --- FAIL: TestGenerate/linux/386/0 (2.56s) csource_test.go:118: opts: {Threaded:false Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; res = syscall(__NR_getgid); if (res != -1) r[6] = res; *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; res = syscall(__NR_getgid); if (res != -1) r[8] = res; memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); syz_init_net_socket(0x24, 2, 0); res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); syz_open_pts(r[21], 0x8001); *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); syz_usb_disconnect(r[22]); syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); syz_usbip_server_init(2); } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :103:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :90:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :85:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor779117150 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/10 (2.73s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:namespace Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int real_uid; static int real_gid; __attribute__((aligned(64 << 10))) static char sandbox_stack[1 << 20]; static int namespace_sandbox_proc(void* arg) { sandbox_common(); write_file("/proc/self/setgroups", "deny"); if (!write_file("/proc/self/uid_map", "0 %d 1\n", real_uid)) exit(1); if (!write_file("/proc/self/gid_map", "0 %d 1\n", real_gid)) exit(1); if (unshare(CLONE_NEWNET)) exit(1); if (mkdir("./syz-tmp", 0777)) exit(1); if (mount("", "./syz-tmp", "tmpfs", 0, NULL)) exit(1); if (mkdir("./syz-tmp/newroot", 0777)) exit(1); if (mkdir("./syz-tmp/newroot/dev", 0700)) exit(1); unsigned bind_mount_flags = MS_BIND | MS_REC | MS_PRIVATE; if (mount("/dev", "./syz-tmp/newroot/dev", NULL, bind_mount_flags, NULL)) exit(1); if (mkdir("./syz-tmp/newroot/proc", 0700)) exit(1); if (mount(NULL, "./syz-tmp/newroot/proc", "proc", 0, NULL)) exit(1); if (mkdir("./syz-tmp/newroot/selinux", 0700)) exit(1); const char* selinux_path = "./syz-tmp/newroot/selinux"; if (mount("/selinux", selinux_path, NULL, bind_mount_flags, NULL)) { if (errno != ENOENT) exit(1); if (mount("/sys/fs/selinux", selinux_path, NULL, bind_mount_flags, NULL) && errno != ENOENT) exit(1); } if (mkdir("./syz-tmp/newroot/sys", 0700)) exit(1); if (mount("/sys", "./syz-tmp/newroot/sys", 0, bind_mount_flags, NULL)) exit(1); if (mkdir("./syz-tmp/pivot", 0777)) exit(1); if (syscall(SYS_pivot_root, "./syz-tmp", "./syz-tmp/pivot")) { if (chdir("./syz-tmp")) exit(1); } else { if (chdir("/")) exit(1); if (umount2("./pivot", MNT_DETACH)) exit(1); } if (chroot("./newroot")) exit(1); if (chdir("/")) exit(1); drop_caps(); loop(); exit(1); } static int do_sandbox_namespace(void) { setup_common(); real_uid = getuid(); real_gid = getgid(); mprotect(sandbox_stack, 4096, PROT_NONE); int pid = clone(namespace_sandbox_proc, &sandbox_stack[sizeof(sandbox_stack) - 64], CLONE_NEWUSER | CLONE_NEWPID, 0); return wait_for_loop(pid); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); do_sandbox_namespace(); return 0; } :126:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :113:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :108:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor346443679 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/11 (2.91s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:android Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "/data/data/syzkaller/syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } #define PRIMARY_ARCH AUDIT_ARCH_I386 const struct sock_filter x86_app_filter[] = { BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 0, 0, 120), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 140, 59, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 75, 29, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 41, 15, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 24, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 10, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 8, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 7, 113, 112), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 9, 112, 111), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 19, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 13, 110, 109), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 21, 109, 108), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 33, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 26, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 25, 106, 105), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 27, 105, 104), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 36, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 34, 103, 102), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 40, 102, 101), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 60, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 54, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 45, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 44, 98, 97), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 46, 97, 96), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 56, 95, 94), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 58, 94, 93), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 66, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 63, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 61, 91, 90), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 90, 89), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 68, 89, 88), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 114, 15, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 94, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 85, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 77, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 76, 84, 83), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 79, 83, 82), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 90, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 86, 81, 80), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 93, 80, 79), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 102, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 96, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 95, 77, 76), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 98, 76, 75), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 104, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 103, 74, 73), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 106, 73, 72), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 125, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 118, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 116, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 115, 69, 68), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 117, 68, 67), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 122, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 121, 66, 65), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 123, 65, 64), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 136, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 131, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 126, 62, 61), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 134, 61, 60), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 137, 60, 59), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 265, 29, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 207, 15, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 183, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 168, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 150, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 149, 54, 53), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 164, 53, 52), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 172, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 169, 51, 50), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 182, 50, 49), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 199, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 190, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 188, 47, 46), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 198, 46, 45), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 205, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 203, 44, 43), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 206, 43, 42), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 245, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 218, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 211, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 210, 39, 38), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 212, 38, 37), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 224, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 222, 36, 35), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 244, 35, 34), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 254, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 252, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 250, 32, 31), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 253, 31, 30), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 264, 30, 29), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 322, 15, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 295, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 284, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 272, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 271, 25, 24), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 273, 24, 23), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 291, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 285, 22, 21), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 294, 21, 20), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 313, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 300, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 299, 18, 17), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 312, 17, 16), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 318, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 317, 15, 14), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 321, 14, 13), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 351, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 344, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 340, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 337, 10, 9), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 341, 9, 8), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 346, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 345, 7, 6), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 349, 6, 5), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 375, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 358, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 357, 3, 2), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 359, 2, 1), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 380, 1, 0), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), }; #define x86_app_filter_size (sizeof(x86_app_filter) / sizeof(struct sock_filter)) static const struct sock_filter* primary_app_filter = x86_app_filter; static const size_t primary_app_filter_size = x86_app_filter_size; #define kFilterMaxSize (x86_app_filter_size + 3 + 1 + 4 + 2) #define syscall_nr (offsetof(struct seccomp_data, nr)) #define arch_nr (offsetof(struct seccomp_data, arch)) typedef struct Filter_t { struct sock_filter data[kFilterMaxSize]; size_t count; } Filter; static void push_back(Filter* filter_array, struct sock_filter filter) { if (filter_array->count == kFilterMaxSize) exit(1); filter_array->data[filter_array->count++] = filter; } static void Disallow(Filter* f) { struct sock_filter filter = BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_TRAP); push_back(f, filter); } static void ExamineSyscall(Filter* f) { struct sock_filter filter = BPF_STMT(BPF_LD | BPF_W | BPF_ABS, syscall_nr); push_back(f, filter); } static void ValidateArchitecture(Filter* f) { struct sock_filter filter1 = BPF_STMT(BPF_LD | BPF_W | BPF_ABS, arch_nr); struct sock_filter filter2 = BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, PRIMARY_ARCH, 1, 0); push_back(f, filter1); push_back(f, filter2); Disallow(f); } static void install_filter(const Filter* f) { struct sock_fprog prog = { (unsigned short)f->count, (struct sock_filter*)&f->data[0], }; if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) exit(1); } static void set_app_seccomp_filter() { const struct sock_filter* p = primary_app_filter; size_t p_size = primary_app_filter_size; Filter f; f.count = 0; ValidateArchitecture(&f); ExamineSyscall(&f); for (size_t i = 0; i < p_size; ++i) push_back(&f, p[i]); Disallow(&f); install_filter(&f); } #define AID_NET_BT_ADMIN 3001 #define AID_NET_BT 3002 #define AID_INET 3003 #define AID_EVERYBODY 9997 #define AID_APP 10000 #define UNTRUSTED_APP_UID (AID_APP + 999) #define UNTRUSTED_APP_GID (AID_APP + 999) const char* const SELINUX_CONTEXT_UNTRUSTED_APP = "u:r:untrusted_app:s0:c512,c768"; const char* const SELINUX_LABEL_APP_DATA_FILE = "u:object_r:app_data_file:s0:c512,c768"; const char* const SELINUX_CONTEXT_FILE = "/proc/thread-self/attr/current"; const char* const SELINUX_XATTR_NAME = "security.selinux"; const gid_t UNTRUSTED_APP_GROUPS[] = {UNTRUSTED_APP_GID, AID_NET_BT_ADMIN, AID_NET_BT, AID_INET, AID_EVERYBODY}; const size_t UNTRUSTED_APP_NUM_GROUPS = sizeof(UNTRUSTED_APP_GROUPS) / sizeof(UNTRUSTED_APP_GROUPS[0]); static void getcon(char* context, size_t context_size) { int fd = open(SELINUX_CONTEXT_FILE, O_RDONLY); if (fd < 0) exit(1); ssize_t nread = read(fd, context, context_size); close(fd); if (nread <= 0) exit(1); if (context[nread - 1] == '\n') context[nread - 1] = '\0'; } static void setcon(const char* context) { char new_context[512]; int fd = open(SELINUX_CONTEXT_FILE, O_WRONLY); if (fd < 0) exit(1); ssize_t bytes_written = write(fd, context, strlen(context)); close(fd); if (bytes_written != (ssize_t)strlen(context)) exit(1); getcon(new_context, sizeof(new_context)); if (strcmp(context, new_context) != 0) exit(1); } static void setfilecon(const char* path, const char* context) { char new_context[512]; if (setxattr(path, SELINUX_XATTR_NAME, context, strlen(context) + 1, 0) != 0) exit(1); if (getxattr(path, SELINUX_XATTR_NAME, new_context, sizeof(new_context)) < 0) exit(1); if (strcmp(context, new_context) != 0) exit(1); } static int do_sandbox_android(void) { setup_common(); sandbox_common(); drop_caps(); if (chown(".", UNTRUSTED_APP_UID, UNTRUSTED_APP_UID) != 0) exit(1); if (setgroups(UNTRUSTED_APP_NUM_GROUPS, UNTRUSTED_APP_GROUPS) != 0) exit(1); if (setresgid(UNTRUSTED_APP_GID, UNTRUSTED_APP_GID, UNTRUSTED_APP_GID) != 0) exit(1); set_app_seccomp_filter(); if (setresuid(UNTRUSTED_APP_UID, UNTRUSTED_APP_UID, UNTRUSTED_APP_UID) != 0) exit(1); prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setfilecon(".", SELINUX_LABEL_APP_DATA_FILE); setcon(SELINUX_CONTEXT_UNTRUSTED_APP); loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); do_sandbox_android(); return 0; } :132:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :119:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :114:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor816057798 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/17 (3.01s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } static void setup_binfmt_misc() { if (mount(0, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, 0)) { } write_file("/proc/sys/fs/binfmt_misc/register", ":syz0:M:0:\x01::./file0:"); write_file("/proc/sys/fs/binfmt_misc/register", ":syz1:M:1:\x02::./file0:POC"); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_binfmt_misc(); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :126:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :113:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :108:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor788250733 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/23 (3.08s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } static struct nlmsg nlmsg; const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } static int hwsim80211_create_device(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t mac_addr[ETH_ALEN]) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_NEW_RADIO; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_SUPPORT_P2P_DEVICE, NULL, 0); netlink_attr(nlmsg, HWSIM_ATTR_PERM_ADDR, mac_addr, ETH_ALEN); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static void initialize_wifi_devices(void) { int rfkill = open("/dev/rfkill", O_RDWR); if (rfkill == -1) { if (errno != ENOENT && errno != EACCES) exit(1); } else { struct rfkill_event event = {0}; event.type = RFKILL_TYPE_ALL; event.op = RFKILL_OP_CHANGE_ALL; if (write(rfkill, &event, sizeof(event)) != (ssize_t)(sizeof(event))) exit(1); close(rfkill); } uint8_t mac_addr[6] = WIFI_MAC_BASE; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return; } int hwsim_family_id = netlink_query_family_id(&nlmsg, sock, "MAC80211_HWSIM", true); int nl80211_family_id = netlink_query_family_id(&nlmsg, sock, "nl80211", true); uint8_t ssid[] = WIFI_IBSS_SSID; uint8_t bssid[] = WIFI_IBSS_BSSID; struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = true, .mac = bssid, .ssid = ssid, .ssid_len = sizeof(ssid)}; for (int device_id = 0; device_id < WIFI_INITIAL_DEVICE_COUNT; device_id++) { mac_addr[5] = device_id; int ret = hwsim80211_create_device(&nlmsg, sock, hwsim_family_id, mac_addr); if (ret < 0) exit(1); char interface[6] = "wlan0"; interface[4] += device_id; if (nl80211_setup_ibss_interface(&nlmsg, sock, nl80211_family_id, interface, &ibss_props) < 0) exit(1); } for (int device_id = 0; device_id < WIFI_INITIAL_DEVICE_COUNT; device_id++) { char interface[6] = "wlan0"; interface[4] += device_id; int ret = await_ifla_operstate(&nlmsg, interface, IF_OPER_UP); if (ret < 0) exit(1); } close(sock); } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } initialize_wifi_devices(); loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :127:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :114:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :109:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor395720629 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/3 (3.15s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :124:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :111:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :106:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor119441296 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/7 (3.16s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 500 + (call == 4 ? 150 : 0) + (call == 12 ? 1500 : 0) + (call == 38 ? 150 : 0) + (call == 43 ? 9000 : 0) + (call == 44 ? 9000 : 0) + (call == 45 ? 900 : 0) + (call == 46 ? 900 : 0) + (call == 47 ? 900 : 0) + (call == 48 ? 9000 : 0) + (call == 49 ? 900 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 15000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :126:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :113:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :108:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor231741248 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/2 (3.16s) csource_test.go:118: opts: {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; int collide = 0; again: for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :126:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :113:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :108:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor598414833 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/6 (3.17s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :126:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :113:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :108:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor047916355 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/8 (3.20s) csource_test.go:118: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox: Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Fault:false FaultCall:0 FaultNth:0}} program: write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3}}, 0x18) (fail_nth: 1) r0 = openat$tty(0xffffff9c, &(0x7f0000000040), 0x10400, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000f, 0x10, r0, 0xada52000) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, &(0x7f0000000080)='syz0\x00') r1 = syz_mount_image$ufs(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x4, 0x3, &(0x7f0000003700)=[{&(0x7f0000002640)="386f6d1be27f8ca9182d1ae635bba8c9ce0379ce60d9d24e0fe69a46dd2b77026ce1e6bbc05a246ae26905253191f7e34ef3860f1c2cc9a6d522f503d78e340cb54f1d6b", 0x44, 0x1}, {&(0x7f00000026c0)="5739ec80616d1bac909797c5723d287d94f010e0f70a342a21fb38b36986025dca054a96bbe74027974c452893a9f5d513efc470652bf4e837d8d5eeaced2669d73cea3d3931399da04dfb4859d03c47dd535baa980ae8b7a5c312fd71acc521bddc2c637026d7fadb42c020c53d4e2feeb23077ed867d5b36567b8d06e0f4d2d9c616d67391f879e812d7a17975f3e0e569f557b65bbade941868bae4be8d2dfa45a385877ece8d94d755dbf82b4fd8899ba1b8ece43b36b369a8df56993b16eec20aed1c596f669df897ddfa0df4ab26d747598296dd3bcd5cad67a8b19eba5f343fbfa6301a1502600eda02ab157ab1b164e3de5733e4bfd9677b49b29bb56e99367d01044b3accf0f93af75527837a9b494b4eace1f49c879e71e962a593749555b50a55ca1144eb54807047defde8dd097ebcbaa230451ac7a7763ef2134b453ef7ce92d6adce449aa182efb2ed4a8707f1e1846d82505da06c2d6b4a582ddfb2bdb7a19bbce8e0a0f7b2f496622bee043729f3843188eb14e56e8f48d7d4b151a7deef2a1a9458834253770882cc41f6fb784a9f73a4f81ef993dae61a805ba6f9307820813310dc3870835ad4be7e3c8a13f9f01e9ea9b1b9dfb1e347e3ea1b5b090e1a38617707bb5aa0ce82193f6970a0b885183fce8b7d30bfc18258dd40f508b95b55ca27d8ec76010310c677c04c0b01fd69de396ae95a7c3ca50f4e7fc3da749d82a5d9f57ab6ed7a0d1276297ab57172671d4c7ca35224700db93644131a5126af54755aec80cffdeb709f0c5821ec3b86d29f10be62d94c032f79d4edccaf40b24d72e46d7c9933f6eada794aad1eaf41aec135a4f6f7f609273608685ffc30fe1ae82213a956e8df493ec0aac8eccbbdb82093097db45161677685bf1e691a1c7dce13a88e63645bc79922b6d3d3d761f36a46302f79e0e0beb67e2f2cb2e83fc1a04177c9d022c46edc053f03182fc645450e4de536a418b0eae2acb0eaf4cb615eca77f72ee1d1f9146208e18669508edd050e9b4e72a8483016dc0198326d2a167004f323a0a6eb4d34f651c397f06d32e1bdab042efe566afc48cbd98f914134156314a954c641b1066ba715ab50eb4db84b13f20469d01d6346d425d70f60b42976b046cf96e4018fc6aaf78df30c02dd029e1e895c20b05fb3883c013de7e17a13697854feb5935cb344ff94ff8bb4ed2d1f174ea19020577b4ff9597c31a8fb2cfa1d7b71a57082561540f1cd86b8590b754fe95d749ef3caff93fd10a90ca003515bb23a3e71f44179c0996037457589e68177b0a10691f149a981a6a68d0bc820e1662a67c6a85fb39a35399c620c6ee314284fa42099bde09fd517a6e53cc0417c98d006b4210ba0351b7db6754338063f05b6824bbb41f70ba1fea9121f5885a4d03ee93f2b8f27a00cd666491003deda3e21029247646f7144cb004a6b524006d8ec7c93f41042bbf82d3bf2eef415f8f038b05c0c107ac24d0cc8f30813ebe2751da8398e04ff593d17ddeb32593671c8277424f79880054c581ae4ef5303a12f50d4e1fd6bb585a5e07751cbd58fa61d634c35563727e18239d9812fa41b9a256118ba9b0decc26076c8ae4b4e516a2b35a7e9839ca83bef4643e0a5d9db723b5afd80f715b63b19d0afb9cb03dd9e5fe1b3135ec1f0b973e7d21bb2f2221a78628a1b513e0ff9ea3067db3101c017eb8e606f2f075be4984f21bf75b6c4cbf3718e64ca62a9ab5d8e383aefba7493ddff478b744074bb51994bc91dd29c6b9bcd50a5028e14cf6d9468ef424ed165848ff5676e574110e0cd76a7c1dad3019facfd08d14b7d9e378a110e985088e51e89d75e3fa5fb3687598c0569e522f6c9ea4d1265ed97e313dce9cd01a4615e8bbe4dbe168f9d32c6682e4eef267dd718b475a81b485b17f6ba8afba19a58329f86bad12ac8444417e6148cb4e07ee46c5f1553a0fe4cd3326d8692cc43961f03f57f7c016f33c3d1c02bf125fc942101103636b02d93352efb4920e243f865cf5c0b5d347f51b87900b12acc347b319c147510c6a3c184b9fe9bbf49d20a71bc0882e296a03769751cd863082c1f3b8890fee3c644474db21e077acbeb05ae296710822fcaf5a7bc069bd93d411627cd1b713ccced010d1b88dfc1530454141b3dd3e1964c389576132173b86330388fec559dc722f177497c308315a4eefb5043cc97c5b1ea53b6de6f4eced9cc20b5243ef96ae0da16b43ecfd03e702528ad4c3609545df939e2bcee08258649319d74fd784d3d30a9092cb23e51ce00bbf81a46bc0d8bba9fe3f605f54ee2a0311e1c19aee26c843d7252d90380c9d86f1d1cbb21641bc19adffa608fa5b8260c3dac2e0d8100c870dbafab5e4a5c6e5d4875352ece3133e08d48e03874e6e528b5a43d08c8e905f798f0527cff5cda9995e84acb47ee8544be937fcb64646d2fd2d5c31eef836297e03dca24b159964a70307a827f6e7f3793f6ffad54a65d400926e80797e6050e776bbf66dc1bdf7508812ed0febda774f5eda492b3751ecc76a658241fa64522c5ddef5374787a1bc6f05c84a523068ac66a3ca539da70e16ddea897f96f5d48e1ef185f08436daa20fcb0b239de9b2bb00007eda2dbdcc1f5fdf13998682d66cd4aab3157f7ebcec092dc6bd08f4d107780d3731924cfa067f62218078a2af129f4059d46d7c7bebbf67b5953dda30c96fe5843e8a3c0a15a6b2f210ffbffd476c9c761340616b1ca8a6b449d1e338fd909fd9a84c7338711be1d50762a48299b184482d2cd1884af707668d10c2e1cdeac7c075d7d4147f8aa3cebca93c1b7b245264c0efb8470255152c48d224634580b2ff021457a975aa7672baf13a4ae32dc17e1f04d0b2d9c14831c87e99e7e0f29958c9b584d7b8a7e91f573c042617391aded64bee7dad5f888efc5560fba3f9e41f78094b403abc5d422c8ec70b9a9cee507903f8999487e60d761ef16194e7cc856a01e6b3bc592397ca03becb6b48fc15bf1f6eff8fec8de8785d0fea379efbd649487307bba1530a48ec106978da703e91707201fe3348de8caf2dde1d09942d47712f77de3f9efe5392ef4584a66cf96b30ecc6eed9074837e0835e19065d2ece87d38b426c703b882cec83cbb8b484f6885832ca2587b2bdc30c92c20a00d926473ff36a1c81e58d55549a06fb7b0fdd135ed5f63b4cca0068b2da1b112d4cb043407c21c535fd3c4559322e30469794c90a3c30d8fd5365ce3f432f613148bc7d575c1d2da1d4b068de1366f62a694e976f2e264d449d9e3f90400f4f25c1152d1edb9b09816787227eeeff80ac3f25016de253325475490482303afa87b39adee7f92c03185f8be67fe8e850ee3a571809474bcf462373a47afe1a4592175d110c3659e56ecfe2ecaf2c381684332dc0ea3f76c1799d5c7954ccd01ca4d3cc488e98efe8ccb8757273bbfd0e8f94a18e4bc187993ac29c3d45aa4585253717190cfc16bdfc90cecab6f022b3c9629e4d44cf9460333d348d0df3fbc8ffe61733725ea22c57183b50622f320253d54692c32ba2d1d2272357962e09fc7fa98a192d647ca93d5db9c0560a46a797408d21be5d14c8898fcf1f8e46c2be19eee417f17b5812be04c60a50c8f4a3b96e759df5a25314842ef5834a9bfe3ec6903122abdeb8da1bf146ca5b0b6451b3f6a0cd742120b025ca49bb95c47fb27fae438cbae39cd9b50f76735f656e0c6896c87b91c1ca7444d0de25ce60db81b9b7efebffc1ff24ee9d5f77da9227252468633b8eb995e2645b1543d843262c260c3c691114ebc403962c2374ef59ce6d1dd7c4d22310c5f642d766d41893b993f9a69831f82aab3104c64b08b0e3419ad44686088cd8a4a674edcea4ee9f2e8a02ab11450060f76a7c1954f676de7bf7916699457091eb0ad3b7593e7f38d62f9b56761a915b41d035ba129d1ac466e5eaea76d00c4d83e1754e3d1e6f0093c665d860bcf0b9850401acaba34a0f774300773c4abb90efc56bc7d2ad12d2f58cefa5b5816fcee50a11845a2d5197693ea3b380089219f5a42c69f9a4762c91ae6449e13995f666ad521f92edb3f4b65a04675db8ebbc9a2d1acda5b67ed6af5525141fd7aeef7c58f549ac39255705eb084f4f0a261f43c27cdcefb7d9e15ce63995820729b32749eb8d9432d7c3c25b4b1daa5b645740394caaae63bfd9e18207fccfbe0e2639258229574fcc7971e3eb11bfdf7dc770cea4a9414913067558f7e542cc6272477489519cfaecf51361b7d39540bbc1da84c6e56e21c683734fc3d9e52225695ea370563b153b8dc87ad1199247a23a86046c730fbce29fe99e0cf3e762f6ca3a14b03ff53d4122da0664a31d204160fcc2489eaa9faf030f6d6a43f98afce7f7f7f0cc3a01ef1526dac38278d13431910c2d691a78275e0702c8bcd0f4754b47535decbff3fb2db3d23b95f84e5e6e7fe67c719de9b0721ea53e2c68c9110e6a9ef3251e7ebb22800dcab309c22ab3739b4e88844827542d962c2afb2dc2f02b45094737fb1c3b9543870709b337d9d8f183971368a28a3360aec7c89de83e0c5fbfcffa03c1bc42884a839e8188826b19f3a7e7b82b4e2339d3d70171de92a60e2e1c73d360382aedcc23740c6244d69299dd39e011091b2fae10f4ba3c7fc570b0ea6a5d7b94f0812788ac1842eb6f917ad73a43a8f511b221795b9a625d6b8adab77bb090343acde4930c643b9b60af027ed4e3cc7facdcb175e81d9138db68db9d85216e1afa90c3f3897a2cd7e2cbaf59faa93ac544c221399d0a2c7601c6c63006253c9e43f1ed3f8cdd31f92cbc919b0b2f048ee429baac42f907d36281931814e7f937b51f2c6a772469f0d3d666c5c23141a0af6fb3804479810fcd852f98a5e5df9082c149bc239d37b89447af02ebae27adea098d78409fa9ae873b112684c75d68d447c7fc80a45a726b272d557678da7101679c6a5b4d70f4db60539fd11d1f21392b7922d12781125512eb1dc45db4cd2e64734e3a9dbf899ec2203e1001b3d364663d487c69018cb9122b5f4e1a276d17088df746ba3e7c10e1cad226f6cd2ad90cc3d148c951d32c00341bf08ec7158d22b3375f7ed6730ff9f0af79b1e8efd164b046c6a3df7bcd925e49bf5bb4d16ace6ab925bee37b7b5321da6f3626f33025ebc3814f44a27a7e39c5ecf8c5263c50e5d49273977c1ddcec86c85c41de8558ccc7cc9469f4a5ab104db7b3eaf8951f5315f5640c51e8c49290c7b146688b72e22c5178bb120beafe3a10dd33e6a34b8e2ab0a8d88f1bf2346f06e6cbeb80159f85b69efe2984f3acbf1035397c0e027420c591b2c5115e4c4bc4319b6a8edc2aa62c7600e49029f8d7d808713cc765566440a427ac576e5a2318e0994a00b56b7cf16277887b22693396c28bf734133df5e654971dec68d225631fc669e5619c1c78df3ca9860489a29a5234e054bcd3c543276c07e15a1ca7ef60c6e20359562733c1b3bd15a9c72a8f9acb040f8f85a4f10313a4fc7e8cb8973ae0b562924716d168aa431cf63a5c2e182b48b5519f376de39ca03d5535a5868d2cfff410e3f248de1ef81b205bc17a84cbfebb46deb4e56dcd355d7148a56f25dee5896912ec90124bef2d882e9d4a02769b3abcbc8f367deecce8c22b045f4d7b87d8908b0af7f2a1f53bad8d3f8e0b65b0053ab1e28ece7250ab281bc197097cfe8b2a7cfb552f82869b88241e7d05d24aca325c6f2fad85ce79bfc2aecdb798f40e111189f1785cbbe40", 0x1000, 0x7}, {&(0x7f00000036c0)="38e3dac1cab00feb39c48edfaf42b604f0c0fbeaa30d7023519ce589e4d90d7d171cbe759e9c40819d9946abfa9737e1bdddfb4f", 0x34, 0x10000}], 0x1040000, &(0x7f0000003740)={[{'/dev/tty\x00'}, {'syz0\x00'}, {'+@'}, {'*^:[-,-,&{#'}, {'syz0\x00'}], [{@audit}, {@obj_role={'obj_role', 0x3d, 'syz0\x00'}}, {@obj_user={'obj_user', 0x3d, '^\xee%'}}, {@subj_role}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]}) read(r1, &(0x7f00000037c0)=""/18, 0x12) sendfile64(r0, r1, &(0x7f0000003800)=0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000003840)={0x81, "d8e8f6"}, 0x6) ioctl$SOUND_MIXER_WRITE_RECSRC(0xffffffffffffffff, 0xc0044dff, &(0x7f0000003880)=0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000003980)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003900)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) syz_80211_inject_frame(&(0x7f0000000000)=@broadcast, &(0x7f0000000040)=@data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7f}, @device_a, @broadcast, @broadcast, {0x0, 0xffd}, @broadcast}, {0xc, 0x1, 0x3, 0x0, 0x3}}, {@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x3d}, @from_mac=@device_b, @device_b, @from_mac, {0x0, 0x1f}}, {0x8, 0x0, 0x3}}}, @a_msdu=[{@broadcast, @device_b, 0xbf, "afaf3a135b6bacd8c9b70b5eec9ab18405dde216b1b5dbe70c82ea52a1477c8bcc0adebad8789e03df9beea67cea531e776e7ec441e10995460e4e964678b8b20cae084ab40bef389bb72fe366ea91a8a2b952bc697a863d47c4920f77976ccda9723c4d4cf43164b57e373925d21594ad582b2bd6b7fce0e21d272a022fb63efae8204e2e38180848fd2986c847241f05b4795e3195823f4b17f340c24f45bf4fc33a8b5d0649780bad0b1600231bcd85e1044043b3f52bdd66462c52869b"}, {@device_a, @broadcast, 0xf3, "db7458603e1db9e8b6109ff253176fc3105d34454294a0c36f5e76590ee3b3a391dd2847abe2ef4c4f0762cbb09a37f40675baca0907282ce7dc1a104cb3e91384930ede72f3720dac9976a6598bc0385e0eb8295edee6bf8e31f243b284e9de823dbcf1fa70c6c57d4472f20f031cd4ccc7995b0036d024f051220cf8ccfacc5eef5cc545c5208e0ae0b6fad6956542262930e56177ef3f3fd1fcf9ab7fa104c2fd2cafbfc796da4af424531e825b32394a16b5a90e3b36d9d75f35bc95c7b65c5774b33d1a74464b240d9b4420de3865e4ebfa9705fa606ca422eb0ae33126574d2b01dc83d70c248747087c72f0da02e8e8"}, {@device_b, @broadcast, 0xdd, "d7e9b24c0cc992b18aa2d9f9e1709a8c2fe8b2ceb27a749e52617c6db966c15469b14f6271d9ec1caa537e605d09c7af271d959a7b1375fbada3d47840b8fbde2f3ab2820440ceffb16cc44160f3a3abd70b059e3b321e3a1a48eca2b3819d0595822e17767f5a9cce0a0aa1cf8a1763780943872b127ab559036a8d8703e179c0de7c00dbd055699b39532ec0f63bb69c331fb415e253c26abf85a20b69f33d25a8a066aa10a9c1add202fa9d6cd6dbdaf05601d68e9553ba9ee53931aa193821c780f05dfd3c33aad84ef55098b4b8212cf5d6a43b5a099866ecbbc1"}, {@device_b, @broadcast, 0x3, "d71a49"}]}, 0x30e) syz_80211_join_ibss(&(0x7f0000000380)='wlan0\x00', &(0x7f00000003c0)=@default_ap_ssid, 0x6, 0x0) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000400)='bpf_lsm_sb_remount\x00') syz_emit_ethernet(0x3f6, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="8b73c66e934f", @val={@void, {0x8100, 0x1, 0x1}}, {@mpls_mc={0x8848, {[{0x0, 0x0, 0x1}], @ipv6=@icmpv6={0x8, 0x6, "6be3ec", 0x3b8, 0x3a, 0xff, @private2, @mcast2, {[@fragment={0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x65}, @hopopts={0x2, 0x2, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @hopopts={0x5c, 0x5, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x18, {0x2, 0x4, 0x3f, 0x5, [0x7, 0x100000000]}}]}, @routing={0xab, 0x4, 0x1, 0x51, 0x0, [@rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x1a}]}], @mlv2_report={0x8f, 0x0, 0x0, 0xdd, 0x8, [{0x2, 0x3, 0x4, @loopback, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @mcast1], [0xfffffff7, 0x0, 0x4f18]}, {0x7, 0x6, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast2], [0x433, 0x3, 0x4, 0x5, 0x8001, 0x6]}, {0x8, 0x4, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, [@empty, @local, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x23}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @mcast2], [0x4, 0x3, 0x8, 0x7]}, {0x8d, 0x3, 0x1, @mcast1, [@private2], [0x3, 0x8001, 0xf729]}, {0x0, 0x5, 0x5, @empty, [@loopback, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}], [0x0, 0x80000001, 0x7ff, 0x6, 0x50]}, {0x7f, 0x1, 0x1, @mcast1, [@local], [0x401]}, {0x9, 0x8, 0x2, @remote, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}], [0x5, 0x9, 0x8000, 0x7, 0xfffffffd, 0x800, 0x8, 0x5]}, {0x1f, 0x8, 0x6, @dev={0xfe, 0x80, '\x00', 0x18}, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1b}, @dev={0xfe, 0x80, '\x00', 0x30}, @ipv4={'\x00', '\xff\xff', @empty}, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}], [0x8, 0xffffffff, 0x0, 0x3f, 0xffffffff, 0x5, 0xff, 0x1]}]}}}}}}}, &(0x7f0000000840)={0x0, 0x2, [0xde3, 0xf28, 0x8d2, 0x209]}) syz_emit_vhci(&(0x7f0000000880)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_execute_func(&(0x7f00000008c0)="c4c32d0e45f508c4e15b10eb2681f9f6039eecc4c379617801d207660f38295cd02fd9f6f2ddcdc4c1f811450f0f34") syz_extract_tcp_res(&(0x7f0000000900), 0x3, 0x20) r2 = openat$pktcdvd(0xffffff9c, &(0x7f0000000940), 0x10400, 0x0) statx(0xffffffffffffffff, &(0x7f0000002c80)='./file0\x00', 0x800, 0x8, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003040)='./file0\x00', &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000003100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r6 = getgid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005440)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000005540)=0xe4) r8 = getgid() syz_fuse_handle_req(r2, &(0x7f0000000980)="5eb2b765eb13fe6055adbc43ba06da0624085c4b074ca1075889677f066e7be4de1ade6643e384e746947849cae6c4bd2247b9d0dcf8d74f73c865983a7d81fa418b5227bfe2cae4daabc8fd121243c0fe339f30d7ade9b79e07aa3b492001cbf71f43d192a2b9b771608f809cab4148c9bcb18ad7381adab1f2f5e323a69249bf8f2b5b0e986557da943623a66ec420b9b7bc01434d0a62886d0072f83051bed958843ec0adabaec068e2333bdc15622efd5d7eb68cfdda7de3fdafaa75787f0f7f3a5aae1cfe1faf079f1835be7044f2dee0e2b22827f8ce9399ba9b6d675aaafc827262b701659d34e687d6f0f80666ef60371f36fc8e7ab01b1b1f741bab290b3742bca7d900acacd003bb0e2497a7413e2a94610c93f5b5f6a0affc554dfa696f33a4e07699552981c8f17eec121b798ffda5a81f609005eee8862da633950d1c36b1f57f201dfaa2ffb43bfb89b937dfe89165a783264b5cd393e5e81efb8d94e28ea417cf7f145520c201cd9bc843a78ae07c3a9d812a99b9d01f4f8a60937077192fb29ef9e9cad995919de33e9e70c95c0efe9d49ecacc2817d764b35aceef6dbd7b11da0d56460978a679a765c04642ef7b33da735d607b21ea207ad747b67da1862b7884f773764c5c6b95b0d1fc079909e3a07430c52f4908cb864ca7b48387d9c930387811580b9cead9bb56c5139d0d5c4c728f7667059bb64e223d3e7cf61ce8370276dd31b3bd643e96444afea51787bc0ea7ede0c0576340b3574fb1ee78133c29edb9c63724200f5d8d1fa9db4fe0cf9a3f0517fdd936240d08ca3f4815c562fa40c50292a8cc67af02555bf5e4210efabee952946cb5a3b719ccafb90c5fc31e28e16da6deb0c2657d99b2e30ac6f59e6935c8f3de5abb5a6a9eb6d64638131fa73639f95dc71d11a644c6ff17e26665e820556178bdf6f91c52fac27f2d84812e9bfd4c53e757ed5dcc5a3c58f4f254a11ad8099555fbab92d9707e7ae249d37b672b2f4666cc35ffe53a0f5f314aa7e329addf60e864986682e58dee878cf3e66b3c1b8b0457021cbbe9542df240104fa7945d177a8051ff42dffe47e952caa5b334386bbe96140a28a74cd3c4c666dd6174994bae6c323bef3cbe97028835f03b49d7c496913ec17272346e050c75c58760acbcdedfc774b34b19f199c40e02ac74177e3f951a007abdaf00fd7064bbf2cc444d6b6d2b233e1fd995feebcbfafaaa44edd739b7a9b312b0823bbb228823e132fbae576968b7e7ca5ca0198daae85da7b50002544a44f948dc5f48620e3f99145c8727fee501541ef119b20085e364052a045164e79579553ab1924a5e67ca4bde4390313b76a6abb950e637b6bd3ae4d341ea362440e134185304e36f08691027ec7ff34d718825393ecfd7557c82b7bda4d24b94fc53d577b31657b00e8303803e6f15e17a79647607ffa65649103ad6ced040a842224b22226cb03b10e51e58d695edda77da2d784c49bdda43adc0f4e15f3e2e338836924786b90b2f7442935ae338e344fa4c0d9e3d74871d930d87868a269c984048763e1c438479b20fddbc61d2488d70ca8747fff731edb679b88bf1b17621d3276151fd93a9dbbaf1a83e9a80f75ba18ac3ce6598dc4e6b0562fb0bd479129337bb1c3a5882b2d626edd90d0b1e898d0f1e4f59893700c241e0c4363a4441073840000470f9e877d0bacdcb6b21875e75b50dcfbb2bbc0ea8fca0a91dcafe69b162aeef4f7d7fa1193f9eac44d4eb27377c3b72ac19a901c6e7350e1648146090179fa4b7f7aaedfb75a49deeae9fbec2f30c4444e3bd5ad6fad82bbcd24bb6d259685ca0c13e52a590d27a731a18b09d3d6bf5e81756302b85251c85d30487295eb2e42cd788231eb96979b5c113c166be2f3b6d24474b0f56ea5cfff4dca9284e5dae7d1c2b6aba7807e889697c869831c908b206b8a21dbe73d06c0aefda449f4daedd68b676f22814be2d90a2d06a39f997fdcef3a38f98396d5bf369900f9fc0442b204ceb17e432c28087c42c84c17f1a4d04f6da546682f31d75cc289e0c8ea4058c03550fad5def6968541a9d372bcbff7b943d65a7f485652e4437e0a1602057ef0ceefa57540a11d5b2b8b6518c3c9a27cb27562941f2f689ce240396b4ad70dbb2cd6e4e1f33e3279c3361b9d9903a9b6bb017ffc719758417e4f984855692acbdf9392a9b19673388e760233fa0035e0c2335e77b089eb40b5cd8f0325f64e080765808052869f76b39b0682e9a49a95a4fd0b38bb50eb214e94919d486fb7bb75acb4dc5f04e7a7e311f204df404c62c664179584880cb8bc7b8baae8933c2ebd70af44451aae3d51d4290d90b891106877bd37752ec6118d972a1b0a2931d433636da7b7250a0edb59d9ddd34cb48b34a62ae7e595f18d80ca2c2ddc2aeb6b6f6b800c8653baaf696bfd60c85e5e3328d0d9baf0f558b3b8b8bff24bf75db2695d59442757cc0cfcefbbf1708fc964a1251f55328832468ea73c29be4bf5d0de2053f364d117006dd3242e04dd471ae04ae22844978242ed47361be4a9a13133c7ad5bb324afcd29d9a074440724ebb56f5d9c3a8e4559d3a5a0f028f1d72ff2562d483cfdd79eb32c90462ee790de2476d9d061b607e680b41500ce691e48745b585517a539e70d7ec555e196aa8d69e45a36982d28a21409a777ceeb53318c20713e3cb62a98c28f524b086909a03075c2010da34bf7b0e6bf58505d301442530e54d3d13f0328f97a1dd2dd6da68429d21376b772d5a1603fb4c4a40f6b36db26a86f7c2dbaf704e7bcb9fc96768d4b53bd134602b753b260d84d9eeac6a24a51249dca0086b95b57587128e798eb62e1f01ae68e660cf6ebbf332293981620684b7e3b04750fdbbe2ecd8e9b6375248882253c2dda8a4d9c0f6f5c9d7c6bdb1fc11eda1dc4ecc0b9f3dbdb62e4078e46f6b10608f34c34f0a279c2f8f3da5be49e3e58e971e539bd63bacb6d8aa554ea4c78a49abadeec98db1d3ca3bcb40957cc0e942fca1c9b51af04771fda4af358c9ed6fe7b737a6c61abe0b628920fb8d0bcd0b65b718163da17804cb1665ea9821c828f6df655193774156721006b1f51487ad19fe92b769a9fceaf2d4124d8cc9a5bef28e98b996c28c8a99e352380531185e5e56e693641ef51106d6cf4e71ab317c34e93583aecf50f52b53e63c9098d8c283538c7cc0f090dfaf523e6082c65263dc8d1de4776282a3fc1bfc5909991525f56ac0e6d3bf0ce7aec83e40074de16fc9843f3b099b59b9f90bcff6310ed6dfec974587ad646ecd90c54d449510b7768dd67cabb305ea398ecb4261d26d4d7e1204e20725603243279a18fab01726719f771822627bafb09b4caaf9484f1d8fa5078d021b9cb86556830797319c6491d71c1153b63658a5a952a1f84f0ced9c3d1191d71a0b22e3f618f87d98c8991265395cb90765935034bd6c9233d41f9fc6a90bf697c15fd2359787df8257ca8e9499b3a7b837121b3367306ba3a36fdea6000c5d0f7759371702c7ad6f9e5f4000725f8e0b330a494392f7408dad615b14f77888ceb73959965cc9a93e9e3b23b9343a4cd4104dc1f3f1a64cb45697926704879802493ff04a8144ce6d805087fa96caff9b97631b52e4a365e976c90e2ac08826f8c297ef2f875722b44554d9973f4aa55ffb03589432109e6832dab7fc4732d303252dd1d17a2d2451ed53dce41ffbcec65983c6db3eba81462e522ae7ae52d751300a4b131170337c6d8c4b692f5429118af956e1c15e27584f768255c3ddcb469212ba8ab0e1e7ee0012f58f8945827994ce1ad7d173dd1cd72083844b721a1dc13000dada1256deab79b959a495a4d1b5fd028feaa0deac90ecfa59b1340456bcaf31f57d5a883490125796dda6d378ce83bbc137fe54b83ca9c4f819899d308338d65fa87d906255d6573a7a490b00100eab699c0dbfbec54b54224ceba3f5d1fa4096063f33165a158a20ffbd1d5b8fd4d9d39cb94a0085deaedde02a2f1e90a96af2223315101af3fef8604337f648b8c34216c3e7ba8c07d82d23bc0a96f0dab2abd2939265bb96b6451a2ca93585c82aecced337bd66124847a406ce8ed241318e1a7fc2cf289e1caf26ea5b72aaea0457e208a241534c78e3afb6028e7f57891c2f05f4370fc50458d16e90d031cca186cc12b4543b7f25fa72916be3acd7f6b5f0cc24f44248c0fa9c6dd595cd72cc4c84d35aa6fc3b1ec0e7a6b0408a1a53869681d27b1122c3176a04eb3aaf6258849675a994222d506828b4c1de9ab17ad4bab5961d524f0ffe54d29002c3d36c94cb3ab16581f59d014671e1cd5fe24342f17c8f178854e0eed5f4a3db07ec2ea7c671e2d78538bb8a2d5dcd94b4c6ebdb9a4929e85fc6de213d6f356228d9ecfde962c0c3727608f670e812ee2fa14e1f0cbf0186f6afc10c676f911be3b1cea3521f47e8fd4efebaccb22ef3757613ab319c40b70eee0cde11a3a166f1ee9415328068399836c8dc384de21e0a991a8bae04bce7962ce3b82d5516fe91d8ecbc2dcd6e2711c6c14c8aa572b5fe039e1bb4f163a1a8186345f54157c56672b33470711253476c2f6e4d74be06a01885debdb84fc73247a54e1511b83b3ae1fc15e5bed921f1937786f4364a7d4d6aec09667d63aaa618bddaaeaa2e55adb5894c4797d16d3dd5d35a716ef05233c4ad46a621195cde3a4f4197ea4396ca62712ee3d029200383ad9122d94b608b39e1ab024ea673eadccf983100d59b17708722d9ef02669224bef7abdaa0b99bff39957b7ac41599c9b1833f7ce822fdda0bea2dcb7dc7d24bd20df80b6462162447d5e28535a2fd876ffd78e90dbdc74e49af647c9dc696bdcced0840c2320f5ce0b6494790832c972e28206f432ad6cddc304f96bf48ee6f5a077538eb06d94383bf4fbf332abec80cdc7834dbf87e28f06ceeebafcab3f05f084bc4cf2a069701cdb332403af1631b5659a9e668f0a46f68e65ff9a314ab2a540518a03893c3fd2b1bd9f5e9e7f6ec49f585067c4aeef0b91b1ad29f2acc132f6b1a8dda2da36a79186c8b13b6fed070c74704bdc4ff11321901c71598fdfb36e8482bcdb01ee808afb54b3a42c69a18950d14fac2e3bd7721ace3c9a03a45f74cf2df6f4c924441d8700c54b5a12212ca3cdd648d079304cf2cdf460a36caf7f521494805401dfc67bde2061bb239a7019ce76c4f44cb0e46c55cbadab9129c5b457ec284b22ae3f98e64fc8c75df095c3ea3ea0cfb59ca18090b03f9358e9f11325e72cc24ede8f0511cb6f8af7cc2760654cfb8a7e7d5de97a83079bc82d88ea728516e92d321092fa3bdb9c0cf71aced2ac1189aad334d1b6bd971ba4053a43bc7f0020a2f1d6da34690d0f76358aa1b1631107f7f2af9890007b0a94277ee673b047fe809a5aa7fbb7ab88d110970c3dff44de1d7dbeb2abfd280e66d1de4864da4d54addceea69c8fa5d3d4b1147a18365afad33cdc689d73cceba4d8f4ee08b6264aeed23f585578ae15d14f3a27b488c24d6de8cd8a9de4a2a89fc9481ba8e10283a4d3a26e989bd80597862e238b714aa776e01cc90dee689c8435c814cfc72a530efce5dec384797a951439c30e096320bd504d3fcf4f7214b6d8ae4fdf73eea4591d444dd1ea4cdaab8ce1cf9555b4dd70f1bb46e18ee02cabd74cddb696af3ff7cc95b1339a6b8e8bafbc29c64f09fb741389ea6f5397a85add8b26e1f3a1df950f67bde9f9871a0e360c3e7669ebede3b7eb32ceb35ff2affd8919522f075933ecfea2cb4becfbc85bbacc95fba2c6f54f890594a6f6b18965ccd40ede58b4eaf8b0d2b65b0369b3dc6c7caef3e4845b2c42ee40ddca587925029e7d91629add84ea7bc72be33bb034214555cd5505568093ec7248156f58c7f0d3055762f8f4ff6f864bd9548fafac4db8577530f3a6d673beeff21ba7c9060aa0e066832937f1eb617cb21ac24e0d8699547be5663a8117a40b6d881dca19e367ca02d28774dae74df50aa99445e37c6c16184467d496001242329db97a2adef66425a9c6bd377d8977433a03c72bf10b548b8aebf0ec38eb8ce145fcb851541405ee8a3ca9b3bc603a382af598f0a1756592b3677c469ff86e198cdff40f493215a32c2acc72bcfd0e3e4e57bec76dfe565da975c691d66935d2d7b52941462d41bce4c00915d283417032f3a894249f801067f3882fda77905d76b76efe1028ebbf14977631f677575ddd409df3c6c4019e995a9d8d1d8a8c322687632f1a9505adcbd5afa1389f941dd0f68fefd43ec24a257076a3a21b7363d7bb518df4a282a4d9eed0858d104e85c5e068dd8012d73b516656146a78e549adbf9b32fb9f5f7ab6d43879d96d1cb973596d044197e08c4040604255753297a3495d8dff255d18abf94b8704a8ae1a48353fa85e5a77becd10b6ca007b77dfefce398f30b0c27ede99e8e6bb0c7ff65bdb00f224622d691f478ce6e37bbfac4ce1ce373070f954370c74c09461e2bae4385cd5deee87ca80ad2c77b99e7bee5afa3f0ba52494f59da1426c4309f391516354d57b0c7c4bb858e382f041d6e9188dc133bb169321e00d02efddb461176774fd6b2c9682d7ad084f6174c53ab7408d3e271d28e308f7cd478c2fe8d6793deed31debb090b874b12528a6cd368acf5a5c4cc3d30d2aff00693786687686cd9b97cdfaa3a67729351b2373ddee18ee3f056b6c0da439d62eeb408031a4d8755de3cc88415ca4801d54dc565bb53228dc215dd746ff5385453fdfc8915e872752f5ab3656aa8e1c42dfbf35e49ac9c2013b4a493ec10ad7f512922b8d3d82922ddbc018953cb7d5191af08ab669f80425f4f459ee650fe094126434e886693092c53aa346993dbc1ba274d2d69470646e633bdc331431913dd49a0120e1b5e212162006f9a01fe18e8d8b57cfeb398e19b4b8e970fb0678521caff33a7a01deb17e72a920a946896c5392e84bddfde75b7446ad4249bef2697b0c5e72f3791f0f44ac1563769c8ece5f1de565bbae2e5730294b3d6d85787dd6f7abf84d698e77ee80ec53e3751e873033af16b5ed4e2c99b7e6e652bb0eaf6701aacb2bcb597c32dc3f7d9c4d9463ac08db0c63db5fd88d0e518def188a2fbe8d6bfa698628a8cc058ca99114c40be8e1eb4c05364278d0ea4dc90b747cecd85cdf847a50ba2adebb6d107a12613e198d1b10c6eb323d50c75f781fe39c1d92e46da77fed51612a369c4a6aa54050d677e9678039b29e10c46ff05f3536f792a72d80f0eca5a416b19643e1d15247f7e5157900c1742b9146e0d9788eb9ca653897c7c647149f0bd91b16ea1a5e0549001ba2d6c6e39cf8bee39274d052fe2ce7f4caf6c23644314335251cca5c2ed134aada515e734e0af9c0ba59043dd12aa227e8f71d11833cab35b77915ee6bf0d74982d155f74fbba9977f75d37211770df8102e1d523b97c65e69bdffb34e00dbd6d5827c4897934ff51286940adbefdbe1a185a1ca32f668bef23663d9af58655a928538e084f59fd899c490253d337f5a51d2c2c1da36cb8df43034a988104c2abd9d589fcf964ab9114a40415c8e99bebfe94c3915f9d908bc1c9000f0e9e94012d998c972cf018d8badfffa80209f1937fea78ca839572b0a8e6b7816b6d89bb84ab2ede0fe5ff0575ec9d674da236252fb92ff4febb9ec1d915d97c4cafffef1cfda6d199365b77016daae60798de8a21c1769b8d79bf57cd020ebf5730fce994b6b3099800d864966adf830c8d2658c804360896e11f360da3a92cb5c827213228526c63c262c30cdf177fb0be401b394a01775c254da30c5ff4fc5b45f59d60e1578d67245089828b0693e5a6f5eda5e917b9d33b8b36baf055269e9d5319d4fa3f8fa5c31962c77bed1b0a7045d980c03b0df15d1e3cc1ee3175570d286004f10ff6b922da1e0af3ed41099bb175678f6c4c29bd5b8555edea3fd6559a6228b3924b6245b66f7d4a6cfbf7e55d3a9a9023185885bbb1e9061fbe3621beb1e7e31205d828710267efb585073865d0618f4edbc9c5b606a79bff7eff1e534393e3dd040174b21fc012d6b2ab928976eef114b97502fb02225572b74e852f568dbcea57a8d378c54b217287eac9090cf75f10f474b1651782ab8e5f015de5b665e046f01d04efb7bef840507f3e45a385a372422af573d064b1bf6b0fb2796e88a883d0024b5f74f1118fd7cbdb92a40a83459aa29a77a256274df3a72f539b028c1df8686f4630c7fece68d1c01ce38aa613735a591f91f42561ad297e0872efdf3536c88ad5159af81048e6378f2a42d915c9721e0875fe0628ce4fc609099c2c19e681280e83ee969ba93c956fb2bc4457c2b2ee35d9d5bae561814d8f868e28987371550f57faec5af2f52bc7dbde1401b6729107b405b2873689c9e43fa5ea8b483f7556cbaaabb1c7689b0a51d757743ca292ff74e9c021e5513f94b7107a8940a98ddab5e221fd75c13f19ae4006866eec1a8320ab02a2def573858eb7253d1fda73b7da031f12dc013783147095d545abbcc6c8cc98748c007f2e61a02c750b79866c743d0f98c703ee3c9a2ffe44104ac1a22d77ffd1e607c8c4265bbd8cdd9b7aff0d0c36aa5981ce881b9f3895b4da88a653d4712a8431f9e14e0bdd137735bc1c2b710ba5126b6a9a42bdf156915b152ee1758ef56b8edbd4ef0b9a677dedc3a88b00049a0d7444b3aef2b4e5ed210c5fc97444bd3a4690ae44adfcd4fd85cc50fd55c3d6efd1c7270f46c93689d18f92d0462c62b2001d8ccbccee0abad84daf12a8f3f390d23b3f4cce1237b5059bfaacb994ea871c02fd32056aa3d68258027dbe56bb19cbaf7a2f473492e2c6643fc4bc01df34967ff10092530c5f965e1dea106188a9165a43e61d060107e5907a5e76039e11fb557b17f74e99d6ba5edb86daa24b201f89f51c53b4e6ea0e74888ec9afc6e64c3344ca561a56ece3c286ee4eea87bbb011d4bc856cb2018f009281b89b95acb76684eefbe628b3b9c93f654c15c1aac2769c67f27e1f3d6ca98d80dc3077b5c4e4d823ea40c258dcbb891ff20466c1462080de73513509176565feb24ef8413dc7dfb53b10ad4e5d683d26c742ac8efb627339eac06f2f56a55e4522b670ff6dda3917ef7b00fe14a6a52dc9567548e98f47cfa5e2b87dd8e1c2ae18d0c14356db45db78e8f8b9dd141ee942543d271c8cb5b9775d2c55c4b732d838a3b73d675a350957e0a70438d6bc3ab116f4d45f5e5bcf1493097ef19e13239d97981273fa9ae9d1a94f417c3c5c240a27cb07ad05a6526e6c8b3c68bad2c546fc889c5fb3410697ddf58f78e9296ab0c725882566e185d1dd88430766e332f1f0c87d2e359f8ce2c28b8c7546da95a1ca7897e43b7bf583d12cd46f7f910bfdc1a1c129f1d83d94678999c3d81dca8f74f87ba3017f07222f510c1a7fe8001fc3eb6e8a0b46db9c002fd084167272355da87a0fc5e37feed0c487d603bc1297f1c6dd88dcb17f17fd38a5ec72d0cf50c8c8dc69081cf608460d5b1342871abcbec20323be7f53690c5fa640816cc3b2b3de36870a8a38905dd51ac63ddd922d008f84b7cbd062b64c5ab22115b4889b0e9389048f6a7bd28e6a7893caa6036613c9f5f2ec2928be1f4ee1cba0b0bb1691276a4db24669fb085e54dc77e815b8f5afe80aaa38acbd11430d956a37911b0216534bd9e2893a2abfbcf4b7aee56c8ffbbb08166773d8dd3d1fa12451f393799aded8721cbd93e4c9711defa5509840dc73ec5f5273431da7e6324b056cae48e1c14b1f0e2cf27a52980d4c67e77a565a44aee8ccd622781b35cfa16d36eba77f9b7f5ec8cb474f02bed016982a0dca0960e094b3df6516837d5015680827599c89542544a3fd363aa44e79f3ad00c87d8dc1422b0737ca9fe9179d627a1f22800923a39df3a59e15770ba57f1e12aaf41bfe67bfc5483dab32820364a5d4da8f8ae62b05ba23257bb1577f5ad73f0b0e01633da659f7d28c7e1e39f86f5adb5bb3843abbce0a769c26c28e4ec88cd8d47e46928ebf51f4c23c69fa602b6af61dcc74bf64b009e96708c4c7426f35d33f7dae81e33a69e12ef792b1f25ffc60645a1963e67c07e15c2ebdb548ef8b2c8b0dd9725bed66e22545ad7914af7864478a7993b2c0e0ce590fa005104c6937e540758d25a509e80aca8137b717ae9fdf80ab906d9db4aabb229bb3d35e27b324aed11eebaa8ed3dc7704abab39f58562ed9b5c8a37b092ebf3fde22166c9c91bc57a2c62d90a87cffe7d6c448321f843218e404a4d3688d7b968ff9e823e0b900a146a7f3af3d46e9a8e7d17b47cba2504e1e1e7ad960dc481363f16fc979bb8176797ab1cb85cca6724274faba007e878098034afa0042ea0c1a654b42e1cdf7f71048e24db691cdca72f52017c6a0f5c88d0cb1e1c260e8879478d8e2bf97ad59844221afc649c881e7950de7dc85c430c18fcb5c8d359c2c239b45872c6555747438ca49b55c327cf6d705f80b396d9c020db57f6c53701bc968fcda5274c5134b23f6fd223dcee7ad7962c4e7f8b301a57165fcfc9a5ff822f1c24a7aa5be7971203457af1c95d47eda667d8c291fc21eedc7e8e5844f967a9fb4479d2f94e4dedd0cd5457781d3e024fcfafaa8b67e4895855535d1fdd4be454bed97c3cf2095a166cc652bea65ad6368929bda70f69dc36c689f5923fb026a8257f851a069994c04cc41a8b15979e473e5533240d3cab3ba953f20019e017d44f741d95a9ba35886c7a3fed463d242173d6af2502230ff733c3f1e02782274e64ac70850dc34895135bc859918cddec6269ba8361009eff46407715f30879508fea8cc9c081b372f488555278fbbaa80f34ce79da910212961a377c85b61e36fc375431dd6c4edf2c4bb801a0fc1dc1fac3c2f4c01099624959392ca0b6bd47cb008dfd39b2fd927f40fec137b0748e19840c05754b7d8e0b27d62086128fdc329363d06b6e7cdc4360b39df2737b5973a8c05c72e1ffaeb09cad6719224f4fb80794eb00f4092f623e5d27a11402fc035eb9fde88276f8ca16827459592e355d3c4e6c792e5487c499666d96ea5c5f9eabe173b56223cc71dfaf0d88f8b805110871f89f399f84463023f17d86249af647b83f24e90483bef551f95645dba6607f66b93a6da349ea07318b6ea59adcca1ed17566eeabf62b21204a8fd1a2d983fd22d2eaf9acbbb7a20bde391a5724f096d204d340b56212f8b7f5141f4f6ed72b134eeadf1f27edff371424b40820b26747b0baad376dfc535a417be78aabedf33e978c0533b45eadf5c24a1a069bc4945cd00a52aeb35b539ac0847065cd01dfda634cb9d7222a60eafef0f483ee5ce52a3c908b4ad4d20897b55a880249fe9bf4129124216f80d4789ce2f1b97c9d3892c506580a68ff2ce35caad03126a4adb9a194fb86bc72bce0e0bc4700950d20cd4b8d670ad2151cde5fd540e6a1d871a430c1a333f020c957cd4c8b4788b4bc93d8dd2892f5d8a350013c62dae3747384aa487e00704910b3f7542c", 0x2000, &(0x7f0000005c00)={&(0x7f0000002980)={0x50, 0x0, 0x91e, {0x7, 0x22, 0xff, 0x1124872, 0x6, 0x3f, 0x8, 0x1}}, &(0x7f0000002a00)={0x18, 0x0, 0x0, {0x317e539f}}, &(0x7f0000002a40)={0x18, 0x0, 0x8, {0x4}}, &(0x7f0000002a80)={0x18, 0x0, 0x5, {0x401}}, &(0x7f0000002ac0)={0x18, 0x0, 0x1, {0xfdcc}}, &(0x7f0000002b00)={0x28, 0x0, 0x8, {{0x2, 0x8}}}, &(0x7f0000002b40)={0x60, 0x0, 0xfff, {{0x6, 0x10001, 0x6, 0x1, 0x8, 0x1, 0x32f0, 0x7}}}, &(0x7f0000002bc0)={0x18, 0x0, 0x4, {0xffff}}, &(0x7f0000002c00)={0x18, 0x0, 0x1000, {'0%)/W({\x00'}}, &(0x7f0000002c40)={0x20, 0x0, 0x5, {0x0, 0x11}}, &(0x7f0000002dc0)={0x78, 0xfffffffffffffff5, 0x8, {0x6, 0x9, 0x0, {0x6, 0x8, 0x25d, 0x7, 0x8001, 0x400, 0xce1, 0x8000, 0x4800000, 0x6000, 0x8, 0xee01, r3, 0x6, 0x1}}}, &(0x7f0000002e40)={0x90, 0x0, 0xfffffffffffffffc, {0x5, 0x2, 0x0, 0x80, 0x1ff, 0xfffffffa, {0x1, 0x81, 0x1, 0x10001, 0x7f, 0x5, 0x5, 0x2, 0x0, 0x4000, 0x3, 0xee01, 0xee00, 0x6, 0x23a}}}, &(0x7f0000002f00)={0xe8, 0x0, 0x20, [{0x6, 0x1, 0x1, 0x7, '\x00'}, {0x2}, {0x5, 0xfffffffffffffffa, 0x0, 0x20}, {0x4, 0x2, 0x6, 0x9, 'wlan0\x00'}, {0x2, 0x5, 0x1, 0x0, '/'}, {0x0, 0x7, 0x6, 0x10000, '\x02\x02\x02\x02\x02\x02'}, {0x2, 0x3, 0x10, 0x3df4d00b, ' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f00000055c0)={0x510, 0x0, 0x0, [{{0x5, 0x1, 0x0, 0x2, 0xfffeffff, 0x1, {0x0, 0x141, 0x4, 0x9, 0x9, 0x4, 0x7ff, 0x7fffffff, 0x892, 0x4000, 0xfff, r4, 0x0, 0x4, 0x10000}}, {0x1, 0x8000, 0x2, 0x4, '\xff\xff'}}, {{0xa00000000, 0x3, 0x8000000000000000, 0x80000001, 0x6, 0x1, {0x5, 0xa0, 0x8, 0x7, 0x101, 0xbc3, 0x19f, 0x4, 0x7ff, 0xa000, 0x1, 0xee01, r5, 0x8001, 0x8}}, {0x4, 0x10001, 0xa, 0x3ff, '[{@^/@+@<['}}, {{0x1, 0x3, 0x5, 0x20, 0x3, 0xffffffff, {0x3, 0xd4, 0x6, 0x0, 0x1, 0x80000, 0x38fa80be, 0x6, 0x400, 0x1000, 0x5, 0xee00, 0xee01, 0x10001, 0xff}}, {0x4, 0x5, 0x8, 0x4, '+!\x9cR\'+%\''}}, {{0x3, 0x3, 0x200, 0x5, 0x55, 0x1f, {0x1, 0x34, 0x7, 0x4, 0x9, 0x2, 0x800, 0xffff8001, 0x6, 0x8000, 0x100, 0xee01, 0xee01, 0x0, 0x9c000000}}, {0x0, 0x1, 0x1, 0x400, '\x00'}}, {{0x6, 0x3, 0xa3, 0x80, 0x735, 0x9584, {0x0, 0x2, 0x7, 0xec61, 0x371ca83, 0x4, 0xffffffff, 0x3, 0x424c, 0xa000, 0x400, 0xee00, 0xee01, 0xca, 0x3}}, {0x0, 0x7, 0x0, 0x80000001}}, {{0x5, 0x1, 0x9d5, 0x5, 0x80000001, 0x1000000, {0x0, 0x0, 0x6, 0x7ff, 0x8001, 0x8001, 0x6, 0x8000, 0x1, 0xa000, 0x10000, 0xee00, r6, 0x80000000, 0x6}}, {0x3, 0x7fff, 0x6, 0x4e5, 'wlan0\x00'}}, {{0x4, 0x2, 0xffffffffffffffff, 0x10001, 0x7, 0x3f, {0x0, 0x4, 0x7fff, 0x5c, 0x5e, 0x4, 0x0, 0x9, 0x4, 0x1000, 0x8, r7, 0xee00, 0x7ff, 0x9}}, {0x3, 0x5, 0x6, 0x9, '\xff\xff\xff\xff\xff\xff'}}, {{0x6, 0x3, 0x3, 0x9, 0x6, 0x100, {0x1, 0x101, 0x4, 0x100000000, 0x2, 0xfffffffffffffe00, 0x3, 0x9, 0x9, 0xa000, 0xfa3, 0xffffffffffffffff, r8, 0x1400000, 0x9}}, {0x6, 0x0, 0x6, 0x5, 'wlan0\x00'}}]}, &(0x7f0000005b00)={0xa0, 0xfffffffffffffff5, 0x5, {{0x0, 0x3, 0x2, 0x3, 0x7, 0x64b, {0x1, 0xc2, 0x9, 0x5, 0x8001, 0xffffffffffffffff, 0x2, 0x8, 0x5, 0x4000, 0xd0a, 0xee01, 0xee00, 0x7, 0x1}}, {0x0, 0x2}}}, &(0x7f0000005bc0)={0x20, 0x0, 0x7fffffff, {0x8, 0x0, 0x9ad, 0x3}}}) syz_genetlink_get_family_id$SEG6(&(0x7f0000005c40), r2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x100, r2, 0x8000000) r10 = syz_io_uring_complete(r9) r11 = syz_io_uring_setup(0x7811, &(0x7f0000005c80)={0x0, 0x29e9, 0x4, 0x3, 0x25, 0x0, r10}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000005d00), &(0x7f0000005d40)=0x0) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x80000, r11, 0x0) clock_gettime(0x0, &(0x7f0000005d80)={0x0, 0x0}) syz_io_uring_submit(r13, r12, &(0x7f0000005e00)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000005dc0)={r14, r15+60000000}}, 0x6) syz_kvm_setup_cpu$arm64(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000005e80)=[{0x0, &(0x7f0000005e40)="551e553401d8419ac437854e7bd6033a54214a9bd5bbb0af5b8dfb214aa84f75f60fd2f374a02bcacb654f2e69f719794863", 0x32}], 0x1, 0x0, &(0x7f0000005ec0)=[@featur2], 0x1) r16 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0x1000)=nil, 0x1000, 0x4, 0x100002, r2, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r16, 0x118, &(0x7f0000005f00)=0x1, 0x0, 0x4) clock_gettime(0x0, &(0x7f0000008240)={0x0, 0x0}) recvmmsg$unix(r2, &(0x7f00000081c0)=[{{0x0, 0x0, &(0x7f0000007580)=[{&(0x7f0000007000)=""/104, 0x68}, {&(0x7f0000007080)}, {&(0x7f00000070c0)=""/15, 0xf}, {&(0x7f0000007100)=""/224, 0xe0}, {&(0x7f0000007200)}, {&(0x7f0000007240)=""/230, 0xe6}, {&(0x7f0000007340)=""/99, 0x63}, {&(0x7f00000073c0)=""/69, 0x45}, {&(0x7f0000007440)=""/106, 0x6a}, {&(0x7f00000074c0)=""/188, 0xbc}], 0xa, &(0x7f0000007600)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0}}}], 0x18}}, {{&(0x7f0000007640), 0x6e, &(0x7f0000007900)=[{&(0x7f00000076c0)=""/121, 0x79}, {&(0x7f0000007740)=""/169, 0xa9}, {&(0x7f0000007800)=""/5, 0x5}, {&(0x7f0000007840)=""/157, 0x9d}], 0x4, &(0x7f0000007940)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000007a00)=@abs, 0x6e, &(0x7f0000007b80)=[{&(0x7f0000007a80)=""/115, 0x73}, {&(0x7f0000007b00)=""/15, 0xf}, {&(0x7f0000007b40)=""/19, 0x13}], 0x3, &(0x7f0000007bc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x44}}, {{&(0x7f0000007c40)=@abs, 0x6e, &(0x7f0000008180)=[{&(0x7f0000007cc0)=""/153, 0x99}, {&(0x7f0000007d80)=""/250, 0xfa}, {&(0x7f0000007e80)=""/252, 0xfc}, {&(0x7f0000007f80)=""/193, 0xc1}, {&(0x7f0000008080)=""/96, 0x60}, {&(0x7f0000008100)=""/65, 0x41}], 0x6}}], 0x4, 0x2000, &(0x7f0000008280)={r17, r18+10000000}) syz_mount_image$adfs(&(0x7f0000005f40), &(0x7f0000005f80)='./file0\x00', 0x6, 0x1, &(0x7f0000006fc0)=[{&(0x7f0000005fc0)="97711a3fc775d9b6b802d75cefe34e560dfbbc1905df8452c7c061cfbdbaf76ac0ee704fdc1b95576e8398715ccac23eb622406fdf86656d8666d174345df15cc279d6bc46189f9e9103c8b634306a9dc5121354037abc836af32b82e0eb9222c5b97a31baf700226f459f1593e594220d6eee2f7bd3612c68996c931e01b390867ecb7db73fd1c8baea0a1a30719c09c81706414190c490236b2756cfba38fabad49c002cddccb22a79015cf6c9d5b81197e3669f1195cf26fd674cef34fc2517dd561d625d37f0093669e68fca1ae7327c53a8d8fe8ce089ec5130da3dcd2c1be47c5d11c1e607706dede98d3ad0347db608bf9febfe357b46fe05172e7abd5e6a5755ecbdb7294ac660ef999961aa2491460d2ba8c47928fcd02e294c16838adc1c5aa0aeefc279793c1e9bae9dad1bdd674fbf94f64d5ee586b857846b2c3e35cbe0791f3f0a4279ec2d51fdfb3a9d2fd093ba29d743eebb0646d40af932960b4efd52dfae3724206f13839b1e9dd3561c159f7d1a0b45dfa655724164ca8ca40178aabc9f0c270cc0c2e828dc2842fb2372abca8d65d3726eaddb36d2772fc42a5a609dbc761a086dd8405f0c0a7c0bfc14fea91cab423fdbc944ddbdee214c248ef0c8933c80f3ac68a3cdc4ed5120c7be1f0418a0ddeee94ce8de7a07b94d97a9c72e338eb9cb871567608b49031f1fd07e5c5cbbc2201c4876885c1bdccc2bfece71de73d6a710c96a675de4b578e3a0b84d1fb89bed531e1705af867b10b7c92328a06bad02c573375d500a4bdc884b55652d7f1cfb31afaf0b35e98a58466b80a2a4bca2d72e387f8e94519a43734c385b698e08b0ee1d9805c392acb76f980894df9046c617f62a2361062e522453dcd73176f786ef2ccd7a05df8b44a6f93135d4888fdd510220357f1aeccd13e1fe10292673f981f420d9859fa218b8698b4a691e699c28a2dd46d3978942192ed51d212669458a4dc3d381d2c3f73cb60bfecb8bf0e1556eaed9ffca5d0f7c9f6152f4fcd5ed86cb6a565e4b6b1c9e7efef1ccd28ae7091abd84e8431ec08ed83a8bbe56f9e12256d0a05b461d9f1f4bad4b0e8734c47d12124c406db2c033ca10634105713df400fe668d74c10b9546fef03d29ee05d4e3e832ede103cfb890c8b0092a58fe32a0b105896cefc83a990c3b6d9dec09e4beea8040b29f9217e5577fd72003a1dc4667fa4cf3bbf2985f0aef84b45569a087b7f9afe824f3c59b40cd0d088c16f4414240a6ebe24aadc402cc99abf034a48bda6a2821bdf294658e2782326e1696a8878b62be50b8ae8d003e1b6b9f5f26d3f21b1422cf73ac7292638e57da6fe3fdadd7786aa2d7406c0d84554547d9590ee9e1705428e00ddc33250a116b9737c8b013a38c6f5e88275b015f1c0996b06ef4467fa0468e8f4a498b56a045f894e45090fc1707481bef75f601d95e67b963b6ddaad7511ab41ef4c9f651c70f8ec2f0cf3b62bad74e2492a39fc1f81da697cdc353de9589cab54a16901a18d851bdc26239a72f9a787fbefb3fc3f5df149a013c4f8c8b0e98b8f669f62fbe09525b46469b1c7fcb91e55735f2adc8136a46aec4de016b9f9251ac2aa820a1a887b78c66802bf8dbbce8c4e138ba0a52892c9e934af2c76b95032a2f4cb5a621e453970f54b279035e140833e3250a9c4f16371cddfc01c404e6e86acc231c8d7dbed9b6aec0da3e0bb40672f4d41df2650d200fdda6bdc62b1d433efb4dcb37052689eec1fb99ceda3e1107ae9aeebc9958fd2f2e9059834087378427d3158a8ad04779e622b9fef71b94b2aac03d6d9b722a2427855a2176f00d971d6b1fe9b57c3637af6ecf8dd0bf1dc055e7331c7e3d9bf09a98723676b07787a075af7ee911ee2b0ebefb3408c8a617e81b0222f20f41aaa55767bd73b30b7d5238a41836e53a5c826d2cab59460404f02af43b1c64a887b44edcb395a149983a63ebbc1468ac3b39a00d01e59041ea549725768c6fea7a4884fab16b8599cd0b91b83df33b32280039ba0205a23e97cd38bf8be0ced3d7c2f44491e9b594e054e6c6e6e2b610830f98ef9a240fd56d1e218cbc1535b8889fd2b39fd94c82137a80ea1234a84dc6fac0f16b8b2de9dde9ec8270c2df90b1107eed2d346965943a1cb0856421e45fed7f48071041c552efc7333c5e7dec5b9cb59565718a7e230a842f206a4949a38fca5d9a8d847563dd644578f89e5ea68cd84edc6a04e527d1c07e6ae42f503f7c09f7fa5ed1b2d7a3a90b5feddd576dcc544d8a7e5154fcb82d14970643a03ec1ada083ade9a90d56b1a05e7becc2e434d487e0c94d10fb56b73a82fd0c34e3ea6e252bd82844e95933819254e12b001acf2ad8b630a7d2056c6f77334ed22321771e73312981d8910170cdd7f47881b58c4753bbfb0b34c78b4211e626146ff342bfd57740eb868e1cfa312c907bef857b3781ebd1397e8dc0ca1474a19b39b497ae70889d2dbbce85d3743fd33c97b9c22b866eb65d3593900e66c459efe5638a824c423d9c49ba44b8ff9b9b3ec15cef434deef9ab92760c55b1fb37339b1c77f3a01a77fd72f72877952e8a5827494c9188b8d1c270b0a99b4a9e818d1fa126a7291a7b0b94c2bf7c18c2e25e7fcfd68d38829655d9aab934963034563e90865245a61304febdf59bb0093167c8c41cce1773bb80c678759b55dab1247252036157a0e60d66e289d4b9bf98fdce7c5ca59bdb4fafe55e09b16aa3430d39bf150332a15c4890ed078e628775f8787b893592263ca6d3113619a7b21251faeee137a099bf00fb5fbcc75e758eaec9bdcff65576c0d826ea79d90e99d8cbb490937d1d122dbb8d15b33756835e1ce3bdaf4919f5226b384c87c2c7af71fb3dd073c43129ac4e2a6e521bee349730b2d9a71c6b01d61df130802a9bb6ab1f4d594b89675cc467cab303c86ae6b4c0d26dcf16cdec9c8b78f3e23bab3e7b5153e73bb71cb6a2afac5c33195d2a2f329d9e8f53dc92801046b07245e139a6414cff17dd9d7947e945a1ddf592131d90f3f325ebc3cf24360f83ed1606f952d4f69221b75c9be91e5d2abeed93f33958b04aa1e0cb5b850edf2760f4b8e810d879d87357036c8e26538e69689e47fbb1da8e0ca08284f55900bd029e95a527b3ba251b0ce27bd049fc85b194959375f785cf75c101eeaaba56b39a3fc46ba9729837e2fbce7ebba932596c0c2ef0c5d8e684ba6b334dbaffc0fa842a6aa555813d5bdc237a4376fbfc3abd549abc27f3b1c918c67f2c34e116b6b0630115490624f4997d93acec5dab0d2bb1572b319ba4c990cd74389542f48b7e173d0c81ed756a1b409f6b195859fdc7577a7e7b120a1513c225d313d7423d6a99ddb71914962821db95192fc9ca8b6972e07d78679e3b4265cb9725d95f52f68ff1ca46b8ac6ae7c6053bcd972e37fa824491527a1e4323aa6f2d5e59cf06c6088c148059fad6f1cbfb476719d09fa479b69a4790a74f65abd999c267d10cc2ff99d39e394160e151469589f416f659b2a8c60def78d6f433809dfb96c27220076f47b7e74a8930cd61e8fc109ddf8754ff5d6878eef5dc7dd61e2da0073b0ad6b071feff97fb87ec0d90954aedc888e7b1e09dcdfcc6906e49b6ea4a0c32546407ac0d22e29200b8603f2c3041d27d0fd990c312c3f4ebeef45385124825e73a4b30f7e62b3746aee0a1f42357a7c2d59b9b2865ab24b33536c1d752a4e1c08e07ec7ab8e37eda44ebd2213d46955859ce75e8cbee3e448ddc6c3720fa4bb604298c9cc6c1eac4aac18ffeef8d631a6175a58b18257c81b5b2a2c7458b1173a5c1bfe3a56159fa406011dc0bb6021f2332bb471ef8892acd5e7b58aeca43e485b35ddc938fbf2d032521820809af025513b663922d664ca4216bcc9877030d5facfb9a0482998e50cf69bc59c1805fb4faa89f6831ec6afc29e7f6db38fed3403d1035e251624de0ea6445812f71a4a91eab22d88da49c097003ea9608ef661e8cd99458f318d373ea1affe6cfbec7e9f77ca393f1585402a70afa83e3dc11417b83035c4aa6efb96caffdb76bb431152a1108dd6ae5a37afb9aa1b51ddcd22d7af11d65c188472d79acbdd48c61355a4b2fdf2b81fb4459711fb437f3f7f95a6e187c0cc087bbd739c9c9e22e25fd0d305a27408f52b839e357d1f37b0c7a576df793008241bd2120ccfa21435268ed243dd2edbb751b201474e91f48219bfddb4cd0dd471965bfe78e45233a33b6c4022bc57bcfd224f89b4afbe25a003ef41f596e10fc142d52e0ee02fad0728651f0fe75b947a544fd7e2dc38b608789ebc87b01993e23b765449001c77adc778adb84a0dd32b70e267aadcc168ef1713d7cbde563396ef5e39ff9f7008d61a20fe49ac80c2ee84c5311e6b0c259f0c63631af64ee1d2225b5eaa31b97636b30109fe4fcf1522723c6d79a5005f3768be2872910a0d9f2d2b10a91e48f7da5c3830e18bf1a2c51f791e463f7ca07e0c63d075852c2bd82b4a5989d4ff50a7007d3eb322b3f01ab76af2bbedb1108165f483d28415378d60098dbd87a299b3de116f3955c3e243677f3e3f71f9f0204e170da9ef5b66c95ba07f335b130b5a17b6a72c318be1b8ca6422b1eaf3f6ef038df509ef18765947de5889a3a88457561b399ab72948d7ec9e0f4a7348e0c43174811d3a4d71242e6a50f5b397a8d7fabbba7109afa2369f116e09d3fcc0b5e612ae8b818309c5fbb3347fdb5d6c6904684f4e04f12ca8513174e6b926f049ac14e0a7f9e4aa6bd391bbccd3f7242b9a4c0dfd01796da871f4e9de17e549537ac6d21d5c64e549f070e2b1d1b7f76981faa8da9029e4576fc43b4f427ec7ee4c4505ca270b233ffc5e1abe44ac789cecabdbaabec441a11845caf922133d11bb28256ee8f75e6f065e35f297646c63a2b8a594605ab391c50fc337d8d97066e6b5b0710fb1ec76c64f0a0a0ccac01375f2c9fbaca77b2b1ee2b26a76da527aefbe983eed0d946d763e00bf501dd646bfe683a78df80d91dcd603c5a8eb595c0cdceaa2dabf5d64a9feaacefc878e074313c85e4c15f4c2e63fa19f97b829c297d860878eee2138928d8a425c07900c1226455ae33e702c058567d42df10d6048466de62f14c27f7d8f306516662e18bebb24d7f38e5f0ebbab74980599ffacba56d3ce16a56b991ec64df9ea8f9300cc187f2c1b2f80562c681bbf833a971e7d69b67730d3b0d3b5a9b3cabf5b44e21f3a8ea25af9f9a7f53d6c85ca6a3b84f04fb6d1e99096640c76f00cb2a849e022c526653e0e19c0ab73d7db02e69bd511cb3b36ae7df9e0bcd5b8d180c0a3dc9f17973c62b286fbefd4853976ad38dc7756785f17c88f9675687c9769d77162e82e71bae2ed285bc878f9ee7070af3c4b43c907bcb5856dab6a938b7842af376d7c164076cd02b4e3e82e2cc8fca7dc2e40bdb7b9a2ef406355630cb2930231794ef4a20360a6eb9cc54f753642e6938a173024635987b80a6e0f0b7cb258537b81e1250f77fcaf1d7cd9b3be072a6f9d4fd86f1564b28d790ca1382fae61fa5874c7dd7db8ebfaaa7cc011e6ab3579137aa3f0af14e58c0960d7f70cef93ab86cca7cb785d8c12152a807cf1bfa4e0f6ffd288870565cd49a10a407cee95c5c0fe4cc84b47390868e64507f1fbfbb4a704d272da13480a418e25a9930a402dcfbaa5cb5092c569a4e8150b5048bef01194e1ce3795e2835a0a82c9d5ff3a157852f12713596997ec3061aeaa96e93c9b1d9d5aa2414c3ea9f", 0x1000, 0x80000001}], 0x1000000, &(0x7f00000082c0)={[{')/\'/%'}, {'wlan0\x00'}, {'\xff\xff'}, {'\xff\xff'}, {'[{@^/@+@<['}], [{@uid_eq={'uid', 0x3d, r20}}, {@smackfsfloor={'smackfsfloor', 0x3d, '{%\'--\xd3{-+#!'}}]}) syz_open_dev$I2C(&(0x7f0000008340), 0x4, 0x404280) syz_open_procfs(r19, &(0x7f0000008380)='net/ip6_mr_cache\x00') syz_open_pts(r21, 0x8001) syz_read_part_table(0x5, 0x9, &(0x7f0000008980)=[{&(0x7f00000083c0)="fbd29b15877e61061cc50ced7f39686138bf5103248d4da53257b73a1ee96cf2199abfa961d7bd146a6bb88d701b08edbf514b2e3183cce211d57c7645a9afe20275ecbe29aea48c76b0fb7627a8e43c7a9f57ef02a316edf9d38e0c6e74b59107cb1c8406dcb6de319b", 0x6a, 0x7f}, {&(0x7f0000008440)="e0d8f55b3848aed3ac9738d2e19f668be4c76e3b4e4823a0c69918ad4aec8d6eadcfe10327126d01287e672d54a544a9877e59f9a2f41aa242b237ba593c5a4840b8621ce0d28ce522dfe8788bb070d4bc9d74528a1f7603200c2365c63d42f1032992e10e4345cdea0d65365d82b6c78c81c71b0b2fb78197cd605ec2521806bdc08d6dd8f5291e5bb0ca92e20430d581235ddda756e6abd8c769783b84e57b0aa951303adcc7e921b069d94f1a4dee1f4744db5b28c97fbbaec5bf5618e0e94a41c0a99ce6ca91ebcaff5ae6106dc9dc310d7250a8b7c7ca55", 0xda, 0x3ff}, {&(0x7f0000008540)="afbb6b91aa7857f942bc8773d020896a44f1d9db9b9ec2b85598cd86397d6b5ae3192aefe0f2b6387b2d2314489bc7af2ab51990ff7526230a7ca42e6c22f5649acb12b4dd8fde819b", 0x49, 0x9}, {&(0x7f00000085c0)="d890818560f5372f7d41a504c54e863d7944d0621d50134b4c1454aa8c44c7f324d95d33fb4663f6745c1cad179d719e3e9f4f57517125890ed4c937bb41d0a764441e1d6c7482548c0a", 0x4a, 0x6}, {&(0x7f0000008640)="7e289aa898007d95eaf09882596aa237714dc1ac32392bd6fae8d872edc3c9b0cff5036148af29573c0dc954c27b6a6d47669253ab402a91f6e602ccd93fa817", 0x40, 0x6}, {&(0x7f0000008680)="c823584bb1759ecb98ee41e35227dd03d7ed5c9eefcf34a951e7c5eae5b37e8b93d6dd7cb66ebbff50cb81777e29b2c05b7b7cd976f4aed70f76499015b9872faa6f338c309a55296e4e85e27c510dbf253a7e6f43791f93913c8a9607451fd5050cf191ec95d199f1117c0e2a0437c2be1698939d277c3837d1640f91ce6aedc0850dc288cc2a3c1caadff44febefbbb2fda82e8a6539222b6d8830df927f36d814c2a892df0badec86c2f01deb89d2d3fa6137e48b23d3cf77b11f46ebdbb0a8314ee19778c212fc3498cbdc5ad0bbd7d24538d83bbc86830afe32e38c1bb1b7866abc940f611654d046f8236d6b15", 0xf0, 0x7}, {&(0x7f0000008780)="5d78b08d347d6010778713adad8e4da15ab34694562b0da52bb31a3b5e0971020ba48d185f3f03f16fe6dc1e321f122c1150a8ce71c3ad1df7c618bc59865fbfeb3a2c926b992f938b0f76c96af8be398933383fc8", 0x55, 0x8}, {&(0x7f0000008800)="1cd7715afec5551816cd475168a535a8474b748792e43af351605c6dfae1e6add7ce8bde80555ca3268782fe7a7f458968b42792c02a11acffae5486c0858e0c4640f4260d564699c0e606236ae8d5", 0x4f}, {&(0x7f0000008880)="45fd88a606b589b27d422ecb8744a678ff3aa07ffb6c25cc10a8871006d5fb6450fc12157d1a59f14e36132f1db63b56cc97b61bf0a61dcf2b7dd27da02ee160e03df97947838f0dd434825905ae9fb5a427976a49f779eab8cc3a409d25b9a296cef9a8ffb49d81bf23a716a7a7e1d8dce03def2b8a3b15a3b2beb873143a7df14ec492782ec86aceb4901fe3dcdce046ab2fb972d67434d4e1101b02c92d33a1bfe516d9592581f67895433766506707cb7f0e18b4476bde0f0091753cf3ec07386b3dab4b295502d49716801dd979aa24d805dfe801", 0xd7, 0x2}]) r22 = syz_usb_connect(0x6, 0x7e2, &(0x7f0000008a00)={{0x12, 0x1, 0x300, 0x88, 0xc7, 0xe6, 0xff, 0x15c2, 0x45, 0x135a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d0, 0x4, 0x0, 0x0, 0x60, 0x8, [{{0x9, 0x4, 0x45, 0x3, 0x1, 0x66, 0x44, 0x76, 0x3f, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1f, 0x5, 0x4}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x2, 0x81, 0x4, "c0e6a10a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x6, 0x8, "7d5ba3d07cc6"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x94, 0x1, 0x7, 0x1f, "cfcfa1bb20d9baa316"}]}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x9, "489f80", '&'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x5, 0x497, 0x8, '\''}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x1001}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x1, 0x0, "786e2f1a3105"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x66, 0x3, [@generic={0x5b, 0x8, "32da773ded87397d0af57fd6f2ad3b93e2ea74f1f65d645d6b7e4cae90c8f27ccae094b33c613bc0bda2437bdcbaa21c77915b1b95e7a2313d71c6cc586d414d6a1e79c80ee3673ff069eb4651b30668b0197ff7a7edc57594"}]}}]}}, {{0x9, 0x4, 0x58, 0x9, 0x5, 0xff, 0x5, 0x1b, 0xe0, [], [{{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x43, 0x40}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x87, 0x2, 0xfd, [@generic={0xa0, 0xc, "4d1fafd5d5bea917949e727ed5ee144cb32b01d9acbb7e3cfac4d1a15cd6bbae8ac66af677394d2217ef580b1565f58b85cfffd2cfcaf9f19df78400ba0354d7872072b42d77d55a5b960b82fb9e34ec8c33a96719c45947ab0947484854a94f25e65339a6f74b053c81e8e8057f6767ea2e80e923e02fa1a88db36d52e4c511e6ccf674046cb81c493c927d05a6c16645d0694f667d6ccf29fc273890c6"}, @generic={0x31, 0x9, "824467996faa842827e6d09bc48c4196099cb20d1afa7380d30e40f1bcfb7c503d7b00fc18d2e614c3e370dbc320a8"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x400, 0x1, 0x81, 0x6, [@generic={0x76, 0x7, "96f72de7936410ee82a44287a00196f630e009364ab94a00e94528691a409d335f13bf6e85b378bda85c558fc1a003ec5794a14217f794682edcdc9e35d00c0979fdb3e7a15e6a851c137bf7011ba61c8346598b02a3d4d1b8cd99f4fc14fae3219fbf56aa2ca54ccf116b3d560a80978c4276ec"}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x80, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x3ff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x9, 0x3f, 0x3f, [@generic={0x76, 0x11, "79b386387e37f36efa1d8c66a90449c68a0ad251afb9b1793cbe9e5b4dc3ce6600e86d1e3b3eac60fd3b8b1c19d7d0c3da61c6a667b39fae8aed44a8e70d77ca93e4c37a3fd8818f43edc523960cedb02d8822f0b23dc343182608c6097e995f562c84a5417e5b2fb71b392f926f3c4ed992ed89"}, @generic={0x65, 0x5, "8512f0cea97a9d8a0461e30ee9bf0789e041cd86c1df9496f1957af0e4543ecab07051f1f4818da2579d13a999569f75ad6af6e0d04da8bd26bc920445692d9e4ca7fdc3544c36f588e5c09beea1aff9f41ba977cbe79e7e4f4a8dec5640da4d2af61d"}]}}]}}, {{0x9, 0x4, 0x5, 0x3, 0x2, 0xc4, 0x4d, 0x76, 0x7, [@cdc_ncm={{0xb, 0x24, 0x6, 0x0, 0x1, "72450ceb1b79"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x1, 0x4}, {0x6, 0x24, 0x1a, 0x8, 0x8}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, @cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "fbb5"}, {0x5, 0x24, 0x0, 0x2040}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x80, 0x8951, 0x6}, [@network_terminal={0x7, 0x24, 0xa, 0xce, 0x3, 0x4, 0x60}, @acm={0x4}, @country_functional={0x10, 0x24, 0x7, 0x0, 0x81, [0x81, 0x1d9, 0x400, 0x1, 0xc00]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0x20, 0xc0, 0x5, 0x20, 0xd}, @mdlm_detail={0xe1, 0x24, 0x13, 0x9, "0efa60e3b3892ca3377fc7bf7e5cd90b70b5433c66f13129d42a59f2c914ec54979a53862f94df6395806bf1a9709d9a6650cecaeecff6adfc77ca5f296e11bed1fbeb6f27c50bf1af9c176bb2069d52b06473d5d8e9244a70017666faa3213b80b25fe4c68c4180ee45680c95768fd32d24da76b883e1be0ec2af43c9f30ceed1936cd5051e62b1c8a76af9a252290b11c3670439db645b5c32a5a5bb78d7e8183ea6736dfceb8fef3d04b76e5129c4913eee30a537743b3357f269f582dd8c46b2a93362f1a838886b175f4895d52a818f63d9d694beac9846e5b12f"}, @mdlm_detail={0x1a, 0x24, 0x13, 0x5, "083b1f01a69f5d722a6b0383fb09f57f442b56d458fa"}]}], [{{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x3, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x9, 0x20, 0x5, [@generic={0xb, 0x1, "ae684bd6a1bfbe705d"}]}}]}}, {{0x9, 0x4, 0xad, 0x3f, 0x6, 0xef, 0x2e, 0x8d, 0x8, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "2e1bb11c34"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x8979, 0x6}, [@mdlm_detail={0xeb, 0x24, 0x13, 0x0, "9fcc8c5c747309fcb4c96e5dad9b6e62d08b91a8beb3c2e4547e163e4658bb11ab34b3c84ec3e4a4e367d26c56001c6705689995a99d16a1b31bdc070f00531ec426b54bf89b2dee1fc3bd818f55dbbd6acc287cd43078eebc6d09f10dc4229f8035d4448f823fecf929d6861627c01e79277a40304a1ad3fbd012a4a8ed16369769c8c997c412be76759017653455b8042aca8b49eac0731001cbfa6fbd796aa7c27709fc623722e03d3c1ed1dac1ca8a8aa25ddafc654a0dbb760b927a2b23e2ad3043ac48566c7b995c237db591f39af81954569cd5d37ca4941c80cc1fa5556d19a548df2a"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1f, 0x3f, 0x62}, @dmm={0x7, 0x24, 0x14, 0x1f, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1010, 0x9}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x1b}]}, @cdc_ecm={{0xb, 0x24, 0x6, 0x0, 0x0, "df4704a2521e"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4856f0aa, 0x5, 0x1, 0xff}, [@obex={0x5, 0x24, 0x15, 0x1f}]}], [{{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x4, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x34, 0x5}]}}, {{0x9, 0x5, 0x0, 0x3, 0x400, 0x2, 0x1, 0xca}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x2, 0x7f, 0x7f}}, {{0x9, 0x5, 0x7, 0x0, 0x10, 0x5, 0x1f, 0x40, [@generic={0x2d, 0xe, "eccc2379371b46cab9d6fdb82798f47aa9b7177c2a5193231443b725c21b5e6a99930565eb3b96fe7a7569"}, @generic={0x6, 0x10, "7f2260b2"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x4, 0x3, 0xf7}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x3, 0x1, 0x9, [@generic={0xc8, 0xe, "17a493c051895f29835efb6d6d753ca5e6237f995724bf74708574902eacdff45cd80b61373d67efe1239f97b4fa600793d6b4a5022ba4a436b4e2e223579d974e784ecbfdd4912da5ccd284d2293782704f067513d83811ac711684d3aafe928ece0e903825997babc567b94d06daee1e4d55a8871d67e71cd1081430d89bc9ae64f50f94bb8af96ce384cd3b8420ef8be273ca02b9f0f91221239e64d620dc6e3e2707f6f4ce92e8627f044c14f179909ca1df8b4e499fed3f4118c9d6b2ae41a71198d798"}, @generic={0x7e, 0x22, "851bf8332f6f4795cdbf9bf1bbb8253ced75d61f695bb8c31f51b5ce19b2080e2e7ec215fec16a83d2571104f726a0de47f3e9282d0ef2204bbb1d9d9cac53b6d798084b0f594791e3f8341986d7eaadb911c55c0d71691fc77aa1047f440f5275a41f3b1f0f048a5c1dd5c417e67f3bd472b13feef7950c578f1b42"}]}}]}}]}}]}}, &(0x7f0000009700)={0xa, &(0x7f0000009200)={0xa, 0x6, 0x110, 0xd4, 0x81, 0x0, 0x10, 0x20}, 0x1c, &(0x7f0000009240)={0x5, 0xf, 0x1c, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x20, 0x2, 0x3, 0xf0f, 0x6, [0xc030, 0xff3f30]}, @ptm_cap={0x3}]}, 0x8, [{0x4, &(0x7f0000009280)=@lang_id={0x4, 0x3, 0x410}}, {0x102, &(0x7f00000092c0)=@string={0x102, 0x3, "bd9caf11f1c2321f7dbf3df57ec06aedf0842f843c77dd88db9f7408bba0d9405971eab7462f77d1ca84398011e52a42798f46eeb57b9e8b2c06c9828ae8a2a278aeaf1947cb3dbadbd3d8374bd3fd89a53a0d2e5d80261d7c80592c0396ee2c9ed83fcc6bf9bd9a2f61cd007c9eb5b92dd878d6aa6b5435ed38fb81d9bfc15815843bc46b321b848a201d7ee90a06ab03ddb66cea54f415153e6934992c24e711aea2fe334e981ba7f3f87d0bc5eb6b1d0917cd79b47194c6d2be18e7a54e75a5e2d036b2e8ba626c56c4489e4681a21ea29a2b6434a8605a6710ebd13f09fe322e60ef34a6e6f3330d07b4d1ff66d7ec23c58b3be734844b89de36ba291297"}}, {0x4, &(0x7f0000009400)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000009440)=@lang_id={0x4, 0x3, 0xf8ff}}, {0xc2, &(0x7f0000009480)=@string={0xc2, 0x3, "47951bf5758f6da49eaec8d8f18a6ca6e17e41a66016415efc7be346e3a8d0342803d31ac634c4e6bcfdca1db3c5b690c22f332df6936761deb40a2a9b817a3b5e21ceda6d71f72d61eed06a7a43451e72faa82018384c5a69f62f4c6cf2a7efbd2af59b84acc6a95edf8f167b5f203dff2f89dba191f513342be5a906ceb379613f596108de6f3a61b926c9f8634d3de6d5eb86712bdfc3ce502f90a69d8d07d9284402b393a76e1d9817b92bd4eff57a27ec91919bf0d09b447057d69ce382"}}, {0x83, &(0x7f0000009580)=@string={0x83, 0x3, "708149d29b3a8ef9c0ff2f072ff3b20dd4aa24a8ddbd77612cf82dbfdc3af821a1fbf75540c23e05de08fed779db651cb3a63bd09acfde2da34fc336047349f62c650320dd8fd8626cfdadf7e0f73f83a6bffa1f20e75cc44b80bbe9a40ea3c6e924b684fe6cb9e6a9331a149e844e500be3b4fe28d1332dcd643be5a73fccd446"}}, {0x4, &(0x7f0000009640)=@lang_id={0x4, 0x3, 0x184c}}, {0x4d, &(0x7f0000009680)=@string={0x4d, 0x3, "b66a576c91d56733c94ef73720fda014ebcf72b1cf26ac4c18da7571241256764ae2dff17540bdd8af83eee505792cbefbddb7b5cd4ca94662287a86249ec2b942139804f9c78209884a15"}}]}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000009780)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io(r22, &(0x7f00000099c0)={0x18, &(0x7f0000009800)={0x40, 0x1, 0x8d, {0x8d, 0x22, "e5741947a723e9e98edc76ea9b493da7d0be0f88903d48eef0d24c882970fc1216a4f390d6b17a78f9e882742ca24831936cb75b045899bbc7687bd55a058a9f4722452ce7e301270b0bf22666c37eaf1bd9d8b489ba1d32be39d06b20bd9657e09fda6c82d4566c9334e2fa45c5046ba8565e5779ab6d67cbf7f406d216c286ab066588207a318d65332f"}}, &(0x7f00000098c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000009900)={0x0, 0xf, 0x18, {0x5, 0xf, 0x18, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x6, 0xf0f, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x7, 0x100}]}}, &(0x7f0000009940)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x18, 0x7, 0x7f, "86f620e8", "168f2202"}}, &(0x7f0000009980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0x4, 0x0, 0x7, 0x1000, 0xfffe}}}, &(0x7f0000009f00)={0x44, &(0x7f0000009a00)={0x0, 0x8, 0xfd, "17d015c0c21b38ab6587078c775d196676390236842bc78115bd6a405811102445a37fe5c0cc85a16b5601f67496593492ce3ad552019208a904c88254525ef13e8c55d2fa5584b172728077d54a28bc6dd0bc05f7202910260763120f9d95883b701ca05483deae8e445bcf5672cfc4ba66a346e92fe07451ae4c8ff4aa9dfcf8b9563365805bf6830ed36c9f3eab11f613a0fde0423b8c3a5b1ae029729e3233431d83f022491564d392ceb7a38eddcf1596886181854d5a729e76d8e770d6ee74ba1333ecb7e4b883071b6d6c043e9e6f0160546f60d1d9ffd940744eef3ea5f0ddfda5a0a8d6b7740a7f13ce462ed08e2d3bc0a7b646daf56086e2"}, &(0x7f0000009b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000009b80)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000009bc0)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000009c00)={0x20, 0x0, 0x4, {0x100, 0x40}}, &(0x7f0000009c40)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000009c80)={0x40, 0x9, 0x1, 0x7f}, &(0x7f0000009cc0)={0x40, 0xb, 0x2, "08bd"}, &(0x7f0000009d00)={0x40, 0xf, 0x2, 0x7163}, &(0x7f0000009d40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000009d80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000009dc0)={0x40, 0x19, 0x2, "379e"}, &(0x7f0000009e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000009e40)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000009e80)={0x40, 0x1e, 0x1, 0x2c}, &(0x7f0000009ec0)={0x40, 0x21, 0x1, 0x5}}) syz_usb_disconnect(r22) syz_usb_ep_read(r22, 0xc1, 0x1000, &(0x7f0000009f80)=""/4096) r23 = syz_usb_connect$uac1(0x3, 0xe8, &(0x7f000000af80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd6, 0x3, 0x1, 0x7, 0x20, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0xb, 0x24, 0x6, 0x4, 0x3, 0x2, [0x3, 0x7], 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x3, 0x1, 0x0, "022c3b4efa4d"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x7f, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x0, 0x5, "64997e"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0xac, 0x8, "bc5e", "04fba9"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x5, 0x9, "6a9a8d", "4f88"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8c, 0x20, 0x7f, {0x7, 0x25, 0x1, 0x82, 0x2, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff, "03c1fe1d97"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x807, 0x4, 0xfd, "8cfb49df7bf5b7e5ee"}, @as_header={0x7, 0x24, 0x1, 0x3f, 0xfd, 0x1}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xc1, 0x4, 0x5, 0x67, "6967ba40"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x1f, 0x69, 0x6, {0x7, 0x25, 0x1, 0x80, 0x9, 0x3}}}}}}}]}}, &(0x7f000000b380)={0xa, &(0x7f000000b080)={0xa, 0x6, 0x300, 0x3, 0x2, 0x3, 0x40, 0x81}, 0x20f, &(0x7f000000b0c0)={0x5, 0xf, 0x20f, 0x6, [@generic={0xe2, 0x10, 0xa, "64932c9277e23a0fa96aabc7b931ea3707350c525745ccbe794d23baa99625c82f74bd3b6d5f88fbfd92545b6b63754c07c3ffb47355bf3dd6facff0ec5597fb768dc74acfcf395ac1009982925aa16fcfa41575bf14b56d557909df9efd27fd4b317d90d1606270134fd07d2fc0d1816e9771321d2db55c6539b04167db7b08c994159dd7552c488c1466247a5b70b0dc996b907eeee0b20fdd647140597b66f821556b567fe613c7ecbcbae50db5fa7c9c0b5dcf26eddffdcb09b9ab9f2b5bee80982ff365fb816e98184ee6815f6f621f4d34527d3caa4ce682cb06c748"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x1, 0x3f, 0xff, 0x1f}, @ptm_cap={0x3}, @generic={0x2f, 0x10, 0x3, "571226744f78fe775ab89dd776db3aaace9982e7b2594fd0854a31d7ec1d24aee6482aa3939798bd32d060f0"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x24, 0x8, 0xe1}, @generic={0xe1, 0x10, 0x1, "1c4311d6c4ec2de789b4f9f39e673702ea35d909991ce4af26cf0c07579c1a40573568f837569c645de2af698133526169e51a53f215167660357259d54d5ad77afb478b189e728667a8b7e38986bb19febe807085ec6d77dfb48172592d549d7dbbf802aaf95bbf2dcd20057a34eeffcaba3c404e46a6e90ad7e4387e1e28cc21718837e81d22615c4b42bce04c6bec4aa9a99d05cb4f168e115ee3956554e4e58b136f86736e79e91f9acd49ee6617b84a564392e81991bba6032054d7096f6c40002137782a1b111d6527968326f5e70a8a2399e833e7415c204a3a4b"}]}, 0x2, [{0x4, &(0x7f000000b300)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f000000b340)=@lang_id={0x4, 0x3, 0x436}}]}) syz_usb_ep_write(r23, 0x9, 0x13, &(0x7f000000b3c0)="08636e6c5e421f7f718c4784f389672c2911e5") syz_usbip_server_init(0x2) csource_test.go:119: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 239; #define WIFI_INITIAL_DEVICE_COUNT 2 #define WIFI_MAC_BASE { 0x08, 0x02, 0x11, 0x00, 0x00, 0x00 } #define WIFI_IBSS_BSSID { 0x50, 0x50, 0x50, 0x50, 0x50, 0x50 } #define WIFI_IBSS_SSID { 0x10, 0x10, 0x10, 0x10, 0x10, 0x10 } #define WIFI_DEFAULT_FREQUENCY 2412 #define WIFI_DEFAULT_SIGNAL 0 #define WIFI_DEFAULT_RX_RATE 1 #define HWSIM_CMD_REGISTER 1 #define HWSIM_CMD_FRAME 2 #define HWSIM_CMD_NEW_RADIO 4 #define HWSIM_ATTR_SUPPORT_P2P_DEVICE 14 #define HWSIM_ATTR_PERM_ADDR 22 #define IF_OPER_UP 6 struct join_ibss_props { int wiphy_freq; bool wiphy_freq_fixed; uint8_t* mac; uint8_t* ssid; int ssid_len; }; static int set_interface_state(const char* interface_name, int on) { struct ifreq ifr; int sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { return -1; } memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, interface_name); int ret = ioctl(sock, SIOCGIFFLAGS, &ifr); if (ret < 0) { close(sock); return -1; } if (on) ifr.ifr_flags |= IFF_UP; else ifr.ifr_flags &= ~IFF_UP; ret = ioctl(sock, SIOCSIFFLAGS, &ifr); close(sock); if (ret < 0) { return -1; } return 0; } static int nl80211_set_interface(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, uint32_t iftype) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_SET_INTERFACE; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_IFTYPE, &iftype, sizeof(iftype)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int nl80211_join_ibss(struct nlmsg* nlmsg, int sock, int nl80211_family, uint32_t ifindex, struct join_ibss_props* props) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL80211_CMD_JOIN_IBSS; netlink_init(nlmsg, nl80211_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, NL80211_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(nlmsg, NL80211_ATTR_SSID, props->ssid, props->ssid_len); netlink_attr(nlmsg, NL80211_ATTR_WIPHY_FREQ, &(props->wiphy_freq), sizeof(props->wiphy_freq)); if (props->mac) netlink_attr(nlmsg, NL80211_ATTR_MAC, props->mac, ETH_ALEN); if (props->wiphy_freq_fixed) netlink_attr(nlmsg, NL80211_ATTR_FREQ_FIXED, NULL, 0); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int get_ifla_operstate(struct nlmsg* nlmsg, int ifindex) { struct ifinfomsg info; memset(&info, 0, sizeof(info)); info.ifi_family = AF_UNSPEC; info.ifi_index = ifindex; int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock == -1) { return -1; } netlink_init(nlmsg, RTM_GETLINK, 0, &info, sizeof(info)); int n; int err = netlink_send_ext(nlmsg, sock, RTM_NEWLINK, &n, true); close(sock); if (err) { return -1; } struct rtattr* attr = IFLA_RTA(NLMSG_DATA(nlmsg->buf)); for (; RTA_OK(attr, n); attr = RTA_NEXT(attr, n)) { if (attr->rta_type == IFLA_OPERSTATE) return *((int32_t*)RTA_DATA(attr)); } return -1; } static int await_ifla_operstate(struct nlmsg* nlmsg, char* interface, int operstate) { int ifindex = if_nametoindex(interface); while (true) { usleep(1000); int ret = get_ifla_operstate(nlmsg, ifindex); if (ret < 0) return ret; if (ret == operstate) return 0; } return 0; } static int nl80211_setup_ibss_interface(struct nlmsg* nlmsg, int sock, int nl80211_family_id, char* interface, struct join_ibss_props* ibss_props) { int ifindex = if_nametoindex(interface); if (ifindex == 0) { return -1; } int ret = nl80211_set_interface(nlmsg, sock, nl80211_family_id, ifindex, NL80211_IFTYPE_ADHOC); if (ret < 0) { return -1; } ret = set_interface_state(interface, 1); if (ret < 0) { return -1; } ret = nl80211_join_ibss(nlmsg, sock, nl80211_family_id, ifindex, ibss_props); if (ret < 0) { return -1; } return 0; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_uring_cqe { uint64_t user_data; uint32_t res; uint32_t flags; }; static long syz_io_uring_complete(volatile long a0) { char* ring_ptr = (char*)a0; uint32_t cq_ring_mask = *(uint32_t*)(ring_ptr + CQ_RING_MASK_OFFSET); uint32_t* cq_head_ptr = (uint32_t*)(ring_ptr + CQ_HEAD_OFFSET); uint32_t cq_head = *cq_head_ptr & cq_ring_mask; uint32_t cq_head_next = *cq_head_ptr + 1; char* cqe_src = ring_ptr + CQ_CQES_OFFSET + cq_head * SIZEOF_IO_URING_CQE; struct io_uring_cqe cqe; memcpy(&cqe, cqe_src, sizeof(cqe)); __atomic_store_n(cq_head_ptr, cq_head_next, __ATOMIC_RELEASE); return (cqe.user_data == 0x12345 || cqe.user_data == 0x23456) ? (long)cqe.res : (long)-1; } struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL #define sys_io_uring_setup 425 static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(sys_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* ring_ptr = (char*)a0; char* sqes_ptr = (char*)a1; char* sqe = (char*)a2; uint32_t sqes_index = (uint32_t)a3; uint32_t sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); uint32_t cq_ring_entries = *(uint32_t*)(ring_ptr + CQ_RING_ENTRIES_OFFSET); uint32_t sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63; if (sq_ring_entries) sqes_index %= sq_ring_entries; char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE; memcpy(sqe_dest, sqe, SIZEOF_IO_URING_SQE); uint32_t sq_ring_mask = *(uint32_t*)(ring_ptr + SQ_RING_MASK_OFFSET); uint32_t* sq_tail_ptr = (uint32_t*)(ring_ptr + SQ_TAIL_OFFSET); uint32_t sq_tail = *sq_tail_ptr & sq_ring_mask; uint32_t sq_tail_next = *sq_tail_ptr + 1; uint32_t* sq_array = (uint32_t*)(ring_ptr + sq_array_off); *(sq_array + sq_tail) = sqes_index; __atomic_store_n(sq_tail_ptr, sq_tail_next, __ATOMIC_RELEASE); return 0; } #define VHCI_HC_PORTS 8 #define VHCI_PORTS (VHCI_HC_PORTS * 2) static long syz_usbip_server_init(volatile long a0) { static int port_alloc[2]; int speed = (int)a0; bool usb3 = (speed == USB_SPEED_SUPER); int socket_pair[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair)) exit(1); int client_fd = socket_pair[0]; int server_fd = socket_pair[1]; int available_port_num = __atomic_fetch_add(&port_alloc[usb3], 1, __ATOMIC_RELAXED); if (available_port_num > VHCI_HC_PORTS) { return -1; } int port_num = procid * VHCI_PORTS + usb3 * VHCI_HC_PORTS + available_port_num; char buffer[100]; sprintf(buffer, "%d %d %s %d", port_num, client_fd, "0", speed); write_file("/sys/devices/platform/vhci_hcd.0/attach", buffer); return server_fd; } #define BTF_MAGIC 0xeB9F struct btf_header { __u16 magic; __u8 version; __u8 flags; __u32 hdr_len; __u32 type_off; __u32 type_len; __u32 str_off; __u32 str_len; }; #define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) #define BTF_INFO_VLEN(info) ((info)&0xffff) #define BTF_KIND_INT 1 #define BTF_KIND_ARRAY 3 #define BTF_KIND_STRUCT 4 #define BTF_KIND_UNION 5 #define BTF_KIND_ENUM 6 #define BTF_KIND_FUNC_PROTO 13 #define BTF_KIND_VAR 14 #define BTF_KIND_DATASEC 15 struct btf_type { __u32 name_off; __u32 info; union { __u32 size; __u32 type; }; }; struct btf_enum { __u32 name_off; __s32 val; }; struct btf_array { __u32 type; __u32 index_type; __u32 nelems; }; struct btf_member { __u32 name_off; __u32 type; __u32 offset; }; struct btf_param { __u32 name_off; __u32 type; }; struct btf_var { __u32 linkage; }; struct btf_var_secinfo { __u32 type; __u32 offset; __u32 size; }; #define VMLINUX_MAX_SUPPORT_SIZE (10 * 1024 * 1024) static char* read_btf_vmlinux() { static bool is_read = false; static char buf[VMLINUX_MAX_SUPPORT_SIZE]; if (is_read) return buf; int fd = open("/sys/kernel/btf/vmlinux", O_RDONLY); if (fd < 0) return NULL; unsigned long bytes_read = 0; for (;;) { ssize_t ret = read(fd, buf + bytes_read, VMLINUX_MAX_SUPPORT_SIZE - bytes_read); if (ret < 0 || bytes_read + ret == VMLINUX_MAX_SUPPORT_SIZE) return NULL; if (ret == 0) break; bytes_read += ret; } is_read = true; return buf; } static long syz_btf_id_by_name(volatile long a0) { char* target = (char*)a0; char* vmlinux = read_btf_vmlinux(); if (vmlinux == NULL) return -1; struct btf_header* btf_header = (struct btf_header*)vmlinux; if (btf_header->magic != BTF_MAGIC) return -1; char* btf_type_sec = vmlinux + btf_header->hdr_len + btf_header->type_off; char* btf_str_sec = vmlinux + btf_header->hdr_len + btf_header->str_off; unsigned int bytes_parsed = 0; long idx = 1; while (bytes_parsed < btf_header->type_len) { struct btf_type* btf_type = (struct btf_type*)(btf_type_sec + bytes_parsed); uint32_t kind = BTF_INFO_KIND(btf_type->info); uint32_t vlen = BTF_INFO_VLEN(btf_type->info); char* name = btf_str_sec + btf_type->name_off; if (strcmp(name, target) == 0) return idx; size_t skip; switch (kind) { case BTF_KIND_INT: skip = sizeof(uint32_t); break; case BTF_KIND_ENUM: skip = sizeof(struct btf_enum) * vlen; break; case BTF_KIND_ARRAY: skip = sizeof(struct btf_array); break; case BTF_KIND_STRUCT: case BTF_KIND_UNION: skip = sizeof(struct btf_member) * vlen; break; case BTF_KIND_FUNC_PROTO: skip = sizeof(struct btf_param) * vlen; break; case BTF_KIND_VAR: skip = sizeof(struct btf_var); break; case BTF_KIND_DATASEC: skip = sizeof(struct btf_var_secinfo) * vlen; break; default: skip = 0; } bytes_parsed += sizeof(struct btf_type) + skip; idx++; } return -1; } static long syz_memcpy_off(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4) { char* dest = (char*)a0; uint32_t dest_off = (uint32_t)a1; char* src = (char*)a2; uint32_t src_off = (uint32_t)a3; size_t n = (size_t)a4; return (long)memcpy(dest + dest_off, src + src_off, n); } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = { 8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0 }; static const char default_lang_id[] = { 4, USB_DT_STRING, 0x09, 0x04 }; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define ATH9K_FIRMWARE_DOWNLOAD 0x30 #define ATH9K_FIRMWARE_DOWNLOAD_COMP 0x31 static bool lookup_connect_response_out_ath9k(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: return true; default: break; } break; case USB_TYPE_VENDOR: switch (ctrl->bRequest) { case ATH9K_FIRMWARE_DOWNLOAD: return true; case ATH9K_FIRMWARE_DOWNLOAD_COMP: *done = true; return true; default: break; } break; } return false; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_response(const struct vusb_descriptors* descs, const struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = 0; int resps_num = 0; if (descs) descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); if (resps) resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs && descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps && resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io); } static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP_READ, io); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } static int lookup_interface(int fd, uint8_t bInterfaceNumber, uint8_t bAlternateSetting) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; for (int i = 0; i < index->ifaces_num; i++) { if (index->ifaces[i].bInterfaceNumber == bInterfaceNumber && index->ifaces[i].bAlternateSetting == bAlternateSetting) return i; } return -1; } static int lookup_endpoint(int fd, uint8_t bEndpointAddress) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; if (index->iface_cur < 0) return -1; for (int ep = 0; index->ifaces[index->iface_cur].eps_num; ep++) if (index->ifaces[index->iface_cur].eps[ep].desc.bEndpointAddress == bEndpointAddress) return index->ifaces[index->iface_cur].eps[ep].handle; return -1; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable(fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_connect_ath9k(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_ath9k); } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; const struct vusb_descriptors* descs = (const struct vusb_descriptors*)a1; const struct vusb_responses* resps = (const struct vusb_responses*)a2; struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = USB_MAX_PACKET_SIZE; int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) { return -1; } char* response_data = NULL; uint32_t response_length = 0; if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { if (!lookup_control_response(descs, resps, &event.ctrl, &response_data, &response_length)) { usb_raw_ep0_stall(fd); return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD || event.ctrl.bRequest == USB_REQ_SET_INTERFACE) { int iface_num = event.ctrl.wIndex; int alt_set = event.ctrl.wValue; int iface_index = lookup_interface(fd, iface_num, alt_set); if (iface_index < 0) { } else { set_interface(fd, iface_index); } } response_length = event.ctrl.wLength; } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; if ((event.ctrl.bRequestType & USB_DIR_IN) && !event.ctrl.wLength) { response_length = USB_MAX_PACKET_SIZE; } response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; memcpy(&io_data.data[0], data, len); int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } sleep_ms(200); return 0; } static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint8_t ep = a1; uint32_t len = a2; char* data = (char*)a3; int ep_handle = lookup_endpoint(fd, ep); if (ep_handle < 0) { return -1; } struct usb_raw_ep_io_data io_data; io_data.inner.ep = ep_handle; io_data.inner.flags = 0; if (len > sizeof(io_data.data)) len = sizeof(io_data.data); io_data.inner.length = len; int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data); if (rv < 0) { return rv; } memcpy(&data[0], &io_data.data[0], io_data.inner.length); sleep_ms(200); return 0; } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { return syscall(__NR_socket, domain, type, proto); } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { bool dofail = false; int fd = sock_arg; if (fd < 0) { dofail = true; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, dofail); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 356 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int err = 0, res = -1, loopfd = -1, memfd = -1; char loopname[64]; snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (unsigned long i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { char linkname[64]; snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { return 0; } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } #define HWSIM_ATTR_RX_RATE 5 #define HWSIM_ATTR_SIGNAL 6 #define HWSIM_ATTR_ADDR_RECEIVER 1 #define HWSIM_ATTR_FRAME 3 #define WIFI_MAX_INJECT_LEN 2048 static int hwsim_register_socket(struct nlmsg* nlmsg, int sock, int hwsim_family) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_REGISTER; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static int hwsim_inject_frame(struct nlmsg* nlmsg, int sock, int hwsim_family, uint8_t* mac_addr, uint8_t* data, int len) { struct genlmsghdr genlhdr; uint32_t rx_rate = WIFI_DEFAULT_RX_RATE; uint32_t signal = WIFI_DEFAULT_SIGNAL; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = HWSIM_CMD_FRAME; netlink_init(nlmsg, hwsim_family, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, HWSIM_ATTR_RX_RATE, &rx_rate, sizeof(rx_rate)); netlink_attr(nlmsg, HWSIM_ATTR_SIGNAL, &signal, sizeof(signal)); netlink_attr(nlmsg, HWSIM_ATTR_ADDR_RECEIVER, mac_addr, ETH_ALEN); netlink_attr(nlmsg, HWSIM_ATTR_FRAME, data, len); int err = netlink_send(nlmsg, sock); if (err < 0) { } return err; } static long syz_80211_inject_frame(volatile long a0, volatile long a1, volatile long a2) { uint8_t* mac_addr = (uint8_t*)a0; uint8_t* buf = (uint8_t*)a1; int buf_len = (int)a2; struct nlmsg tmp_msg; if (buf_len < 0 || buf_len > WIFI_MAX_INJECT_LEN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int hwsim_family_id = netlink_query_family_id(&tmp_msg, sock, "MAC80211_HWSIM", true); int ret = hwsim_register_socket(&tmp_msg, sock, hwsim_family_id); if (ret < 0) { close(sock); return -1; } ret = hwsim_inject_frame(&tmp_msg, sock, hwsim_family_id, mac_addr, buf, buf_len); close(sock); if (ret < 0) { return -1; } return 0; } #define WIFI_MAX_SSID_LEN 32 #define WIFI_JOIN_IBSS_NO_SCAN 0 #define WIFI_JOIN_IBSS_BG_SCAN 1 #define WIFI_JOIN_IBSS_BG_NO_SCAN 2 static long syz_80211_join_ibss(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { char* interface = (char*)a0; uint8_t* ssid = (uint8_t*)a1; int ssid_len = (int)a2; int mode = (int)a3; struct nlmsg tmp_msg; uint8_t bssid[ETH_ALEN] = WIFI_IBSS_BSSID; if (ssid_len < 0 || ssid_len > WIFI_MAX_SSID_LEN) { return -1; } if (mode < 0 || mode > WIFI_JOIN_IBSS_BG_NO_SCAN) { return -1; } int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock < 0) { return -1; } int nl80211_family_id = netlink_query_family_id(&tmp_msg, sock, "nl80211", true); struct join_ibss_props ibss_props = { .wiphy_freq = WIFI_DEFAULT_FREQUENCY, .wiphy_freq_fixed = (mode == WIFI_JOIN_IBSS_NO_SCAN || mode == WIFI_JOIN_IBSS_BG_NO_SCAN), .mac = bssid, .ssid = ssid, .ssid_len = ssid_len}; int ret = nl80211_setup_ibss_interface(&tmp_msg, sock, nl80211_family_id, interface, &ibss_props); close(sock); if (ret < 0) { return -1; } if (mode == WIFI_JOIN_IBSS_NO_SCAN) { ret = await_ifla_operstate(&tmp_msg, interface, IF_OPER_UP); if (ret < 0) { return -1; } } return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 51; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 4 ? 50 : 0) + (call == 12 ? 500 : 0) + (call == 38 ? 50 : 0) + (call == 43 ? 3000 : 0) + (call == 44 ? 3000 : 0) + (call == 45 ? 300 : 0) + (call == 46 ? 300 : 0) + (call == 47 ? 300 : 0) + (call == 48 ? 3000 : 0) + (call == 49 ? 300 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } #ifndef __NR_clock_gettime #define __NR_clock_gettime 265 #endif #ifndef __NR_getgid #define __NR_getgid 47 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_openat #define __NR_openat 295 #endif #ifndef __NR_read #define __NR_read 3 #endif #ifndef __NR_recvmmsg #define __NR_recvmmsg 337 #endif #ifndef __NR_sendfile64 #define __NR_sendfile64 239 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_stat #define __NR_stat 106 #endif #ifndef __NR_statx #define __NR_statx 383 #endif #ifndef __NR_write #define __NR_write 4 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[24] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0x18; *(uint32_t*)0x20000004 = 0; *(uint64_t*)0x20000008 = 0; *(uint32_t*)0x20000010 = 3; *(uint32_t*)0x20000014 = 0; inject_fault(1); syscall(__NR_write, -1, 0x20000000, 0x18); break; case 1: memcpy((void*)0x20000040, "/dev/tty\000", 9); res = syscall(__NR_openat, 0xffffff9c, 0x20000040, 0x10400, 0); if (res != -1) r[0] = res; break; case 2: syscall(__NR_mmap, 0x20ffb000, 0x4000, 0x200000f, 0x10, (intptr_t)r[0], 0xada52000); break; case 3: memcpy((void*)0x20000080, "syz0\000", 5); syscall(__NR_ioctl, -1, 0x4004556c, 0x20000080); break; case 4: memcpy((void*)0x200025c0, "ufs\000", 4); memcpy((void*)0x20002600, "./file0\000", 8); *(uint32_t*)0x20003700 = 0x20002640; memcpy((void*)0x20002640, "\x38\x6f\x6d\x1b\xe2\x7f\x8c\xa9\x18\x2d\x1a\xe6\x35\xbb\xa8\xc9\xce\x03\x79\xce\x60\xd9\xd2\x4e\x0f\xe6\x9a\x46\xdd\x2b\x77\x02\x6c\xe1\xe6\xbb\xc0\x5a\x24\x6a\xe2\x69\x05\x25\x31\x91\xf7\xe3\x4e\xf3\x86\x0f\x1c\x2c\xc9\xa6\xd5\x22\xf5\x03\xd7\x8e\x34\x0c\xb5\x4f\x1d\x6b", 68); *(uint32_t*)0x20003704 = 0x44; *(uint32_t*)0x20003708 = 1; *(uint32_t*)0x2000370c = 0x200026c0; memcpy((void*)0x200026c0, "\x57\x39\xec\x80\x61\x6d\x1b\xac\x90\x97\x97\xc5\x72\x3d\x28\x7d\x94\xf0\x10\xe0\xf7\x0a\x34\x2a\x21\xfb\x38\xb3\x69\x86\x02\x5d\xca\x05\x4a\x96\xbb\xe7\x40\x27\x97\x4c\x45\x28\x93\xa9\xf5\xd5\x13\xef\xc4\x70\x65\x2b\xf4\xe8\x37\xd8\xd5\xee\xac\xed\x26\x69\xd7\x3c\xea\x3d\x39\x31\x39\x9d\xa0\x4d\xfb\x48\x59\xd0\x3c\x47\xdd\x53\x5b\xaa\x98\x0a\xe8\xb7\xa5\xc3\x12\xfd\x71\xac\xc5\x21\xbd\xdc\x2c\x63\x70\x26\xd7\xfa\xdb\x42\xc0\x20\xc5\x3d\x4e\x2f\xee\xb2\x30\x77\xed\x86\x7d\x5b\x36\x56\x7b\x8d\x06\xe0\xf4\xd2\xd9\xc6\x16\xd6\x73\x91\xf8\x79\xe8\x12\xd7\xa1\x79\x75\xf3\xe0\xe5\x69\xf5\x57\xb6\x5b\xba\xde\x94\x18\x68\xba\xe4\xbe\x8d\x2d\xfa\x45\xa3\x85\x87\x7e\xce\x8d\x94\xd7\x55\xdb\xf8\x2b\x4f\xd8\x89\x9b\xa1\xb8\xec\xe4\x3b\x36\xb3\x69\xa8\xdf\x56\x99\x3b\x16\xee\xc2\x0a\xed\x1c\x59\x6f\x66\x9d\xf8\x97\xdd\xfa\x0d\xf4\xab\x26\xd7\x47\x59\x82\x96\xdd\x3b\xcd\x5c\xad\x67\xa8\xb1\x9e\xba\x5f\x34\x3f\xbf\xa6\x30\x1a\x15\x02\x60\x0e\xda\x02\xab\x15\x7a\xb1\xb1\x64\xe3\xde\x57\x33\xe4\xbf\xd9\x67\x7b\x49\xb2\x9b\xb5\x6e\x99\x36\x7d\x01\x04\x4b\x3a\xcc\xf0\xf9\x3a\xf7\x55\x27\x83\x7a\x9b\x49\x4b\x4e\xac\xe1\xf4\x9c\x87\x9e\x71\xe9\x62\xa5\x93\x74\x95\x55\xb5\x0a\x55\xca\x11\x44\xeb\x54\x80\x70\x47\xde\xfd\xe8\xdd\x09\x7e\xbc\xba\xa2\x30\x45\x1a\xc7\xa7\x76\x3e\xf2\x13\x4b\x45\x3e\xf7\xce\x92\xd6\xad\xce\x44\x9a\xa1\x82\xef\xb2\xed\x4a\x87\x07\xf1\xe1\x84\x6d\x82\x50\x5d\xa0\x6c\x2d\x6b\x4a\x58\x2d\xdf\xb2\xbd\xb7\xa1\x9b\xbc\xe8\xe0\xa0\xf7\xb2\xf4\x96\x62\x2b\xee\x04\x37\x29\xf3\x84\x31\x88\xeb\x14\xe5\x6e\x8f\x48\xd7\xd4\xb1\x51\xa7\xde\xef\x2a\x1a\x94\x58\x83\x42\x53\x77\x08\x82\xcc\x41\xf6\xfb\x78\x4a\x9f\x73\xa4\xf8\x1e\xf9\x93\xda\xe6\x1a\x80\x5b\xa6\xf9\x30\x78\x20\x81\x33\x10\xdc\x38\x70\x83\x5a\xd4\xbe\x7e\x3c\x8a\x13\xf9\xf0\x1e\x9e\xa9\xb1\xb9\xdf\xb1\xe3\x47\xe3\xea\x1b\x5b\x09\x0e\x1a\x38\x61\x77\x07\xbb\x5a\xa0\xce\x82\x19\x3f\x69\x70\xa0\xb8\x85\x18\x3f\xce\x8b\x7d\x30\xbf\xc1\x82\x58\xdd\x40\xf5\x08\xb9\x5b\x55\xca\x27\xd8\xec\x76\x01\x03\x10\xc6\x77\xc0\x4c\x0b\x01\xfd\x69\xde\x39\x6a\xe9\x5a\x7c\x3c\xa5\x0f\x4e\x7f\xc3\xda\x74\x9d\x82\xa5\xd9\xf5\x7a\xb6\xed\x7a\x0d\x12\x76\x29\x7a\xb5\x71\x72\x67\x1d\x4c\x7c\xa3\x52\x24\x70\x0d\xb9\x36\x44\x13\x1a\x51\x26\xaf\x54\x75\x5a\xec\x80\xcf\xfd\xeb\x70\x9f\x0c\x58\x21\xec\x3b\x86\xd2\x9f\x10\xbe\x62\xd9\x4c\x03\x2f\x79\xd4\xed\xcc\xaf\x40\xb2\x4d\x72\xe4\x6d\x7c\x99\x33\xf6\xea\xda\x79\x4a\xad\x1e\xaf\x41\xae\xc1\x35\xa4\xf6\xf7\xf6\x09\x27\x36\x08\x68\x5f\xfc\x30\xfe\x1a\xe8\x22\x13\xa9\x56\xe8\xdf\x49\x3e\xc0\xaa\xc8\xec\xcb\xbd\xb8\x20\x93\x09\x7d\xb4\x51\x61\x67\x76\x85\xbf\x1e\x69\x1a\x1c\x7d\xce\x13\xa8\x8e\x63\x64\x5b\xc7\x99\x22\xb6\xd3\xd3\xd7\x61\xf3\x6a\x46\x30\x2f\x79\xe0\xe0\xbe\xb6\x7e\x2f\x2c\xb2\xe8\x3f\xc1\xa0\x41\x77\xc9\xd0\x22\xc4\x6e\xdc\x05\x3f\x03\x18\x2f\xc6\x45\x45\x0e\x4d\xe5\x36\xa4\x18\xb0\xea\xe2\xac\xb0\xea\xf4\xcb\x61\x5e\xca\x77\xf7\x2e\xe1\xd1\xf9\x14\x62\x08\xe1\x86\x69\x50\x8e\xdd\x05\x0e\x9b\x4e\x72\xa8\x48\x30\x16\xdc\x01\x98\x32\x6d\x2a\x16\x70\x04\xf3\x23\xa0\xa6\xeb\x4d\x34\xf6\x51\xc3\x97\xf0\x6d\x32\xe1\xbd\xab\x04\x2e\xfe\x56\x6a\xfc\x48\xcb\xd9\x8f\x91\x41\x34\x15\x63\x14\xa9\x54\xc6\x41\xb1\x06\x6b\xa7\x15\xab\x50\xeb\x4d\xb8\x4b\x13\xf2\x04\x69\xd0\x1d\x63\x46\xd4\x25\xd7\x0f\x60\xb4\x29\x76\xb0\x46\xcf\x96\xe4\x01\x8f\xc6\xaa\xf7\x8d\xf3\x0c\x02\xdd\x02\x9e\x1e\x89\x5c\x20\xb0\x5f\xb3\x88\x3c\x01\x3d\xe7\xe1\x7a\x13\x69\x78\x54\xfe\xb5\x93\x5c\xb3\x44\xff\x94\xff\x8b\xb4\xed\x2d\x1f\x17\x4e\xa1\x90\x20\x57\x7b\x4f\xf9\x59\x7c\x31\xa8\xfb\x2c\xfa\x1d\x7b\x71\xa5\x70\x82\x56\x15\x40\xf1\xcd\x86\xb8\x59\x0b\x75\x4f\xe9\x5d\x74\x9e\xf3\xca\xff\x93\xfd\x10\xa9\x0c\xa0\x03\x51\x5b\xb2\x3a\x3e\x71\xf4\x41\x79\xc0\x99\x60\x37\x45\x75\x89\xe6\x81\x77\xb0\xa1\x06\x91\xf1\x49\xa9\x81\xa6\xa6\x8d\x0b\xc8\x20\xe1\x66\x2a\x67\xc6\xa8\x5f\xb3\x9a\x35\x39\x9c\x62\x0c\x6e\xe3\x14\x28\x4f\xa4\x20\x99\xbd\xe0\x9f\xd5\x17\xa6\xe5\x3c\xc0\x41\x7c\x98\xd0\x06\xb4\x21\x0b\xa0\x35\x1b\x7d\xb6\x75\x43\x38\x06\x3f\x05\xb6\x82\x4b\xbb\x41\xf7\x0b\xa1\xfe\xa9\x12\x1f\x58\x85\xa4\xd0\x3e\xe9\x3f\x2b\x8f\x27\xa0\x0c\xd6\x66\x49\x10\x03\xde\xda\x3e\x21\x02\x92\x47\x64\x6f\x71\x44\xcb\x00\x4a\x6b\x52\x40\x06\xd8\xec\x7c\x93\xf4\x10\x42\xbb\xf8\x2d\x3b\xf2\xee\xf4\x15\xf8\xf0\x38\xb0\x5c\x0c\x10\x7a\xc2\x4d\x0c\xc8\xf3\x08\x13\xeb\xe2\x75\x1d\xa8\x39\x8e\x04\xff\x59\x3d\x17\xdd\xeb\x32\x59\x36\x71\xc8\x27\x74\x24\xf7\x98\x80\x05\x4c\x58\x1a\xe4\xef\x53\x03\xa1\x2f\x50\xd4\xe1\xfd\x6b\xb5\x85\xa5\xe0\x77\x51\xcb\xd5\x8f\xa6\x1d\x63\x4c\x35\x56\x37\x27\xe1\x82\x39\xd9\x81\x2f\xa4\x1b\x9a\x25\x61\x18\xba\x9b\x0d\xec\xc2\x60\x76\xc8\xae\x4b\x4e\x51\x6a\x2b\x35\xa7\xe9\x83\x9c\xa8\x3b\xef\x46\x43\xe0\xa5\xd9\xdb\x72\x3b\x5a\xfd\x80\xf7\x15\xb6\x3b\x19\xd0\xaf\xb9\xcb\x03\xdd\x9e\x5f\xe1\xb3\x13\x5e\xc1\xf0\xb9\x73\xe7\xd2\x1b\xb2\xf2\x22\x1a\x78\x62\x8a\x1b\x51\x3e\x0f\xf9\xea\x30\x67\xdb\x31\x01\xc0\x17\xeb\x8e\x60\x6f\x2f\x07\x5b\xe4\x98\x4f\x21\xbf\x75\xb6\xc4\xcb\xf3\x71\x8e\x64\xca\x62\xa9\xab\x5d\x8e\x38\x3a\xef\xba\x74\x93\xdd\xff\x47\x8b\x74\x40\x74\xbb\x51\x99\x4b\xc9\x1d\xd2\x9c\x6b\x9b\xcd\x50\xa5\x02\x8e\x14\xcf\x6d\x94\x68\xef\x42\x4e\xd1\x65\x84\x8f\xf5\x67\x6e\x57\x41\x10\xe0\xcd\x76\xa7\xc1\xda\xd3\x01\x9f\xac\xfd\x08\xd1\x4b\x7d\x9e\x37\x8a\x11\x0e\x98\x50\x88\xe5\x1e\x89\xd7\x5e\x3f\xa5\xfb\x36\x87\x59\x8c\x05\x69\xe5\x22\xf6\xc9\xea\x4d\x12\x65\xed\x97\xe3\x13\xdc\xe9\xcd\x01\xa4\x61\x5e\x8b\xbe\x4d\xbe\x16\x8f\x9d\x32\xc6\x68\x2e\x4e\xef\x26\x7d\xd7\x18\xb4\x75\xa8\x1b\x48\x5b\x17\xf6\xba\x8a\xfb\xa1\x9a\x58\x32\x9f\x86\xba\xd1\x2a\xc8\x44\x44\x17\xe6\x14\x8c\xb4\xe0\x7e\xe4\x6c\x5f\x15\x53\xa0\xfe\x4c\xd3\x32\x6d\x86\x92\xcc\x43\x96\x1f\x03\xf5\x7f\x7c\x01\x6f\x33\xc3\xd1\xc0\x2b\xf1\x25\xfc\x94\x21\x01\x10\x36\x36\xb0\x2d\x93\x35\x2e\xfb\x49\x20\xe2\x43\xf8\x65\xcf\x5c\x0b\x5d\x34\x7f\x51\xb8\x79\x00\xb1\x2a\xcc\x34\x7b\x31\x9c\x14\x75\x10\xc6\xa3\xc1\x84\xb9\xfe\x9b\xbf\x49\xd2\x0a\x71\xbc\x08\x82\xe2\x96\xa0\x37\x69\x75\x1c\xd8\x63\x08\x2c\x1f\x3b\x88\x90\xfe\xe3\xc6\x44\x47\x4d\xb2\x1e\x07\x7a\xcb\xeb\x05\xae\x29\x67\x10\x82\x2f\xca\xf5\xa7\xbc\x06\x9b\xd9\x3d\x41\x16\x27\xcd\x1b\x71\x3c\xcc\xed\x01\x0d\x1b\x88\xdf\xc1\x53\x04\x54\x14\x1b\x3d\xd3\xe1\x96\x4c\x38\x95\x76\x13\x21\x73\xb8\x63\x30\x38\x8f\xec\x55\x9d\xc7\x22\xf1\x77\x49\x7c\x30\x83\x15\xa4\xee\xfb\x50\x43\xcc\x97\xc5\xb1\xea\x53\xb6\xde\x6f\x4e\xce\xd9\xcc\x20\xb5\x24\x3e\xf9\x6a\xe0\xda\x16\xb4\x3e\xcf\xd0\x3e\x70\x25\x28\xad\x4c\x36\x09\x54\x5d\xf9\x39\xe2\xbc\xee\x08\x25\x86\x49\x31\x9d\x74\xfd\x78\x4d\x3d\x30\xa9\x09\x2c\xb2\x3e\x51\xce\x00\xbb\xf8\x1a\x46\xbc\x0d\x8b\xba\x9f\xe3\xf6\x05\xf5\x4e\xe2\xa0\x31\x1e\x1c\x19\xae\xe2\x6c\x84\x3d\x72\x52\xd9\x03\x80\xc9\xd8\x6f\x1d\x1c\xbb\x21\x64\x1b\xc1\x9a\xdf\xfa\x60\x8f\xa5\xb8\x26\x0c\x3d\xac\x2e\x0d\x81\x00\xc8\x70\xdb\xaf\xab\x5e\x4a\x5c\x6e\x5d\x48\x75\x35\x2e\xce\x31\x33\xe0\x8d\x48\xe0\x38\x74\xe6\xe5\x28\xb5\xa4\x3d\x08\xc8\xe9\x05\xf7\x98\xf0\x52\x7c\xff\x5c\xda\x99\x95\xe8\x4a\xcb\x47\xee\x85\x44\xbe\x93\x7f\xcb\x64\x64\x6d\x2f\xd2\xd5\xc3\x1e\xef\x83\x62\x97\xe0\x3d\xca\x24\xb1\x59\x96\x4a\x70\x30\x7a\x82\x7f\x6e\x7f\x37\x93\xf6\xff\xad\x54\xa6\x5d\x40\x09\x26\xe8\x07\x97\xe6\x05\x0e\x77\x6b\xbf\x66\xdc\x1b\xdf\x75\x08\x81\x2e\xd0\xfe\xbd\xa7\x74\xf5\xed\xa4\x92\xb3\x75\x1e\xcc\x76\xa6\x58\x24\x1f\xa6\x45\x22\xc5\xdd\xef\x53\x74\x78\x7a\x1b\xc6\xf0\x5c\x84\xa5\x23\x06\x8a\xc6\x6a\x3c\xa5\x39\xda\x70\xe1\x6d\xde\xa8\x97\xf9\x6f\x5d\x48\xe1\xef\x18\x5f\x08\x43\x6d\xaa\x20\xfc\xb0\xb2\x39\xde\x9b\x2b\xb0\x00\x07\xed\xa2\xdb\xdc\xc1\xf5\xfd\xf1\x39\x98\x68\x2d\x66\xcd\x4a\xab\x31\x57\xf7\xeb\xce\xc0\x92\xdc\x6b\xd0\x8f\x4d\x10\x77\x80\xd3\x73\x19\x24\xcf\xa0\x67\xf6\x22\x18\x07\x8a\x2a\xf1\x29\xf4\x05\x9d\x46\xd7\xc7\xbe\xbb\xf6\x7b\x59\x53\xdd\xa3\x0c\x96\xfe\x58\x43\xe8\xa3\xc0\xa1\x5a\x6b\x2f\x21\x0f\xfb\xff\xd4\x76\xc9\xc7\x61\x34\x06\x16\xb1\xca\x8a\x6b\x44\x9d\x1e\x33\x8f\xd9\x09\xfd\x9a\x84\xc7\x33\x87\x11\xbe\x1d\x50\x76\x2a\x48\x29\x9b\x18\x44\x82\xd2\xcd\x18\x84\xaf\x70\x76\x68\xd1\x0c\x2e\x1c\xde\xac\x7c\x07\x5d\x7d\x41\x47\xf8\xaa\x3c\xeb\xca\x93\xc1\xb7\xb2\x45\x26\x4c\x0e\xfb\x84\x70\x25\x51\x52\xc4\x8d\x22\x46\x34\x58\x0b\x2f\xf0\x21\x45\x7a\x97\x5a\xa7\x67\x2b\xaf\x13\xa4\xae\x32\xdc\x17\xe1\xf0\x4d\x0b\x2d\x9c\x14\x83\x1c\x87\xe9\x9e\x7e\x0f\x29\x95\x8c\x9b\x58\x4d\x7b\x8a\x7e\x91\xf5\x73\xc0\x42\x61\x73\x91\xad\xed\x64\xbe\xe7\xda\xd5\xf8\x88\xef\xc5\x56\x0f\xba\x3f\x9e\x41\xf7\x80\x94\xb4\x03\xab\xc5\xd4\x22\xc8\xec\x70\xb9\xa9\xce\xe5\x07\x90\x3f\x89\x99\x48\x7e\x60\xd7\x61\xef\x16\x19\x4e\x7c\xc8\x56\xa0\x1e\x6b\x3b\xc5\x92\x39\x7c\xa0\x3b\xec\xb6\xb4\x8f\xc1\x5b\xf1\xf6\xef\xf8\xfe\xc8\xde\x87\x85\xd0\xfe\xa3\x79\xef\xbd\x64\x94\x87\x30\x7b\xba\x15\x30\xa4\x8e\xc1\x06\x97\x8d\xa7\x03\xe9\x17\x07\x20\x1f\xe3\x34\x8d\xe8\xca\xf2\xdd\xe1\xd0\x99\x42\xd4\x77\x12\xf7\x7d\xe3\xf9\xef\xe5\x39\x2e\xf4\x58\x4a\x66\xcf\x96\xb3\x0e\xcc\x6e\xed\x90\x74\x83\x7e\x08\x35\xe1\x90\x65\xd2\xec\xe8\x7d\x38\xb4\x26\xc7\x03\xb8\x82\xce\xc8\x3c\xbb\x8b\x48\x4f\x68\x85\x83\x2c\xa2\x58\x7b\x2b\xdc\x30\xc9\x2c\x20\xa0\x0d\x92\x64\x73\xff\x36\xa1\xc8\x1e\x58\xd5\x55\x49\xa0\x6f\xb7\xb0\xfd\xd1\x35\xed\x5f\x63\xb4\xcc\xa0\x06\x8b\x2d\xa1\xb1\x12\xd4\xcb\x04\x34\x07\xc2\x1c\x53\x5f\xd3\xc4\x55\x93\x22\xe3\x04\x69\x79\x4c\x90\xa3\xc3\x0d\x8f\xd5\x36\x5c\xe3\xf4\x32\xf6\x13\x14\x8b\xc7\xd5\x75\xc1\xd2\xda\x1d\x4b\x06\x8d\xe1\x36\x6f\x62\xa6\x94\xe9\x76\xf2\xe2\x64\xd4\x49\xd9\xe3\xf9\x04\x00\xf4\xf2\x5c\x11\x52\xd1\xed\xb9\xb0\x98\x16\x78\x72\x27\xee\xef\xf8\x0a\xc3\xf2\x50\x16\xde\x25\x33\x25\x47\x54\x90\x48\x23\x03\xaf\xa8\x7b\x39\xad\xee\x7f\x92\xc0\x31\x85\xf8\xbe\x67\xfe\x8e\x85\x0e\xe3\xa5\x71\x80\x94\x74\xbc\xf4\x62\x37\x3a\x47\xaf\xe1\xa4\x59\x21\x75\xd1\x10\xc3\x65\x9e\x56\xec\xfe\x2e\xca\xf2\xc3\x81\x68\x43\x32\xdc\x0e\xa3\xf7\x6c\x17\x99\xd5\xc7\x95\x4c\xcd\x01\xca\x4d\x3c\xc4\x88\xe9\x8e\xfe\x8c\xcb\x87\x57\x27\x3b\xbf\xd0\xe8\xf9\x4a\x18\xe4\xbc\x18\x79\x93\xac\x29\xc3\xd4\x5a\xa4\x58\x52\x53\x71\x71\x90\xcf\xc1\x6b\xdf\xc9\x0c\xec\xab\x6f\x02\x2b\x3c\x96\x29\xe4\xd4\x4c\xf9\x46\x03\x33\xd3\x48\xd0\xdf\x3f\xbc\x8f\xfe\x61\x73\x37\x25\xea\x22\xc5\x71\x83\xb5\x06\x22\xf3\x20\x25\x3d\x54\x69\x2c\x32\xba\x2d\x1d\x22\x72\x35\x79\x62\xe0\x9f\xc7\xfa\x98\xa1\x92\xd6\x47\xca\x93\xd5\xdb\x9c\x05\x60\xa4\x6a\x79\x74\x08\xd2\x1b\xe5\xd1\x4c\x88\x98\xfc\xf1\xf8\xe4\x6c\x2b\xe1\x9e\xee\x41\x7f\x17\xb5\x81\x2b\xe0\x4c\x60\xa5\x0c\x8f\x4a\x3b\x96\xe7\x59\xdf\x5a\x25\x31\x48\x42\xef\x58\x34\xa9\xbf\xe3\xec\x69\x03\x12\x2a\xbd\xeb\x8d\xa1\xbf\x14\x6c\xa5\xb0\xb6\x45\x1b\x3f\x6a\x0c\xd7\x42\x12\x0b\x02\x5c\xa4\x9b\xb9\x5c\x47\xfb\x27\xfa\xe4\x38\xcb\xae\x39\xcd\x9b\x50\xf7\x67\x35\xf6\x56\xe0\xc6\x89\x6c\x87\xb9\x1c\x1c\xa7\x44\x4d\x0d\xe2\x5c\xe6\x0d\xb8\x1b\x9b\x7e\xfe\xbf\xfc\x1f\xf2\x4e\xe9\xd5\xf7\x7d\xa9\x22\x72\x52\x46\x86\x33\xb8\xeb\x99\x5e\x26\x45\xb1\x54\x3d\x84\x32\x62\xc2\x60\xc3\xc6\x91\x11\x4e\xbc\x40\x39\x62\xc2\x37\x4e\xf5\x9c\xe6\xd1\xdd\x7c\x4d\x22\x31\x0c\x5f\x64\x2d\x76\x6d\x41\x89\x3b\x99\x3f\x9a\x69\x83\x1f\x82\xaa\xb3\x10\x4c\x64\xb0\x8b\x0e\x34\x19\xad\x44\x68\x60\x88\xcd\x8a\x4a\x67\x4e\xdc\xea\x4e\xe9\xf2\xe8\xa0\x2a\xb1\x14\x50\x06\x0f\x76\xa7\xc1\x95\x4f\x67\x6d\xe7\xbf\x79\x16\x69\x94\x57\x09\x1e\xb0\xad\x3b\x75\x93\xe7\xf3\x8d\x62\xf9\xb5\x67\x61\xa9\x15\xb4\x1d\x03\x5b\xa1\x29\xd1\xac\x46\x6e\x5e\xae\xa7\x6d\x00\xc4\xd8\x3e\x17\x54\xe3\xd1\xe6\xf0\x09\x3c\x66\x5d\x86\x0b\xcf\x0b\x98\x50\x40\x1a\xca\xba\x34\xa0\xf7\x74\x30\x07\x73\xc4\xab\xb9\x0e\xfc\x56\xbc\x7d\x2a\xd1\x2d\x2f\x58\xce\xfa\x5b\x58\x16\xfc\xee\x50\xa1\x18\x45\xa2\xd5\x19\x76\x93\xea\x3b\x38\x00\x89\x21\x9f\x5a\x42\xc6\x9f\x9a\x47\x62\xc9\x1a\xe6\x44\x9e\x13\x99\x5f\x66\x6a\xd5\x21\xf9\x2e\xdb\x3f\x4b\x65\xa0\x46\x75\xdb\x8e\xbb\xc9\xa2\xd1\xac\xda\x5b\x67\xed\x6a\xf5\x52\x51\x41\xfd\x7a\xee\xf7\xc5\x8f\x54\x9a\xc3\x92\x55\x70\x5e\xb0\x84\xf4\xf0\xa2\x61\xf4\x3c\x27\xcd\xce\xfb\x7d\x9e\x15\xce\x63\x99\x58\x20\x72\x9b\x32\x74\x9e\xb8\xd9\x43\x2d\x7c\x3c\x25\xb4\xb1\xda\xa5\xb6\x45\x74\x03\x94\xca\xaa\xe6\x3b\xfd\x9e\x18\x20\x7f\xcc\xfb\xe0\xe2\x63\x92\x58\x22\x95\x74\xfc\xc7\x97\x1e\x3e\xb1\x1b\xfd\xf7\xdc\x77\x0c\xea\x4a\x94\x14\x91\x30\x67\x55\x8f\x7e\x54\x2c\xc6\x27\x24\x77\x48\x95\x19\xcf\xae\xcf\x51\x36\x1b\x7d\x39\x54\x0b\xbc\x1d\xa8\x4c\x6e\x56\xe2\x1c\x68\x37\x34\xfc\x3d\x9e\x52\x22\x56\x95\xea\x37\x05\x63\xb1\x53\xb8\xdc\x87\xad\x11\x99\x24\x7a\x23\xa8\x60\x46\xc7\x30\xfb\xce\x29\xfe\x99\xe0\xcf\x3e\x76\x2f\x6c\xa3\xa1\x4b\x03\xff\x53\xd4\x12\x2d\xa0\x66\x4a\x31\xd2\x04\x16\x0f\xcc\x24\x89\xea\xa9\xfa\xf0\x30\xf6\xd6\xa4\x3f\x98\xaf\xce\x7f\x7f\x7f\x0c\xc3\xa0\x1e\xf1\x52\x6d\xac\x38\x27\x8d\x13\x43\x19\x10\xc2\xd6\x91\xa7\x82\x75\xe0\x70\x2c\x8b\xcd\x0f\x47\x54\xb4\x75\x35\xde\xcb\xff\x3f\xb2\xdb\x3d\x23\xb9\x5f\x84\xe5\xe6\xe7\xfe\x67\xc7\x19\xde\x9b\x07\x21\xea\x53\xe2\xc6\x8c\x91\x10\xe6\xa9\xef\x32\x51\xe7\xeb\xb2\x28\x00\xdc\xab\x30\x9c\x22\xab\x37\x39\xb4\xe8\x88\x44\x82\x75\x42\xd9\x62\xc2\xaf\xb2\xdc\x2f\x02\xb4\x50\x94\x73\x7f\xb1\xc3\xb9\x54\x38\x70\x70\x9b\x33\x7d\x9d\x8f\x18\x39\x71\x36\x8a\x28\xa3\x36\x0a\xec\x7c\x89\xde\x83\xe0\xc5\xfb\xfc\xff\xa0\x3c\x1b\xc4\x28\x84\xa8\x39\xe8\x18\x88\x26\xb1\x9f\x3a\x7e\x7b\x82\xb4\xe2\x33\x9d\x3d\x70\x17\x1d\xe9\x2a\x60\xe2\xe1\xc7\x3d\x36\x03\x82\xae\xdc\xc2\x37\x40\xc6\x24\x4d\x69\x29\x9d\xd3\x9e\x01\x10\x91\xb2\xfa\xe1\x0f\x4b\xa3\xc7\xfc\x57\x0b\x0e\xa6\xa5\xd7\xb9\x4f\x08\x12\x78\x8a\xc1\x84\x2e\xb6\xf9\x17\xad\x73\xa4\x3a\x8f\x51\x1b\x22\x17\x95\xb9\xa6\x25\xd6\xb8\xad\xab\x77\xbb\x09\x03\x43\xac\xde\x49\x30\xc6\x43\xb9\xb6\x0a\xf0\x27\xed\x4e\x3c\xc7\xfa\xcd\xcb\x17\x5e\x81\xd9\x13\x8d\xb6\x8d\xb9\xd8\x52\x16\xe1\xaf\xa9\x0c\x3f\x38\x97\xa2\xcd\x7e\x2c\xba\xf5\x9f\xaa\x93\xac\x54\x4c\x22\x13\x99\xd0\xa2\xc7\x60\x1c\x6c\x63\x00\x62\x53\xc9\xe4\x3f\x1e\xd3\xf8\xcd\xd3\x1f\x92\xcb\xc9\x19\xb0\xb2\xf0\x48\xee\x42\x9b\xaa\xc4\x2f\x90\x7d\x36\x28\x19\x31\x81\x4e\x7f\x93\x7b\x51\xf2\xc6\xa7\x72\x46\x9f\x0d\x3d\x66\x6c\x5c\x23\x14\x1a\x0a\xf6\xfb\x38\x04\x47\x98\x10\xfc\xd8\x52\xf9\x8a\x5e\x5d\xf9\x08\x2c\x14\x9b\xc2\x39\xd3\x7b\x89\x44\x7a\xf0\x2e\xba\xe2\x7a\xde\xa0\x98\xd7\x84\x09\xfa\x9a\xe8\x73\xb1\x12\x68\x4c\x75\xd6\x8d\x44\x7c\x7f\xc8\x0a\x45\xa7\x26\xb2\x72\xd5\x57\x67\x8d\xa7\x10\x16\x79\xc6\xa5\xb4\xd7\x0f\x4d\xb6\x05\x39\xfd\x11\xd1\xf2\x13\x92\xb7\x92\x2d\x12\x78\x11\x25\x51\x2e\xb1\xdc\x45\xdb\x4c\xd2\xe6\x47\x34\xe3\xa9\xdb\xf8\x99\xec\x22\x03\xe1\x00\x1b\x3d\x36\x46\x63\xd4\x87\xc6\x90\x18\xcb\x91\x22\xb5\xf4\xe1\xa2\x76\xd1\x70\x88\xdf\x74\x6b\xa3\xe7\xc1\x0e\x1c\xad\x22\x6f\x6c\xd2\xad\x90\xcc\x3d\x14\x8c\x95\x1d\x32\xc0\x03\x41\xbf\x08\xec\x71\x58\xd2\x2b\x33\x75\xf7\xed\x67\x30\xff\x9f\x0a\xf7\x9b\x1e\x8e\xfd\x16\x4b\x04\x6c\x6a\x3d\xf7\xbc\xd9\x25\xe4\x9b\xf5\xbb\x4d\x16\xac\xe6\xab\x92\x5b\xee\x37\xb7\xb5\x32\x1d\xa6\xf3\x62\x6f\x33\x02\x5e\xbc\x38\x14\xf4\x4a\x27\xa7\xe3\x9c\x5e\xcf\x8c\x52\x63\xc5\x0e\x5d\x49\x27\x39\x77\xc1\xdd\xce\xc8\x6c\x85\xc4\x1d\xe8\x55\x8c\xcc\x7c\xc9\x46\x9f\x4a\x5a\xb1\x04\xdb\x7b\x3e\xaf\x89\x51\xf5\x31\x5f\x56\x40\xc5\x1e\x8c\x49\x29\x0c\x7b\x14\x66\x88\xb7\x2e\x22\xc5\x17\x8b\xb1\x20\xbe\xaf\xe3\xa1\x0d\xd3\x3e\x6a\x34\xb8\xe2\xab\x0a\x8d\x88\xf1\xbf\x23\x46\xf0\x6e\x6c\xbe\xb8\x01\x59\xf8\x5b\x69\xef\xe2\x98\x4f\x3a\xcb\xf1\x03\x53\x97\xc0\xe0\x27\x42\x0c\x59\x1b\x2c\x51\x15\xe4\xc4\xbc\x43\x19\xb6\xa8\xed\xc2\xaa\x62\xc7\x60\x0e\x49\x02\x9f\x8d\x7d\x80\x87\x13\xcc\x76\x55\x66\x44\x0a\x42\x7a\xc5\x76\xe5\xa2\x31\x8e\x09\x94\xa0\x0b\x56\xb7\xcf\x16\x27\x78\x87\xb2\x26\x93\x39\x6c\x28\xbf\x73\x41\x33\xdf\x5e\x65\x49\x71\xde\xc6\x8d\x22\x56\x31\xfc\x66\x9e\x56\x19\xc1\xc7\x8d\xf3\xca\x98\x60\x48\x9a\x29\xa5\x23\x4e\x05\x4b\xcd\x3c\x54\x32\x76\xc0\x7e\x15\xa1\xca\x7e\xf6\x0c\x6e\x20\x35\x95\x62\x73\x3c\x1b\x3b\xd1\x5a\x9c\x72\xa8\xf9\xac\xb0\x40\xf8\xf8\x5a\x4f\x10\x31\x3a\x4f\xc7\xe8\xcb\x89\x73\xae\x0b\x56\x29\x24\x71\x6d\x16\x8a\xa4\x31\xcf\x63\xa5\xc2\xe1\x82\xb4\x8b\x55\x19\xf3\x76\xde\x39\xca\x03\xd5\x53\x5a\x58\x68\xd2\xcf\xff\x41\x0e\x3f\x24\x8d\xe1\xef\x81\xb2\x05\xbc\x17\xa8\x4c\xbf\xeb\xb4\x6d\xeb\x4e\x56\xdc\xd3\x55\xd7\x14\x8a\x56\xf2\x5d\xee\x58\x96\x91\x2e\xc9\x01\x24\xbe\xf2\xd8\x82\xe9\xd4\xa0\x27\x69\xb3\xab\xcb\xc8\xf3\x67\xde\xec\xce\x8c\x22\xb0\x45\xf4\xd7\xb8\x7d\x89\x08\xb0\xaf\x7f\x2a\x1f\x53\xba\xd8\xd3\xf8\xe0\xb6\x5b\x00\x53\xab\x1e\x28\xec\xe7\x25\x0a\xb2\x81\xbc\x19\x70\x97\xcf\xe8\xb2\xa7\xcf\xb5\x52\xf8\x28\x69\xb8\x82\x41\xe7\xd0\x5d\x24\xac\xa3\x25\xc6\xf2\xfa\xd8\x5c\xe7\x9b\xfc\x2a\xec\xdb\x79\x8f\x40\xe1\x11\x18\x9f\x17\x85\xcb\xbe\x40", 4096); *(uint32_t*)0x20003710 = 0x1000; *(uint32_t*)0x20003714 = 7; *(uint32_t*)0x20003718 = 0x200036c0; memcpy((void*)0x200036c0, "\x38\xe3\xda\xc1\xca\xb0\x0f\xeb\x39\xc4\x8e\xdf\xaf\x42\xb6\x04\xf0\xc0\xfb\xea\xa3\x0d\x70\x23\x51\x9c\xe5\x89\xe4\xd9\x0d\x7d\x17\x1c\xbe\x75\x9e\x9c\x40\x81\x9d\x99\x46\xab\xfa\x97\x37\xe1\xbd\xdd\xfb\x4f", 52); *(uint32_t*)0x2000371c = 0x34; *(uint32_t*)0x20003720 = 0x10000; memcpy((void*)0x20003740, "/dev/tty\000", 9); *(uint8_t*)0x20003749 = 0x2c; memcpy((void*)0x2000374a, "syz0\000", 5); *(uint8_t*)0x2000374f = 0x2c; memcpy((void*)0x20003750, "+@", 2); *(uint8_t*)0x20003752 = 0x2c; memcpy((void*)0x20003753, "*^:[-,-,&{#", 11); *(uint8_t*)0x2000375e = 0x2c; memcpy((void*)0x2000375f, "syz0\000", 5); *(uint8_t*)0x20003764 = 0x2c; memcpy((void*)0x20003765, "audit", 5); *(uint8_t*)0x2000376a = 0x2c; memcpy((void*)0x2000376b, "obj_role", 8); *(uint8_t*)0x20003773 = 0x3d; memcpy((void*)0x20003774, "syz0\000", 5); *(uint8_t*)0x20003779 = 0x2c; memcpy((void*)0x2000377a, "obj_user", 8); *(uint8_t*)0x20003782 = 0x3d; memcpy((void*)0x20003783, "^\356%", 3); *(uint8_t*)0x20003786 = 0x2c; memcpy((void*)0x20003787, "subj_role", 9); *(uint8_t*)0x20003790 = 0x3d; *(uint8_t*)0x20003791 = 0x2c; memcpy((void*)0x20003792, "mask", 4); *(uint8_t*)0x20003796 = 0x3d; memcpy((void*)0x20003797, "^MAY_EXEC", 9); *(uint8_t*)0x200037a0 = 0x2c; memcpy((void*)0x200037a1, "uid", 3); *(uint8_t*)0x200037a4 = 0x3d; sprintf((char*)0x200037a5, "%020llu", (long long)0xee00); *(uint8_t*)0x200037b9 = 0x2c; *(uint8_t*)0x200037ba = 0; res = -1; res = syz_mount_image(0x200025c0, 0x20002600, 4, 3, 0x20003700, 0x1040000, 0x20003740); if (res != -1) r[1] = res; break; case 5: syscall(__NR_read, (intptr_t)r[1], 0x200037c0, 0x12); break; case 6: *(uint64_t*)0x20003800 = 7; syscall(__NR_sendfile64, (intptr_t)r[0], (intptr_t)r[1], 0x20003800, 0); break; case 7: *(uint16_t*)0x20003840 = 0x81; memcpy((void*)0x20003842, "\xd8\xe8\xf6", 3); syscall(__NR_setsockopt, (intptr_t)r[0], 6, 2, 0x20003840, 6); break; case 8: *(uint32_t*)0x20003880 = 4; syscall(__NR_ioctl, -1, 0xc0044dff, 0x20003880); break; case 9: *(uint32_t*)0x20003980 = 0x200038c0; *(uint16_t*)0x200038c0 = 0x10; *(uint16_t*)0x200038c2 = 0; *(uint32_t*)0x200038c4 = 0; *(uint32_t*)0x200038c8 = 0x1000000; *(uint32_t*)0x20003984 = 0xc; *(uint32_t*)0x20003988 = 0x20003940; *(uint32_t*)0x20003940 = 0x20003900; *(uint32_t*)0x20003900 = 0x14; *(uint8_t*)0x20003904 = 7; *(uint8_t*)0x20003905 = 1; *(uint16_t*)0x20003906 = 0x801; *(uint32_t*)0x20003908 = 0; *(uint32_t*)0x2000390c = 0; *(uint8_t*)0x20003910 = 0; *(uint8_t*)0x20003911 = 0; *(uint16_t*)0x20003912 = htobe16(0xa); *(uint32_t*)0x20003944 = 0x14; *(uint32_t*)0x2000398c = 1; *(uint32_t*)0x20003990 = 0; *(uint32_t*)0x20003994 = 0; *(uint32_t*)0x20003998 = 0x40800; syscall(__NR_sendmsg, -1, 0x20003980, 0x20000000); break; case 10: memset((void*)0x20000000, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x20000040, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000040, 8, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000041, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000042, 0x7f, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000043, 0, 7, 1); *(uint8_t*)0x20000044 = 8; *(uint8_t*)0x20000045 = 2; *(uint8_t*)0x20000046 = 0x11; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; memset((void*)0x2000004a, 255, 6); memset((void*)0x20000050, 255, 6); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000056, 0xffd, 4, 12); memset((void*)0x20000058, 255, 6); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0xc, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 1, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x2000005e, 0, 7, 1); *(uint8_t*)0x2000005f = 3; STORE_BY_BITMASK(uint8_t, , 0x20000060, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 2, 2, 2); STORE_BY_BITMASK(uint8_t, , 0x20000060, 9, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 1, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 2, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 1, 5, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x20000061, 0, 7, 1); STORE_BY_BITMASK(uint16_t, , 0x20000062, 0x3d, 0, 15); STORE_BY_BITMASK(uint16_t, , 0x20000063, 0, 7, 1); *(uint8_t*)0x20000064 = 8; *(uint8_t*)0x20000065 = 2; *(uint8_t*)0x20000066 = 0x11; *(uint8_t*)0x20000067 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 1; *(uint8_t*)0x2000006a = 8; *(uint8_t*)0x2000006b = 2; *(uint8_t*)0x2000006c = 0x11; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 1; *(uint8_t*)0x20000070 = 8; *(uint8_t*)0x20000071 = 2; *(uint8_t*)0x20000072 = 0x11; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; STORE_BY_BITMASK(uint16_t, , 0x20000076, 0, 0, 4); STORE_BY_BITMASK(uint16_t, , 0x20000076, 0x1f, 4, 12); STORE_BY_BITMASK(uint8_t, , 0x20000078, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000078, 0, 4, 1); STORE_BY_BITMASK(uint8_t, , 0x20000078, 3, 5, 2); STORE_BY_BITMASK(uint8_t, , 0x20000078, 1, 7, 1); *(uint8_t*)0x20000079 = 0; memset((void*)0x2000007a, 255, 6); *(uint8_t*)0x20000080 = 8; *(uint8_t*)0x20000081 = 2; *(uint8_t*)0x20000082 = 0x11; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 1; *(uint16_t*)0x20000086 = 0xbf; memcpy((void*)0x20000088, "\xaf\xaf\x3a\x13\x5b\x6b\xac\xd8\xc9\xb7\x0b\x5e\xec\x9a\xb1\x84\x05\xdd\xe2\x16\xb1\xb5\xdb\xe7\x0c\x82\xea\x52\xa1\x47\x7c\x8b\xcc\x0a\xde\xba\xd8\x78\x9e\x03\xdf\x9b\xee\xa6\x7c\xea\x53\x1e\x77\x6e\x7e\xc4\x41\xe1\x09\x95\x46\x0e\x4e\x96\x46\x78\xb8\xb2\x0c\xae\x08\x4a\xb4\x0b\xef\x38\x9b\xb7\x2f\xe3\x66\xea\x91\xa8\xa2\xb9\x52\xbc\x69\x7a\x86\x3d\x47\xc4\x92\x0f\x77\x97\x6c\xcd\xa9\x72\x3c\x4d\x4c\xf4\x31\x64\xb5\x7e\x37\x39\x25\xd2\x15\x94\xad\x58\x2b\x2b\xd6\xb7\xfc\xe0\xe2\x1d\x27\x2a\x02\x2f\xb6\x3e\xfa\xe8\x20\x4e\x2e\x38\x18\x08\x48\xfd\x29\x86\xc8\x47\x24\x1f\x05\xb4\x79\x5e\x31\x95\x82\x3f\x4b\x17\xf3\x40\xc2\x4f\x45\xbf\x4f\xc3\x3a\x8b\x5d\x06\x49\x78\x0b\xad\x0b\x16\x00\x23\x1b\xcd\x85\xe1\x04\x40\x43\xb3\xf5\x2b\xdd\x66\x46\x2c\x52\x86\x9b", 191); *(uint8_t*)0x2000014a = 8; *(uint8_t*)0x2000014b = 2; *(uint8_t*)0x2000014c = 0x11; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; memset((void*)0x20000150, 255, 6); *(uint16_t*)0x20000156 = 0xf3; memcpy((void*)0x20000158, "\xdb\x74\x58\x60\x3e\x1d\xb9\xe8\xb6\x10\x9f\xf2\x53\x17\x6f\xc3\x10\x5d\x34\x45\x42\x94\xa0\xc3\x6f\x5e\x76\x59\x0e\xe3\xb3\xa3\x91\xdd\x28\x47\xab\xe2\xef\x4c\x4f\x07\x62\xcb\xb0\x9a\x37\xf4\x06\x75\xba\xca\x09\x07\x28\x2c\xe7\xdc\x1a\x10\x4c\xb3\xe9\x13\x84\x93\x0e\xde\x72\xf3\x72\x0d\xac\x99\x76\xa6\x59\x8b\xc0\x38\x5e\x0e\xb8\x29\x5e\xde\xe6\xbf\x8e\x31\xf2\x43\xb2\x84\xe9\xde\x82\x3d\xbc\xf1\xfa\x70\xc6\xc5\x7d\x44\x72\xf2\x0f\x03\x1c\xd4\xcc\xc7\x99\x5b\x00\x36\xd0\x24\xf0\x51\x22\x0c\xf8\xcc\xfa\xcc\x5e\xef\x5c\xc5\x45\xc5\x20\x8e\x0a\xe0\xb6\xfa\xd6\x95\x65\x42\x26\x29\x30\xe5\x61\x77\xef\x3f\x3f\xd1\xfc\xf9\xab\x7f\xa1\x04\xc2\xfd\x2c\xaf\xbf\xc7\x96\xda\x4a\xf4\x24\x53\x1e\x82\x5b\x32\x39\x4a\x16\xb5\xa9\x0e\x3b\x36\xd9\xd7\x5f\x35\xbc\x95\xc7\xb6\x5c\x57\x74\xb3\x3d\x1a\x74\x46\x4b\x24\x0d\x9b\x44\x20\xde\x38\x65\xe4\xeb\xfa\x97\x05\xfa\x60\x6c\xa4\x22\xeb\x0a\xe3\x31\x26\x57\x4d\x2b\x01\xdc\x83\xd7\x0c\x24\x87\x47\x08\x7c\x72\xf0\xda\x02\xe8\xe8", 243); *(uint8_t*)0x2000024e = 8; *(uint8_t*)0x2000024f = 2; *(uint8_t*)0x20000250 = 0x11; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 1; memset((void*)0x20000254, 255, 6); *(uint16_t*)0x2000025a = 0xdd; memcpy((void*)0x2000025c, "\xd7\xe9\xb2\x4c\x0c\xc9\x92\xb1\x8a\xa2\xd9\xf9\xe1\x70\x9a\x8c\x2f\xe8\xb2\xce\xb2\x7a\x74\x9e\x52\x61\x7c\x6d\xb9\x66\xc1\x54\x69\xb1\x4f\x62\x71\xd9\xec\x1c\xaa\x53\x7e\x60\x5d\x09\xc7\xaf\x27\x1d\x95\x9a\x7b\x13\x75\xfb\xad\xa3\xd4\x78\x40\xb8\xfb\xde\x2f\x3a\xb2\x82\x04\x40\xce\xff\xb1\x6c\xc4\x41\x60\xf3\xa3\xab\xd7\x0b\x05\x9e\x3b\x32\x1e\x3a\x1a\x48\xec\xa2\xb3\x81\x9d\x05\x95\x82\x2e\x17\x76\x7f\x5a\x9c\xce\x0a\x0a\xa1\xcf\x8a\x17\x63\x78\x09\x43\x87\x2b\x12\x7a\xb5\x59\x03\x6a\x8d\x87\x03\xe1\x79\xc0\xde\x7c\x00\xdb\xd0\x55\x69\x9b\x39\x53\x2e\xc0\xf6\x3b\xb6\x9c\x33\x1f\xb4\x15\xe2\x53\xc2\x6a\xbf\x85\xa2\x0b\x69\xf3\x3d\x25\xa8\xa0\x66\xaa\x10\xa9\xc1\xad\xd2\x02\xfa\x9d\x6c\xd6\xdb\xda\xf0\x56\x01\xd6\x8e\x95\x53\xba\x9e\xe5\x39\x31\xaa\x19\x38\x21\xc7\x80\xf0\x5d\xfd\x3c\x33\xaa\xd8\x4e\xf5\x50\x98\xb4\xb8\x21\x2c\xf5\xd6\xa4\x3b\x5a\x09\x98\x66\xec\xbb\xc1", 221); *(uint8_t*)0x2000033a = 8; *(uint8_t*)0x2000033b = 2; *(uint8_t*)0x2000033c = 0x11; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 1; memset((void*)0x20000340, 255, 6); *(uint16_t*)0x20000346 = 3; memcpy((void*)0x20000348, "\xd7\x1a\x49", 3); syz_80211_inject_frame(0x20000000, 0x20000040, 0x30e); break; case 11: memcpy((void*)0x20000380, "wlan0\000", 6); memset((void*)0x200003c0, 2, 6); syz_80211_join_ibss(0x20000380, 0x200003c0, 6, 0); break; case 12: memcpy((void*)0x20000400, "bpf_lsm_sb_remount\000", 19); syz_btf_id_by_name(0x20000400); break; case 13: memcpy((void*)0x200008c0, "\xc4\xc3\x2d\x0e\x45\xf5\x08\xc4\xe1\x5b\x10\xeb\x26\x81\xf9\xf6\x03\x9e\xec\xc4\xc3\x79\x61\x78\x01\xd2\x07\x66\x0f\x38\x29\x5c\xd0\x2f\xd9\xf6\xf2\xdd\xcd\xc4\xc1\xf8\x11\x45\x0f\x0f\x34", 47); syz_execute_func(0x200008c0); break; case 14: memcpy((void*)0x20000940, "/dev/pktcdvd/control\000", 21); res = syscall(__NR_openat, 0xffffff9c, 0x20000940, 0x10400, 0); if (res != -1) r[2] = res; break; case 15: memcpy((void*)0x20002c80, "./file0\000", 8); res = syscall(__NR_statx, -1, 0x20002c80, 0x800, 8, 0x20002cc0); if (res != -1) r[3] = *(uint32_t*)0x20002cd8; break; case 16: memcpy((void*)0x20003040, "./file0\000", 8); res = syscall(__NR_stat, 0x20003040, 0x20003080); if (res != -1) r[4] = *(uint32_t*)0x20003090; break; case 17: res = syscall(__NR_read, -1, 0x20003100, 0x2020); if (res != -1) r[5] = *(uint32_t*)0x20003114; break; case 18: res = syscall(__NR_getgid); if (res != -1) r[6] = res; break; case 19: *(uint32_t*)0x20005540 = 0xe4; res = syscall(__NR_getsockopt, -1, 0, 0x11, 0x20005440, 0x20005540); if (res != -1) r[7] = *(uint32_t*)0x20005474; break; case 20: res = syscall(__NR_getgid); if (res != -1) r[8] = res; break; case 21: memcpy((void*)0x20000980, "\x5e\xb2\xb7\x65\xeb\x13\xfe\x60\x55\xad\xbc\x43\xba\x06\xda\x06\x24\x08\x5c\x4b\x07\x4c\xa1\x07\x58\x89\x67\x7f\x06\x6e\x7b\xe4\xde\x1a\xde\x66\x43\xe3\x84\xe7\x46\x94\x78\x49\xca\xe6\xc4\xbd\x22\x47\xb9\xd0\xdc\xf8\xd7\x4f\x73\xc8\x65\x98\x3a\x7d\x81\xfa\x41\x8b\x52\x27\xbf\xe2\xca\xe4\xda\xab\xc8\xfd\x12\x12\x43\xc0\xfe\x33\x9f\x30\xd7\xad\xe9\xb7\x9e\x07\xaa\x3b\x49\x20\x01\xcb\xf7\x1f\x43\xd1\x92\xa2\xb9\xb7\x71\x60\x8f\x80\x9c\xab\x41\x48\xc9\xbc\xb1\x8a\xd7\x38\x1a\xda\xb1\xf2\xf5\xe3\x23\xa6\x92\x49\xbf\x8f\x2b\x5b\x0e\x98\x65\x57\xda\x94\x36\x23\xa6\x6e\xc4\x20\xb9\xb7\xbc\x01\x43\x4d\x0a\x62\x88\x6d\x00\x72\xf8\x30\x51\xbe\xd9\x58\x84\x3e\xc0\xad\xab\xae\xc0\x68\xe2\x33\x3b\xdc\x15\x62\x2e\xfd\x5d\x7e\xb6\x8c\xfd\xda\x7d\xe3\xfd\xaf\xaa\x75\x78\x7f\x0f\x7f\x3a\x5a\xae\x1c\xfe\x1f\xaf\x07\x9f\x18\x35\xbe\x70\x44\xf2\xde\xe0\xe2\xb2\x28\x27\xf8\xce\x93\x99\xba\x9b\x6d\x67\x5a\xaa\xfc\x82\x72\x62\xb7\x01\x65\x9d\x34\xe6\x87\xd6\xf0\xf8\x06\x66\xef\x60\x37\x1f\x36\xfc\x8e\x7a\xb0\x1b\x1b\x1f\x74\x1b\xab\x29\x0b\x37\x42\xbc\xa7\xd9\x00\xac\xac\xd0\x03\xbb\x0e\x24\x97\xa7\x41\x3e\x2a\x94\x61\x0c\x93\xf5\xb5\xf6\xa0\xaf\xfc\x55\x4d\xfa\x69\x6f\x33\xa4\xe0\x76\x99\x55\x29\x81\xc8\xf1\x7e\xec\x12\x1b\x79\x8f\xfd\xa5\xa8\x1f\x60\x90\x05\xee\xe8\x86\x2d\xa6\x33\x95\x0d\x1c\x36\xb1\xf5\x7f\x20\x1d\xfa\xa2\xff\xb4\x3b\xfb\x89\xb9\x37\xdf\xe8\x91\x65\xa7\x83\x26\x4b\x5c\xd3\x93\xe5\xe8\x1e\xfb\x8d\x94\xe2\x8e\xa4\x17\xcf\x7f\x14\x55\x20\xc2\x01\xcd\x9b\xc8\x43\xa7\x8a\xe0\x7c\x3a\x9d\x81\x2a\x99\xb9\xd0\x1f\x4f\x8a\x60\x93\x70\x77\x19\x2f\xb2\x9e\xf9\xe9\xca\xd9\x95\x91\x9d\xe3\x3e\x9e\x70\xc9\x5c\x0e\xfe\x9d\x49\xec\xac\xc2\x81\x7d\x76\x4b\x35\xac\xee\xf6\xdb\xd7\xb1\x1d\xa0\xd5\x64\x60\x97\x8a\x67\x9a\x76\x5c\x04\x64\x2e\xf7\xb3\x3d\xa7\x35\xd6\x07\xb2\x1e\xa2\x07\xad\x74\x7b\x67\xda\x18\x62\xb7\x88\x4f\x77\x37\x64\xc5\xc6\xb9\x5b\x0d\x1f\xc0\x79\x90\x9e\x3a\x07\x43\x0c\x52\xf4\x90\x8c\xb8\x64\xca\x7b\x48\x38\x7d\x9c\x93\x03\x87\x81\x15\x80\xb9\xce\xad\x9b\xb5\x6c\x51\x39\xd0\xd5\xc4\xc7\x28\xf7\x66\x70\x59\xbb\x64\xe2\x23\xd3\xe7\xcf\x61\xce\x83\x70\x27\x6d\xd3\x1b\x3b\xd6\x43\xe9\x64\x44\xaf\xea\x51\x78\x7b\xc0\xea\x7e\xde\x0c\x05\x76\x34\x0b\x35\x74\xfb\x1e\xe7\x81\x33\xc2\x9e\xdb\x9c\x63\x72\x42\x00\xf5\xd8\xd1\xfa\x9d\xb4\xfe\x0c\xf9\xa3\xf0\x51\x7f\xdd\x93\x62\x40\xd0\x8c\xa3\xf4\x81\x5c\x56\x2f\xa4\x0c\x50\x29\x2a\x8c\xc6\x7a\xf0\x25\x55\xbf\x5e\x42\x10\xef\xab\xee\x95\x29\x46\xcb\x5a\x3b\x71\x9c\xca\xfb\x90\xc5\xfc\x31\xe2\x8e\x16\xda\x6d\xeb\x0c\x26\x57\xd9\x9b\x2e\x30\xac\x6f\x59\xe6\x93\x5c\x8f\x3d\xe5\xab\xb5\xa6\xa9\xeb\x6d\x64\x63\x81\x31\xfa\x73\x63\x9f\x95\xdc\x71\xd1\x1a\x64\x4c\x6f\xf1\x7e\x26\x66\x5e\x82\x05\x56\x17\x8b\xdf\x6f\x91\xc5\x2f\xac\x27\xf2\xd8\x48\x12\xe9\xbf\xd4\xc5\x3e\x75\x7e\xd5\xdc\xc5\xa3\xc5\x8f\x4f\x25\x4a\x11\xad\x80\x99\x55\x5f\xba\xb9\x2d\x97\x07\xe7\xae\x24\x9d\x37\xb6\x72\xb2\xf4\x66\x6c\xc3\x5f\xfe\x53\xa0\xf5\xf3\x14\xaa\x7e\x32\x9a\xdd\xf6\x0e\x86\x49\x86\x68\x2e\x58\xde\xe8\x78\xcf\x3e\x66\xb3\xc1\xb8\xb0\x45\x70\x21\xcb\xbe\x95\x42\xdf\x24\x01\x04\xfa\x79\x45\xd1\x77\xa8\x05\x1f\xf4\x2d\xff\xe4\x7e\x95\x2c\xaa\x5b\x33\x43\x86\xbb\xe9\x61\x40\xa2\x8a\x74\xcd\x3c\x4c\x66\x6d\xd6\x17\x49\x94\xba\xe6\xc3\x23\xbe\xf3\xcb\xe9\x70\x28\x83\x5f\x03\xb4\x9d\x7c\x49\x69\x13\xec\x17\x27\x23\x46\xe0\x50\xc7\x5c\x58\x76\x0a\xcb\xcd\xed\xfc\x77\x4b\x34\xb1\x9f\x19\x9c\x40\xe0\x2a\xc7\x41\x77\xe3\xf9\x51\xa0\x07\xab\xda\xf0\x0f\xd7\x06\x4b\xbf\x2c\xc4\x44\xd6\xb6\xd2\xb2\x33\xe1\xfd\x99\x5f\xee\xbc\xbf\xaf\xaa\xa4\x4e\xdd\x73\x9b\x7a\x9b\x31\x2b\x08\x23\xbb\xb2\x28\x82\x3e\x13\x2f\xba\xe5\x76\x96\x8b\x7e\x7c\xa5\xca\x01\x98\xda\xae\x85\xda\x7b\x50\x00\x25\x44\xa4\x4f\x94\x8d\xc5\xf4\x86\x20\xe3\xf9\x91\x45\xc8\x72\x7f\xee\x50\x15\x41\xef\x11\x9b\x20\x08\x5e\x36\x40\x52\xa0\x45\x16\x4e\x79\x57\x95\x53\xab\x19\x24\xa5\xe6\x7c\xa4\xbd\xe4\x39\x03\x13\xb7\x6a\x6a\xbb\x95\x0e\x63\x7b\x6b\xd3\xae\x4d\x34\x1e\xa3\x62\x44\x0e\x13\x41\x85\x30\x4e\x36\xf0\x86\x91\x02\x7e\xc7\xff\x34\xd7\x18\x82\x53\x93\xec\xfd\x75\x57\xc8\x2b\x7b\xda\x4d\x24\xb9\x4f\xc5\x3d\x57\x7b\x31\x65\x7b\x00\xe8\x30\x38\x03\xe6\xf1\x5e\x17\xa7\x96\x47\x60\x7f\xfa\x65\x64\x91\x03\xad\x6c\xed\x04\x0a\x84\x22\x24\xb2\x22\x26\xcb\x03\xb1\x0e\x51\xe5\x8d\x69\x5e\xdd\xa7\x7d\xa2\xd7\x84\xc4\x9b\xdd\xa4\x3a\xdc\x0f\x4e\x15\xf3\xe2\xe3\x38\x83\x69\x24\x78\x6b\x90\xb2\xf7\x44\x29\x35\xae\x33\x8e\x34\x4f\xa4\xc0\xd9\xe3\xd7\x48\x71\xd9\x30\xd8\x78\x68\xa2\x69\xc9\x84\x04\x87\x63\xe1\xc4\x38\x47\x9b\x20\xfd\xdb\xc6\x1d\x24\x88\xd7\x0c\xa8\x74\x7f\xff\x73\x1e\xdb\x67\x9b\x88\xbf\x1b\x17\x62\x1d\x32\x76\x15\x1f\xd9\x3a\x9d\xbb\xaf\x1a\x83\xe9\xa8\x0f\x75\xba\x18\xac\x3c\xe6\x59\x8d\xc4\xe6\xb0\x56\x2f\xb0\xbd\x47\x91\x29\x33\x7b\xb1\xc3\xa5\x88\x2b\x2d\x62\x6e\xdd\x90\xd0\xb1\xe8\x98\xd0\xf1\xe4\xf5\x98\x93\x70\x0c\x24\x1e\x0c\x43\x63\xa4\x44\x10\x73\x84\x00\x00\x47\x0f\x9e\x87\x7d\x0b\xac\xdc\xb6\xb2\x18\x75\xe7\x5b\x50\xdc\xfb\xb2\xbb\xc0\xea\x8f\xca\x0a\x91\xdc\xaf\xe6\x9b\x16\x2a\xee\xf4\xf7\xd7\xfa\x11\x93\xf9\xea\xc4\x4d\x4e\xb2\x73\x77\xc3\xb7\x2a\xc1\x9a\x90\x1c\x6e\x73\x50\xe1\x64\x81\x46\x09\x01\x79\xfa\x4b\x7f\x7a\xae\xdf\xb7\x5a\x49\xde\xea\xe9\xfb\xec\x2f\x30\xc4\x44\x4e\x3b\xd5\xad\x6f\xad\x82\xbb\xcd\x24\xbb\x6d\x25\x96\x85\xca\x0c\x13\xe5\x2a\x59\x0d\x27\xa7\x31\xa1\x8b\x09\xd3\xd6\xbf\x5e\x81\x75\x63\x02\xb8\x52\x51\xc8\x5d\x30\x48\x72\x95\xeb\x2e\x42\xcd\x78\x82\x31\xeb\x96\x97\x9b\x5c\x11\x3c\x16\x6b\xe2\xf3\xb6\xd2\x44\x74\xb0\xf5\x6e\xa5\xcf\xff\x4d\xca\x92\x84\xe5\xda\xe7\xd1\xc2\xb6\xab\xa7\x80\x7e\x88\x96\x97\xc8\x69\x83\x1c\x90\x8b\x20\x6b\x8a\x21\xdb\xe7\x3d\x06\xc0\xae\xfd\xa4\x49\xf4\xda\xed\xd6\x8b\x67\x6f\x22\x81\x4b\xe2\xd9\x0a\x2d\x06\xa3\x9f\x99\x7f\xdc\xef\x3a\x38\xf9\x83\x96\xd5\xbf\x36\x99\x00\xf9\xfc\x04\x42\xb2\x04\xce\xb1\x7e\x43\x2c\x28\x08\x7c\x42\xc8\x4c\x17\xf1\xa4\xd0\x4f\x6d\xa5\x46\x68\x2f\x31\xd7\x5c\xc2\x89\xe0\xc8\xea\x40\x58\xc0\x35\x50\xfa\xd5\xde\xf6\x96\x85\x41\xa9\xd3\x72\xbc\xbf\xf7\xb9\x43\xd6\x5a\x7f\x48\x56\x52\xe4\x43\x7e\x0a\x16\x02\x05\x7e\xf0\xce\xef\xa5\x75\x40\xa1\x1d\x5b\x2b\x8b\x65\x18\xc3\xc9\xa2\x7c\xb2\x75\x62\x94\x1f\x2f\x68\x9c\xe2\x40\x39\x6b\x4a\xd7\x0d\xbb\x2c\xd6\xe4\xe1\xf3\x3e\x32\x79\xc3\x36\x1b\x9d\x99\x03\xa9\xb6\xbb\x01\x7f\xfc\x71\x97\x58\x41\x7e\x4f\x98\x48\x55\x69\x2a\xcb\xdf\x93\x92\xa9\xb1\x96\x73\x38\x8e\x76\x02\x33\xfa\x00\x35\xe0\xc2\x33\x5e\x77\xb0\x89\xeb\x40\xb5\xcd\x8f\x03\x25\xf6\x4e\x08\x07\x65\x80\x80\x52\x86\x9f\x76\xb3\x9b\x06\x82\xe9\xa4\x9a\x95\xa4\xfd\x0b\x38\xbb\x50\xeb\x21\x4e\x94\x91\x9d\x48\x6f\xb7\xbb\x75\xac\xb4\xdc\x5f\x04\xe7\xa7\xe3\x11\xf2\x04\xdf\x40\x4c\x62\xc6\x64\x17\x95\x84\x88\x0c\xb8\xbc\x7b\x8b\xaa\xe8\x93\x3c\x2e\xbd\x70\xaf\x44\x45\x1a\xae\x3d\x51\xd4\x29\x0d\x90\xb8\x91\x10\x68\x77\xbd\x37\x75\x2e\xc6\x11\x8d\x97\x2a\x1b\x0a\x29\x31\xd4\x33\x63\x6d\xa7\xb7\x25\x0a\x0e\xdb\x59\xd9\xdd\xd3\x4c\xb4\x8b\x34\xa6\x2a\xe7\xe5\x95\xf1\x8d\x80\xca\x2c\x2d\xdc\x2a\xeb\x6b\x6f\x6b\x80\x0c\x86\x53\xba\xaf\x69\x6b\xfd\x60\xc8\x5e\x5e\x33\x28\xd0\xd9\xba\xf0\xf5\x58\xb3\xb8\xb8\xbf\xf2\x4b\xf7\x5d\xb2\x69\x5d\x59\x44\x27\x57\xcc\x0c\xfc\xef\xbb\xf1\x70\x8f\xc9\x64\xa1\x25\x1f\x55\x32\x88\x32\x46\x8e\xa7\x3c\x29\xbe\x4b\xf5\xd0\xde\x20\x53\xf3\x64\xd1\x17\x00\x6d\xd3\x24\x2e\x04\xdd\x47\x1a\xe0\x4a\xe2\x28\x44\x97\x82\x42\xed\x47\x36\x1b\xe4\xa9\xa1\x31\x33\xc7\xad\x5b\xb3\x24\xaf\xcd\x29\xd9\xa0\x74\x44\x07\x24\xeb\xb5\x6f\x5d\x9c\x3a\x8e\x45\x59\xd3\xa5\xa0\xf0\x28\xf1\xd7\x2f\xf2\x56\x2d\x48\x3c\xfd\xd7\x9e\xb3\x2c\x90\x46\x2e\xe7\x90\xde\x24\x76\xd9\xd0\x61\xb6\x07\xe6\x80\xb4\x15\x00\xce\x69\x1e\x48\x74\x5b\x58\x55\x17\xa5\x39\xe7\x0d\x7e\xc5\x55\xe1\x96\xaa\x8d\x69\xe4\x5a\x36\x98\x2d\x28\xa2\x14\x09\xa7\x77\xce\xeb\x53\x31\x8c\x20\x71\x3e\x3c\xb6\x2a\x98\xc2\x8f\x52\x4b\x08\x69\x09\xa0\x30\x75\xc2\x01\x0d\xa3\x4b\xf7\xb0\xe6\xbf\x58\x50\x5d\x30\x14\x42\x53\x0e\x54\xd3\xd1\x3f\x03\x28\xf9\x7a\x1d\xd2\xdd\x6d\xa6\x84\x29\xd2\x13\x76\xb7\x72\xd5\xa1\x60\x3f\xb4\xc4\xa4\x0f\x6b\x36\xdb\x26\xa8\x6f\x7c\x2d\xba\xf7\x04\xe7\xbc\xb9\xfc\x96\x76\x8d\x4b\x53\xbd\x13\x46\x02\xb7\x53\xb2\x60\xd8\x4d\x9e\xea\xc6\xa2\x4a\x51\x24\x9d\xca\x00\x86\xb9\x5b\x57\x58\x71\x28\xe7\x98\xeb\x62\xe1\xf0\x1a\xe6\x8e\x66\x0c\xf6\xeb\xbf\x33\x22\x93\x98\x16\x20\x68\x4b\x7e\x3b\x04\x75\x0f\xdb\xbe\x2e\xcd\x8e\x9b\x63\x75\x24\x88\x82\x25\x3c\x2d\xda\x8a\x4d\x9c\x0f\x6f\x5c\x9d\x7c\x6b\xdb\x1f\xc1\x1e\xda\x1d\xc4\xec\xc0\xb9\xf3\xdb\xdb\x62\xe4\x07\x8e\x46\xf6\xb1\x06\x08\xf3\x4c\x34\xf0\xa2\x79\xc2\xf8\xf3\xda\x5b\xe4\x9e\x3e\x58\xe9\x71\xe5\x39\xbd\x63\xba\xcb\x6d\x8a\xa5\x54\xea\x4c\x78\xa4\x9a\xba\xde\xec\x98\xdb\x1d\x3c\xa3\xbc\xb4\x09\x57\xcc\x0e\x94\x2f\xca\x1c\x9b\x51\xaf\x04\x77\x1f\xda\x4a\xf3\x58\xc9\xed\x6f\xe7\xb7\x37\xa6\xc6\x1a\xbe\x0b\x62\x89\x20\xfb\x8d\x0b\xcd\x0b\x65\xb7\x18\x16\x3d\xa1\x78\x04\xcb\x16\x65\xea\x98\x21\xc8\x28\xf6\xdf\x65\x51\x93\x77\x41\x56\x72\x10\x06\xb1\xf5\x14\x87\xad\x19\xfe\x92\xb7\x69\xa9\xfc\xea\xf2\xd4\x12\x4d\x8c\xc9\xa5\xbe\xf2\x8e\x98\xb9\x96\xc2\x8c\x8a\x99\xe3\x52\x38\x05\x31\x18\x5e\x5e\x56\xe6\x93\x64\x1e\xf5\x11\x06\xd6\xcf\x4e\x71\xab\x31\x7c\x34\xe9\x35\x83\xae\xcf\x50\xf5\x2b\x53\xe6\x3c\x90\x98\xd8\xc2\x83\x53\x8c\x7c\xc0\xf0\x90\xdf\xaf\x52\x3e\x60\x82\xc6\x52\x63\xdc\x8d\x1d\xe4\x77\x62\x82\xa3\xfc\x1b\xfc\x59\x09\x99\x15\x25\xf5\x6a\xc0\xe6\xd3\xbf\x0c\xe7\xae\xc8\x3e\x40\x07\x4d\xe1\x6f\xc9\x84\x3f\x3b\x09\x9b\x59\xb9\xf9\x0b\xcf\xf6\x31\x0e\xd6\xdf\xec\x97\x45\x87\xad\x64\x6e\xcd\x90\xc5\x4d\x44\x95\x10\xb7\x76\x8d\xd6\x7c\xab\xb3\x05\xea\x39\x8e\xcb\x42\x61\xd2\x6d\x4d\x7e\x12\x04\xe2\x07\x25\x60\x32\x43\x27\x9a\x18\xfa\xb0\x17\x26\x71\x9f\x77\x18\x22\x62\x7b\xaf\xb0\x9b\x4c\xaa\xf9\x48\x4f\x1d\x8f\xa5\x07\x8d\x02\x1b\x9c\xb8\x65\x56\x83\x07\x97\x31\x9c\x64\x91\xd7\x1c\x11\x53\xb6\x36\x58\xa5\xa9\x52\xa1\xf8\x4f\x0c\xed\x9c\x3d\x11\x91\xd7\x1a\x0b\x22\xe3\xf6\x18\xf8\x7d\x98\xc8\x99\x12\x65\x39\x5c\xb9\x07\x65\x93\x50\x34\xbd\x6c\x92\x33\xd4\x1f\x9f\xc6\xa9\x0b\xf6\x97\xc1\x5f\xd2\x35\x97\x87\xdf\x82\x57\xca\x8e\x94\x99\xb3\xa7\xb8\x37\x12\x1b\x33\x67\x30\x6b\xa3\xa3\x6f\xde\xa6\x00\x0c\x5d\x0f\x77\x59\x37\x17\x02\xc7\xad\x6f\x9e\x5f\x40\x00\x72\x5f\x8e\x0b\x33\x0a\x49\x43\x92\xf7\x40\x8d\xad\x61\x5b\x14\xf7\x78\x88\xce\xb7\x39\x59\x96\x5c\xc9\xa9\x3e\x9e\x3b\x23\xb9\x34\x3a\x4c\xd4\x10\x4d\xc1\xf3\xf1\xa6\x4c\xb4\x56\x97\x92\x67\x04\x87\x98\x02\x49\x3f\xf0\x4a\x81\x44\xce\x6d\x80\x50\x87\xfa\x96\xca\xff\x9b\x97\x63\x1b\x52\xe4\xa3\x65\xe9\x76\xc9\x0e\x2a\xc0\x88\x26\xf8\xc2\x97\xef\x2f\x87\x57\x22\xb4\x45\x54\xd9\x97\x3f\x4a\xa5\x5f\xfb\x03\x58\x94\x32\x10\x9e\x68\x32\xda\xb7\xfc\x47\x32\xd3\x03\x25\x2d\xd1\xd1\x7a\x2d\x24\x51\xed\x53\xdc\xe4\x1f\xfb\xce\xc6\x59\x83\xc6\xdb\x3e\xba\x81\x46\x2e\x52\x2a\xe7\xae\x52\xd7\x51\x30\x0a\x4b\x13\x11\x70\x33\x7c\x6d\x8c\x4b\x69\x2f\x54\x29\x11\x8a\xf9\x56\xe1\xc1\x5e\x27\x58\x4f\x76\x82\x55\xc3\xdd\xcb\x46\x92\x12\xba\x8a\xb0\xe1\xe7\xee\x00\x12\xf5\x8f\x89\x45\x82\x79\x94\xce\x1a\xd7\xd1\x73\xdd\x1c\xd7\x20\x83\x84\x4b\x72\x1a\x1d\xc1\x30\x00\xda\xda\x12\x56\xde\xab\x79\xb9\x59\xa4\x95\xa4\xd1\xb5\xfd\x02\x8f\xea\xa0\xde\xac\x90\xec\xfa\x59\xb1\x34\x04\x56\xbc\xaf\x31\xf5\x7d\x5a\x88\x34\x90\x12\x57\x96\xdd\xa6\xd3\x78\xce\x83\xbb\xc1\x37\xfe\x54\xb8\x3c\xa9\xc4\xf8\x19\x89\x9d\x30\x83\x38\xd6\x5f\xa8\x7d\x90\x62\x55\xd6\x57\x3a\x7a\x49\x0b\x00\x10\x0e\xab\x69\x9c\x0d\xbf\xbe\xc5\x4b\x54\x22\x4c\xeb\xa3\xf5\xd1\xfa\x40\x96\x06\x3f\x33\x16\x5a\x15\x8a\x20\xff\xbd\x1d\x5b\x8f\xd4\xd9\xd3\x9c\xb9\x4a\x00\x85\xde\xae\xdd\xe0\x2a\x2f\x1e\x90\xa9\x6a\xf2\x22\x33\x15\x10\x1a\xf3\xfe\xf8\x60\x43\x37\xf6\x48\xb8\xc3\x42\x16\xc3\xe7\xba\x8c\x07\xd8\x2d\x23\xbc\x0a\x96\xf0\xda\xb2\xab\xd2\x93\x92\x65\xbb\x96\xb6\x45\x1a\x2c\xa9\x35\x85\xc8\x2a\xec\xce\xd3\x37\xbd\x66\x12\x48\x47\xa4\x06\xce\x8e\xd2\x41\x31\x8e\x1a\x7f\xc2\xcf\x28\x9e\x1c\xaf\x26\xea\x5b\x72\xaa\xea\x04\x57\xe2\x08\xa2\x41\x53\x4c\x78\xe3\xaf\xb6\x02\x8e\x7f\x57\x89\x1c\x2f\x05\xf4\x37\x0f\xc5\x04\x58\xd1\x6e\x90\xd0\x31\xcc\xa1\x86\xcc\x12\xb4\x54\x3b\x7f\x25\xfa\x72\x91\x6b\xe3\xac\xd7\xf6\xb5\xf0\xcc\x24\xf4\x42\x48\xc0\xfa\x9c\x6d\xd5\x95\xcd\x72\xcc\x4c\x84\xd3\x5a\xa6\xfc\x3b\x1e\xc0\xe7\xa6\xb0\x40\x8a\x1a\x53\x86\x96\x81\xd2\x7b\x11\x22\xc3\x17\x6a\x04\xeb\x3a\xaf\x62\x58\x84\x96\x75\xa9\x94\x22\x2d\x50\x68\x28\xb4\xc1\xde\x9a\xb1\x7a\xd4\xba\xb5\x96\x1d\x52\x4f\x0f\xfe\x54\xd2\x90\x02\xc3\xd3\x6c\x94\xcb\x3a\xb1\x65\x81\xf5\x9d\x01\x46\x71\xe1\xcd\x5f\xe2\x43\x42\xf1\x7c\x8f\x17\x88\x54\xe0\xee\xd5\xf4\xa3\xdb\x07\xec\x2e\xa7\xc6\x71\xe2\xd7\x85\x38\xbb\x8a\x2d\x5d\xcd\x94\xb4\xc6\xeb\xdb\x9a\x49\x29\xe8\x5f\xc6\xde\x21\x3d\x6f\x35\x62\x28\xd9\xec\xfd\xe9\x62\xc0\xc3\x72\x76\x08\xf6\x70\xe8\x12\xee\x2f\xa1\x4e\x1f\x0c\xbf\x01\x86\xf6\xaf\xc1\x0c\x67\x6f\x91\x1b\xe3\xb1\xce\xa3\x52\x1f\x47\xe8\xfd\x4e\xfe\xba\xcc\xb2\x2e\xf3\x75\x76\x13\xab\x31\x9c\x40\xb7\x0e\xee\x0c\xde\x11\xa3\xa1\x66\xf1\xee\x94\x15\x32\x80\x68\x39\x98\x36\xc8\xdc\x38\x4d\xe2\x1e\x0a\x99\x1a\x8b\xae\x04\xbc\xe7\x96\x2c\xe3\xb8\x2d\x55\x16\xfe\x91\xd8\xec\xbc\x2d\xcd\x6e\x27\x11\xc6\xc1\x4c\x8a\xa5\x72\xb5\xfe\x03\x9e\x1b\xb4\xf1\x63\xa1\xa8\x18\x63\x45\xf5\x41\x57\xc5\x66\x72\xb3\x34\x70\x71\x12\x53\x47\x6c\x2f\x6e\x4d\x74\xbe\x06\xa0\x18\x85\xde\xbd\xb8\x4f\xc7\x32\x47\xa5\x4e\x15\x11\xb8\x3b\x3a\xe1\xfc\x15\xe5\xbe\xd9\x21\xf1\x93\x77\x86\xf4\x36\x4a\x7d\x4d\x6a\xec\x09\x66\x7d\x63\xaa\xa6\x18\xbd\xda\xae\xaa\x2e\x55\xad\xb5\x89\x4c\x47\x97\xd1\x6d\x3d\xd5\xd3\x5a\x71\x6e\xf0\x52\x33\xc4\xad\x46\xa6\x21\x19\x5c\xde\x3a\x4f\x41\x97\xea\x43\x96\xca\x62\x71\x2e\xe3\xd0\x29\x20\x03\x83\xad\x91\x22\xd9\x4b\x60\x8b\x39\xe1\xab\x02\x4e\xa6\x73\xea\xdc\xcf\x98\x31\x00\xd5\x9b\x17\x70\x87\x22\xd9\xef\x02\x66\x92\x24\xbe\xf7\xab\xda\xa0\xb9\x9b\xff\x39\x95\x7b\x7a\xc4\x15\x99\xc9\xb1\x83\x3f\x7c\xe8\x22\xfd\xda\x0b\xea\x2d\xcb\x7d\xc7\xd2\x4b\xd2\x0d\xf8\x0b\x64\x62\x16\x24\x47\xd5\xe2\x85\x35\xa2\xfd\x87\x6f\xfd\x78\xe9\x0d\xbd\xc7\x4e\x49\xaf\x64\x7c\x9d\xc6\x96\xbd\xcc\xed\x08\x40\xc2\x32\x0f\x5c\xe0\xb6\x49\x47\x90\x83\x2c\x97\x2e\x28\x20\x6f\x43\x2a\xd6\xcd\xdc\x30\x4f\x96\xbf\x48\xee\x6f\x5a\x07\x75\x38\xeb\x06\xd9\x43\x83\xbf\x4f\xbf\x33\x2a\xbe\xc8\x0c\xdc\x78\x34\xdb\xf8\x7e\x28\xf0\x6c\xee\xeb\xaf\xca\xb3\xf0\x5f\x08\x4b\xc4\xcf\x2a\x06\x97\x01\xcd\xb3\x32\x40\x3a\xf1\x63\x1b\x56\x59\xa9\xe6\x68\xf0\xa4\x6f\x68\xe6\x5f\xf9\xa3\x14\xab\x2a\x54\x05\x18\xa0\x38\x93\xc3\xfd\x2b\x1b\xd9\xf5\xe9\xe7\xf6\xec\x49\xf5\x85\x06\x7c\x4a\xee\xf0\xb9\x1b\x1a\xd2\x9f\x2a\xcc\x13\x2f\x6b\x1a\x8d\xda\x2d\xa3\x6a\x79\x18\x6c\x8b\x13\xb6\xfe\xd0\x70\xc7\x47\x04\xbd\xc4\xff\x11\x32\x19\x01\xc7\x15\x98\xfd\xfb\x36\xe8\x48\x2b\xcd\xb0\x1e\xe8\x08\xaf\xb5\x4b\x3a\x42\xc6\x9a\x18\x95\x0d\x14\xfa\xc2\xe3\xbd\x77\x21\xac\xe3\xc9\xa0\x3a\x45\xf7\x4c\xf2\xdf\x6f\x4c\x92\x44\x41\xd8\x70\x0c\x54\xb5\xa1\x22\x12\xca\x3c\xdd\x64\x8d\x07\x93\x04\xcf\x2c\xdf\x46\x0a\x36\xca\xf7\xf5\x21\x49\x48\x05\x40\x1d\xfc\x67\xbd\xe2\x06\x1b\xb2\x39\xa7\x01\x9c\xe7\x6c\x4f\x44\xcb\x0e\x46\xc5\x5c\xba\xda\xb9\x12\x9c\x5b\x45\x7e\xc2\x84\xb2\x2a\xe3\xf9\x8e\x64\xfc\x8c\x75\xdf\x09\x5c\x3e\xa3\xea\x0c\xfb\x59\xca\x18\x09\x0b\x03\xf9\x35\x8e\x9f\x11\x32\x5e\x72\xcc\x24\xed\xe8\xf0\x51\x1c\xb6\xf8\xaf\x7c\xc2\x76\x06\x54\xcf\xb8\xa7\xe7\xd5\xde\x97\xa8\x30\x79\xbc\x82\xd8\x8e\xa7\x28\x51\x6e\x92\xd3\x21\x09\x2f\xa3\xbd\xb9\xc0\xcf\x71\xac\xed\x2a\xc1\x18\x9a\xad\x33\x4d\x1b\x6b\xd9\x71\xba\x40\x53\xa4\x3b\xc7\xf0\x02\x0a\x2f\x1d\x6d\xa3\x46\x90\xd0\xf7\x63\x58\xaa\x1b\x16\x31\x10\x7f\x7f\x2a\xf9\x89\x00\x07\xb0\xa9\x42\x77\xee\x67\x3b\x04\x7f\xe8\x09\xa5\xaa\x7f\xbb\x7a\xb8\x8d\x11\x09\x70\xc3\xdf\xf4\x4d\xe1\xd7\xdb\xeb\x2a\xbf\xd2\x80\xe6\x6d\x1d\xe4\x86\x4d\xa4\xd5\x4a\xdd\xce\xea\x69\xc8\xfa\x5d\x3d\x4b\x11\x47\xa1\x83\x65\xaf\xad\x33\xcd\xc6\x89\xd7\x3c\xce\xba\x4d\x8f\x4e\xe0\x8b\x62\x64\xae\xed\x23\xf5\x85\x57\x8a\xe1\x5d\x14\xf3\xa2\x7b\x48\x8c\x24\xd6\xde\x8c\xd8\xa9\xde\x4a\x2a\x89\xfc\x94\x81\xba\x8e\x10\x28\x3a\x4d\x3a\x26\xe9\x89\xbd\x80\x59\x78\x62\xe2\x38\xb7\x14\xaa\x77\x6e\x01\xcc\x90\xde\xe6\x89\xc8\x43\x5c\x81\x4c\xfc\x72\xa5\x30\xef\xce\x5d\xec\x38\x47\x97\xa9\x51\x43\x9c\x30\xe0\x96\x32\x0b\xd5\x04\xd3\xfc\xf4\xf7\x21\x4b\x6d\x8a\xe4\xfd\xf7\x3e\xea\x45\x91\xd4\x44\xdd\x1e\xa4\xcd\xaa\xb8\xce\x1c\xf9\x55\x5b\x4d\xd7\x0f\x1b\xb4\x6e\x18\xee\x02\xca\xbd\x74\xcd\xdb\x69\x6a\xf3\xff\x7c\xc9\x5b\x13\x39\xa6\xb8\xe8\xba\xfb\xc2\x9c\x64\xf0\x9f\xb7\x41\x38\x9e\xa6\xf5\x39\x7a\x85\xad\xd8\xb2\x6e\x1f\x3a\x1d\xf9\x50\xf6\x7b\xde\x9f\x98\x71\xa0\xe3\x60\xc3\xe7\x66\x9e\xbe\xde\x3b\x7e\xb3\x2c\xeb\x35\xff\x2a\xff\xd8\x91\x95\x22\xf0\x75\x93\x3e\xcf\xea\x2c\xb4\xbe\xcf\xbc\x85\xbb\xac\xc9\x5f\xba\x2c\x6f\x54\xf8\x90\x59\x4a\x6f\x6b\x18\x96\x5c\xcd\x40\xed\xe5\x8b\x4e\xaf\x8b\x0d\x2b\x65\xb0\x36\x9b\x3d\xc6\xc7\xca\xef\x3e\x48\x45\xb2\xc4\x2e\xe4\x0d\xdc\xa5\x87\x92\x50\x29\xe7\xd9\x16\x29\xad\xd8\x4e\xa7\xbc\x72\xbe\x33\xbb\x03\x42\x14\x55\x5c\xd5\x50\x55\x68\x09\x3e\xc7\x24\x81\x56\xf5\x8c\x7f\x0d\x30\x55\x76\x2f\x8f\x4f\xf6\xf8\x64\xbd\x95\x48\xfa\xfa\xc4\xdb\x85\x77\x53\x0f\x3a\x6d\x67\x3b\xee\xff\x21\xba\x7c\x90\x60\xaa\x0e\x06\x68\x32\x93\x7f\x1e\xb6\x17\xcb\x21\xac\x24\xe0\xd8\x69\x95\x47\xbe\x56\x63\xa8\x11\x7a\x40\xb6\xd8\x81\xdc\xa1\x9e\x36\x7c\xa0\x2d\x28\x77\x4d\xae\x74\xdf\x50\xaa\x99\x44\x5e\x37\xc6\xc1\x61\x84\x46\x7d\x49\x60\x01\x24\x23\x29\xdb\x97\xa2\xad\xef\x66\x42\x5a\x9c\x6b\xd3\x77\xd8\x97\x74\x33\xa0\x3c\x72\xbf\x10\xb5\x48\xb8\xae\xbf\x0e\xc3\x8e\xb8\xce\x14\x5f\xcb\x85\x15\x41\x40\x5e\xe8\xa3\xca\x9b\x3b\xc6\x03\xa3\x82\xaf\x59\x8f\x0a\x17\x56\x59\x2b\x36\x77\xc4\x69\xff\x86\xe1\x98\xcd\xff\x40\xf4\x93\x21\x5a\x32\xc2\xac\xc7\x2b\xcf\xd0\xe3\xe4\xe5\x7b\xec\x76\xdf\xe5\x65\xda\x97\x5c\x69\x1d\x66\x93\x5d\x2d\x7b\x52\x94\x14\x62\xd4\x1b\xce\x4c\x00\x91\x5d\x28\x34\x17\x03\x2f\x3a\x89\x42\x49\xf8\x01\x06\x7f\x38\x82\xfd\xa7\x79\x05\xd7\x6b\x76\xef\xe1\x02\x8e\xbb\xf1\x49\x77\x63\x1f\x67\x75\x75\xdd\xd4\x09\xdf\x3c\x6c\x40\x19\xe9\x95\xa9\xd8\xd1\xd8\xa8\xc3\x22\x68\x76\x32\xf1\xa9\x50\x5a\xdc\xbd\x5a\xfa\x13\x89\xf9\x41\xdd\x0f\x68\xfe\xfd\x43\xec\x24\xa2\x57\x07\x6a\x3a\x21\xb7\x36\x3d\x7b\xb5\x18\xdf\x4a\x28\x2a\x4d\x9e\xed\x08\x58\xd1\x04\xe8\x5c\x5e\x06\x8d\xd8\x01\x2d\x73\xb5\x16\x65\x61\x46\xa7\x8e\x54\x9a\xdb\xf9\xb3\x2f\xb9\xf5\xf7\xab\x6d\x43\x87\x9d\x96\xd1\xcb\x97\x35\x96\xd0\x44\x19\x7e\x08\xc4\x04\x06\x04\x25\x57\x53\x29\x7a\x34\x95\xd8\xdf\xf2\x55\xd1\x8a\xbf\x94\xb8\x70\x4a\x8a\xe1\xa4\x83\x53\xfa\x85\xe5\xa7\x7b\xec\xd1\x0b\x6c\xa0\x07\xb7\x7d\xfe\xfc\xe3\x98\xf3\x0b\x0c\x27\xed\xe9\x9e\x8e\x6b\xb0\xc7\xff\x65\xbd\xb0\x0f\x22\x46\x22\xd6\x91\xf4\x78\xce\x6e\x37\xbb\xfa\xc4\xce\x1c\xe3\x73\x07\x0f\x95\x43\x70\xc7\x4c\x09\x46\x1e\x2b\xae\x43\x85\xcd\x5d\xee\xe8\x7c\xa8\x0a\xd2\xc7\x7b\x99\xe7\xbe\xe5\xaf\xa3\xf0\xba\x52\x49\x4f\x59\xda\x14\x26\xc4\x30\x9f\x39\x15\x16\x35\x4d\x57\xb0\xc7\xc4\xbb\x85\x8e\x38\x2f\x04\x1d\x6e\x91\x88\xdc\x13\x3b\xb1\x69\x32\x1e\x00\xd0\x2e\xfd\xdb\x46\x11\x76\x77\x4f\xd6\xb2\xc9\x68\x2d\x7a\xd0\x84\xf6\x17\x4c\x53\xab\x74\x08\xd3\xe2\x71\xd2\x8e\x30\x8f\x7c\xd4\x78\xc2\xfe\x8d\x67\x93\xde\xed\x31\xde\xbb\x09\x0b\x87\x4b\x12\x52\x8a\x6c\xd3\x68\xac\xf5\xa5\xc4\xcc\x3d\x30\xd2\xaf\xf0\x06\x93\x78\x66\x87\x68\x6c\xd9\xb9\x7c\xdf\xaa\x3a\x67\x72\x93\x51\xb2\x37\x3d\xde\xe1\x8e\xe3\xf0\x56\xb6\xc0\xda\x43\x9d\x62\xee\xb4\x08\x03\x1a\x4d\x87\x55\xde\x3c\xc8\x84\x15\xca\x48\x01\xd5\x4d\xc5\x65\xbb\x53\x22\x8d\xc2\x15\xdd\x74\x6f\xf5\x38\x54\x53\xfd\xfc\x89\x15\xe8\x72\x75\x2f\x5a\xb3\x65\x6a\xa8\xe1\xc4\x2d\xfb\xf3\x5e\x49\xac\x9c\x20\x13\xb4\xa4\x93\xec\x10\xad\x7f\x51\x29\x22\xb8\xd3\xd8\x29\x22\xdd\xbc\x01\x89\x53\xcb\x7d\x51\x91\xaf\x08\xab\x66\x9f\x80\x42\x5f\x4f\x45\x9e\xe6\x50\xfe\x09\x41\x26\x43\x4e\x88\x66\x93\x09\x2c\x53\xaa\x34\x69\x93\xdb\xc1\xba\x27\x4d\x2d\x69\x47\x06\x46\xe6\x33\xbd\xc3\x31\x43\x19\x13\xdd\x49\xa0\x12\x0e\x1b\x5e\x21\x21\x62\x00\x6f\x9a\x01\xfe\x18\xe8\xd8\xb5\x7c\xfe\xb3\x98\xe1\x9b\x4b\x8e\x97\x0f\xb0\x67\x85\x21\xca\xff\x33\xa7\xa0\x1d\xeb\x17\xe7\x2a\x92\x0a\x94\x68\x96\xc5\x39\x2e\x84\xbd\xdf\xde\x75\xb7\x44\x6a\xd4\x24\x9b\xef\x26\x97\xb0\xc5\xe7\x2f\x37\x91\xf0\xf4\x4a\xc1\x56\x37\x69\xc8\xec\xe5\xf1\xde\x56\x5b\xba\xe2\xe5\x73\x02\x94\xb3\xd6\xd8\x57\x87\xdd\x6f\x7a\xbf\x84\xd6\x98\xe7\x7e\xe8\x0e\xc5\x3e\x37\x51\xe8\x73\x03\x3a\xf1\x6b\x5e\xd4\xe2\xc9\x9b\x7e\x6e\x65\x2b\xb0\xea\xf6\x70\x1a\xac\xb2\xbc\xb5\x97\xc3\x2d\xc3\xf7\xd9\xc4\xd9\x46\x3a\xc0\x8d\xb0\xc6\x3d\xb5\xfd\x88\xd0\xe5\x18\xde\xf1\x88\xa2\xfb\xe8\xd6\xbf\xa6\x98\x62\x8a\x8c\xc0\x58\xca\x99\x11\x4c\x40\xbe\x8e\x1e\xb4\xc0\x53\x64\x27\x8d\x0e\xa4\xdc\x90\xb7\x47\xce\xcd\x85\xcd\xf8\x47\xa5\x0b\xa2\xad\xeb\xb6\xd1\x07\xa1\x26\x13\xe1\x98\xd1\xb1\x0c\x6e\xb3\x23\xd5\x0c\x75\xf7\x81\xfe\x39\xc1\xd9\x2e\x46\xda\x77\xfe\xd5\x16\x12\xa3\x69\xc4\xa6\xaa\x54\x05\x0d\x67\x7e\x96\x78\x03\x9b\x29\xe1\x0c\x46\xff\x05\xf3\x53\x6f\x79\x2a\x72\xd8\x0f\x0e\xca\x5a\x41\x6b\x19\x64\x3e\x1d\x15\x24\x7f\x7e\x51\x57\x90\x0c\x17\x42\xb9\x14\x6e\x0d\x97\x88\xeb\x9c\xa6\x53\x89\x7c\x7c\x64\x71\x49\xf0\xbd\x91\xb1\x6e\xa1\xa5\xe0\x54\x90\x01\xba\x2d\x6c\x6e\x39\xcf\x8b\xee\x39\x27\x4d\x05\x2f\xe2\xce\x7f\x4c\xaf\x6c\x23\x64\x43\x14\x33\x52\x51\xcc\xa5\xc2\xed\x13\x4a\xad\xa5\x15\xe7\x34\xe0\xaf\x9c\x0b\xa5\x90\x43\xdd\x12\xaa\x22\x7e\x8f\x71\xd1\x18\x33\xca\xb3\x5b\x77\x91\x5e\xe6\xbf\x0d\x74\x98\x2d\x15\x5f\x74\xfb\xba\x99\x77\xf7\x5d\x37\x21\x17\x70\xdf\x81\x02\xe1\xd5\x23\xb9\x7c\x65\xe6\x9b\xdf\xfb\x34\xe0\x0d\xbd\x6d\x58\x27\xc4\x89\x79\x34\xff\x51\x28\x69\x40\xad\xbe\xfd\xbe\x1a\x18\x5a\x1c\xa3\x2f\x66\x8b\xef\x23\x66\x3d\x9a\xf5\x86\x55\xa9\x28\x53\x8e\x08\x4f\x59\xfd\x89\x9c\x49\x02\x53\xd3\x37\xf5\xa5\x1d\x2c\x2c\x1d\xa3\x6c\xb8\xdf\x43\x03\x4a\x98\x81\x04\xc2\xab\xd9\xd5\x89\xfc\xf9\x64\xab\x91\x14\xa4\x04\x15\xc8\xe9\x9b\xeb\xfe\x94\xc3\x91\x5f\x9d\x90\x8b\xc1\xc9\x00\x0f\x0e\x9e\x94\x01\x2d\x99\x8c\x97\x2c\xf0\x18\xd8\xba\xdf\xff\xa8\x02\x09\xf1\x93\x7f\xea\x78\xca\x83\x95\x72\xb0\xa8\xe6\xb7\x81\x6b\x6d\x89\xbb\x84\xab\x2e\xde\x0f\xe5\xff\x05\x75\xec\x9d\x67\x4d\xa2\x36\x25\x2f\xb9\x2f\xf4\xfe\xbb\x9e\xc1\xd9\x15\xd9\x7c\x4c\xaf\xff\xef\x1c\xfd\xa6\xd1\x99\x36\x5b\x77\x01\x6d\xaa\xe6\x07\x98\xde\x8a\x21\xc1\x76\x9b\x8d\x79\xbf\x57\xcd\x02\x0e\xbf\x57\x30\xfc\xe9\x94\xb6\xb3\x09\x98\x00\xd8\x64\x96\x6a\xdf\x83\x0c\x8d\x26\x58\xc8\x04\x36\x08\x96\xe1\x1f\x36\x0d\xa3\xa9\x2c\xb5\xc8\x27\x21\x32\x28\x52\x6c\x63\xc2\x62\xc3\x0c\xdf\x17\x7f\xb0\xbe\x40\x1b\x39\x4a\x01\x77\x5c\x25\x4d\xa3\x0c\x5f\xf4\xfc\x5b\x45\xf5\x9d\x60\xe1\x57\x8d\x67\x24\x50\x89\x82\x8b\x06\x93\xe5\xa6\xf5\xed\xa5\xe9\x17\xb9\xd3\x3b\x8b\x36\xba\xf0\x55\x26\x9e\x9d\x53\x19\xd4\xfa\x3f\x8f\xa5\xc3\x19\x62\xc7\x7b\xed\x1b\x0a\x70\x45\xd9\x80\xc0\x3b\x0d\xf1\x5d\x1e\x3c\xc1\xee\x31\x75\x57\x0d\x28\x60\x04\xf1\x0f\xf6\xb9\x22\xda\x1e\x0a\xf3\xed\x41\x09\x9b\xb1\x75\x67\x8f\x6c\x4c\x29\xbd\x5b\x85\x55\xed\xea\x3f\xd6\x55\x9a\x62\x28\xb3\x92\x4b\x62\x45\xb6\x6f\x7d\x4a\x6c\xfb\xf7\xe5\x5d\x3a\x9a\x90\x23\x18\x58\x85\xbb\xb1\xe9\x06\x1f\xbe\x36\x21\xbe\xb1\xe7\xe3\x12\x05\xd8\x28\x71\x02\x67\xef\xb5\x85\x07\x38\x65\xd0\x61\x8f\x4e\xdb\xc9\xc5\xb6\x06\xa7\x9b\xff\x7e\xff\x1e\x53\x43\x93\xe3\xdd\x04\x01\x74\xb2\x1f\xc0\x12\xd6\xb2\xab\x92\x89\x76\xee\xf1\x14\xb9\x75\x02\xfb\x02\x22\x55\x72\xb7\x4e\x85\x2f\x56\x8d\xbc\xea\x57\xa8\xd3\x78\xc5\x4b\x21\x72\x87\xea\xc9\x09\x0c\xf7\x5f\x10\xf4\x74\xb1\x65\x17\x82\xab\x8e\x5f\x01\x5d\xe5\xb6\x65\xe0\x46\xf0\x1d\x04\xef\xb7\xbe\xf8\x40\x50\x7f\x3e\x45\xa3\x85\xa3\x72\x42\x2a\xf5\x73\xd0\x64\xb1\xbf\x6b\x0f\xb2\x79\x6e\x88\xa8\x83\xd0\x02\x4b\x5f\x74\xf1\x11\x8f\xd7\xcb\xdb\x92\xa4\x0a\x83\x45\x9a\xa2\x9a\x77\xa2\x56\x27\x4d\xf3\xa7\x2f\x53\x9b\x02\x8c\x1d\xf8\x68\x6f\x46\x30\xc7\xfe\xce\x68\xd1\xc0\x1c\xe3\x8a\xa6\x13\x73\x5a\x59\x1f\x91\xf4\x25\x61\xad\x29\x7e\x08\x72\xef\xdf\x35\x36\xc8\x8a\xd5\x15\x9a\xf8\x10\x48\xe6\x37\x8f\x2a\x42\xd9\x15\xc9\x72\x1e\x08\x75\xfe\x06\x28\xce\x4f\xc6\x09\x09\x9c\x2c\x19\xe6\x81\x28\x0e\x83\xee\x96\x9b\xa9\x3c\x95\x6f\xb2\xbc\x44\x57\xc2\xb2\xee\x35\xd9\xd5\xba\xe5\x61\x81\x4d\x8f\x86\x8e\x28\x98\x73\x71\x55\x0f\x57\xfa\xec\x5a\xf2\xf5\x2b\xc7\xdb\xde\x14\x01\xb6\x72\x91\x07\xb4\x05\xb2\x87\x36\x89\xc9\xe4\x3f\xa5\xea\x8b\x48\x3f\x75\x56\xcb\xaa\xab\xb1\xc7\x68\x9b\x0a\x51\xd7\x57\x74\x3c\xa2\x92\xff\x74\xe9\xc0\x21\xe5\x51\x3f\x94\xb7\x10\x7a\x89\x40\xa9\x8d\xda\xb5\xe2\x21\xfd\x75\xc1\x3f\x19\xae\x40\x06\x86\x6e\xec\x1a\x83\x20\xab\x02\xa2\xde\xf5\x73\x85\x8e\xb7\x25\x3d\x1f\xda\x73\xb7\xda\x03\x1f\x12\xdc\x01\x37\x83\x14\x70\x95\xd5\x45\xab\xbc\xc6\xc8\xcc\x98\x74\x8c\x00\x7f\x2e\x61\xa0\x2c\x75\x0b\x79\x86\x6c\x74\x3d\x0f\x98\xc7\x03\xee\x3c\x9a\x2f\xfe\x44\x10\x4a\xc1\xa2\x2d\x77\xff\xd1\xe6\x07\xc8\xc4\x26\x5b\xbd\x8c\xdd\x9b\x7a\xff\x0d\x0c\x36\xaa\x59\x81\xce\x88\x1b\x9f\x38\x95\xb4\xda\x88\xa6\x53\xd4\x71\x2a\x84\x31\xf9\xe1\x4e\x0b\xdd\x13\x77\x35\xbc\x1c\x2b\x71\x0b\xa5\x12\x6b\x6a\x9a\x42\xbd\xf1\x56\x91\x5b\x15\x2e\xe1\x75\x8e\xf5\x6b\x8e\xdb\xd4\xef\x0b\x9a\x67\x7d\xed\xc3\xa8\x8b\x00\x04\x9a\x0d\x74\x44\xb3\xae\xf2\xb4\xe5\xed\x21\x0c\x5f\xc9\x74\x44\xbd\x3a\x46\x90\xae\x44\xad\xfc\xd4\xfd\x85\xcc\x50\xfd\x55\xc3\xd6\xef\xd1\xc7\x27\x0f\x46\xc9\x36\x89\xd1\x8f\x92\xd0\x46\x2c\x62\xb2\x00\x1d\x8c\xcb\xcc\xee\x0a\xba\xd8\x4d\xaf\x12\xa8\xf3\xf3\x90\xd2\x3b\x3f\x4c\xce\x12\x37\xb5\x05\x9b\xfa\xac\xb9\x94\xea\x87\x1c\x02\xfd\x32\x05\x6a\xa3\xd6\x82\x58\x02\x7d\xbe\x56\xbb\x19\xcb\xaf\x7a\x2f\x47\x34\x92\xe2\xc6\x64\x3f\xc4\xbc\x01\xdf\x34\x96\x7f\xf1\x00\x92\x53\x0c\x5f\x96\x5e\x1d\xea\x10\x61\x88\xa9\x16\x5a\x43\xe6\x1d\x06\x01\x07\xe5\x90\x7a\x5e\x76\x03\x9e\x11\xfb\x55\x7b\x17\xf7\x4e\x99\xd6\xba\x5e\xdb\x86\xda\xa2\x4b\x20\x1f\x89\xf5\x1c\x53\xb4\xe6\xea\x0e\x74\x88\x8e\xc9\xaf\xc6\xe6\x4c\x33\x44\xca\x56\x1a\x56\xec\xe3\xc2\x86\xee\x4e\xea\x87\xbb\xb0\x11\xd4\xbc\x85\x6c\xb2\x01\x8f\x00\x92\x81\xb8\x9b\x95\xac\xb7\x66\x84\xee\xfb\xe6\x28\xb3\xb9\xc9\x3f\x65\x4c\x15\xc1\xaa\xc2\x76\x9c\x67\xf2\x7e\x1f\x3d\x6c\xa9\x8d\x80\xdc\x30\x77\xb5\xc4\xe4\xd8\x23\xea\x40\xc2\x58\xdc\xbb\x89\x1f\xf2\x04\x66\xc1\x46\x20\x80\xde\x73\x51\x35\x09\x17\x65\x65\xfe\xb2\x4e\xf8\x41\x3d\xc7\xdf\xb5\x3b\x10\xad\x4e\x5d\x68\x3d\x26\xc7\x42\xac\x8e\xfb\x62\x73\x39\xea\xc0\x6f\x2f\x56\xa5\x5e\x45\x22\xb6\x70\xff\x6d\xda\x39\x17\xef\x7b\x00\xfe\x14\xa6\xa5\x2d\xc9\x56\x75\x48\xe9\x8f\x47\xcf\xa5\xe2\xb8\x7d\xd8\xe1\xc2\xae\x18\xd0\xc1\x43\x56\xdb\x45\xdb\x78\xe8\xf8\xb9\xdd\x14\x1e\xe9\x42\x54\x3d\x27\x1c\x8c\xb5\xb9\x77\x5d\x2c\x55\xc4\xb7\x32\xd8\x38\xa3\xb7\x3d\x67\x5a\x35\x09\x57\xe0\xa7\x04\x38\xd6\xbc\x3a\xb1\x16\xf4\xd4\x5f\x5e\x5b\xcf\x14\x93\x09\x7e\xf1\x9e\x13\x23\x9d\x97\x98\x12\x73\xfa\x9a\xe9\xd1\xa9\x4f\x41\x7c\x3c\x5c\x24\x0a\x27\xcb\x07\xad\x05\xa6\x52\x6e\x6c\x8b\x3c\x68\xba\xd2\xc5\x46\xfc\x88\x9c\x5f\xb3\x41\x06\x97\xdd\xf5\x8f\x78\xe9\x29\x6a\xb0\xc7\x25\x88\x25\x66\xe1\x85\xd1\xdd\x88\x43\x07\x66\xe3\x32\xf1\xf0\xc8\x7d\x2e\x35\x9f\x8c\xe2\xc2\x8b\x8c\x75\x46\xda\x95\xa1\xca\x78\x97\xe4\x3b\x7b\xf5\x83\xd1\x2c\xd4\x6f\x7f\x91\x0b\xfd\xc1\xa1\xc1\x29\xf1\xd8\x3d\x94\x67\x89\x99\xc3\xd8\x1d\xca\x8f\x74\xf8\x7b\xa3\x01\x7f\x07\x22\x2f\x51\x0c\x1a\x7f\xe8\x00\x1f\xc3\xeb\x6e\x8a\x0b\x46\xdb\x9c\x00\x2f\xd0\x84\x16\x72\x72\x35\x5d\xa8\x7a\x0f\xc5\xe3\x7f\xee\xd0\xc4\x87\xd6\x03\xbc\x12\x97\xf1\xc6\xdd\x88\xdc\xb1\x7f\x17\xfd\x38\xa5\xec\x72\xd0\xcf\x50\xc8\xc8\xdc\x69\x08\x1c\xf6\x08\x46\x0d\x5b\x13\x42\x87\x1a\xbc\xbe\xc2\x03\x23\xbe\x7f\x53\x69\x0c\x5f\xa6\x40\x81\x6c\xc3\xb2\xb3\xde\x36\x87\x0a\x8a\x38\x90\x5d\xd5\x1a\xc6\x3d\xdd\x92\x2d\x00\x8f\x84\xb7\xcb\xd0\x62\xb6\x4c\x5a\xb2\x21\x15\xb4\x88\x9b\x0e\x93\x89\x04\x8f\x6a\x7b\xd2\x8e\x6a\x78\x93\xca\xa6\x03\x66\x13\xc9\xf5\xf2\xec\x29\x28\xbe\x1f\x4e\xe1\xcb\xa0\xb0\xbb\x16\x91\x27\x6a\x4d\xb2\x46\x69\xfb\x08\x5e\x54\xdc\x77\xe8\x15\xb8\xf5\xaf\xe8\x0a\xaa\x38\xac\xbd\x11\x43\x0d\x95\x6a\x37\x91\x1b\x02\x16\x53\x4b\xd9\xe2\x89\x3a\x2a\xbf\xbc\xf4\xb7\xae\xe5\x6c\x8f\xfb\xbb\x08\x16\x67\x73\xd8\xdd\x3d\x1f\xa1\x24\x51\xf3\x93\x79\x9a\xde\xd8\x72\x1c\xbd\x93\xe4\xc9\x71\x1d\xef\xa5\x50\x98\x40\xdc\x73\xec\x5f\x52\x73\x43\x1d\xa7\xe6\x32\x4b\x05\x6c\xae\x48\xe1\xc1\x4b\x1f\x0e\x2c\xf2\x7a\x52\x98\x0d\x4c\x67\xe7\x7a\x56\x5a\x44\xae\xe8\xcc\xd6\x22\x78\x1b\x35\xcf\xa1\x6d\x36\xeb\xa7\x7f\x9b\x7f\x5e\xc8\xcb\x47\x4f\x02\xbe\xd0\x16\x98\x2a\x0d\xca\x09\x60\xe0\x94\xb3\xdf\x65\x16\x83\x7d\x50\x15\x68\x08\x27\x59\x9c\x89\x54\x25\x44\xa3\xfd\x36\x3a\xa4\x4e\x79\xf3\xad\x00\xc8\x7d\x8d\xc1\x42\x2b\x07\x37\xca\x9f\xe9\x17\x9d\x62\x7a\x1f\x22\x80\x09\x23\xa3\x9d\xf3\xa5\x9e\x15\x77\x0b\xa5\x7f\x1e\x12\xaa\xf4\x1b\xfe\x67\xbf\xc5\x48\x3d\xab\x32\x82\x03\x64\xa5\xd4\xda\x8f\x8a\xe6\x2b\x05\xba\x23\x25\x7b\xb1\x57\x7f\x5a\xd7\x3f\x0b\x0e\x01\x63\x3d\xa6\x59\xf7\xd2\x8c\x7e\x1e\x39\xf8\x6f\x5a\xdb\x5b\xb3\x84\x3a\xbb\xce\x0a\x76\x9c\x26\xc2\x8e\x4e\xc8\x8c\xd8\xd4\x7e\x46\x92\x8e\xbf\x51\xf4\xc2\x3c\x69\xfa\x60\x2b\x6a\xf6\x1d\xcc\x74\xbf\x64\xb0\x09\xe9\x67\x08\xc4\xc7\x42\x6f\x35\xd3\x3f\x7d\xae\x81\xe3\x3a\x69\xe1\x2e\xf7\x92\xb1\xf2\x5f\xfc\x60\x64\x5a\x19\x63\xe6\x7c\x07\xe1\x5c\x2e\xbd\xb5\x48\xef\x8b\x2c\x8b\x0d\xd9\x72\x5b\xed\x66\xe2\x25\x45\xad\x79\x14\xaf\x78\x64\x47\x8a\x79\x93\xb2\xc0\xe0\xce\x59\x0f\xa0\x05\x10\x4c\x69\x37\xe5\x40\x75\x8d\x25\xa5\x09\xe8\x0a\xca\x81\x37\xb7\x17\xae\x9f\xdf\x80\xab\x90\x6d\x9d\xb4\xaa\xbb\x22\x9b\xb3\xd3\x5e\x27\xb3\x24\xae\xd1\x1e\xeb\xaa\x8e\xd3\xdc\x77\x04\xab\xab\x39\xf5\x85\x62\xed\x9b\x5c\x8a\x37\xb0\x92\xeb\xf3\xfd\xe2\x21\x66\xc9\xc9\x1b\xc5\x7a\x2c\x62\xd9\x0a\x87\xcf\xfe\x7d\x6c\x44\x83\x21\xf8\x43\x21\x8e\x40\x4a\x4d\x36\x88\xd7\xb9\x68\xff\x9e\x82\x3e\x0b\x90\x0a\x14\x6a\x7f\x3a\xf3\xd4\x6e\x9a\x8e\x7d\x17\xb4\x7c\xba\x25\x04\xe1\xe1\xe7\xad\x96\x0d\xc4\x81\x36\x3f\x16\xfc\x97\x9b\xb8\x17\x67\x97\xab\x1c\xb8\x5c\xca\x67\x24\x27\x4f\xab\xa0\x07\xe8\x78\x09\x80\x34\xaf\xa0\x04\x2e\xa0\xc1\xa6\x54\xb4\x2e\x1c\xdf\x7f\x71\x04\x8e\x24\xdb\x69\x1c\xdc\xa7\x2f\x52\x01\x7c\x6a\x0f\x5c\x88\xd0\xcb\x1e\x1c\x26\x0e\x88\x79\x47\x8d\x8e\x2b\xf9\x7a\xd5\x98\x44\x22\x1a\xfc\x64\x9c\x88\x1e\x79\x50\xde\x7d\xc8\x5c\x43\x0c\x18\xfc\xb5\xc8\xd3\x59\xc2\xc2\x39\xb4\x58\x72\xc6\x55\x57\x47\x43\x8c\xa4\x9b\x55\xc3\x27\xcf\x6d\x70\x5f\x80\xb3\x96\xd9\xc0\x20\xdb\x57\xf6\xc5\x37\x01\xbc\x96\x8f\xcd\xa5\x27\x4c\x51\x34\xb2\x3f\x6f\xd2\x23\xdc\xee\x7a\xd7\x96\x2c\x4e\x7f\x8b\x30\x1a\x57\x16\x5f\xcf\xc9\xa5\xff\x82\x2f\x1c\x24\xa7\xaa\x5b\xe7\x97\x12\x03\x45\x7a\xf1\xc9\x5d\x47\xed\xa6\x67\xd8\xc2\x91\xfc\x21\xee\xdc\x7e\x8e\x58\x44\xf9\x67\xa9\xfb\x44\x79\xd2\xf9\x4e\x4d\xed\xd0\xcd\x54\x57\x78\x1d\x3e\x02\x4f\xcf\xaf\xaa\x8b\x67\xe4\x89\x58\x55\x53\x5d\x1f\xdd\x4b\xe4\x54\xbe\xd9\x7c\x3c\xf2\x09\x5a\x16\x6c\xc6\x52\xbe\xa6\x5a\xd6\x36\x89\x29\xbd\xa7\x0f\x69\xdc\x36\xc6\x89\xf5\x92\x3f\xb0\x26\xa8\x25\x7f\x85\x1a\x06\x99\x94\xc0\x4c\xc4\x1a\x8b\x15\x97\x9e\x47\x3e\x55\x33\x24\x0d\x3c\xab\x3b\xa9\x53\xf2\x00\x19\xe0\x17\xd4\x4f\x74\x1d\x95\xa9\xba\x35\x88\x6c\x7a\x3f\xed\x46\x3d\x24\x21\x73\xd6\xaf\x25\x02\x23\x0f\xf7\x33\xc3\xf1\xe0\x27\x82\x27\x4e\x64\xac\x70\x85\x0d\xc3\x48\x95\x13\x5b\xc8\x59\x91\x8c\xdd\xec\x62\x69\xba\x83\x61\x00\x9e\xff\x46\x40\x77\x15\xf3\x08\x79\x50\x8f\xea\x8c\xc9\xc0\x81\xb3\x72\xf4\x88\x55\x52\x78\xfb\xba\xa8\x0f\x34\xce\x79\xda\x91\x02\x12\x96\x1a\x37\x7c\x85\xb6\x1e\x36\xfc\x37\x54\x31\xdd\x6c\x4e\xdf\x2c\x4b\xb8\x01\xa0\xfc\x1d\xc1\xfa\xc3\xc2\xf4\xc0\x10\x99\x62\x49\x59\x39\x2c\xa0\xb6\xbd\x47\xcb\x00\x8d\xfd\x39\xb2\xfd\x92\x7f\x40\xfe\xc1\x37\xb0\x74\x8e\x19\x84\x0c\x05\x75\x4b\x7d\x8e\x0b\x27\xd6\x20\x86\x12\x8f\xdc\x32\x93\x63\xd0\x6b\x6e\x7c\xdc\x43\x60\xb3\x9d\xf2\x73\x7b\x59\x73\xa8\xc0\x5c\x72\xe1\xff\xae\xb0\x9c\xad\x67\x19\x22\x4f\x4f\xb8\x07\x94\xeb\x00\xf4\x09\x2f\x62\x3e\x5d\x27\xa1\x14\x02\xfc\x03\x5e\xb9\xfd\xe8\x82\x76\xf8\xca\x16\x82\x74\x59\x59\x2e\x35\x5d\x3c\x4e\x6c\x79\x2e\x54\x87\xc4\x99\x66\x6d\x96\xea\x5c\x5f\x9e\xab\xe1\x73\xb5\x62\x23\xcc\x71\xdf\xaf\x0d\x88\xf8\xb8\x05\x11\x08\x71\xf8\x9f\x39\x9f\x84\x46\x30\x23\xf1\x7d\x86\x24\x9a\xf6\x47\xb8\x3f\x24\xe9\x04\x83\xbe\xf5\x51\xf9\x56\x45\xdb\xa6\x60\x7f\x66\xb9\x3a\x6d\xa3\x49\xea\x07\x31\x8b\x6e\xa5\x9a\xdc\xca\x1e\xd1\x75\x66\xee\xab\xf6\x2b\x21\x20\x4a\x8f\xd1\xa2\xd9\x83\xfd\x22\xd2\xea\xf9\xac\xbb\xb7\xa2\x0b\xde\x39\x1a\x57\x24\xf0\x96\xd2\x04\xd3\x40\xb5\x62\x12\xf8\xb7\xf5\x14\x1f\x4f\x6e\xd7\x2b\x13\x4e\xea\xdf\x1f\x27\xed\xff\x37\x14\x24\xb4\x08\x20\xb2\x67\x47\xb0\xba\xad\x37\x6d\xfc\x53\x5a\x41\x7b\xe7\x8a\xab\xed\xf3\x3e\x97\x8c\x05\x33\xb4\x5e\xad\xf5\xc2\x4a\x1a\x06\x9b\xc4\x94\x5c\xd0\x0a\x52\xae\xb3\x5b\x53\x9a\xc0\x84\x70\x65\xcd\x01\xdf\xda\x63\x4c\xb9\xd7\x22\x2a\x60\xea\xfe\xf0\xf4\x83\xee\x5c\xe5\x2a\x3c\x90\x8b\x4a\xd4\xd2\x08\x97\xb5\x5a\x88\x02\x49\xfe\x9b\xf4\x12\x91\x24\x21\x6f\x80\xd4\x78\x9c\xe2\xf1\xb9\x7c\x9d\x38\x92\xc5\x06\x58\x0a\x68\xff\x2c\xe3\x5c\xaa\xd0\x31\x26\xa4\xad\xb9\xa1\x94\xfb\x86\xbc\x72\xbc\xe0\xe0\xbc\x47\x00\x95\x0d\x20\xcd\x4b\x8d\x67\x0a\xd2\x15\x1c\xde\x5f\xd5\x40\xe6\xa1\xd8\x71\xa4\x30\xc1\xa3\x33\xf0\x20\xc9\x57\xcd\x4c\x8b\x47\x88\xb4\xbc\x93\xd8\xdd\x28\x92\xf5\xd8\xa3\x50\x01\x3c\x62\xda\xe3\x74\x73\x84\xaa\x48\x7e\x00\x70\x49\x10\xb3\xf7\x54\x2c", 8192); *(uint32_t*)0x20005c00 = 0x20002980; *(uint32_t*)0x20002980 = 0x50; *(uint32_t*)0x20002984 = 0; *(uint64_t*)0x20002988 = 0x91e; *(uint32_t*)0x20002990 = 7; *(uint32_t*)0x20002994 = 0x22; *(uint32_t*)0x20002998 = 0xff; *(uint32_t*)0x2000299c = 0x1124872; *(uint16_t*)0x200029a0 = 6; *(uint16_t*)0x200029a2 = 0x3f; *(uint32_t*)0x200029a4 = 8; *(uint32_t*)0x200029a8 = 1; *(uint16_t*)0x200029ac = 0; *(uint16_t*)0x200029ae = 0; memset((void*)0x200029b0, 0, 32); *(uint32_t*)0x20005c04 = 0x20002a00; *(uint32_t*)0x20002a00 = 0x18; *(uint32_t*)0x20002a04 = 0; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x317e539f; *(uint32_t*)0x20005c08 = 0x20002a40; *(uint32_t*)0x20002a40 = 0x18; *(uint32_t*)0x20002a44 = 0; *(uint64_t*)0x20002a48 = 8; *(uint64_t*)0x20002a50 = 4; *(uint32_t*)0x20005c0c = 0x20002a80; *(uint32_t*)0x20002a80 = 0x18; *(uint32_t*)0x20002a84 = 0; *(uint64_t*)0x20002a88 = 5; *(uint32_t*)0x20002a90 = 0x401; *(uint32_t*)0x20002a94 = 0; *(uint32_t*)0x20005c10 = 0x20002ac0; *(uint32_t*)0x20002ac0 = 0x18; *(uint32_t*)0x20002ac4 = 0; *(uint64_t*)0x20002ac8 = 1; *(uint32_t*)0x20002ad0 = 0xfdcc; *(uint32_t*)0x20002ad4 = 0; *(uint32_t*)0x20005c14 = 0x20002b00; *(uint32_t*)0x20002b00 = 0x28; *(uint32_t*)0x20002b04 = 0; *(uint64_t*)0x20002b08 = 8; *(uint64_t*)0x20002b10 = 2; *(uint64_t*)0x20002b18 = 8; *(uint32_t*)0x20002b20 = 0; *(uint32_t*)0x20002b24 = 0; *(uint32_t*)0x20005c18 = 0x20002b40; *(uint32_t*)0x20002b40 = 0x60; *(uint32_t*)0x20002b44 = 0; *(uint64_t*)0x20002b48 = 0xfff; *(uint64_t*)0x20002b50 = 6; *(uint64_t*)0x20002b58 = 0x10001; *(uint64_t*)0x20002b60 = 6; *(uint64_t*)0x20002b68 = 1; *(uint64_t*)0x20002b70 = 8; *(uint32_t*)0x20002b78 = 1; *(uint32_t*)0x20002b7c = 0x32f0; *(uint32_t*)0x20002b80 = 7; *(uint32_t*)0x20002b84 = 0; memset((void*)0x20002b88, 0, 24); *(uint32_t*)0x20005c1c = 0x20002bc0; *(uint32_t*)0x20002bc0 = 0x18; *(uint32_t*)0x20002bc4 = 0; *(uint64_t*)0x20002bc8 = 4; *(uint32_t*)0x20002bd0 = 0xffff; *(uint32_t*)0x20002bd4 = 0; *(uint32_t*)0x20005c20 = 0x20002c00; *(uint32_t*)0x20002c00 = 0x18; *(uint32_t*)0x20002c04 = 0; *(uint64_t*)0x20002c08 = 0x1000; memcpy((void*)0x20002c10, "0%)/W({\000", 8); *(uint32_t*)0x20005c24 = 0x20002c40; *(uint32_t*)0x20002c40 = 0x20; *(uint32_t*)0x20002c44 = 0; *(uint64_t*)0x20002c48 = 5; *(uint64_t*)0x20002c50 = 0; *(uint32_t*)0x20002c58 = 0x11; *(uint32_t*)0x20002c5c = 0; *(uint32_t*)0x20005c28 = 0x20002dc0; *(uint32_t*)0x20002dc0 = 0x78; *(uint32_t*)0x20002dc4 = 0xfffffff5; *(uint64_t*)0x20002dc8 = 8; *(uint64_t*)0x20002dd0 = 6; *(uint32_t*)0x20002dd8 = 9; *(uint32_t*)0x20002ddc = 0; *(uint64_t*)0x20002de0 = 6; *(uint64_t*)0x20002de8 = 8; *(uint64_t*)0x20002df0 = 0x25d; *(uint64_t*)0x20002df8 = 7; *(uint64_t*)0x20002e00 = 0x8001; *(uint64_t*)0x20002e08 = 0x400; *(uint32_t*)0x20002e10 = 0xce1; *(uint32_t*)0x20002e14 = 0x8000; *(uint32_t*)0x20002e18 = 0x4800000; *(uint32_t*)0x20002e1c = 0x6000; *(uint32_t*)0x20002e20 = 8; *(uint32_t*)0x20002e24 = 0xee01; *(uint32_t*)0x20002e28 = r[3]; *(uint32_t*)0x20002e2c = 6; *(uint32_t*)0x20002e30 = 1; *(uint32_t*)0x20002e34 = 0; *(uint32_t*)0x20005c2c = 0x20002e40; *(uint32_t*)0x20002e40 = 0x90; *(uint32_t*)0x20002e44 = 0; *(uint64_t*)0x20002e48 = 0xfffffffffffffffc; *(uint64_t*)0x20002e50 = 5; *(uint64_t*)0x20002e58 = 2; *(uint64_t*)0x20002e60 = 0; *(uint64_t*)0x20002e68 = 0x80; *(uint32_t*)0x20002e70 = 0x1ff; *(uint32_t*)0x20002e74 = 0xfffffffa; *(uint64_t*)0x20002e78 = 1; *(uint64_t*)0x20002e80 = 0x81; *(uint64_t*)0x20002e88 = 1; *(uint64_t*)0x20002e90 = 0x10001; *(uint64_t*)0x20002e98 = 0x7f; *(uint64_t*)0x20002ea0 = 5; *(uint32_t*)0x20002ea8 = 5; *(uint32_t*)0x20002eac = 2; *(uint32_t*)0x20002eb0 = 0; *(uint32_t*)0x20002eb4 = 0x4000; *(uint32_t*)0x20002eb8 = 3; *(uint32_t*)0x20002ebc = 0xee01; *(uint32_t*)0x20002ec0 = 0xee00; *(uint32_t*)0x20002ec4 = 6; *(uint32_t*)0x20002ec8 = 0x23a; *(uint32_t*)0x20002ecc = 0; *(uint32_t*)0x20005c30 = 0x20002f00; *(uint32_t*)0x20002f00 = 0xe8; *(uint32_t*)0x20002f04 = 0; *(uint64_t*)0x20002f08 = 0x20; *(uint64_t*)0x20002f10 = 6; *(uint64_t*)0x20002f18 = 1; *(uint32_t*)0x20002f20 = 1; *(uint32_t*)0x20002f24 = 7; memset((void*)0x20002f28, 0, 1); *(uint64_t*)0x20002f30 = 2; *(uint64_t*)0x20002f38 = 0; *(uint32_t*)0x20002f40 = 0; *(uint32_t*)0x20002f44 = 0; *(uint64_t*)0x20002f48 = 5; *(uint64_t*)0x20002f50 = 0xfffffffffffffffa; *(uint32_t*)0x20002f58 = 0; *(uint32_t*)0x20002f5c = 0x20; *(uint64_t*)0x20002f60 = 4; *(uint64_t*)0x20002f68 = 2; *(uint32_t*)0x20002f70 = 6; *(uint32_t*)0x20002f74 = 9; memcpy((void*)0x20002f78, "wlan0\000", 6); *(uint64_t*)0x20002f80 = 2; *(uint64_t*)0x20002f88 = 5; *(uint32_t*)0x20002f90 = 1; *(uint32_t*)0x20002f94 = 0; memset((void*)0x20002f98, 47, 1); *(uint64_t*)0x20002fa0 = 0; *(uint64_t*)0x20002fa8 = 7; *(uint32_t*)0x20002fb0 = 6; *(uint32_t*)0x20002fb4 = 0x10000; memset((void*)0x20002fb8, 2, 6); *(uint64_t*)0x20002fc0 = 2; *(uint64_t*)0x20002fc8 = 3; *(uint32_t*)0x20002fd0 = 0x10; *(uint32_t*)0x20002fd4 = 0x3df4d00b; memcpy((void*)0x20002fd8, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16); *(uint32_t*)0x20005c34 = 0x200055c0; *(uint32_t*)0x200055c0 = 0x510; *(uint32_t*)0x200055c4 = 0; *(uint64_t*)0x200055c8 = 0; *(uint64_t*)0x200055d0 = 5; *(uint64_t*)0x200055d8 = 1; *(uint64_t*)0x200055e0 = 0; *(uint64_t*)0x200055e8 = 2; *(uint32_t*)0x200055f0 = 0xfffeffff; *(uint32_t*)0x200055f4 = 1; *(uint64_t*)0x200055f8 = 0; *(uint64_t*)0x20005600 = 0x141; *(uint64_t*)0x20005608 = 4; *(uint64_t*)0x20005610 = 9; *(uint64_t*)0x20005618 = 9; *(uint64_t*)0x20005620 = 4; *(uint32_t*)0x20005628 = 0x7ff; *(uint32_t*)0x2000562c = 0x7fffffff; *(uint32_t*)0x20005630 = 0x892; *(uint32_t*)0x20005634 = 0x4000; *(uint32_t*)0x20005638 = 0xfff; *(uint32_t*)0x2000563c = r[4]; *(uint32_t*)0x20005640 = 0; *(uint32_t*)0x20005644 = 4; *(uint32_t*)0x20005648 = 0x10000; *(uint32_t*)0x2000564c = 0; *(uint64_t*)0x20005650 = 1; *(uint64_t*)0x20005658 = 0x8000; *(uint32_t*)0x20005660 = 2; *(uint32_t*)0x20005664 = 4; memset((void*)0x20005668, 255, 2); *(uint64_t*)0x20005670 = 0xa00000000; *(uint64_t*)0x20005678 = 3; *(uint64_t*)0x20005680 = 0x8000000000000000; *(uint64_t*)0x20005688 = 0x80000001; *(uint32_t*)0x20005690 = 6; *(uint32_t*)0x20005694 = 1; *(uint64_t*)0x20005698 = 5; *(uint64_t*)0x200056a0 = 0xa0; *(uint64_t*)0x200056a8 = 8; *(uint64_t*)0x200056b0 = 7; *(uint64_t*)0x200056b8 = 0x101; *(uint64_t*)0x200056c0 = 0xbc3; *(uint32_t*)0x200056c8 = 0x19f; *(uint32_t*)0x200056cc = 4; *(uint32_t*)0x200056d0 = 0x7ff; *(uint32_t*)0x200056d4 = 0xa000; *(uint32_t*)0x200056d8 = 1; *(uint32_t*)0x200056dc = 0xee01; *(uint32_t*)0x200056e0 = r[5]; *(uint32_t*)0x200056e4 = 0x8001; *(uint32_t*)0x200056e8 = 8; *(uint32_t*)0x200056ec = 0; *(uint64_t*)0x200056f0 = 4; *(uint64_t*)0x200056f8 = 0x10001; *(uint32_t*)0x20005700 = 0xa; *(uint32_t*)0x20005704 = 0x3ff; memcpy((void*)0x20005708, "[{@^/@+@<[", 10); *(uint64_t*)0x20005718 = 1; *(uint64_t*)0x20005720 = 3; *(uint64_t*)0x20005728 = 5; *(uint64_t*)0x20005730 = 0x20; *(uint32_t*)0x20005738 = 3; *(uint32_t*)0x2000573c = -1; *(uint64_t*)0x20005740 = 3; *(uint64_t*)0x20005748 = 0xd4; *(uint64_t*)0x20005750 = 6; *(uint64_t*)0x20005758 = 0; *(uint64_t*)0x20005760 = 1; *(uint64_t*)0x20005768 = 0x80000; *(uint32_t*)0x20005770 = 0x38fa80be; *(uint32_t*)0x20005774 = 6; *(uint32_t*)0x20005778 = 0x400; *(uint32_t*)0x2000577c = 0x1000; *(uint32_t*)0x20005780 = 5; *(uint32_t*)0x20005784 = 0xee00; *(uint32_t*)0x20005788 = 0xee01; *(uint32_t*)0x2000578c = 0x10001; *(uint32_t*)0x20005790 = 0xff; *(uint32_t*)0x20005794 = 0; *(uint64_t*)0x20005798 = 4; *(uint64_t*)0x200057a0 = 5; *(uint32_t*)0x200057a8 = 8; *(uint32_t*)0x200057ac = 4; memcpy((void*)0x200057b0, "+!\234R\'+%\'", 8); *(uint64_t*)0x200057b8 = 3; *(uint64_t*)0x200057c0 = 3; *(uint64_t*)0x200057c8 = 0x200; *(uint64_t*)0x200057d0 = 5; *(uint32_t*)0x200057d8 = 0x55; *(uint32_t*)0x200057dc = 0x1f; *(uint64_t*)0x200057e0 = 1; *(uint64_t*)0x200057e8 = 0x34; *(uint64_t*)0x200057f0 = 7; *(uint64_t*)0x200057f8 = 4; *(uint64_t*)0x20005800 = 9; *(uint64_t*)0x20005808 = 2; *(uint32_t*)0x20005810 = 0x800; *(uint32_t*)0x20005814 = 0xffff8001; *(uint32_t*)0x20005818 = 6; *(uint32_t*)0x2000581c = 0x8000; *(uint32_t*)0x20005820 = 0x100; *(uint32_t*)0x20005824 = 0xee01; *(uint32_t*)0x20005828 = 0xee01; *(uint32_t*)0x2000582c = 0; *(uint32_t*)0x20005830 = 0x9c000000; *(uint32_t*)0x20005834 = 0; *(uint64_t*)0x20005838 = 0; *(uint64_t*)0x20005840 = 1; *(uint32_t*)0x20005848 = 1; *(uint32_t*)0x2000584c = 0x400; memset((void*)0x20005850, 0, 1); *(uint64_t*)0x20005858 = 6; *(uint64_t*)0x20005860 = 3; *(uint64_t*)0x20005868 = 0xa3; *(uint64_t*)0x20005870 = 0x80; *(uint32_t*)0x20005878 = 0x735; *(uint32_t*)0x2000587c = 0x9584; *(uint64_t*)0x20005880 = 0; *(uint64_t*)0x20005888 = 2; *(uint64_t*)0x20005890 = 7; *(uint64_t*)0x20005898 = 0xec61; *(uint64_t*)0x200058a0 = 0x371ca83; *(uint64_t*)0x200058a8 = 4; *(uint32_t*)0x200058b0 = -1; *(uint32_t*)0x200058b4 = 3; *(uint32_t*)0x200058b8 = 0x424c; *(uint32_t*)0x200058bc = 0xa000; *(uint32_t*)0x200058c0 = 0x400; *(uint32_t*)0x200058c4 = 0xee00; *(uint32_t*)0x200058c8 = 0xee01; *(uint32_t*)0x200058cc = 0xca; *(uint32_t*)0x200058d0 = 3; *(uint32_t*)0x200058d4 = 0; *(uint64_t*)0x200058d8 = 0; *(uint64_t*)0x200058e0 = 7; *(uint32_t*)0x200058e8 = 0; *(uint32_t*)0x200058ec = 0x80000001; *(uint64_t*)0x200058f0 = 5; *(uint64_t*)0x200058f8 = 1; *(uint64_t*)0x20005900 = 0x9d5; *(uint64_t*)0x20005908 = 5; *(uint32_t*)0x20005910 = 0x80000001; *(uint32_t*)0x20005914 = 0x1000000; *(uint64_t*)0x20005918 = 0; *(uint64_t*)0x20005920 = 0; *(uint64_t*)0x20005928 = 6; *(uint64_t*)0x20005930 = 0x7ff; *(uint64_t*)0x20005938 = 0x8001; *(uint64_t*)0x20005940 = 0x8001; *(uint32_t*)0x20005948 = 6; *(uint32_t*)0x2000594c = 0x8000; *(uint32_t*)0x20005950 = 1; *(uint32_t*)0x20005954 = 0xa000; *(uint32_t*)0x20005958 = 0x10000; *(uint32_t*)0x2000595c = 0xee00; *(uint32_t*)0x20005960 = r[6]; *(uint32_t*)0x20005964 = 0x80000000; *(uint32_t*)0x20005968 = 6; *(uint32_t*)0x2000596c = 0; *(uint64_t*)0x20005970 = 3; *(uint64_t*)0x20005978 = 0x7fff; *(uint32_t*)0x20005980 = 6; *(uint32_t*)0x20005984 = 0x4e5; memcpy((void*)0x20005988, "wlan0\000", 6); *(uint64_t*)0x20005990 = 4; *(uint64_t*)0x20005998 = 2; *(uint64_t*)0x200059a0 = -1; *(uint64_t*)0x200059a8 = 0x10001; *(uint32_t*)0x200059b0 = 7; *(uint32_t*)0x200059b4 = 0x3f; *(uint64_t*)0x200059b8 = 0; *(uint64_t*)0x200059c0 = 4; *(uint64_t*)0x200059c8 = 0x7fff; *(uint64_t*)0x200059d0 = 0x5c; *(uint64_t*)0x200059d8 = 0x5e; *(uint64_t*)0x200059e0 = 4; *(uint32_t*)0x200059e8 = 0; *(uint32_t*)0x200059ec = 9; *(uint32_t*)0x200059f0 = 4; *(uint32_t*)0x200059f4 = 0x1000; *(uint32_t*)0x200059f8 = 8; *(uint32_t*)0x200059fc = r[7]; *(uint32_t*)0x20005a00 = 0xee00; *(uint32_t*)0x20005a04 = 0x7ff; *(uint32_t*)0x20005a08 = 9; *(uint32_t*)0x20005a0c = 0; *(uint64_t*)0x20005a10 = 3; *(uint64_t*)0x20005a18 = 5; *(uint32_t*)0x20005a20 = 6; *(uint32_t*)0x20005a24 = 9; memset((void*)0x20005a28, 255, 6); *(uint64_t*)0x20005a30 = 6; *(uint64_t*)0x20005a38 = 3; *(uint64_t*)0x20005a40 = 3; *(uint64_t*)0x20005a48 = 9; *(uint32_t*)0x20005a50 = 6; *(uint32_t*)0x20005a54 = 0x100; *(uint64_t*)0x20005a58 = 1; *(uint64_t*)0x20005a60 = 0x101; *(uint64_t*)0x20005a68 = 4; *(uint64_t*)0x20005a70 = 0x100000000; *(uint64_t*)0x20005a78 = 2; *(uint64_t*)0x20005a80 = 0xfffffffffffffe00; *(uint32_t*)0x20005a88 = 3; *(uint32_t*)0x20005a8c = 9; *(uint32_t*)0x20005a90 = 9; *(uint32_t*)0x20005a94 = 0xa000; *(uint32_t*)0x20005a98 = 0xfa3; *(uint32_t*)0x20005a9c = -1; *(uint32_t*)0x20005aa0 = r[8]; *(uint32_t*)0x20005aa4 = 0x1400000; *(uint32_t*)0x20005aa8 = 9; *(uint32_t*)0x20005aac = 0; *(uint64_t*)0x20005ab0 = 6; *(uint64_t*)0x20005ab8 = 0; *(uint32_t*)0x20005ac0 = 6; *(uint32_t*)0x20005ac4 = 5; memcpy((void*)0x20005ac8, "wlan0\000", 6); *(uint32_t*)0x20005c38 = 0x20005b00; *(uint32_t*)0x20005b00 = 0xa0; *(uint32_t*)0x20005b04 = 0xfffffff5; *(uint64_t*)0x20005b08 = 5; *(uint64_t*)0x20005b10 = 0; *(uint64_t*)0x20005b18 = 3; *(uint64_t*)0x20005b20 = 2; *(uint64_t*)0x20005b28 = 3; *(uint32_t*)0x20005b30 = 7; *(uint32_t*)0x20005b34 = 0x64b; *(uint64_t*)0x20005b38 = 1; *(uint64_t*)0x20005b40 = 0xc2; *(uint64_t*)0x20005b48 = 9; *(uint64_t*)0x20005b50 = 5; *(uint64_t*)0x20005b58 = 0x8001; *(uint64_t*)0x20005b60 = -1; *(uint32_t*)0x20005b68 = 2; *(uint32_t*)0x20005b6c = 8; *(uint32_t*)0x20005b70 = 5; *(uint32_t*)0x20005b74 = 0x4000; *(uint32_t*)0x20005b78 = 0xd0a; *(uint32_t*)0x20005b7c = 0xee01; *(uint32_t*)0x20005b80 = 0xee00; *(uint32_t*)0x20005b84 = 7; *(uint32_t*)0x20005b88 = 1; *(uint32_t*)0x20005b8c = 0; *(uint64_t*)0x20005b90 = 0; *(uint32_t*)0x20005b98 = 2; *(uint32_t*)0x20005b9c = 0; *(uint32_t*)0x20005c3c = 0x20005bc0; *(uint32_t*)0x20005bc0 = 0x20; *(uint32_t*)0x20005bc4 = 0; *(uint64_t*)0x20005bc8 = 0x7fffffff; *(uint32_t*)0x20005bd0 = 8; *(uint32_t*)0x20005bd4 = 0; *(uint32_t*)0x20005bd8 = 0x9ad; *(uint32_t*)0x20005bdc = 3; syz_fuse_handle_req(r[2], 0x20000980, 0x2000, 0x20005c00); break; case 22: memcpy((void*)0x20005c40, "SEG6\000", 5); syz_genetlink_get_family_id(0x20005c40, r[2]); break; case 23: syz_init_net_socket(0x24, 2, 0); break; case 24: res = syscall(__NR_mmap, 0x20ffe000, 0x2000, 9, 0x100, (intptr_t)r[2], 0x8000000); if (res != -1) r[9] = res; break; case 25: res = -1; res = syz_io_uring_complete(r[9]); if (res != -1) r[10] = res; break; case 26: *(uint32_t*)0x20005c84 = 0x29e9; *(uint32_t*)0x20005c88 = 4; *(uint32_t*)0x20005c8c = 3; *(uint32_t*)0x20005c90 = 0x25; *(uint32_t*)0x20005c98 = r[10]; memset((void*)0x20005c9c, 0, 12); res = -1; res = syz_io_uring_setup(0x7811, 0x20005c80, 0x20ffe000, 0x20ffe000, 0x20005d00, 0x20005d40); if (res != -1) { r[11] = res; r[12] = *(uint64_t*)0x20005d40; } break; case 27: res = syscall(__NR_mmap, 0x20ffc000, 0x2000, 4, 0x80000, (intptr_t)r[11], 0); if (res != -1) r[13] = res; break; case 28: res = syscall(__NR_clock_gettime, 0, 0x20005d80); if (res != -1) { r[14] = *(uint32_t*)0x20005d80; r[15] = *(uint32_t*)0x20005d84; } break; case 29: *(uint8_t*)0x20005e00 = 0xb; *(uint8_t*)0x20005e01 = 1; *(uint16_t*)0x20005e02 = 0; *(uint32_t*)0x20005e04 = 0; *(uint64_t*)0x20005e08 = 7; *(uint32_t*)0x20005e10 = 0x20005dc0; *(uint32_t*)0x20005dc0 = r[14]; *(uint32_t*)0x20005dc4 = r[15]+60000000; *(uint32_t*)0x20005e14 = 1; *(uint32_t*)0x20005e18 = 0; *(uint64_t*)0x20005e1c = 0; *(uint16_t*)0x20005e24 = 0; *(uint16_t*)0x20005e26 = 0; memset((void*)0x20005e28, 0, 20); syz_io_uring_submit(r[13], r[12], 0x20005e00, 6); break; case 30: *(uint32_t*)0x20005e80 = 0; *(uint32_t*)0x20005e84 = 0x20005e40; memcpy((void*)0x20005e40, "\x55\x1e\x55\x34\x01\xd8\x41\x9a\xc4\x37\x85\x4e\x7b\xd6\x03\x3a\x54\x21\x4a\x9b\xd5\xbb\xb0\xaf\x5b\x8d\xfb\x21\x4a\xa8\x4f\x75\xf6\x0f\xd2\xf3\x74\xa0\x2b\xca\xcb\x65\x4f\x2e\x69\xf7\x19\x79\x48\x63", 50); *(uint32_t*)0x20005e88 = 0x32; *(uint64_t*)0x20005ec0 = 1; *(uint64_t*)0x20005ec8 = 0; syz_kvm_setup_cpu(r[2], r[2], 0x20fe8000, 0x20005e80, 1, 0, 0x20005ec0, 1); break; case 31: res = syscall(__NR_mmap, 0x20ff1000, 0x1000, 4, 0x100002, (intptr_t)r[2], 0); if (res != -1) r[16] = res; break; case 32: *(uint32_t*)0x20005f00 = 1; syz_memcpy_off(r[16], 0x118, 0x20005f00, 0, 4); break; case 33: res = syscall(__NR_clock_gettime, 0, 0x20008240); if (res != -1) { r[17] = *(uint32_t*)0x20008240; r[18] = *(uint32_t*)0x20008244; } break; case 34: *(uint32_t*)0x200081c0 = 0; *(uint32_t*)0x200081c4 = 0; *(uint32_t*)0x200081c8 = 0x20007580; *(uint32_t*)0x20007580 = 0x20007000; *(uint32_t*)0x20007584 = 0x68; *(uint32_t*)0x20007588 = 0x20007080; *(uint32_t*)0x2000758c = 0; *(uint32_t*)0x20007590 = 0x200070c0; *(uint32_t*)0x20007594 = 0xf; *(uint32_t*)0x20007598 = 0x20007100; *(uint32_t*)0x2000759c = 0xe0; *(uint32_t*)0x200075a0 = 0x20007200; *(uint32_t*)0x200075a4 = 0; *(uint32_t*)0x200075a8 = 0x20007240; *(uint32_t*)0x200075ac = 0xe6; *(uint32_t*)0x200075b0 = 0x20007340; *(uint32_t*)0x200075b4 = 0x63; *(uint32_t*)0x200075b8 = 0x200073c0; *(uint32_t*)0x200075bc = 0x45; *(uint32_t*)0x200075c0 = 0x20007440; *(uint32_t*)0x200075c4 = 0x6a; *(uint32_t*)0x200075c8 = 0x200074c0; *(uint32_t*)0x200075cc = 0xbc; *(uint32_t*)0x200081cc = 0xa; *(uint32_t*)0x200081d0 = 0x20007600; *(uint32_t*)0x200081d4 = 0x18; *(uint32_t*)0x200081d8 = 0; *(uint32_t*)0x200081dc = 0; *(uint32_t*)0x200081e0 = 0x20007640; *(uint32_t*)0x200081e4 = 0x6e; *(uint32_t*)0x200081e8 = 0x20007900; *(uint32_t*)0x20007900 = 0x200076c0; *(uint32_t*)0x20007904 = 0x79; *(uint32_t*)0x20007908 = 0x20007740; *(uint32_t*)0x2000790c = 0xa9; *(uint32_t*)0x20007910 = 0x20007800; *(uint32_t*)0x20007914 = 5; *(uint32_t*)0x20007918 = 0x20007840; *(uint32_t*)0x2000791c = 0x9d; *(uint32_t*)0x200081ec = 4; *(uint32_t*)0x200081f0 = 0x20007940; *(uint32_t*)0x200081f4 = 0xb0; *(uint32_t*)0x200081f8 = 0; *(uint32_t*)0x200081fc = 0; *(uint32_t*)0x20008200 = 0x20007a00; *(uint32_t*)0x20008204 = 0x6e; *(uint32_t*)0x20008208 = 0x20007b80; *(uint32_t*)0x20007b80 = 0x20007a80; *(uint32_t*)0x20007b84 = 0x73; *(uint32_t*)0x20007b88 = 0x20007b00; *(uint32_t*)0x20007b8c = 0xf; *(uint32_t*)0x20007b90 = 0x20007b40; *(uint32_t*)0x20007b94 = 0x13; *(uint32_t*)0x2000820c = 3; *(uint32_t*)0x20008210 = 0x20007bc0; *(uint32_t*)0x20008214 = 0x44; *(uint32_t*)0x20008218 = 0; *(uint32_t*)0x2000821c = 0; *(uint32_t*)0x20008220 = 0x20007c40; *(uint32_t*)0x20008224 = 0x6e; *(uint32_t*)0x20008228 = 0x20008180; *(uint32_t*)0x20008180 = 0x20007cc0; *(uint32_t*)0x20008184 = 0x99; *(uint32_t*)0x20008188 = 0x20007d80; *(uint32_t*)0x2000818c = 0xfa; *(uint32_t*)0x20008190 = 0x20007e80; *(uint32_t*)0x20008194 = 0xfc; *(uint32_t*)0x20008198 = 0x20007f80; *(uint32_t*)0x2000819c = 0xc1; *(uint32_t*)0x200081a0 = 0x20008080; *(uint32_t*)0x200081a4 = 0x60; *(uint32_t*)0x200081a8 = 0x20008100; *(uint32_t*)0x200081ac = 0x41; *(uint32_t*)0x2000822c = 6; *(uint32_t*)0x20008230 = 0; *(uint32_t*)0x20008234 = 0; *(uint32_t*)0x20008238 = 0; *(uint32_t*)0x2000823c = 0; *(uint32_t*)0x20008280 = r[17]; *(uint32_t*)0x20008284 = r[18]+10000000; res = syscall(__NR_recvmmsg, (intptr_t)r[2], 0x200081c0, 4, 0x2000, 0x20008280); if (res != -1) { r[19] = *(uint32_t*)0x2000760c; r[20] = *(uint32_t*)0x20007610; r[21] = *(uint32_t*)0x20007bd8; } break; case 35: memcpy((void*)0x20005f40, "adfs\000", 5); memcpy((void*)0x20005f80, "./file0\000", 8); *(uint32_t*)0x20006fc0 = 0x20005fc0; memcpy((void*)0x20005fc0, "\x97\x71\x1a\x3f\xc7\x75\xd9\xb6\xb8\x02\xd7\x5c\xef\xe3\x4e\x56\x0d\xfb\xbc\x19\x05\xdf\x84\x52\xc7\xc0\x61\xcf\xbd\xba\xf7\x6a\xc0\xee\x70\x4f\xdc\x1b\x95\x57\x6e\x83\x98\x71\x5c\xca\xc2\x3e\xb6\x22\x40\x6f\xdf\x86\x65\x6d\x86\x66\xd1\x74\x34\x5d\xf1\x5c\xc2\x79\xd6\xbc\x46\x18\x9f\x9e\x91\x03\xc8\xb6\x34\x30\x6a\x9d\xc5\x12\x13\x54\x03\x7a\xbc\x83\x6a\xf3\x2b\x82\xe0\xeb\x92\x22\xc5\xb9\x7a\x31\xba\xf7\x00\x22\x6f\x45\x9f\x15\x93\xe5\x94\x22\x0d\x6e\xee\x2f\x7b\xd3\x61\x2c\x68\x99\x6c\x93\x1e\x01\xb3\x90\x86\x7e\xcb\x7d\xb7\x3f\xd1\xc8\xba\xea\x0a\x1a\x30\x71\x9c\x09\xc8\x17\x06\x41\x41\x90\xc4\x90\x23\x6b\x27\x56\xcf\xba\x38\xfa\xba\xd4\x9c\x00\x2c\xdd\xcc\xb2\x2a\x79\x01\x5c\xf6\xc9\xd5\xb8\x11\x97\xe3\x66\x9f\x11\x95\xcf\x26\xfd\x67\x4c\xef\x34\xfc\x25\x17\xdd\x56\x1d\x62\x5d\x37\xf0\x09\x36\x69\xe6\x8f\xca\x1a\xe7\x32\x7c\x53\xa8\xd8\xfe\x8c\xe0\x89\xec\x51\x30\xda\x3d\xcd\x2c\x1b\xe4\x7c\x5d\x11\xc1\xe6\x07\x70\x6d\xed\xe9\x8d\x3a\xd0\x34\x7d\xb6\x08\xbf\x9f\xeb\xfe\x35\x7b\x46\xfe\x05\x17\x2e\x7a\xbd\x5e\x6a\x57\x55\xec\xbd\xb7\x29\x4a\xc6\x60\xef\x99\x99\x61\xaa\x24\x91\x46\x0d\x2b\xa8\xc4\x79\x28\xfc\xd0\x2e\x29\x4c\x16\x83\x8a\xdc\x1c\x5a\xa0\xae\xef\xc2\x79\x79\x3c\x1e\x9b\xae\x9d\xad\x1b\xdd\x67\x4f\xbf\x94\xf6\x4d\x5e\xe5\x86\xb8\x57\x84\x6b\x2c\x3e\x35\xcb\xe0\x79\x1f\x3f\x0a\x42\x79\xec\x2d\x51\xfd\xfb\x3a\x9d\x2f\xd0\x93\xba\x29\xd7\x43\xee\xbb\x06\x46\xd4\x0a\xf9\x32\x96\x0b\x4e\xfd\x52\xdf\xae\x37\x24\x20\x6f\x13\x83\x9b\x1e\x9d\xd3\x56\x1c\x15\x9f\x7d\x1a\x0b\x45\xdf\xa6\x55\x72\x41\x64\xca\x8c\xa4\x01\x78\xaa\xbc\x9f\x0c\x27\x0c\xc0\xc2\xe8\x28\xdc\x28\x42\xfb\x23\x72\xab\xca\x8d\x65\xd3\x72\x6e\xad\xdb\x36\xd2\x77\x2f\xc4\x2a\x5a\x60\x9d\xbc\x76\x1a\x08\x6d\xd8\x40\x5f\x0c\x0a\x7c\x0b\xfc\x14\xfe\xa9\x1c\xab\x42\x3f\xdb\xc9\x44\xdd\xbd\xee\x21\x4c\x24\x8e\xf0\xc8\x93\x3c\x80\xf3\xac\x68\xa3\xcd\xc4\xed\x51\x20\xc7\xbe\x1f\x04\x18\xa0\xdd\xee\xe9\x4c\xe8\xde\x7a\x07\xb9\x4d\x97\xa9\xc7\x2e\x33\x8e\xb9\xcb\x87\x15\x67\x60\x8b\x49\x03\x1f\x1f\xd0\x7e\x5c\x5c\xbb\xc2\x20\x1c\x48\x76\x88\x5c\x1b\xdc\xcc\x2b\xfe\xce\x71\xde\x73\xd6\xa7\x10\xc9\x6a\x67\x5d\xe4\xb5\x78\xe3\xa0\xb8\x4d\x1f\xb8\x9b\xed\x53\x1e\x17\x05\xaf\x86\x7b\x10\xb7\xc9\x23\x28\xa0\x6b\xad\x02\xc5\x73\x37\x5d\x50\x0a\x4b\xdc\x88\x4b\x55\x65\x2d\x7f\x1c\xfb\x31\xaf\xaf\x0b\x35\xe9\x8a\x58\x46\x6b\x80\xa2\xa4\xbc\xa2\xd7\x2e\x38\x7f\x8e\x94\x51\x9a\x43\x73\x4c\x38\x5b\x69\x8e\x08\xb0\xee\x1d\x98\x05\xc3\x92\xac\xb7\x6f\x98\x08\x94\xdf\x90\x46\xc6\x17\xf6\x2a\x23\x61\x06\x2e\x52\x24\x53\xdc\xd7\x31\x76\xf7\x86\xef\x2c\xcd\x7a\x05\xdf\x8b\x44\xa6\xf9\x31\x35\xd4\x88\x8f\xdd\x51\x02\x20\x35\x7f\x1a\xec\xcd\x13\xe1\xfe\x10\x29\x26\x73\xf9\x81\xf4\x20\xd9\x85\x9f\xa2\x18\xb8\x69\x8b\x4a\x69\x1e\x69\x9c\x28\xa2\xdd\x46\xd3\x97\x89\x42\x19\x2e\xd5\x1d\x21\x26\x69\x45\x8a\x4d\xc3\xd3\x81\xd2\xc3\xf7\x3c\xb6\x0b\xfe\xcb\x8b\xf0\xe1\x55\x6e\xae\xd9\xff\xca\x5d\x0f\x7c\x9f\x61\x52\xf4\xfc\xd5\xed\x86\xcb\x6a\x56\x5e\x4b\x6b\x1c\x9e\x7e\xfe\xf1\xcc\xd2\x8a\xe7\x09\x1a\xbd\x84\xe8\x43\x1e\xc0\x8e\xd8\x3a\x8b\xbe\x56\xf9\xe1\x22\x56\xd0\xa0\x5b\x46\x1d\x9f\x1f\x4b\xad\x4b\x0e\x87\x34\xc4\x7d\x12\x12\x4c\x40\x6d\xb2\xc0\x33\xca\x10\x63\x41\x05\x71\x3d\xf4\x00\xfe\x66\x8d\x74\xc1\x0b\x95\x46\xfe\xf0\x3d\x29\xee\x05\xd4\xe3\xe8\x32\xed\xe1\x03\xcf\xb8\x90\xc8\xb0\x09\x2a\x58\xfe\x32\xa0\xb1\x05\x89\x6c\xef\xc8\x3a\x99\x0c\x3b\x6d\x9d\xec\x09\xe4\xbe\xea\x80\x40\xb2\x9f\x92\x17\xe5\x57\x7f\xd7\x20\x03\xa1\xdc\x46\x67\xfa\x4c\xf3\xbb\xf2\x98\x5f\x0a\xef\x84\xb4\x55\x69\xa0\x87\xb7\xf9\xaf\xe8\x24\xf3\xc5\x9b\x40\xcd\x0d\x08\x8c\x16\xf4\x41\x42\x40\xa6\xeb\xe2\x4a\xad\xc4\x02\xcc\x99\xab\xf0\x34\xa4\x8b\xda\x6a\x28\x21\xbd\xf2\x94\x65\x8e\x27\x82\x32\x6e\x16\x96\xa8\x87\x8b\x62\xbe\x50\xb8\xae\x8d\x00\x3e\x1b\x6b\x9f\x5f\x26\xd3\xf2\x1b\x14\x22\xcf\x73\xac\x72\x92\x63\x8e\x57\xda\x6f\xe3\xfd\xad\xd7\x78\x6a\xa2\xd7\x40\x6c\x0d\x84\x55\x45\x47\xd9\x59\x0e\xe9\xe1\x70\x54\x28\xe0\x0d\xdc\x33\x25\x0a\x11\x6b\x97\x37\xc8\xb0\x13\xa3\x8c\x6f\x5e\x88\x27\x5b\x01\x5f\x1c\x09\x96\xb0\x6e\xf4\x46\x7f\xa0\x46\x8e\x8f\x4a\x49\x8b\x56\xa0\x45\xf8\x94\xe4\x50\x90\xfc\x17\x07\x48\x1b\xef\x75\xf6\x01\xd9\x5e\x67\xb9\x63\xb6\xdd\xaa\xd7\x51\x1a\xb4\x1e\xf4\xc9\xf6\x51\xc7\x0f\x8e\xc2\xf0\xcf\x3b\x62\xba\xd7\x4e\x24\x92\xa3\x9f\xc1\xf8\x1d\xa6\x97\xcd\xc3\x53\xde\x95\x89\xca\xb5\x4a\x16\x90\x1a\x18\xd8\x51\xbd\xc2\x62\x39\xa7\x2f\x9a\x78\x7f\xbe\xfb\x3f\xc3\xf5\xdf\x14\x9a\x01\x3c\x4f\x8c\x8b\x0e\x98\xb8\xf6\x69\xf6\x2f\xbe\x09\x52\x5b\x46\x46\x9b\x1c\x7f\xcb\x91\xe5\x57\x35\xf2\xad\xc8\x13\x6a\x46\xae\xc4\xde\x01\x6b\x9f\x92\x51\xac\x2a\xa8\x20\xa1\xa8\x87\xb7\x8c\x66\x80\x2b\xf8\xdb\xbc\xe8\xc4\xe1\x38\xba\x0a\x52\x89\x2c\x9e\x93\x4a\xf2\xc7\x6b\x95\x03\x2a\x2f\x4c\xb5\xa6\x21\xe4\x53\x97\x0f\x54\xb2\x79\x03\x5e\x14\x08\x33\xe3\x25\x0a\x9c\x4f\x16\x37\x1c\xdd\xfc\x01\xc4\x04\xe6\xe8\x6a\xcc\x23\x1c\x8d\x7d\xbe\xd9\xb6\xae\xc0\xda\x3e\x0b\xb4\x06\x72\xf4\xd4\x1d\xf2\x65\x0d\x20\x0f\xdd\xa6\xbd\xc6\x2b\x1d\x43\x3e\xfb\x4d\xcb\x37\x05\x26\x89\xee\xc1\xfb\x99\xce\xda\x3e\x11\x07\xae\x9a\xee\xbc\x99\x58\xfd\x2f\x2e\x90\x59\x83\x40\x87\x37\x84\x27\xd3\x15\x8a\x8a\xd0\x47\x79\xe6\x22\xb9\xfe\xf7\x1b\x94\xb2\xaa\xc0\x3d\x6d\x9b\x72\x2a\x24\x27\x85\x5a\x21\x76\xf0\x0d\x97\x1d\x6b\x1f\xe9\xb5\x7c\x36\x37\xaf\x6e\xcf\x8d\xd0\xbf\x1d\xc0\x55\xe7\x33\x1c\x7e\x3d\x9b\xf0\x9a\x98\x72\x36\x76\xb0\x77\x87\xa0\x75\xaf\x7e\xe9\x11\xee\x2b\x0e\xbe\xfb\x34\x08\xc8\xa6\x17\xe8\x1b\x02\x22\xf2\x0f\x41\xaa\xa5\x57\x67\xbd\x73\xb3\x0b\x7d\x52\x38\xa4\x18\x36\xe5\x3a\x5c\x82\x6d\x2c\xab\x59\x46\x04\x04\xf0\x2a\xf4\x3b\x1c\x64\xa8\x87\xb4\x4e\xdc\xb3\x95\xa1\x49\x98\x3a\x63\xeb\xbc\x14\x68\xac\x3b\x39\xa0\x0d\x01\xe5\x90\x41\xea\x54\x97\x25\x76\x8c\x6f\xea\x7a\x48\x84\xfa\xb1\x6b\x85\x99\xcd\x0b\x91\xb8\x3d\xf3\x3b\x32\x28\x00\x39\xba\x02\x05\xa2\x3e\x97\xcd\x38\xbf\x8b\xe0\xce\xd3\xd7\xc2\xf4\x44\x91\xe9\xb5\x94\xe0\x54\xe6\xc6\xe6\xe2\xb6\x10\x83\x0f\x98\xef\x9a\x24\x0f\xd5\x6d\x1e\x21\x8c\xbc\x15\x35\xb8\x88\x9f\xd2\xb3\x9f\xd9\x4c\x82\x13\x7a\x80\xea\x12\x34\xa8\x4d\xc6\xfa\xc0\xf1\x6b\x8b\x2d\xe9\xdd\xe9\xec\x82\x70\xc2\xdf\x90\xb1\x10\x7e\xed\x2d\x34\x69\x65\x94\x3a\x1c\xb0\x85\x64\x21\xe4\x5f\xed\x7f\x48\x07\x10\x41\xc5\x52\xef\xc7\x33\x3c\x5e\x7d\xec\x5b\x9c\xb5\x95\x65\x71\x8a\x7e\x23\x0a\x84\x2f\x20\x6a\x49\x49\xa3\x8f\xca\x5d\x9a\x8d\x84\x75\x63\xdd\x64\x45\x78\xf8\x9e\x5e\xa6\x8c\xd8\x4e\xdc\x6a\x04\xe5\x27\xd1\xc0\x7e\x6a\xe4\x2f\x50\x3f\x7c\x09\xf7\xfa\x5e\xd1\xb2\xd7\xa3\xa9\x0b\x5f\xed\xdd\x57\x6d\xcc\x54\x4d\x8a\x7e\x51\x54\xfc\xb8\x2d\x14\x97\x06\x43\xa0\x3e\xc1\xad\xa0\x83\xad\xe9\xa9\x0d\x56\xb1\xa0\x5e\x7b\xec\xc2\xe4\x34\xd4\x87\xe0\xc9\x4d\x10\xfb\x56\xb7\x3a\x82\xfd\x0c\x34\xe3\xea\x6e\x25\x2b\xd8\x28\x44\xe9\x59\x33\x81\x92\x54\xe1\x2b\x00\x1a\xcf\x2a\xd8\xb6\x30\xa7\xd2\x05\x6c\x6f\x77\x33\x4e\xd2\x23\x21\x77\x1e\x73\x31\x29\x81\xd8\x91\x01\x70\xcd\xd7\xf4\x78\x81\xb5\x8c\x47\x53\xbb\xfb\x0b\x34\xc7\x8b\x42\x11\xe6\x26\x14\x6f\xf3\x42\xbf\xd5\x77\x40\xeb\x86\x8e\x1c\xfa\x31\x2c\x90\x7b\xef\x85\x7b\x37\x81\xeb\xd1\x39\x7e\x8d\xc0\xca\x14\x74\xa1\x9b\x39\xb4\x97\xae\x70\x88\x9d\x2d\xbb\xce\x85\xd3\x74\x3f\xd3\x3c\x97\xb9\xc2\x2b\x86\x6e\xb6\x5d\x35\x93\x90\x0e\x66\xc4\x59\xef\xe5\x63\x8a\x82\x4c\x42\x3d\x9c\x49\xba\x44\xb8\xff\x9b\x9b\x3e\xc1\x5c\xef\x43\x4d\xee\xf9\xab\x92\x76\x0c\x55\xb1\xfb\x37\x33\x9b\x1c\x77\xf3\xa0\x1a\x77\xfd\x72\xf7\x28\x77\x95\x2e\x8a\x58\x27\x49\x4c\x91\x88\xb8\xd1\xc2\x70\xb0\xa9\x9b\x4a\x9e\x81\x8d\x1f\xa1\x26\xa7\x29\x1a\x7b\x0b\x94\xc2\xbf\x7c\x18\xc2\xe2\x5e\x7f\xcf\xd6\x8d\x38\x82\x96\x55\xd9\xaa\xb9\x34\x96\x30\x34\x56\x3e\x90\x86\x52\x45\xa6\x13\x04\xfe\xbd\xf5\x9b\xb0\x09\x31\x67\xc8\xc4\x1c\xce\x17\x73\xbb\x80\xc6\x78\x75\x9b\x55\xda\xb1\x24\x72\x52\x03\x61\x57\xa0\xe6\x0d\x66\xe2\x89\xd4\xb9\xbf\x98\xfd\xce\x7c\x5c\xa5\x9b\xdb\x4f\xaf\xe5\x5e\x09\xb1\x6a\xa3\x43\x0d\x39\xbf\x15\x03\x32\xa1\x5c\x48\x90\xed\x07\x8e\x62\x87\x75\xf8\x78\x7b\x89\x35\x92\x26\x3c\xa6\xd3\x11\x36\x19\xa7\xb2\x12\x51\xfa\xee\xe1\x37\xa0\x99\xbf\x00\xfb\x5f\xbc\xc7\x5e\x75\x8e\xae\xc9\xbd\xcf\xf6\x55\x76\xc0\xd8\x26\xea\x79\xd9\x0e\x99\xd8\xcb\xb4\x90\x93\x7d\x1d\x12\x2d\xbb\x8d\x15\xb3\x37\x56\x83\x5e\x1c\xe3\xbd\xaf\x49\x19\xf5\x22\x6b\x38\x4c\x87\xc2\xc7\xaf\x71\xfb\x3d\xd0\x73\xc4\x31\x29\xac\x4e\x2a\x6e\x52\x1b\xee\x34\x97\x30\xb2\xd9\xa7\x1c\x6b\x01\xd6\x1d\xf1\x30\x80\x2a\x9b\xb6\xab\x1f\x4d\x59\x4b\x89\x67\x5c\xc4\x67\xca\xb3\x03\xc8\x6a\xe6\xb4\xc0\xd2\x6d\xcf\x16\xcd\xec\x9c\x8b\x78\xf3\xe2\x3b\xab\x3e\x7b\x51\x53\xe7\x3b\xb7\x1c\xb6\xa2\xaf\xac\x5c\x33\x19\x5d\x2a\x2f\x32\x9d\x9e\x8f\x53\xdc\x92\x80\x10\x46\xb0\x72\x45\xe1\x39\xa6\x41\x4c\xff\x17\xdd\x9d\x79\x47\xe9\x45\xa1\xdd\xf5\x92\x13\x1d\x90\xf3\xf3\x25\xeb\xc3\xcf\x24\x36\x0f\x83\xed\x16\x06\xf9\x52\xd4\xf6\x92\x21\xb7\x5c\x9b\xe9\x1e\x5d\x2a\xbe\xed\x93\xf3\x39\x58\xb0\x4a\xa1\xe0\xcb\x5b\x85\x0e\xdf\x27\x60\xf4\xb8\xe8\x10\xd8\x79\xd8\x73\x57\x03\x6c\x8e\x26\x53\x8e\x69\x68\x9e\x47\xfb\xb1\xda\x8e\x0c\xa0\x82\x84\xf5\x59\x00\xbd\x02\x9e\x95\xa5\x27\xb3\xba\x25\x1b\x0c\xe2\x7b\xd0\x49\xfc\x85\xb1\x94\x95\x93\x75\xf7\x85\xcf\x75\xc1\x01\xee\xaa\xba\x56\xb3\x9a\x3f\xc4\x6b\xa9\x72\x98\x37\xe2\xfb\xce\x7e\xbb\xa9\x32\x59\x6c\x0c\x2e\xf0\xc5\xd8\xe6\x84\xba\x6b\x33\x4d\xba\xff\xc0\xfa\x84\x2a\x6a\xa5\x55\x81\x3d\x5b\xdc\x23\x7a\x43\x76\xfb\xfc\x3a\xbd\x54\x9a\xbc\x27\xf3\xb1\xc9\x18\xc6\x7f\x2c\x34\xe1\x16\xb6\xb0\x63\x01\x15\x49\x06\x24\xf4\x99\x7d\x93\xac\xec\x5d\xab\x0d\x2b\xb1\x57\x2b\x31\x9b\xa4\xc9\x90\xcd\x74\x38\x95\x42\xf4\x8b\x7e\x17\x3d\x0c\x81\xed\x75\x6a\x1b\x40\x9f\x6b\x19\x58\x59\xfd\xc7\x57\x7a\x7e\x7b\x12\x0a\x15\x13\xc2\x25\xd3\x13\xd7\x42\x3d\x6a\x99\xdd\xb7\x19\x14\x96\x28\x21\xdb\x95\x19\x2f\xc9\xca\x8b\x69\x72\xe0\x7d\x78\x67\x9e\x3b\x42\x65\xcb\x97\x25\xd9\x5f\x52\xf6\x8f\xf1\xca\x46\xb8\xac\x6a\xe7\xc6\x05\x3b\xcd\x97\x2e\x37\xfa\x82\x44\x91\x52\x7a\x1e\x43\x23\xaa\x6f\x2d\x5e\x59\xcf\x06\xc6\x08\x8c\x14\x80\x59\xfa\xd6\xf1\xcb\xfb\x47\x67\x19\xd0\x9f\xa4\x79\xb6\x9a\x47\x90\xa7\x4f\x65\xab\xd9\x99\xc2\x67\xd1\x0c\xc2\xff\x99\xd3\x9e\x39\x41\x60\xe1\x51\x46\x95\x89\xf4\x16\xf6\x59\xb2\xa8\xc6\x0d\xef\x78\xd6\xf4\x33\x80\x9d\xfb\x96\xc2\x72\x20\x07\x6f\x47\xb7\xe7\x4a\x89\x30\xcd\x61\xe8\xfc\x10\x9d\xdf\x87\x54\xff\x5d\x68\x78\xee\xf5\xdc\x7d\xd6\x1e\x2d\xa0\x07\x3b\x0a\xd6\xb0\x71\xfe\xff\x97\xfb\x87\xec\x0d\x90\x95\x4a\xed\xc8\x88\xe7\xb1\xe0\x9d\xcd\xfc\xc6\x90\x6e\x49\xb6\xea\x4a\x0c\x32\x54\x64\x07\xac\x0d\x22\xe2\x92\x00\xb8\x60\x3f\x2c\x30\x41\xd2\x7d\x0f\xd9\x90\xc3\x12\xc3\xf4\xeb\xee\xf4\x53\x85\x12\x48\x25\xe7\x3a\x4b\x30\xf7\xe6\x2b\x37\x46\xae\xe0\xa1\xf4\x23\x57\xa7\xc2\xd5\x9b\x9b\x28\x65\xab\x24\xb3\x35\x36\xc1\xd7\x52\xa4\xe1\xc0\x8e\x07\xec\x7a\xb8\xe3\x7e\xda\x44\xeb\xd2\x21\x3d\x46\x95\x58\x59\xce\x75\xe8\xcb\xee\x3e\x44\x8d\xdc\x6c\x37\x20\xfa\x4b\xb6\x04\x29\x8c\x9c\xc6\xc1\xea\xc4\xaa\xc1\x8f\xfe\xef\x8d\x63\x1a\x61\x75\xa5\x8b\x18\x25\x7c\x81\xb5\xb2\xa2\xc7\x45\x8b\x11\x73\xa5\xc1\xbf\xe3\xa5\x61\x59\xfa\x40\x60\x11\xdc\x0b\xb6\x02\x1f\x23\x32\xbb\x47\x1e\xf8\x89\x2a\xcd\x5e\x7b\x58\xae\xca\x43\xe4\x85\xb3\x5d\xdc\x93\x8f\xbf\x2d\x03\x25\x21\x82\x08\x09\xaf\x02\x55\x13\xb6\x63\x92\x2d\x66\x4c\xa4\x21\x6b\xcc\x98\x77\x03\x0d\x5f\xac\xfb\x9a\x04\x82\x99\x8e\x50\xcf\x69\xbc\x59\xc1\x80\x5f\xb4\xfa\xa8\x9f\x68\x31\xec\x6a\xfc\x29\xe7\xf6\xdb\x38\xfe\xd3\x40\x3d\x10\x35\xe2\x51\x62\x4d\xe0\xea\x64\x45\x81\x2f\x71\xa4\xa9\x1e\xab\x22\xd8\x8d\xa4\x9c\x09\x70\x03\xea\x96\x08\xef\x66\x1e\x8c\xd9\x94\x58\xf3\x18\xd3\x73\xea\x1a\xff\xe6\xcf\xbe\xc7\xe9\xf7\x7c\xa3\x93\xf1\x58\x54\x02\xa7\x0a\xfa\x83\xe3\xdc\x11\x41\x7b\x83\x03\x5c\x4a\xa6\xef\xb9\x6c\xaf\xfd\xb7\x6b\xb4\x31\x15\x2a\x11\x08\xdd\x6a\xe5\xa3\x7a\xfb\x9a\xa1\xb5\x1d\xdc\xd2\x2d\x7a\xf1\x1d\x65\xc1\x88\x47\x2d\x79\xac\xbd\xd4\x8c\x61\x35\x5a\x4b\x2f\xdf\x2b\x81\xfb\x44\x59\x71\x1f\xb4\x37\xf3\xf7\xf9\x5a\x6e\x18\x7c\x0c\xc0\x87\xbb\xd7\x39\xc9\xc9\xe2\x2e\x25\xfd\x0d\x30\x5a\x27\x40\x8f\x52\xb8\x39\xe3\x57\xd1\xf3\x7b\x0c\x7a\x57\x6d\xf7\x93\x00\x82\x41\xbd\x21\x20\xcc\xfa\x21\x43\x52\x68\xed\x24\x3d\xd2\xed\xbb\x75\x1b\x20\x14\x74\xe9\x1f\x48\x21\x9b\xfd\xdb\x4c\xd0\xdd\x47\x19\x65\xbf\xe7\x8e\x45\x23\x3a\x33\xb6\xc4\x02\x2b\xc5\x7b\xcf\xd2\x24\xf8\x9b\x4a\xfb\xe2\x5a\x00\x3e\xf4\x1f\x59\x6e\x10\xfc\x14\x2d\x52\xe0\xee\x02\xfa\xd0\x72\x86\x51\xf0\xfe\x75\xb9\x47\xa5\x44\xfd\x7e\x2d\xc3\x8b\x60\x87\x89\xeb\xc8\x7b\x01\x99\x3e\x23\xb7\x65\x44\x90\x01\xc7\x7a\xdc\x77\x8a\xdb\x84\xa0\xdd\x32\xb7\x0e\x26\x7a\xad\xcc\x16\x8e\xf1\x71\x3d\x7c\xbd\xe5\x63\x39\x6e\xf5\xe3\x9f\xf9\xf7\x00\x8d\x61\xa2\x0f\xe4\x9a\xc8\x0c\x2e\xe8\x4c\x53\x11\xe6\xb0\xc2\x59\xf0\xc6\x36\x31\xaf\x64\xee\x1d\x22\x25\xb5\xea\xa3\x1b\x97\x63\x6b\x30\x10\x9f\xe4\xfc\xf1\x52\x27\x23\xc6\xd7\x9a\x50\x05\xf3\x76\x8b\xe2\x87\x29\x10\xa0\xd9\xf2\xd2\xb1\x0a\x91\xe4\x8f\x7d\xa5\xc3\x83\x0e\x18\xbf\x1a\x2c\x51\xf7\x91\xe4\x63\xf7\xca\x07\xe0\xc6\x3d\x07\x58\x52\xc2\xbd\x82\xb4\xa5\x98\x9d\x4f\xf5\x0a\x70\x07\xd3\xeb\x32\x2b\x3f\x01\xab\x76\xaf\x2b\xbe\xdb\x11\x08\x16\x5f\x48\x3d\x28\x41\x53\x78\xd6\x00\x98\xdb\xd8\x7a\x29\x9b\x3d\xe1\x16\xf3\x95\x5c\x3e\x24\x36\x77\xf3\xe3\xf7\x1f\x9f\x02\x04\xe1\x70\xda\x9e\xf5\xb6\x6c\x95\xba\x07\xf3\x35\xb1\x30\xb5\xa1\x7b\x6a\x72\xc3\x18\xbe\x1b\x8c\xa6\x42\x2b\x1e\xaf\x3f\x6e\xf0\x38\xdf\x50\x9e\xf1\x87\x65\x94\x7d\xe5\x88\x9a\x3a\x88\x45\x75\x61\xb3\x99\xab\x72\x94\x8d\x7e\xc9\xe0\xf4\xa7\x34\x8e\x0c\x43\x17\x48\x11\xd3\xa4\xd7\x12\x42\xe6\xa5\x0f\x5b\x39\x7a\x8d\x7f\xab\xbb\xa7\x10\x9a\xfa\x23\x69\xf1\x16\xe0\x9d\x3f\xcc\x0b\x5e\x61\x2a\xe8\xb8\x18\x30\x9c\x5f\xbb\x33\x47\xfd\xb5\xd6\xc6\x90\x46\x84\xf4\xe0\x4f\x12\xca\x85\x13\x17\x4e\x6b\x92\x6f\x04\x9a\xc1\x4e\x0a\x7f\x9e\x4a\xa6\xbd\x39\x1b\xbc\xcd\x3f\x72\x42\xb9\xa4\xc0\xdf\xd0\x17\x96\xda\x87\x1f\x4e\x9d\xe1\x7e\x54\x95\x37\xac\x6d\x21\xd5\xc6\x4e\x54\x9f\x07\x0e\x2b\x1d\x1b\x7f\x76\x98\x1f\xaa\x8d\xa9\x02\x9e\x45\x76\xfc\x43\xb4\xf4\x27\xec\x7e\xe4\xc4\x50\x5c\xa2\x70\xb2\x33\xff\xc5\xe1\xab\xe4\x4a\xc7\x89\xce\xca\xbd\xba\xab\xec\x44\x1a\x11\x84\x5c\xaf\x92\x21\x33\xd1\x1b\xb2\x82\x56\xee\x8f\x75\xe6\xf0\x65\xe3\x5f\x29\x76\x46\xc6\x3a\x2b\x8a\x59\x46\x05\xab\x39\x1c\x50\xfc\x33\x7d\x8d\x97\x06\x6e\x6b\x5b\x07\x10\xfb\x1e\xc7\x6c\x64\xf0\xa0\xa0\xcc\xac\x01\x37\x5f\x2c\x9f\xba\xca\x77\xb2\xb1\xee\x2b\x26\xa7\x6d\xa5\x27\xae\xfb\xe9\x83\xee\xd0\xd9\x46\xd7\x63\xe0\x0b\xf5\x01\xdd\x64\x6b\xfe\x68\x3a\x78\xdf\x80\xd9\x1d\xcd\x60\x3c\x5a\x8e\xb5\x95\xc0\xcd\xce\xaa\x2d\xab\xf5\xd6\x4a\x9f\xea\xac\xef\xc8\x78\xe0\x74\x31\x3c\x85\xe4\xc1\x5f\x4c\x2e\x63\xfa\x19\xf9\x7b\x82\x9c\x29\x7d\x86\x08\x78\xee\xe2\x13\x89\x28\xd8\xa4\x25\xc0\x79\x00\xc1\x22\x64\x55\xae\x33\xe7\x02\xc0\x58\x56\x7d\x42\xdf\x10\xd6\x04\x84\x66\xde\x62\xf1\x4c\x27\xf7\xd8\xf3\x06\x51\x66\x62\xe1\x8b\xeb\xb2\x4d\x7f\x38\xe5\xf0\xeb\xba\xb7\x49\x80\x59\x9f\xfa\xcb\xa5\x6d\x3c\xe1\x6a\x56\xb9\x91\xec\x64\xdf\x9e\xa8\xf9\x30\x0c\xc1\x87\xf2\xc1\xb2\xf8\x05\x62\xc6\x81\xbb\xf8\x33\xa9\x71\xe7\xd6\x9b\x67\x73\x0d\x3b\x0d\x3b\x5a\x9b\x3c\xab\xf5\xb4\x4e\x21\xf3\xa8\xea\x25\xaf\x9f\x9a\x7f\x53\xd6\xc8\x5c\xa6\xa3\xb8\x4f\x04\xfb\x6d\x1e\x99\x09\x66\x40\xc7\x6f\x00\xcb\x2a\x84\x9e\x02\x2c\x52\x66\x53\xe0\xe1\x9c\x0a\xb7\x3d\x7d\xb0\x2e\x69\xbd\x51\x1c\xb3\xb3\x6a\xe7\xdf\x9e\x0b\xcd\x5b\x8d\x18\x0c\x0a\x3d\xc9\xf1\x79\x73\xc6\x2b\x28\x6f\xbe\xfd\x48\x53\x97\x6a\xd3\x8d\xc7\x75\x67\x85\xf1\x7c\x88\xf9\x67\x56\x87\xc9\x76\x9d\x77\x16\x2e\x82\xe7\x1b\xae\x2e\xd2\x85\xbc\x87\x8f\x9e\xe7\x07\x0a\xf3\xc4\xb4\x3c\x90\x7b\xcb\x58\x56\xda\xb6\xa9\x38\xb7\x84\x2a\xf3\x76\xd7\xc1\x64\x07\x6c\xd0\x2b\x4e\x3e\x82\xe2\xcc\x8f\xca\x7d\xc2\xe4\x0b\xdb\x7b\x9a\x2e\xf4\x06\x35\x56\x30\xcb\x29\x30\x23\x17\x94\xef\x4a\x20\x36\x0a\x6e\xb9\xcc\x54\xf7\x53\x64\x2e\x69\x38\xa1\x73\x02\x46\x35\x98\x7b\x80\xa6\xe0\xf0\xb7\xcb\x25\x85\x37\xb8\x1e\x12\x50\xf7\x7f\xca\xf1\xd7\xcd\x9b\x3b\xe0\x72\xa6\xf9\xd4\xfd\x86\xf1\x56\x4b\x28\xd7\x90\xca\x13\x82\xfa\xe6\x1f\xa5\x87\x4c\x7d\xd7\xdb\x8e\xbf\xaa\xa7\xcc\x01\x1e\x6a\xb3\x57\x91\x37\xaa\x3f\x0a\xf1\x4e\x58\xc0\x96\x0d\x7f\x70\xce\xf9\x3a\xb8\x6c\xca\x7c\xb7\x85\xd8\xc1\x21\x52\xa8\x07\xcf\x1b\xfa\x4e\x0f\x6f\xfd\x28\x88\x70\x56\x5c\xd4\x9a\x10\xa4\x07\xce\xe9\x5c\x5c\x0f\xe4\xcc\x84\xb4\x73\x90\x86\x8e\x64\x50\x7f\x1f\xbf\xbb\x4a\x70\x4d\x27\x2d\xa1\x34\x80\xa4\x18\xe2\x5a\x99\x30\xa4\x02\xdc\xfb\xaa\x5c\xb5\x09\x2c\x56\x9a\x4e\x81\x50\xb5\x04\x8b\xef\x01\x19\x4e\x1c\xe3\x79\x5e\x28\x35\xa0\xa8\x2c\x9d\x5f\xf3\xa1\x57\x85\x2f\x12\x71\x35\x96\x99\x7e\xc3\x06\x1a\xea\xa9\x6e\x93\xc9\xb1\xd9\xd5\xaa\x24\x14\xc3\xea\x9f", 4096); *(uint32_t*)0x20006fc4 = 0x1000; *(uint32_t*)0x20006fc8 = 0x80000001; memcpy((void*)0x200082c0, ")/\'/%", 5); *(uint8_t*)0x200082c5 = 0x2c; memcpy((void*)0x200082c6, "wlan0\000", 6); *(uint8_t*)0x200082cc = 0x2c; memset((void*)0x200082cd, 255, 2); *(uint8_t*)0x200082cf = 0x2c; memset((void*)0x200082d0, 255, 2); *(uint8_t*)0x200082d2 = 0x2c; memcpy((void*)0x200082d3, "[{@^/@+@<[", 10); *(uint8_t*)0x200082dd = 0x2c; memcpy((void*)0x200082de, "uid", 3); *(uint8_t*)0x200082e1 = 0x3d; sprintf((char*)0x200082e2, "%020llu", (long long)r[20]); *(uint8_t*)0x200082f6 = 0x2c; memcpy((void*)0x200082f7, "smackfsfloor", 12); *(uint8_t*)0x20008303 = 0x3d; memcpy((void*)0x20008304, "{%\'--\323{-+#!", 11); *(uint8_t*)0x2000830f = 0x2c; *(uint8_t*)0x20008310 = 0; syz_mount_image(0x20005f40, 0x20005f80, 6, 1, 0x20006fc0, 0x1000000, 0x200082c0); break; case 36: memcpy((void*)0x20008340, "/dev/i2c-#\000", 11); syz_open_dev(0x20008340, 4, 0x404280); break; case 37: memcpy((void*)0x20008380, "net/ip6_mr_cache\000", 17); syz_open_procfs(r[19], 0x20008380); break; case 38: syz_open_pts(r[21], 0x8001); break; case 39: *(uint32_t*)0x20008980 = 0x200083c0; memcpy((void*)0x200083c0, "\xfb\xd2\x9b\x15\x87\x7e\x61\x06\x1c\xc5\x0c\xed\x7f\x39\x68\x61\x38\xbf\x51\x03\x24\x8d\x4d\xa5\x32\x57\xb7\x3a\x1e\xe9\x6c\xf2\x19\x9a\xbf\xa9\x61\xd7\xbd\x14\x6a\x6b\xb8\x8d\x70\x1b\x08\xed\xbf\x51\x4b\x2e\x31\x83\xcc\xe2\x11\xd5\x7c\x76\x45\xa9\xaf\xe2\x02\x75\xec\xbe\x29\xae\xa4\x8c\x76\xb0\xfb\x76\x27\xa8\xe4\x3c\x7a\x9f\x57\xef\x02\xa3\x16\xed\xf9\xd3\x8e\x0c\x6e\x74\xb5\x91\x07\xcb\x1c\x84\x06\xdc\xb6\xde\x31\x9b", 106); *(uint32_t*)0x20008984 = 0x6a; *(uint32_t*)0x20008988 = 0x7f; *(uint32_t*)0x2000898c = 0x20008440; memcpy((void*)0x20008440, "\xe0\xd8\xf5\x5b\x38\x48\xae\xd3\xac\x97\x38\xd2\xe1\x9f\x66\x8b\xe4\xc7\x6e\x3b\x4e\x48\x23\xa0\xc6\x99\x18\xad\x4a\xec\x8d\x6e\xad\xcf\xe1\x03\x27\x12\x6d\x01\x28\x7e\x67\x2d\x54\xa5\x44\xa9\x87\x7e\x59\xf9\xa2\xf4\x1a\xa2\x42\xb2\x37\xba\x59\x3c\x5a\x48\x40\xb8\x62\x1c\xe0\xd2\x8c\xe5\x22\xdf\xe8\x78\x8b\xb0\x70\xd4\xbc\x9d\x74\x52\x8a\x1f\x76\x03\x20\x0c\x23\x65\xc6\x3d\x42\xf1\x03\x29\x92\xe1\x0e\x43\x45\xcd\xea\x0d\x65\x36\x5d\x82\xb6\xc7\x8c\x81\xc7\x1b\x0b\x2f\xb7\x81\x97\xcd\x60\x5e\xc2\x52\x18\x06\xbd\xc0\x8d\x6d\xd8\xf5\x29\x1e\x5b\xb0\xca\x92\xe2\x04\x30\xd5\x81\x23\x5d\xdd\xa7\x56\xe6\xab\xd8\xc7\x69\x78\x3b\x84\xe5\x7b\x0a\xa9\x51\x30\x3a\xdc\xc7\xe9\x21\xb0\x69\xd9\x4f\x1a\x4d\xee\x1f\x47\x44\xdb\x5b\x28\xc9\x7f\xbb\xae\xc5\xbf\x56\x18\xe0\xe9\x4a\x41\xc0\xa9\x9c\xe6\xca\x91\xeb\xca\xff\x5a\xe6\x10\x6d\xc9\xdc\x31\x0d\x72\x50\xa8\xb7\xc7\xca\x55", 218); *(uint32_t*)0x20008990 = 0xda; *(uint32_t*)0x20008994 = 0x3ff; *(uint32_t*)0x20008998 = 0x20008540; memcpy((void*)0x20008540, "\xaf\xbb\x6b\x91\xaa\x78\x57\xf9\x42\xbc\x87\x73\xd0\x20\x89\x6a\x44\xf1\xd9\xdb\x9b\x9e\xc2\xb8\x55\x98\xcd\x86\x39\x7d\x6b\x5a\xe3\x19\x2a\xef\xe0\xf2\xb6\x38\x7b\x2d\x23\x14\x48\x9b\xc7\xaf\x2a\xb5\x19\x90\xff\x75\x26\x23\x0a\x7c\xa4\x2e\x6c\x22\xf5\x64\x9a\xcb\x12\xb4\xdd\x8f\xde\x81\x9b", 73); *(uint32_t*)0x2000899c = 0x49; *(uint32_t*)0x200089a0 = 9; *(uint32_t*)0x200089a4 = 0x200085c0; memcpy((void*)0x200085c0, "\xd8\x90\x81\x85\x60\xf5\x37\x2f\x7d\x41\xa5\x04\xc5\x4e\x86\x3d\x79\x44\xd0\x62\x1d\x50\x13\x4b\x4c\x14\x54\xaa\x8c\x44\xc7\xf3\x24\xd9\x5d\x33\xfb\x46\x63\xf6\x74\x5c\x1c\xad\x17\x9d\x71\x9e\x3e\x9f\x4f\x57\x51\x71\x25\x89\x0e\xd4\xc9\x37\xbb\x41\xd0\xa7\x64\x44\x1e\x1d\x6c\x74\x82\x54\x8c\x0a", 74); *(uint32_t*)0x200089a8 = 0x4a; *(uint32_t*)0x200089ac = 6; *(uint32_t*)0x200089b0 = 0x20008640; memcpy((void*)0x20008640, "\x7e\x28\x9a\xa8\x98\x00\x7d\x95\xea\xf0\x98\x82\x59\x6a\xa2\x37\x71\x4d\xc1\xac\x32\x39\x2b\xd6\xfa\xe8\xd8\x72\xed\xc3\xc9\xb0\xcf\xf5\x03\x61\x48\xaf\x29\x57\x3c\x0d\xc9\x54\xc2\x7b\x6a\x6d\x47\x66\x92\x53\xab\x40\x2a\x91\xf6\xe6\x02\xcc\xd9\x3f\xa8\x17", 64); *(uint32_t*)0x200089b4 = 0x40; *(uint32_t*)0x200089b8 = 6; *(uint32_t*)0x200089bc = 0x20008680; memcpy((void*)0x20008680, "\xc8\x23\x58\x4b\xb1\x75\x9e\xcb\x98\xee\x41\xe3\x52\x27\xdd\x03\xd7\xed\x5c\x9e\xef\xcf\x34\xa9\x51\xe7\xc5\xea\xe5\xb3\x7e\x8b\x93\xd6\xdd\x7c\xb6\x6e\xbb\xff\x50\xcb\x81\x77\x7e\x29\xb2\xc0\x5b\x7b\x7c\xd9\x76\xf4\xae\xd7\x0f\x76\x49\x90\x15\xb9\x87\x2f\xaa\x6f\x33\x8c\x30\x9a\x55\x29\x6e\x4e\x85\xe2\x7c\x51\x0d\xbf\x25\x3a\x7e\x6f\x43\x79\x1f\x93\x91\x3c\x8a\x96\x07\x45\x1f\xd5\x05\x0c\xf1\x91\xec\x95\xd1\x99\xf1\x11\x7c\x0e\x2a\x04\x37\xc2\xbe\x16\x98\x93\x9d\x27\x7c\x38\x37\xd1\x64\x0f\x91\xce\x6a\xed\xc0\x85\x0d\xc2\x88\xcc\x2a\x3c\x1c\xaa\xdf\xf4\x4f\xeb\xef\xbb\xb2\xfd\xa8\x2e\x8a\x65\x39\x22\x2b\x6d\x88\x30\xdf\x92\x7f\x36\xd8\x14\xc2\xa8\x92\xdf\x0b\xad\xec\x86\xc2\xf0\x1d\xeb\x89\xd2\xd3\xfa\x61\x37\xe4\x8b\x23\xd3\xcf\x77\xb1\x1f\x46\xeb\xdb\xb0\xa8\x31\x4e\xe1\x97\x78\xc2\x12\xfc\x34\x98\xcb\xdc\x5a\xd0\xbb\xd7\xd2\x45\x38\xd8\x3b\xbc\x86\x83\x0a\xfe\x32\xe3\x8c\x1b\xb1\xb7\x86\x6a\xbc\x94\x0f\x61\x16\x54\xd0\x46\xf8\x23\x6d\x6b\x15", 240); *(uint32_t*)0x200089c0 = 0xf0; *(uint32_t*)0x200089c4 = 7; *(uint32_t*)0x200089c8 = 0x20008780; memcpy((void*)0x20008780, "\x5d\x78\xb0\x8d\x34\x7d\x60\x10\x77\x87\x13\xad\xad\x8e\x4d\xa1\x5a\xb3\x46\x94\x56\x2b\x0d\xa5\x2b\xb3\x1a\x3b\x5e\x09\x71\x02\x0b\xa4\x8d\x18\x5f\x3f\x03\xf1\x6f\xe6\xdc\x1e\x32\x1f\x12\x2c\x11\x50\xa8\xce\x71\xc3\xad\x1d\xf7\xc6\x18\xbc\x59\x86\x5f\xbf\xeb\x3a\x2c\x92\x6b\x99\x2f\x93\x8b\x0f\x76\xc9\x6a\xf8\xbe\x39\x89\x33\x38\x3f\xc8", 85); *(uint32_t*)0x200089cc = 0x55; *(uint32_t*)0x200089d0 = 8; *(uint32_t*)0x200089d4 = 0x20008800; memcpy((void*)0x20008800, "\x1c\xd7\x71\x5a\xfe\xc5\x55\x18\x16\xcd\x47\x51\x68\xa5\x35\xa8\x47\x4b\x74\x87\x92\xe4\x3a\xf3\x51\x60\x5c\x6d\xfa\xe1\xe6\xad\xd7\xce\x8b\xde\x80\x55\x5c\xa3\x26\x87\x82\xfe\x7a\x7f\x45\x89\x68\xb4\x27\x92\xc0\x2a\x11\xac\xff\xae\x54\x86\xc0\x85\x8e\x0c\x46\x40\xf4\x26\x0d\x56\x46\x99\xc0\xe6\x06\x23\x6a\xe8\xd5", 79); *(uint32_t*)0x200089d8 = 0x4f; *(uint32_t*)0x200089dc = 0; *(uint32_t*)0x200089e0 = 0x20008880; memcpy((void*)0x20008880, "\x45\xfd\x88\xa6\x06\xb5\x89\xb2\x7d\x42\x2e\xcb\x87\x44\xa6\x78\xff\x3a\xa0\x7f\xfb\x6c\x25\xcc\x10\xa8\x87\x10\x06\xd5\xfb\x64\x50\xfc\x12\x15\x7d\x1a\x59\xf1\x4e\x36\x13\x2f\x1d\xb6\x3b\x56\xcc\x97\xb6\x1b\xf0\xa6\x1d\xcf\x2b\x7d\xd2\x7d\xa0\x2e\xe1\x60\xe0\x3d\xf9\x79\x47\x83\x8f\x0d\xd4\x34\x82\x59\x05\xae\x9f\xb5\xa4\x27\x97\x6a\x49\xf7\x79\xea\xb8\xcc\x3a\x40\x9d\x25\xb9\xa2\x96\xce\xf9\xa8\xff\xb4\x9d\x81\xbf\x23\xa7\x16\xa7\xa7\xe1\xd8\xdc\xe0\x3d\xef\x2b\x8a\x3b\x15\xa3\xb2\xbe\xb8\x73\x14\x3a\x7d\xf1\x4e\xc4\x92\x78\x2e\xc8\x6a\xce\xb4\x90\x1f\xe3\xdc\xdc\xe0\x46\xab\x2f\xb9\x72\xd6\x74\x34\xd4\xe1\x10\x1b\x02\xc9\x2d\x33\xa1\xbf\xe5\x16\xd9\x59\x25\x81\xf6\x78\x95\x43\x37\x66\x50\x67\x07\xcb\x7f\x0e\x18\xb4\x47\x6b\xde\x0f\x00\x91\x75\x3c\xf3\xec\x07\x38\x6b\x3d\xab\x4b\x29\x55\x02\xd4\x97\x16\x80\x1d\xd9\x79\xaa\x24\xd8\x05\xdf\xe8\x01", 215); *(uint32_t*)0x200089e4 = 0xd7; *(uint32_t*)0x200089e8 = 2; syz_read_part_table(5, 9, 0x20008980); break; case 40: *(uint8_t*)0x20008a00 = 0x12; *(uint8_t*)0x20008a01 = 1; *(uint16_t*)0x20008a02 = 0x300; *(uint8_t*)0x20008a04 = 0x88; *(uint8_t*)0x20008a05 = 0xc7; *(uint8_t*)0x20008a06 = 0xe6; *(uint8_t*)0x20008a07 = -1; *(uint16_t*)0x20008a08 = 0x15c2; *(uint16_t*)0x20008a0a = 0x45; *(uint16_t*)0x20008a0c = 0x135a; *(uint8_t*)0x20008a0e = 1; *(uint8_t*)0x20008a0f = 2; *(uint8_t*)0x20008a10 = 3; *(uint8_t*)0x20008a11 = 1; *(uint8_t*)0x20008a12 = 9; *(uint8_t*)0x20008a13 = 2; *(uint16_t*)0x20008a14 = 0x7d0; *(uint8_t*)0x20008a16 = 4; *(uint8_t*)0x20008a17 = 0; *(uint8_t*)0x20008a18 = 0; *(uint8_t*)0x20008a19 = 0x60; *(uint8_t*)0x20008a1a = 8; *(uint8_t*)0x20008a1b = 9; *(uint8_t*)0x20008a1c = 4; *(uint8_t*)0x20008a1d = 0x45; *(uint8_t*)0x20008a1e = 3; *(uint8_t*)0x20008a1f = 1; *(uint8_t*)0x20008a20 = 0x66; *(uint8_t*)0x20008a21 = 0x44; *(uint8_t*)0x20008a22 = 0x76; *(uint8_t*)0x20008a23 = 0x3f; *(uint8_t*)0x20008a24 = 7; *(uint8_t*)0x20008a25 = 0x24; *(uint8_t*)0x20008a26 = 1; *(uint8_t*)0x20008a27 = 0x1f; *(uint8_t*)0x20008a28 = 5; *(uint16_t*)0x20008a29 = 4; *(uint8_t*)0x20008a2b = 0xc; *(uint8_t*)0x20008a2c = 0x24; *(uint8_t*)0x20008a2d = 2; *(uint8_t*)0x20008a2e = 1; *(uint8_t*)0x20008a2f = 9; *(uint8_t*)0x20008a30 = 2; *(uint8_t*)0x20008a31 = 0x81; *(uint8_t*)0x20008a32 = 4; memcpy((void*)0x20008a33, "\xc0\xe6\xa1\x0a", 4); *(uint8_t*)0x20008a37 = 0xf; *(uint8_t*)0x20008a38 = 0x24; *(uint8_t*)0x20008a39 = 2; *(uint8_t*)0x20008a3a = 2; *(uint16_t*)0x20008a3b = 0; *(uint16_t*)0x20008a3d = 6; *(uint8_t*)0x20008a3f = 8; memcpy((void*)0x20008a40, "\x7d\x5b\xa3\xd0\x7c\xc6", 6); *(uint8_t*)0x20008a46 = 0x11; *(uint8_t*)0x20008a47 = 0x24; *(uint8_t*)0x20008a48 = 2; *(uint8_t*)0x20008a49 = 1; *(uint8_t*)0x20008a4a = 0x94; *(uint8_t*)0x20008a4b = 1; *(uint8_t*)0x20008a4c = 7; *(uint8_t*)0x20008a4d = 0x1f; memcpy((void*)0x20008a4e, "\xcf\xcf\xa1\xbb\x20\xd9\xba\xa3\x16", 9); *(uint8_t*)0x20008a57 = 0xc; *(uint8_t*)0x20008a58 = 0x24; *(uint8_t*)0x20008a59 = 2; *(uint8_t*)0x20008a5a = 1; *(uint8_t*)0x20008a5b = 8; *(uint8_t*)0x20008a5c = 2; *(uint8_t*)0x20008a5d = 0; *(uint8_t*)0x20008a5e = 9; memcpy((void*)0x20008a5f, "\x48\x9f\x80", 3); memset((void*)0x20008a62, 38, 1); *(uint8_t*)0x20008a63 = 0xa; *(uint8_t*)0x20008a64 = 0x24; *(uint8_t*)0x20008a65 = 2; *(uint8_t*)0x20008a66 = 2; *(uint16_t*)0x20008a67 = 5; *(uint16_t*)0x20008a69 = 0x497; *(uint8_t*)0x20008a6b = 8; memset((void*)0x20008a6c, 39, 1); *(uint8_t*)0x20008a6d = 7; *(uint8_t*)0x20008a6e = 0x24; *(uint8_t*)0x20008a6f = 1; *(uint8_t*)0x20008a70 = 9; *(uint8_t*)0x20008a71 = 2; *(uint16_t*)0x20008a72 = 0x1001; *(uint8_t*)0x20008a74 = 0xf; *(uint8_t*)0x20008a75 = 0x24; *(uint8_t*)0x20008a76 = 2; *(uint8_t*)0x20008a77 = 2; *(uint16_t*)0x20008a78 = 8; *(uint16_t*)0x20008a7a = 1; *(uint8_t*)0x20008a7c = 0; memcpy((void*)0x20008a7d, "\x78\x6e\x2f\x1a\x31\x05", 6); *(uint8_t*)0x20008a83 = 9; *(uint8_t*)0x20008a84 = 5; *(uint8_t*)0x20008a85 = 0; *(uint8_t*)0x20008a86 = 0x10; *(uint16_t*)0x20008a87 = 0x3ff; *(uint8_t*)0x20008a89 = 9; *(uint8_t*)0x20008a8a = 0x66; *(uint8_t*)0x20008a8b = 3; *(uint8_t*)0x20008a8c = 0x5b; *(uint8_t*)0x20008a8d = 8; memcpy((void*)0x20008a8e, "\x32\xda\x77\x3d\xed\x87\x39\x7d\x0a\xf5\x7f\xd6\xf2\xad\x3b\x93\xe2\xea\x74\xf1\xf6\x5d\x64\x5d\x6b\x7e\x4c\xae\x90\xc8\xf2\x7c\xca\xe0\x94\xb3\x3c\x61\x3b\xc0\xbd\xa2\x43\x7b\xdc\xba\xa2\x1c\x77\x91\x5b\x1b\x95\xe7\xa2\x31\x3d\x71\xc6\xcc\x58\x6d\x41\x4d\x6a\x1e\x79\xc8\x0e\xe3\x67\x3f\xf0\x69\xeb\x46\x51\xb3\x06\x68\xb0\x19\x7f\xf7\xa7\xed\xc5\x75\x94", 89); *(uint8_t*)0x20008ae7 = 9; *(uint8_t*)0x20008ae8 = 4; *(uint8_t*)0x20008ae9 = 0x58; *(uint8_t*)0x20008aea = 9; *(uint8_t*)0x20008aeb = 5; *(uint8_t*)0x20008aec = -1; *(uint8_t*)0x20008aed = 5; *(uint8_t*)0x20008aee = 0x1b; *(uint8_t*)0x20008aef = 0xe0; *(uint8_t*)0x20008af0 = 9; *(uint8_t*)0x20008af1 = 5; *(uint8_t*)0x20008af2 = 3; *(uint8_t*)0x20008af3 = 0x10; *(uint16_t*)0x20008af4 = 0x20; *(uint8_t*)0x20008af6 = 0; *(uint8_t*)0x20008af7 = 0x43; *(uint8_t*)0x20008af8 = 0x40; *(uint8_t*)0x20008af9 = 9; *(uint8_t*)0x20008afa = 5; *(uint8_t*)0x20008afb = 5; *(uint8_t*)0x20008afc = 3; *(uint16_t*)0x20008afd = 0x3ff; *(uint8_t*)0x20008aff = 0x87; *(uint8_t*)0x20008b00 = 2; *(uint8_t*)0x20008b01 = 0xfd; *(uint8_t*)0x20008b02 = 0xa0; *(uint8_t*)0x20008b03 = 0xc; memcpy((void*)0x20008b04, "\x4d\x1f\xaf\xd5\xd5\xbe\xa9\x17\x94\x9e\x72\x7e\xd5\xee\x14\x4c\xb3\x2b\x01\xd9\xac\xbb\x7e\x3c\xfa\xc4\xd1\xa1\x5c\xd6\xbb\xae\x8a\xc6\x6a\xf6\x77\x39\x4d\x22\x17\xef\x58\x0b\x15\x65\xf5\x8b\x85\xcf\xff\xd2\xcf\xca\xf9\xf1\x9d\xf7\x84\x00\xba\x03\x54\xd7\x87\x20\x72\xb4\x2d\x77\xd5\x5a\x5b\x96\x0b\x82\xfb\x9e\x34\xec\x8c\x33\xa9\x67\x19\xc4\x59\x47\xab\x09\x47\x48\x48\x54\xa9\x4f\x25\xe6\x53\x39\xa6\xf7\x4b\x05\x3c\x81\xe8\xe8\x05\x7f\x67\x67\xea\x2e\x80\xe9\x23\xe0\x2f\xa1\xa8\x8d\xb3\x6d\x52\xe4\xc5\x11\xe6\xcc\xf6\x74\x04\x6c\xb8\x1c\x49\x3c\x92\x7d\x05\xa6\xc1\x66\x45\xd0\x69\x4f\x66\x7d\x6c\xcf\x29\xfc\x27\x38\x90\xc6", 158); *(uint8_t*)0x20008ba2 = 0x31; *(uint8_t*)0x20008ba3 = 9; memcpy((void*)0x20008ba4, "\x82\x44\x67\x99\x6f\xaa\x84\x28\x27\xe6\xd0\x9b\xc4\x8c\x41\x96\x09\x9c\xb2\x0d\x1a\xfa\x73\x80\xd3\x0e\x40\xf1\xbc\xfb\x7c\x50\x3d\x7b\x00\xfc\x18\xd2\xe6\x14\xc3\xe3\x70\xdb\xc3\x20\xa8", 47); *(uint8_t*)0x20008bd3 = 9; *(uint8_t*)0x20008bd4 = 5; *(uint8_t*)0x20008bd5 = 1; *(uint8_t*)0x20008bd6 = 3; *(uint16_t*)0x20008bd7 = 0x400; *(uint8_t*)0x20008bd9 = 1; *(uint8_t*)0x20008bda = 0x81; *(uint8_t*)0x20008bdb = 6; *(uint8_t*)0x20008bdc = 0x76; *(uint8_t*)0x20008bdd = 7; memcpy((void*)0x20008bde, "\x96\xf7\x2d\xe7\x93\x64\x10\xee\x82\xa4\x42\x87\xa0\x01\x96\xf6\x30\xe0\x09\x36\x4a\xb9\x4a\x00\xe9\x45\x28\x69\x1a\x40\x9d\x33\x5f\x13\xbf\x6e\x85\xb3\x78\xbd\xa8\x5c\x55\x8f\xc1\xa0\x03\xec\x57\x94\xa1\x42\x17\xf7\x94\x68\x2e\xdc\xdc\x9e\x35\xd0\x0c\x09\x79\xfd\xb3\xe7\xa1\x5e\x6a\x85\x1c\x13\x7b\xf7\x01\x1b\xa6\x1c\x83\x46\x59\x8b\x02\xa3\xd4\xd1\xb8\xcd\x99\xf4\xfc\x14\xfa\xe3\x21\x9f\xbf\x56\xaa\x2c\xa5\x4c\xcf\x11\x6b\x3d\x56\x0a\x80\x97\x8c\x42\x76\xec", 116); *(uint8_t*)0x20008c52 = 9; *(uint8_t*)0x20008c53 = 5; *(uint8_t*)0x20008c54 = 0xe; *(uint8_t*)0x20008c55 = 3; *(uint16_t*)0x20008c56 = 0x3ff; *(uint8_t*)0x20008c58 = 0x80; *(uint8_t*)0x20008c59 = 0x20; *(uint8_t*)0x20008c5a = 6; *(uint8_t*)0x20008c5b = 7; *(uint8_t*)0x20008c5c = 0x25; *(uint8_t*)0x20008c5d = 1; *(uint8_t*)0x20008c5e = 2; *(uint8_t*)0x20008c5f = 9; *(uint16_t*)0x20008c60 = 0x3ff; *(uint8_t*)0x20008c62 = 9; *(uint8_t*)0x20008c63 = 5; *(uint8_t*)0x20008c64 = 0xd; *(uint8_t*)0x20008c65 = 0; *(uint16_t*)0x20008c66 = 0x400; *(uint8_t*)0x20008c68 = 9; *(uint8_t*)0x20008c69 = 0x3f; *(uint8_t*)0x20008c6a = 0x3f; *(uint8_t*)0x20008c6b = 0x76; *(uint8_t*)0x20008c6c = 0x11; memcpy((void*)0x20008c6d, "\x79\xb3\x86\x38\x7e\x37\xf3\x6e\xfa\x1d\x8c\x66\xa9\x04\x49\xc6\x8a\x0a\xd2\x51\xaf\xb9\xb1\x79\x3c\xbe\x9e\x5b\x4d\xc3\xce\x66\x00\xe8\x6d\x1e\x3b\x3e\xac\x60\xfd\x3b\x8b\x1c\x19\xd7\xd0\xc3\xda\x61\xc6\xa6\x67\xb3\x9f\xae\x8a\xed\x44\xa8\xe7\x0d\x77\xca\x93\xe4\xc3\x7a\x3f\xd8\x81\x8f\x43\xed\xc5\x23\x96\x0c\xed\xb0\x2d\x88\x22\xf0\xb2\x3d\xc3\x43\x18\x26\x08\xc6\x09\x7e\x99\x5f\x56\x2c\x84\xa5\x41\x7e\x5b\x2f\xb7\x1b\x39\x2f\x92\x6f\x3c\x4e\xd9\x92\xed\x89", 116); *(uint8_t*)0x20008ce1 = 0x65; *(uint8_t*)0x20008ce2 = 5; memcpy((void*)0x20008ce3, "\x85\x12\xf0\xce\xa9\x7a\x9d\x8a\x04\x61\xe3\x0e\xe9\xbf\x07\x89\xe0\x41\xcd\x86\xc1\xdf\x94\x96\xf1\x95\x7a\xf0\xe4\x54\x3e\xca\xb0\x70\x51\xf1\xf4\x81\x8d\xa2\x57\x9d\x13\xa9\x99\x56\x9f\x75\xad\x6a\xf6\xe0\xd0\x4d\xa8\xbd\x26\xbc\x92\x04\x45\x69\x2d\x9e\x4c\xa7\xfd\xc3\x54\x4c\x36\xf5\x88\xe5\xc0\x9b\xee\xa1\xaf\xf9\xf4\x1b\xa9\x77\xcb\xe7\x9e\x7e\x4f\x4a\x8d\xec\x56\x40\xda\x4d\x2a\xf6\x1d", 99); *(uint8_t*)0x20008d46 = 9; *(uint8_t*)0x20008d47 = 4; *(uint8_t*)0x20008d48 = 5; *(uint8_t*)0x20008d49 = 3; *(uint8_t*)0x20008d4a = 2; *(uint8_t*)0x20008d4b = 0xc4; *(uint8_t*)0x20008d4c = 0x4d; *(uint8_t*)0x20008d4d = 0x76; *(uint8_t*)0x20008d4e = 7; *(uint8_t*)0x20008d4f = 0xb; *(uint8_t*)0x20008d50 = 0x24; *(uint8_t*)0x20008d51 = 6; *(uint8_t*)0x20008d52 = 0; *(uint8_t*)0x20008d53 = 1; memcpy((void*)0x20008d54, "\x72\x45\x0c\xeb\x1b\x79", 6); *(uint8_t*)0x20008d5a = 5; *(uint8_t*)0x20008d5b = 0x24; *(uint8_t*)0x20008d5c = 0; *(uint16_t*)0x20008d5d = 4; *(uint8_t*)0x20008d5f = 0xd; *(uint8_t*)0x20008d60 = 0x24; *(uint8_t*)0x20008d61 = 0xf; *(uint8_t*)0x20008d62 = 1; *(uint32_t*)0x20008d63 = 0; *(uint16_t*)0x20008d67 = 8; *(uint16_t*)0x20008d69 = 1; *(uint8_t*)0x20008d6b = 4; *(uint8_t*)0x20008d6c = 6; *(uint8_t*)0x20008d6d = 0x24; *(uint8_t*)0x20008d6e = 0x1a; *(uint16_t*)0x20008d6f = 8; *(uint8_t*)0x20008d71 = 8; *(uint8_t*)0x20008d72 = 0x15; *(uint8_t*)0x20008d73 = 0x24; *(uint8_t*)0x20008d74 = 0x12; *(uint16_t*)0x20008d75 = 4; *(uint64_t*)0x20008d77 = 0x14f5e048ba817a3; *(uint64_t*)0x20008d7f = 0x2a397ecbffc007a6; *(uint8_t*)0x20008d87 = 7; *(uint8_t*)0x20008d88 = 0x24; *(uint8_t*)0x20008d89 = 6; *(uint8_t*)0x20008d8a = 0; *(uint8_t*)0x20008d8b = 0; memcpy((void*)0x20008d8c, "\xfb\xb5", 2); *(uint8_t*)0x20008d8e = 5; *(uint8_t*)0x20008d8f = 0x24; *(uint8_t*)0x20008d90 = 0; *(uint16_t*)0x20008d91 = 0x2040; *(uint8_t*)0x20008d93 = 0xd; *(uint8_t*)0x20008d94 = 0x24; *(uint8_t*)0x20008d95 = 0xf; *(uint8_t*)0x20008d96 = 1; *(uint32_t*)0x20008d97 = 3; *(uint16_t*)0x20008d9b = 0x80; *(uint16_t*)0x20008d9d = 0x8951; *(uint8_t*)0x20008d9f = 6; *(uint8_t*)0x20008da0 = 7; *(uint8_t*)0x20008da1 = 0x24; *(uint8_t*)0x20008da2 = 0xa; *(uint8_t*)0x20008da3 = 0xce; *(uint8_t*)0x20008da4 = 3; *(uint8_t*)0x20008da5 = 4; *(uint8_t*)0x20008da6 = 0x60; *(uint8_t*)0x20008da7 = 4; *(uint8_t*)0x20008da8 = 0x24; *(uint8_t*)0x20008da9 = 2; *(uint8_t*)0x20008daa = 0; *(uint8_t*)0x20008dab = 0x10; *(uint8_t*)0x20008dac = 0x24; *(uint8_t*)0x20008dad = 7; *(uint8_t*)0x20008dae = 0; *(uint16_t*)0x20008daf = 0x81; *(uint16_t*)0x20008db1 = 0x81; *(uint16_t*)0x20008db3 = 0x1d9; *(uint16_t*)0x20008db5 = 0x400; *(uint16_t*)0x20008db7 = 1; *(uint16_t*)0x20008db9 = 0xc00; *(uint8_t*)0x20008dbb = 0xc; *(uint8_t*)0x20008dbc = 0x24; *(uint8_t*)0x20008dbd = 0x1b; *(uint16_t*)0x20008dbe = 1; *(uint16_t*)0x20008dc0 = 0x20; *(uint8_t*)0x20008dc2 = 0xc0; *(uint8_t*)0x20008dc3 = 5; *(uint16_t*)0x20008dc4 = 0x20; *(uint8_t*)0x20008dc6 = 0xd; *(uint8_t*)0x20008dc7 = 0xe1; *(uint8_t*)0x20008dc8 = 0x24; *(uint8_t*)0x20008dc9 = 0x13; *(uint8_t*)0x20008dca = 9; memcpy((void*)0x20008dcb, "\x0e\xfa\x60\xe3\xb3\x89\x2c\xa3\x37\x7f\xc7\xbf\x7e\x5c\xd9\x0b\x70\xb5\x43\x3c\x66\xf1\x31\x29\xd4\x2a\x59\xf2\xc9\x14\xec\x54\x97\x9a\x53\x86\x2f\x94\xdf\x63\x95\x80\x6b\xf1\xa9\x70\x9d\x9a\x66\x50\xce\xca\xee\xcf\xf6\xad\xfc\x77\xca\x5f\x29\x6e\x11\xbe\xd1\xfb\xeb\x6f\x27\xc5\x0b\xf1\xaf\x9c\x17\x6b\xb2\x06\x9d\x52\xb0\x64\x73\xd5\xd8\xe9\x24\x4a\x70\x01\x76\x66\xfa\xa3\x21\x3b\x80\xb2\x5f\xe4\xc6\x8c\x41\x80\xee\x45\x68\x0c\x95\x76\x8f\xd3\x2d\x24\xda\x76\xb8\x83\xe1\xbe\x0e\xc2\xaf\x43\xc9\xf3\x0c\xee\xd1\x93\x6c\xd5\x05\x1e\x62\xb1\xc8\xa7\x6a\xf9\xa2\x52\x29\x0b\x11\xc3\x67\x04\x39\xdb\x64\x5b\x5c\x32\xa5\xa5\xbb\x78\xd7\xe8\x18\x3e\xa6\x73\x6d\xfc\xeb\x8f\xef\x3d\x04\xb7\x6e\x51\x29\xc4\x91\x3e\xee\x30\xa5\x37\x74\x3b\x33\x57\xf2\x69\xf5\x82\xdd\x8c\x46\xb2\xa9\x33\x62\xf1\xa8\x38\x88\x6b\x17\x5f\x48\x95\xd5\x2a\x81\x8f\x63\xd9\xd6\x94\xbe\xac\x98\x46\xe5\xb1\x2f", 221); *(uint8_t*)0x20008ea8 = 0x1a; *(uint8_t*)0x20008ea9 = 0x24; *(uint8_t*)0x20008eaa = 0x13; *(uint8_t*)0x20008eab = 5; memcpy((void*)0x20008eac, "\x08\x3b\x1f\x01\xa6\x9f\x5d\x72\x2a\x6b\x03\x83\xfb\x09\xf5\x7f\x44\x2b\x56\xd4\x58\xfa", 22); *(uint8_t*)0x20008ec2 = 9; *(uint8_t*)0x20008ec3 = 5; *(uint8_t*)0x20008ec4 = 0xf; *(uint8_t*)0x20008ec5 = 8; *(uint16_t*)0x20008ec6 = 8; *(uint8_t*)0x20008ec8 = 0; *(uint8_t*)0x20008ec9 = 3; *(uint8_t*)0x20008eca = 5; *(uint8_t*)0x20008ecb = 9; *(uint8_t*)0x20008ecc = 5; *(uint8_t*)0x20008ecd = 0xc; *(uint8_t*)0x20008ece = 0; *(uint16_t*)0x20008ecf = 0x200; *(uint8_t*)0x20008ed1 = 9; *(uint8_t*)0x20008ed2 = 0x20; *(uint8_t*)0x20008ed3 = 5; *(uint8_t*)0x20008ed4 = 0xb; *(uint8_t*)0x20008ed5 = 1; memcpy((void*)0x20008ed6, "\xae\x68\x4b\xd6\xa1\xbf\xbe\x70\x5d", 9); *(uint8_t*)0x20008edf = 9; *(uint8_t*)0x20008ee0 = 4; *(uint8_t*)0x20008ee1 = 0xad; *(uint8_t*)0x20008ee2 = 0x3f; *(uint8_t*)0x20008ee3 = 6; *(uint8_t*)0x20008ee4 = 0xef; *(uint8_t*)0x20008ee5 = 0x2e; *(uint8_t*)0x20008ee6 = 0x8d; *(uint8_t*)0x20008ee7 = 8; *(uint8_t*)0x20008ee8 = 0xa; *(uint8_t*)0x20008ee9 = 0x24; *(uint8_t*)0x20008eea = 6; *(uint8_t*)0x20008eeb = 0; *(uint8_t*)0x20008eec = 0; memcpy((void*)0x20008eed, "\x2e\x1b\xb1\x1c\x34", 5); *(uint8_t*)0x20008ef2 = 5; *(uint8_t*)0x20008ef3 = 0x24; *(uint8_t*)0x20008ef4 = 0; *(uint16_t*)0x20008ef5 = 6; *(uint8_t*)0x20008ef7 = 0xd; *(uint8_t*)0x20008ef8 = 0x24; *(uint8_t*)0x20008ef9 = 0xf; *(uint8_t*)0x20008efa = 1; *(uint32_t*)0x20008efb = 4; *(uint16_t*)0x20008eff = 2; *(uint16_t*)0x20008f01 = 0x8979; *(uint8_t*)0x20008f03 = 6; *(uint8_t*)0x20008f04 = 0xeb; *(uint8_t*)0x20008f05 = 0x24; *(uint8_t*)0x20008f06 = 0x13; *(uint8_t*)0x20008f07 = 0; memcpy((void*)0x20008f08, "\x9f\xcc\x8c\x5c\x74\x73\x09\xfc\xb4\xc9\x6e\x5d\xad\x9b\x6e\x62\xd0\x8b\x91\xa8\xbe\xb3\xc2\xe4\x54\x7e\x16\x3e\x46\x58\xbb\x11\xab\x34\xb3\xc8\x4e\xc3\xe4\xa4\xe3\x67\xd2\x6c\x56\x00\x1c\x67\x05\x68\x99\x95\xa9\x9d\x16\xa1\xb3\x1b\xdc\x07\x0f\x00\x53\x1e\xc4\x26\xb5\x4b\xf8\x9b\x2d\xee\x1f\xc3\xbd\x81\x8f\x55\xdb\xbd\x6a\xcc\x28\x7c\xd4\x30\x78\xee\xbc\x6d\x09\xf1\x0d\xc4\x22\x9f\x80\x35\xd4\x44\x8f\x82\x3f\xec\xf9\x29\xd6\x86\x16\x27\xc0\x1e\x79\x27\x7a\x40\x30\x4a\x1a\xd3\xfb\xd0\x12\xa4\xa8\xed\x16\x36\x97\x69\xc8\xc9\x97\xc4\x12\xbe\x76\x75\x90\x17\x65\x34\x55\xb8\x04\x2a\xca\x8b\x49\xea\xc0\x73\x10\x01\xcb\xfa\x6f\xbd\x79\x6a\xa7\xc2\x77\x09\xfc\x62\x37\x22\xe0\x3d\x3c\x1e\xd1\xda\xc1\xca\x8a\x8a\xa2\x5d\xda\xfc\x65\x4a\x0d\xbb\x76\x0b\x92\x7a\x2b\x23\xe2\xad\x30\x43\xac\x48\x56\x6c\x7b\x99\x5c\x23\x7d\xb5\x91\xf3\x9a\xf8\x19\x54\x56\x9c\xd5\xd3\x7c\xa4\x94\x1c\x80\xcc\x1f\xa5\x55\x6d\x19\xa5\x48\xdf\x2a", 231); *(uint8_t*)0x20008fef = 7; *(uint8_t*)0x20008ff0 = 0x24; *(uint8_t*)0x20008ff1 = 0xa; *(uint8_t*)0x20008ff2 = 4; *(uint8_t*)0x20008ff3 = 0x1f; *(uint8_t*)0x20008ff4 = 0x3f; *(uint8_t*)0x20008ff5 = 0x62; *(uint8_t*)0x20008ff6 = 7; *(uint8_t*)0x20008ff7 = 0x24; *(uint8_t*)0x20008ff8 = 0x14; *(uint16_t*)0x20008ff9 = 0x1f; *(uint16_t*)0x20008ffb = 7; *(uint8_t*)0x20008ffd = 7; *(uint8_t*)0x20008ffe = 0x24; *(uint8_t*)0x20008fff = 0x14; *(uint16_t*)0x20009000 = 0x1010; *(uint16_t*)0x20009002 = 9; *(uint8_t*)0x20009004 = 6; *(uint8_t*)0x20009005 = 0x24; *(uint8_t*)0x20009006 = 0x1a; *(uint16_t*)0x20009007 = 6; *(uint8_t*)0x20009009 = 0x1b; *(uint8_t*)0x2000900a = 0xb; *(uint8_t*)0x2000900b = 0x24; *(uint8_t*)0x2000900c = 6; *(uint8_t*)0x2000900d = 0; *(uint8_t*)0x2000900e = 0; memcpy((void*)0x2000900f, "\xdf\x47\x04\xa2\x52\x1e", 6); *(uint8_t*)0x20009015 = 5; *(uint8_t*)0x20009016 = 0x24; *(uint8_t*)0x20009017 = 0; *(uint16_t*)0x20009018 = 9; *(uint8_t*)0x2000901a = 0xd; *(uint8_t*)0x2000901b = 0x24; *(uint8_t*)0x2000901c = 0xf; *(uint8_t*)0x2000901d = 1; *(uint32_t*)0x2000901e = 0x4856f0aa; *(uint16_t*)0x20009022 = 5; *(uint16_t*)0x20009024 = 1; *(uint8_t*)0x20009026 = -1; *(uint8_t*)0x20009027 = 5; *(uint8_t*)0x20009028 = 0x24; *(uint8_t*)0x20009029 = 0x15; *(uint16_t*)0x2000902a = 0x1f; *(uint8_t*)0x2000902c = 9; *(uint8_t*)0x2000902d = 5; *(uint8_t*)0x2000902e = 8; *(uint8_t*)0x2000902f = 8; *(uint16_t*)0x20009030 = 0x3ff; *(uint8_t*)0x20009032 = 4; *(uint8_t*)0x20009033 = 1; *(uint8_t*)0x20009034 = 9; *(uint8_t*)0x20009035 = 7; *(uint8_t*)0x20009036 = 0x25; *(uint8_t*)0x20009037 = 1; *(uint8_t*)0x20009038 = 3; *(uint8_t*)0x20009039 = 0x34; *(uint16_t*)0x2000903a = 5; *(uint8_t*)0x2000903c = 9; *(uint8_t*)0x2000903d = 5; *(uint8_t*)0x2000903e = 0; *(uint8_t*)0x2000903f = 3; *(uint16_t*)0x20009040 = 0x400; *(uint8_t*)0x20009042 = 2; *(uint8_t*)0x20009043 = 1; *(uint8_t*)0x20009044 = 0xca; *(uint8_t*)0x20009045 = 9; *(uint8_t*)0x20009046 = 5; *(uint8_t*)0x20009047 = 8; *(uint8_t*)0x20009048 = 0x10; *(uint16_t*)0x20009049 = 8; *(uint8_t*)0x2000904b = 2; *(uint8_t*)0x2000904c = 0x7f; *(uint8_t*)0x2000904d = 0x7f; *(uint8_t*)0x2000904e = 9; *(uint8_t*)0x2000904f = 5; *(uint8_t*)0x20009050 = 7; *(uint8_t*)0x20009051 = 0; *(uint16_t*)0x20009052 = 0x10; *(uint8_t*)0x20009054 = 5; *(uint8_t*)0x20009055 = 0x1f; *(uint8_t*)0x20009056 = 0x40; *(uint8_t*)0x20009057 = 0x2d; *(uint8_t*)0x20009058 = 0xe; memcpy((void*)0x20009059, "\xec\xcc\x23\x79\x37\x1b\x46\xca\xb9\xd6\xfd\xb8\x27\x98\xf4\x7a\xa9\xb7\x17\x7c\x2a\x51\x93\x23\x14\x43\xb7\x25\xc2\x1b\x5e\x6a\x99\x93\x05\x65\xeb\x3b\x96\xfe\x7a\x75\x69", 43); *(uint8_t*)0x20009084 = 6; *(uint8_t*)0x20009085 = 0x10; memcpy((void*)0x20009086, "\x7f\x22\x60\xb2", 4); *(uint8_t*)0x2000908a = 9; *(uint8_t*)0x2000908b = 5; *(uint8_t*)0x2000908c = 3; *(uint8_t*)0x2000908d = 8; *(uint16_t*)0x2000908e = 0x10; *(uint8_t*)0x20009090 = 4; *(uint8_t*)0x20009091 = 3; *(uint8_t*)0x20009092 = 0xf7; *(uint8_t*)0x20009093 = 9; *(uint8_t*)0x20009094 = 5; *(uint8_t*)0x20009095 = 5; *(uint8_t*)0x20009096 = 3; *(uint16_t*)0x20009097 = 0x10; *(uint8_t*)0x20009099 = 3; *(uint8_t*)0x2000909a = 1; *(uint8_t*)0x2000909b = 9; *(uint8_t*)0x2000909c = 0xc8; *(uint8_t*)0x2000909d = 0xe; memcpy((void*)0x2000909e, "\x17\xa4\x93\xc0\x51\x89\x5f\x29\x83\x5e\xfb\x6d\x6d\x75\x3c\xa5\xe6\x23\x7f\x99\x57\x24\xbf\x74\x70\x85\x74\x90\x2e\xac\xdf\xf4\x5c\xd8\x0b\x61\x37\x3d\x67\xef\xe1\x23\x9f\x97\xb4\xfa\x60\x07\x93\xd6\xb4\xa5\x02\x2b\xa4\xa4\x36\xb4\xe2\xe2\x23\x57\x9d\x97\x4e\x78\x4e\xcb\xfd\xd4\x91\x2d\xa5\xcc\xd2\x84\xd2\x29\x37\x82\x70\x4f\x06\x75\x13\xd8\x38\x11\xac\x71\x16\x84\xd3\xaa\xfe\x92\x8e\xce\x0e\x90\x38\x25\x99\x7b\xab\xc5\x67\xb9\x4d\x06\xda\xee\x1e\x4d\x55\xa8\x87\x1d\x67\xe7\x1c\xd1\x08\x14\x30\xd8\x9b\xc9\xae\x64\xf5\x0f\x94\xbb\x8a\xf9\x6c\xe3\x84\xcd\x3b\x84\x20\xef\x8b\xe2\x73\xca\x02\xb9\xf0\xf9\x12\x21\x23\x9e\x64\xd6\x20\xdc\x6e\x3e\x27\x07\xf6\xf4\xce\x92\xe8\x62\x7f\x04\x4c\x14\xf1\x79\x90\x9c\xa1\xdf\x8b\x4e\x49\x9f\xed\x3f\x41\x18\xc9\xd6\xb2\xae\x41\xa7\x11\x98\xd7\x98", 198); *(uint8_t*)0x20009164 = 0x7e; *(uint8_t*)0x20009165 = 0x22; memcpy((void*)0x20009166, "\x85\x1b\xf8\x33\x2f\x6f\x47\x95\xcd\xbf\x9b\xf1\xbb\xb8\x25\x3c\xed\x75\xd6\x1f\x69\x5b\xb8\xc3\x1f\x51\xb5\xce\x19\xb2\x08\x0e\x2e\x7e\xc2\x15\xfe\xc1\x6a\x83\xd2\x57\x11\x04\xf7\x26\xa0\xde\x47\xf3\xe9\x28\x2d\x0e\xf2\x20\x4b\xbb\x1d\x9d\x9c\xac\x53\xb6\xd7\x98\x08\x4b\x0f\x59\x47\x91\xe3\xf8\x34\x19\x86\xd7\xea\xad\xb9\x11\xc5\x5c\x0d\x71\x69\x1f\xc7\x7a\xa1\x04\x7f\x44\x0f\x52\x75\xa4\x1f\x3b\x1f\x0f\x04\x8a\x5c\x1d\xd5\xc4\x17\xe6\x7f\x3b\xd4\x72\xb1\x3f\xee\xf7\x95\x0c\x57\x8f\x1b\x42", 124); *(uint32_t*)0x20009700 = 0xa; *(uint32_t*)0x20009704 = 0x20009200; *(uint8_t*)0x20009200 = 0xa; *(uint8_t*)0x20009201 = 6; *(uint16_t*)0x20009202 = 0x110; *(uint8_t*)0x20009204 = 0xd4; *(uint8_t*)0x20009205 = 0x81; *(uint8_t*)0x20009206 = 0; *(uint8_t*)0x20009207 = 0x10; *(uint8_t*)0x20009208 = 0x20; *(uint8_t*)0x20009209 = 0; *(uint32_t*)0x20009708 = 0x1c; *(uint32_t*)0x2000970c = 0x20009240; *(uint8_t*)0x20009240 = 5; *(uint8_t*)0x20009241 = 0xf; *(uint16_t*)0x20009242 = 0x1c; *(uint8_t*)0x20009244 = 2; *(uint8_t*)0x20009245 = 0x14; *(uint8_t*)0x20009246 = 0x10; *(uint8_t*)0x20009247 = 0xa; *(uint8_t*)0x20009248 = 0x20; STORE_BY_BITMASK(uint32_t, , 0x20009249, 2, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x20009249, 3, 5, 27); *(uint16_t*)0x2000924d = 0xf0f; *(uint16_t*)0x2000924f = 6; *(uint32_t*)0x20009251 = 0xc030; *(uint32_t*)0x20009255 = 0xff3f30; *(uint8_t*)0x20009259 = 3; *(uint8_t*)0x2000925a = 0x10; *(uint8_t*)0x2000925b = 0xb; *(uint32_t*)0x20009710 = 8; *(uint32_t*)0x20009714 = 4; *(uint32_t*)0x20009718 = 0x20009280; *(uint8_t*)0x20009280 = 4; *(uint8_t*)0x20009281 = 3; *(uint16_t*)0x20009282 = 0x410; *(uint32_t*)0x2000971c = 0x102; *(uint32_t*)0x20009720 = 0x200092c0; *(uint8_t*)0x200092c0 = 2; *(uint8_t*)0x200092c1 = 3; memcpy((void*)0x200092c2, "\xbd\x9c\xaf\x11\xf1\xc2\x32\x1f\x7d\xbf\x3d\xf5\x7e\xc0\x6a\xed\xf0\x84\x2f\x84\x3c\x77\xdd\x88\xdb\x9f\x74\x08\xbb\xa0\xd9\x40\x59\x71\xea\xb7\x46\x2f\x77\xd1\xca\x84\x39\x80\x11\xe5\x2a\x42\x79\x8f\x46\xee\xb5\x7b\x9e\x8b\x2c\x06\xc9\x82\x8a\xe8\xa2\xa2\x78\xae\xaf\x19\x47\xcb\x3d\xba\xdb\xd3\xd8\x37\x4b\xd3\xfd\x89\xa5\x3a\x0d\x2e\x5d\x80\x26\x1d\x7c\x80\x59\x2c\x03\x96\xee\x2c\x9e\xd8\x3f\xcc\x6b\xf9\xbd\x9a\x2f\x61\xcd\x00\x7c\x9e\xb5\xb9\x2d\xd8\x78\xd6\xaa\x6b\x54\x35\xed\x38\xfb\x81\xd9\xbf\xc1\x58\x15\x84\x3b\xc4\x6b\x32\x1b\x84\x8a\x20\x1d\x7e\xe9\x0a\x06\xab\x03\xdd\xb6\x6c\xea\x54\xf4\x15\x15\x3e\x69\x34\x99\x2c\x24\xe7\x11\xae\xa2\xfe\x33\x4e\x98\x1b\xa7\xf3\xf8\x7d\x0b\xc5\xeb\x6b\x1d\x09\x17\xcd\x79\xb4\x71\x94\xc6\xd2\xbe\x18\xe7\xa5\x4e\x75\xa5\xe2\xd0\x36\xb2\xe8\xba\x62\x6c\x56\xc4\x48\x9e\x46\x81\xa2\x1e\xa2\x9a\x2b\x64\x34\xa8\x60\x5a\x67\x10\xeb\xd1\x3f\x09\xfe\x32\x2e\x60\xef\x34\xa6\xe6\xf3\x33\x0d\x07\xb4\xd1\xff\x66\xd7\xec\x23\xc5\x8b\x3b\xe7\x34\x84\x4b\x89\xde\x36\xba\x29\x12\x97", 256); *(uint32_t*)0x20009724 = 4; *(uint32_t*)0x20009728 = 0x20009400; *(uint8_t*)0x20009400 = 4; *(uint8_t*)0x20009401 = 3; *(uint16_t*)0x20009402 = 0xf0ff; *(uint32_t*)0x2000972c = 4; *(uint32_t*)0x20009730 = 0x20009440; *(uint8_t*)0x20009440 = 4; *(uint8_t*)0x20009441 = 3; *(uint16_t*)0x20009442 = 0xf8ff; *(uint32_t*)0x20009734 = 0xc2; *(uint32_t*)0x20009738 = 0x20009480; *(uint8_t*)0x20009480 = 0xc2; *(uint8_t*)0x20009481 = 3; memcpy((void*)0x20009482, "\x47\x95\x1b\xf5\x75\x8f\x6d\xa4\x9e\xae\xc8\xd8\xf1\x8a\x6c\xa6\xe1\x7e\x41\xa6\x60\x16\x41\x5e\xfc\x7b\xe3\x46\xe3\xa8\xd0\x34\x28\x03\xd3\x1a\xc6\x34\xc4\xe6\xbc\xfd\xca\x1d\xb3\xc5\xb6\x90\xc2\x2f\x33\x2d\xf6\x93\x67\x61\xde\xb4\x0a\x2a\x9b\x81\x7a\x3b\x5e\x21\xce\xda\x6d\x71\xf7\x2d\x61\xee\xd0\x6a\x7a\x43\x45\x1e\x72\xfa\xa8\x20\x18\x38\x4c\x5a\x69\xf6\x2f\x4c\x6c\xf2\xa7\xef\xbd\x2a\xf5\x9b\x84\xac\xc6\xa9\x5e\xdf\x8f\x16\x7b\x5f\x20\x3d\xff\x2f\x89\xdb\xa1\x91\xf5\x13\x34\x2b\xe5\xa9\x06\xce\xb3\x79\x61\x3f\x59\x61\x08\xde\x6f\x3a\x61\xb9\x26\xc9\xf8\x63\x4d\x3d\xe6\xd5\xeb\x86\x71\x2b\xdf\xc3\xce\x50\x2f\x90\xa6\x9d\x8d\x07\xd9\x28\x44\x02\xb3\x93\xa7\x6e\x1d\x98\x17\xb9\x2b\xd4\xef\xf5\x7a\x27\xec\x91\x91\x9b\xf0\xd0\x9b\x44\x70\x57\xd6\x9c\xe3\x82", 192); *(uint32_t*)0x2000973c = 0x83; *(uint32_t*)0x20009740 = 0x20009580; *(uint8_t*)0x20009580 = 0x83; *(uint8_t*)0x20009581 = 3; memcpy((void*)0x20009582, "\x70\x81\x49\xd2\x9b\x3a\x8e\xf9\xc0\xff\x2f\x07\x2f\xf3\xb2\x0d\xd4\xaa\x24\xa8\xdd\xbd\x77\x61\x2c\xf8\x2d\xbf\xdc\x3a\xf8\x21\xa1\xfb\xf7\x55\x40\xc2\x3e\x05\xde\x08\xfe\xd7\x79\xdb\x65\x1c\xb3\xa6\x3b\xd0\x9a\xcf\xde\x2d\xa3\x4f\xc3\x36\x04\x73\x49\xf6\x2c\x65\x03\x20\xdd\x8f\xd8\x62\x6c\xfd\xad\xf7\xe0\xf7\x3f\x83\xa6\xbf\xfa\x1f\x20\xe7\x5c\xc4\x4b\x80\xbb\xe9\xa4\x0e\xa3\xc6\xe9\x24\xb6\x84\xfe\x6c\xb9\xe6\xa9\x33\x1a\x14\x9e\x84\x4e\x50\x0b\xe3\xb4\xfe\x28\xd1\x33\x2d\xcd\x64\x3b\xe5\xa7\x3f\xcc\xd4\x46", 129); *(uint32_t*)0x20009744 = 4; *(uint32_t*)0x20009748 = 0x20009640; *(uint8_t*)0x20009640 = 4; *(uint8_t*)0x20009641 = 3; *(uint16_t*)0x20009642 = 0x184c; *(uint32_t*)0x2000974c = 0x4d; *(uint32_t*)0x20009750 = 0x20009680; *(uint8_t*)0x20009680 = 0x4d; *(uint8_t*)0x20009681 = 3; memcpy((void*)0x20009682, "\xb6\x6a\x57\x6c\x91\xd5\x67\x33\xc9\x4e\xf7\x37\x20\xfd\xa0\x14\xeb\xcf\x72\xb1\xcf\x26\xac\x4c\x18\xda\x75\x71\x24\x12\x56\x76\x4a\xe2\xdf\xf1\x75\x40\xbd\xd8\xaf\x83\xee\xe5\x05\x79\x2c\xbe\xfb\xdd\xb7\xb5\xcd\x4c\xa9\x46\x62\x28\x7a\x86\x24\x9e\xc2\xb9\x42\x13\x98\x04\xf9\xc7\x82\x09\x88\x4a\x15", 75); res = -1; res = syz_usb_connect(6, 0x7e2, 0x20008a00, 0x20009700); if (res != -1) r[22] = res; break; case 41: *(uint8_t*)0x20009780 = 0x12; *(uint8_t*)0x20009781 = 1; *(uint16_t*)0x20009782 = 0x200; *(uint8_t*)0x20009784 = -1; *(uint8_t*)0x20009785 = -1; *(uint8_t*)0x20009786 = -1; *(uint8_t*)0x20009787 = 0x40; *(uint16_t*)0x20009788 = 0xcf3; *(uint16_t*)0x2000978a = 0x9271; *(uint16_t*)0x2000978c = 0x108; *(uint8_t*)0x2000978e = 1; *(uint8_t*)0x2000978f = 2; *(uint8_t*)0x20009790 = 3; *(uint8_t*)0x20009791 = 1; *(uint8_t*)0x20009792 = 9; *(uint8_t*)0x20009793 = 2; *(uint16_t*)0x20009794 = 0x48; *(uint8_t*)0x20009796 = 1; *(uint8_t*)0x20009797 = 1; *(uint8_t*)0x20009798 = 0; *(uint8_t*)0x20009799 = 0x80; *(uint8_t*)0x2000979a = 0xfa; *(uint8_t*)0x2000979b = 9; *(uint8_t*)0x2000979c = 4; *(uint8_t*)0x2000979d = 0; *(uint8_t*)0x2000979e = 0; *(uint8_t*)0x2000979f = 6; *(uint8_t*)0x200097a0 = -1; *(uint8_t*)0x200097a1 = 0; *(uint8_t*)0x200097a2 = 0; *(uint8_t*)0x200097a3 = 0; *(uint8_t*)0x200097a4 = 9; *(uint8_t*)0x200097a5 = 5; *(uint8_t*)0x200097a6 = 1; *(uint8_t*)0x200097a7 = 2; *(uint16_t*)0x200097a8 = 0x200; *(uint8_t*)0x200097aa = 0; *(uint8_t*)0x200097ab = 0; *(uint8_t*)0x200097ac = 0; *(uint8_t*)0x200097ad = 9; *(uint8_t*)0x200097ae = 5; *(uint8_t*)0x200097af = 0x82; *(uint8_t*)0x200097b0 = 2; *(uint16_t*)0x200097b1 = 0x200; *(uint8_t*)0x200097b3 = 0; *(uint8_t*)0x200097b4 = 0; *(uint8_t*)0x200097b5 = 0; *(uint8_t*)0x200097b6 = 9; *(uint8_t*)0x200097b7 = 5; *(uint8_t*)0x200097b8 = 0x83; *(uint8_t*)0x200097b9 = 3; *(uint16_t*)0x200097ba = 0x40; *(uint8_t*)0x200097bc = 1; *(uint8_t*)0x200097bd = 0; *(uint8_t*)0x200097be = 0; *(uint8_t*)0x200097bf = 9; *(uint8_t*)0x200097c0 = 5; *(uint8_t*)0x200097c1 = 4; *(uint8_t*)0x200097c2 = 3; *(uint16_t*)0x200097c3 = 0x40; *(uint8_t*)0x200097c5 = 1; *(uint8_t*)0x200097c6 = 0; *(uint8_t*)0x200097c7 = 0; *(uint8_t*)0x200097c8 = 9; *(uint8_t*)0x200097c9 = 5; *(uint8_t*)0x200097ca = 5; *(uint8_t*)0x200097cb = 2; *(uint16_t*)0x200097cc = 0x200; *(uint8_t*)0x200097ce = 0; *(uint8_t*)0x200097cf = 0; *(uint8_t*)0x200097d0 = 0; *(uint8_t*)0x200097d1 = 9; *(uint8_t*)0x200097d2 = 5; *(uint8_t*)0x200097d3 = 6; *(uint8_t*)0x200097d4 = 2; *(uint16_t*)0x200097d5 = 0x200; *(uint8_t*)0x200097d7 = 0; *(uint8_t*)0x200097d8 = 0; *(uint8_t*)0x200097d9 = 0; syz_usb_connect_ath9k(3, 0x5a, 0x20009780, 0); break; case 42: *(uint32_t*)0x200099c0 = 0x18; *(uint32_t*)0x200099c4 = 0x20009800; *(uint8_t*)0x20009800 = 0x40; *(uint8_t*)0x20009801 = 1; *(uint32_t*)0x20009802 = 0x8d; *(uint8_t*)0x20009806 = 0x8d; *(uint8_t*)0x20009807 = 0x22; memcpy((void*)0x20009808, "\xe5\x74\x19\x47\xa7\x23\xe9\xe9\x8e\xdc\x76\xea\x9b\x49\x3d\xa7\xd0\xbe\x0f\x88\x90\x3d\x48\xee\xf0\xd2\x4c\x88\x29\x70\xfc\x12\x16\xa4\xf3\x90\xd6\xb1\x7a\x78\xf9\xe8\x82\x74\x2c\xa2\x48\x31\x93\x6c\xb7\x5b\x04\x58\x99\xbb\xc7\x68\x7b\xd5\x5a\x05\x8a\x9f\x47\x22\x45\x2c\xe7\xe3\x01\x27\x0b\x0b\xf2\x26\x66\xc3\x7e\xaf\x1b\xd9\xd8\xb4\x89\xba\x1d\x32\xbe\x39\xd0\x6b\x20\xbd\x96\x57\xe0\x9f\xda\x6c\x82\xd4\x56\x6c\x93\x34\xe2\xfa\x45\xc5\x04\x6b\xa8\x56\x5e\x57\x79\xab\x6d\x67\xcb\xf7\xf4\x06\xd2\x16\xc2\x86\xab\x06\x65\x88\x20\x7a\x31\x8d\x65\x33\x2f", 139); *(uint32_t*)0x200099c8 = 0x200098c0; *(uint8_t*)0x200098c0 = 0; *(uint8_t*)0x200098c1 = 3; *(uint32_t*)0x200098c2 = 4; *(uint8_t*)0x200098c6 = 4; *(uint8_t*)0x200098c7 = 3; *(uint16_t*)0x200098c8 = 0xf0ff; *(uint32_t*)0x200099cc = 0x20009900; *(uint8_t*)0x20009900 = 0; *(uint8_t*)0x20009901 = 0xf; *(uint32_t*)0x20009902 = 0x18; *(uint8_t*)0x20009906 = 5; *(uint8_t*)0x20009907 = 0xf; *(uint16_t*)0x20009908 = 0x18; *(uint8_t*)0x2000990a = 2; *(uint8_t*)0x2000990b = 0xc; *(uint8_t*)0x2000990c = 0x10; *(uint8_t*)0x2000990d = 0xa; *(uint8_t*)0x2000990e = 0; STORE_BY_BITMASK(uint32_t, , 0x2000990f, 0, 0, 5); STORE_BY_BITMASK(uint32_t, , 0x2000990f, 6, 5, 27); *(uint16_t*)0x20009913 = 0xf0f; *(uint16_t*)0x20009915 = 8; *(uint8_t*)0x20009917 = 7; *(uint8_t*)0x20009918 = 0x10; *(uint8_t*)0x20009919 = 2; STORE_BY_BITMASK(uint32_t, , 0x2000991a, 2, 0, 8); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 0xa, 0, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991b, 7, 4, 4); STORE_BY_BITMASK(uint32_t, , 0x2000991c, 0x100, 0, 16); *(uint32_t*)0x200099d0 = 0x20009940; *(uint8_t*)0x20009940 = 0x20; *(uint8_t*)0x20009941 = 0x29; *(uint32_t*)0x20009942 = 0xf; *(uint8_t*)0x20009946 = 0xf; *(uint8_t*)0x20009947 = 0x29; *(uint8_t*)0x20009948 = 0; *(uint16_t*)0x20009949 = 0x18; *(uint8_t*)0x2000994b = 7; *(uint8_t*)0x2000994c = 0x7f; memcpy((void*)0x2000994d, "\x86\xf6\x20\xe8", 4); memcpy((void*)0x20009951, "\x16\x8f\x22\x02", 4); *(uint32_t*)0x200099d4 = 0x20009980; *(uint8_t*)0x20009980 = 0x20; *(uint8_t*)0x20009981 = 0x2a; *(uint32_t*)0x20009982 = 0xc; *(uint8_t*)0x20009986 = 0xc; *(uint8_t*)0x20009987 = 0x2a; *(uint8_t*)0x20009988 = 3; *(uint16_t*)0x20009989 = 0; *(uint8_t*)0x2000998b = 4; *(uint8_t*)0x2000998c = 0; *(uint8_t*)0x2000998d = 7; *(uint16_t*)0x2000998e = 0x1000; *(uint16_t*)0x20009990 = 0xfffe; *(uint32_t*)0x20009f00 = 0x44; *(uint32_t*)0x20009f04 = 0x20009a00; *(uint8_t*)0x20009a00 = 0; *(uint8_t*)0x20009a01 = 8; *(uint32_t*)0x20009a02 = 0xfd; memcpy((void*)0x20009a06, "\x17\xd0\x15\xc0\xc2\x1b\x38\xab\x65\x87\x07\x8c\x77\x5d\x19\x66\x76\x39\x02\x36\x84\x2b\xc7\x81\x15\xbd\x6a\x40\x58\x11\x10\x24\x45\xa3\x7f\xe5\xc0\xcc\x85\xa1\x6b\x56\x01\xf6\x74\x96\x59\x34\x92\xce\x3a\xd5\x52\x01\x92\x08\xa9\x04\xc8\x82\x54\x52\x5e\xf1\x3e\x8c\x55\xd2\xfa\x55\x84\xb1\x72\x72\x80\x77\xd5\x4a\x28\xbc\x6d\xd0\xbc\x05\xf7\x20\x29\x10\x26\x07\x63\x12\x0f\x9d\x95\x88\x3b\x70\x1c\xa0\x54\x83\xde\xae\x8e\x44\x5b\xcf\x56\x72\xcf\xc4\xba\x66\xa3\x46\xe9\x2f\xe0\x74\x51\xae\x4c\x8f\xf4\xaa\x9d\xfc\xf8\xb9\x56\x33\x65\x80\x5b\xf6\x83\x0e\xd3\x6c\x9f\x3e\xab\x11\xf6\x13\xa0\xfd\xe0\x42\x3b\x8c\x3a\x5b\x1a\xe0\x29\x72\x9e\x32\x33\x43\x1d\x83\xf0\x22\x49\x15\x64\xd3\x92\xce\xb7\xa3\x8e\xdd\xcf\x15\x96\x88\x61\x81\x85\x4d\x5a\x72\x9e\x76\xd8\xe7\x70\xd6\xee\x74\xba\x13\x33\xec\xb7\xe4\xb8\x83\x07\x1b\x6d\x6c\x04\x3e\x9e\x6f\x01\x60\x54\x6f\x60\xd1\xd9\xff\xd9\x40\x74\x4e\xef\x3e\xa5\xf0\xdd\xfd\xa5\xa0\xa8\xd6\xb7\x74\x0a\x7f\x13\xce\x46\x2e\xd0\x8e\x2d\x3b\xc0\xa7\xb6\x46\xda\xf5\x60\x86\xe2", 253); *(uint32_t*)0x20009f08 = 0x20009b40; *(uint8_t*)0x20009b40 = 0; *(uint8_t*)0x20009b41 = 0xa; *(uint32_t*)0x20009b42 = 1; *(uint8_t*)0x20009b46 = 7; *(uint32_t*)0x20009f0c = 0x20009b80; *(uint8_t*)0x20009b80 = 0; *(uint8_t*)0x20009b81 = 8; *(uint32_t*)0x20009b82 = 1; *(uint8_t*)0x20009b86 = 0x80; *(uint32_t*)0x20009f10 = 0x20009bc0; *(uint8_t*)0x20009bc0 = 0x20; *(uint8_t*)0x20009bc1 = 0; *(uint32_t*)0x20009bc2 = 4; *(uint16_t*)0x20009bc6 = 2; *(uint16_t*)0x20009bc8 = 3; *(uint32_t*)0x20009f14 = 0x20009c00; *(uint8_t*)0x20009c00 = 0x20; *(uint8_t*)0x20009c01 = 0; *(uint32_t*)0x20009c02 = 4; *(uint16_t*)0x20009c06 = 0x100; *(uint16_t*)0x20009c08 = 0x40; *(uint32_t*)0x20009f18 = 0x20009c40; *(uint8_t*)0x20009c40 = 0x40; *(uint8_t*)0x20009c41 = 7; *(uint32_t*)0x20009c42 = 2; *(uint16_t*)0x20009c46 = 3; *(uint32_t*)0x20009f1c = 0x20009c80; *(uint8_t*)0x20009c80 = 0x40; *(uint8_t*)0x20009c81 = 9; *(uint32_t*)0x20009c82 = 1; *(uint8_t*)0x20009c86 = 0x7f; *(uint32_t*)0x20009f20 = 0x20009cc0; *(uint8_t*)0x20009cc0 = 0x40; *(uint8_t*)0x20009cc1 = 0xb; *(uint32_t*)0x20009cc2 = 2; memcpy((void*)0x20009cc6, "\x08\xbd", 2); *(uint32_t*)0x20009f24 = 0x20009d00; *(uint8_t*)0x20009d00 = 0x40; *(uint8_t*)0x20009d01 = 0xf; *(uint32_t*)0x20009d02 = 2; *(uint16_t*)0x20009d06 = 0x7163; *(uint32_t*)0x20009f28 = 0x20009d40; *(uint8_t*)0x20009d40 = 0x40; *(uint8_t*)0x20009d41 = 0x13; *(uint32_t*)0x20009d42 = 6; memset((void*)0x20009d46, 255, 6); *(uint32_t*)0x20009f2c = 0x20009d80; *(uint8_t*)0x20009d80 = 0x40; *(uint8_t*)0x20009d81 = 0x17; *(uint32_t*)0x20009d82 = 6; memset((void*)0x20009d86, 170, 5); *(uint8_t*)0x20009d8b = 0x3b; *(uint32_t*)0x20009f30 = 0x20009dc0; *(uint8_t*)0x20009dc0 = 0x40; *(uint8_t*)0x20009dc1 = 0x19; *(uint32_t*)0x20009dc2 = 2; memcpy((void*)0x20009dc6, "\x37\x9e", 2); *(uint32_t*)0x20009f34 = 0x20009e00; *(uint8_t*)0x20009e00 = 0x40; *(uint8_t*)0x20009e01 = 0x1a; *(uint32_t*)0x20009e02 = 2; *(uint16_t*)0x20009e06 = 8; *(uint32_t*)0x20009f38 = 0x20009e40; *(uint8_t*)0x20009e40 = 0x40; *(uint8_t*)0x20009e41 = 0x1c; *(uint32_t*)0x20009e42 = 1; *(uint8_t*)0x20009e46 = 0x3f; *(uint32_t*)0x20009f3c = 0x20009e80; *(uint8_t*)0x20009e80 = 0x40; *(uint8_t*)0x20009e81 = 0x1e; *(uint32_t*)0x20009e82 = 1; *(uint8_t*)0x20009e86 = 0x2c; *(uint32_t*)0x20009f40 = 0x20009ec0; *(uint8_t*)0x20009ec0 = 0x40; *(uint8_t*)0x20009ec1 = 0x21; *(uint32_t*)0x20009ec2 = 1; *(uint8_t*)0x20009ec6 = 5; syz_usb_control_io(r[22], 0x200099c0, 0x20009f00); break; case 43: syz_usb_disconnect(r[22]); break; case 44: syz_usb_ep_read(r[22], 0xc1, 0x1000, 0x20009f80); break; case 45: *(uint8_t*)0x2000af80 = 0x12; *(uint8_t*)0x2000af81 = 1; *(uint16_t*)0x2000af82 = 0x110; *(uint8_t*)0x2000af84 = 0; *(uint8_t*)0x2000af85 = 0; *(uint8_t*)0x2000af86 = 0; *(uint8_t*)0x2000af87 = 0x20; *(uint16_t*)0x2000af88 = 0x1d6b; *(uint16_t*)0x2000af8a = 0x101; *(uint16_t*)0x2000af8c = 0x40; *(uint8_t*)0x2000af8e = 1; *(uint8_t*)0x2000af8f = 2; *(uint8_t*)0x2000af90 = 3; *(uint8_t*)0x2000af91 = 1; *(uint8_t*)0x2000af92 = 9; *(uint8_t*)0x2000af93 = 2; *(uint16_t*)0x2000af94 = 0xd6; *(uint8_t*)0x2000af96 = 3; *(uint8_t*)0x2000af97 = 1; *(uint8_t*)0x2000af98 = 7; *(uint8_t*)0x2000af99 = 0x20; *(uint8_t*)0x2000af9a = 2; *(uint8_t*)0x2000af9b = 9; *(uint8_t*)0x2000af9c = 4; *(uint8_t*)0x2000af9d = 0; *(uint8_t*)0x2000af9e = 0; *(uint8_t*)0x2000af9f = 0; *(uint8_t*)0x2000afa0 = 1; *(uint8_t*)0x2000afa1 = 1; *(uint8_t*)0x2000afa2 = 0; *(uint8_t*)0x2000afa3 = 0; *(uint8_t*)0x2000afa4 = 0xa; *(uint8_t*)0x2000afa5 = 0x24; *(uint8_t*)0x2000afa6 = 1; *(uint16_t*)0x2000afa7 = 0; *(uint8_t*)0x2000afa9 = 0; *(uint8_t*)0x2000afaa = 2; *(uint8_t*)0x2000afab = 1; *(uint8_t*)0x2000afac = 2; *(uint8_t*)0x2000afad = 0xb; *(uint8_t*)0x2000afae = 0x24; *(uint8_t*)0x2000afaf = 6; *(uint8_t*)0x2000afb0 = 4; *(uint8_t*)0x2000afb1 = 3; *(uint8_t*)0x2000afb2 = 2; *(uint16_t*)0x2000afb3 = 3; *(uint16_t*)0x2000afb5 = 7; *(uint8_t*)0x2000afb7 = -1; *(uint8_t*)0x2000afb8 = 9; *(uint8_t*)0x2000afb9 = 4; *(uint8_t*)0x2000afba = 1; *(uint8_t*)0x2000afbb = 0; *(uint8_t*)0x2000afbc = 0; *(uint8_t*)0x2000afbd = 1; *(uint8_t*)0x2000afbe = 2; *(uint8_t*)0x2000afbf = 0; *(uint8_t*)0x2000afc0 = 0; *(uint8_t*)0x2000afc1 = 9; *(uint8_t*)0x2000afc2 = 4; *(uint8_t*)0x2000afc3 = 1; *(uint8_t*)0x2000afc4 = 1; *(uint8_t*)0x2000afc5 = 1; *(uint8_t*)0x2000afc6 = 1; *(uint8_t*)0x2000afc7 = 2; *(uint8_t*)0x2000afc8 = 0; *(uint8_t*)0x2000afc9 = 0; *(uint8_t*)0x2000afca = 0xe; *(uint8_t*)0x2000afcb = 0x24; *(uint8_t*)0x2000afcc = 2; *(uint8_t*)0x2000afcd = 1; *(uint8_t*)0x2000afce = 0x80; *(uint8_t*)0x2000afcf = 3; *(uint8_t*)0x2000afd0 = 1; *(uint8_t*)0x2000afd1 = 0; memcpy((void*)0x2000afd2, "\x02\x2c\x3b\x4e\xfa\x4d", 6); *(uint8_t*)0x2000afd8 = 7; *(uint8_t*)0x2000afd9 = 0x24; *(uint8_t*)0x2000afda = 1; *(uint8_t*)0x2000afdb = 1; *(uint8_t*)0x2000afdc = 0x7f; *(uint16_t*)0x2000afdd = 0x1002; *(uint8_t*)0x2000afdf = 0xb; *(uint8_t*)0x2000afe0 = 0x24; *(uint8_t*)0x2000afe1 = 2; *(uint8_t*)0x2000afe2 = 1; *(uint8_t*)0x2000afe3 = 5; *(uint8_t*)0x2000afe4 = 3; *(uint8_t*)0x2000afe5 = 0; *(uint8_t*)0x2000afe6 = 5; memcpy((void*)0x2000afe7, "\x64\x99\x7e", 3); *(uint8_t*)0x2000afea = 0xd; *(uint8_t*)0x2000afeb = 0x24; *(uint8_t*)0x2000afec = 2; *(uint8_t*)0x2000afed = 1; *(uint8_t*)0x2000afee = 3; *(uint8_t*)0x2000afef = 3; *(uint8_t*)0x2000aff0 = 0xac; *(uint8_t*)0x2000aff1 = 8; memcpy((void*)0x2000aff2, "\xbc\x5e", 2); memcpy((void*)0x2000aff4, "\x04\xfb\xa9", 3); *(uint8_t*)0x2000aff7 = 0xd; *(uint8_t*)0x2000aff8 = 0x24; *(uint8_t*)0x2000aff9 = 2; *(uint8_t*)0x2000affa = 1; *(uint8_t*)0x2000affb = 6; *(uint8_t*)0x2000affc = 2; *(uint8_t*)0x2000affd = 5; *(uint8_t*)0x2000affe = 9; memcpy((void*)0x2000afff, "\x6a\x9a\x8d", 3); memcpy((void*)0x2000b002, "\x4f\x88", 2); *(uint8_t*)0x2000b004 = 9; *(uint8_t*)0x2000b005 = 5; *(uint8_t*)0x2000b006 = 1; *(uint8_t*)0x2000b007 = 9; *(uint16_t*)0x2000b008 = 0x10; *(uint8_t*)0x2000b00a = 0x8c; *(uint8_t*)0x2000b00b = 0x20; *(uint8_t*)0x2000b00c = 0x7f; *(uint8_t*)0x2000b00d = 7; *(uint8_t*)0x2000b00e = 0x25; *(uint8_t*)0x2000b00f = 1; *(uint8_t*)0x2000b010 = 0x82; *(uint8_t*)0x2000b011 = 2; *(uint16_t*)0x2000b012 = 4; *(uint8_t*)0x2000b014 = 9; *(uint8_t*)0x2000b015 = 4; *(uint8_t*)0x2000b016 = 2; *(uint8_t*)0x2000b017 = 0; *(uint8_t*)0x2000b018 = 0; *(uint8_t*)0x2000b019 = 1; *(uint8_t*)0x2000b01a = 2; *(uint8_t*)0x2000b01b = 0; *(uint8_t*)0x2000b01c = 0; *(uint8_t*)0x2000b01d = 9; *(uint8_t*)0x2000b01e = 4; *(uint8_t*)0x2000b01f = 2; *(uint8_t*)0x2000b020 = 1; *(uint8_t*)0x2000b021 = 1; *(uint8_t*)0x2000b022 = 1; *(uint8_t*)0x2000b023 = 2; *(uint8_t*)0x2000b024 = 0; *(uint8_t*)0x2000b025 = 0; *(uint8_t*)0x2000b026 = 0xd; *(uint8_t*)0x2000b027 = 0x24; *(uint8_t*)0x2000b028 = 2; *(uint8_t*)0x2000b029 = 1; *(uint8_t*)0x2000b02a = 0; *(uint8_t*)0x2000b02b = 2; *(uint8_t*)0x2000b02c = 0; *(uint8_t*)0x2000b02d = -1; memcpy((void*)0x2000b02e, "\x03\xc1\xfe\x1d\x97", 5); *(uint8_t*)0x2000b033 = 0x12; *(uint8_t*)0x2000b034 = 0x24; *(uint8_t*)0x2000b035 = 2; *(uint8_t*)0x2000b036 = 2; *(uint16_t*)0x2000b037 = 0x807; *(uint16_t*)0x2000b039 = 4; *(uint8_t*)0x2000b03b = 0xfd; memcpy((void*)0x2000b03c, "\x8c\xfb\x49\xdf\x7b\xf5\xb7\xe5\xee", 9); *(uint8_t*)0x2000b045 = 7; *(uint8_t*)0x2000b046 = 0x24; *(uint8_t*)0x2000b047 = 1; *(uint8_t*)0x2000b048 = 0x3f; *(uint8_t*)0x2000b049 = 0xfd; *(uint16_t*)0x2000b04a = 1; *(uint8_t*)0x2000b04c = 0xc; *(uint8_t*)0x2000b04d = 0x24; *(uint8_t*)0x2000b04e = 2; *(uint8_t*)0x2000b04f = 1; *(uint8_t*)0x2000b050 = 0xc1; *(uint8_t*)0x2000b051 = 4; *(uint8_t*)0x2000b052 = 5; *(uint8_t*)0x2000b053 = 0x67; memcpy((void*)0x2000b054, "\x69\x67\xba\x40", 4); *(uint8_t*)0x2000b058 = 9; *(uint8_t*)0x2000b059 = 5; *(uint8_t*)0x2000b05a = 0x82; *(uint8_t*)0x2000b05b = 9; *(uint16_t*)0x2000b05c = 0x7f7; *(uint8_t*)0x2000b05e = 0x1f; *(uint8_t*)0x2000b05f = 0x69; *(uint8_t*)0x2000b060 = 6; *(uint8_t*)0x2000b061 = 7; *(uint8_t*)0x2000b062 = 0x25; *(uint8_t*)0x2000b063 = 1; *(uint8_t*)0x2000b064 = 0x80; *(uint8_t*)0x2000b065 = 9; *(uint16_t*)0x2000b066 = 3; *(uint32_t*)0x2000b380 = 0xa; *(uint32_t*)0x2000b384 = 0x2000b080; *(uint8_t*)0x2000b080 = 0xa; *(uint8_t*)0x2000b081 = 6; *(uint16_t*)0x2000b082 = 0x300; *(uint8_t*)0x2000b084 = 3; *(uint8_t*)0x2000b085 = 2; *(uint8_t*)0x2000b086 = 3; *(uint8_t*)0x2000b087 = 0x40; *(uint8_t*)0x2000b088 = 0x81; *(uint8_t*)0x2000b089 = 0; *(uint32_t*)0x2000b388 = 0x20f; *(uint32_t*)0x2000b38c = 0x2000b0c0; *(uint8_t*)0x2000b0c0 = 5; *(uint8_t*)0x2000b0c1 = 0xf; *(uint16_t*)0x2000b0c2 = 0x20f; *(uint8_t*)0x2000b0c4 = 6; *(uint8_t*)0x2000b0c5 = 0xe2; *(uint8_t*)0x2000b0c6 = 0x10; *(uint8_t*)0x2000b0c7 = 0xa; memcpy((void*)0x2000b0c8, "\x64\x93\x2c\x92\x77\xe2\x3a\x0f\xa9\x6a\xab\xc7\xb9\x31\xea\x37\x07\x35\x0c\x52\x57\x45\xcc\xbe\x79\x4d\x23\xba\xa9\x96\x25\xc8\x2f\x74\xbd\x3b\x6d\x5f\x88\xfb\xfd\x92\x54\x5b\x6b\x63\x75\x4c\x07\xc3\xff\xb4\x73\x55\xbf\x3d\xd6\xfa\xcf\xf0\xec\x55\x97\xfb\x76\x8d\xc7\x4a\xcf\xcf\x39\x5a\xc1\x00\x99\x82\x92\x5a\xa1\x6f\xcf\xa4\x15\x75\xbf\x14\xb5\x6d\x55\x79\x09\xdf\x9e\xfd\x27\xfd\x4b\x31\x7d\x90\xd1\x60\x62\x70\x13\x4f\xd0\x7d\x2f\xc0\xd1\x81\x6e\x97\x71\x32\x1d\x2d\xb5\x5c\x65\x39\xb0\x41\x67\xdb\x7b\x08\xc9\x94\x15\x9d\xd7\x55\x2c\x48\x8c\x14\x66\x24\x7a\x5b\x70\xb0\xdc\x99\x6b\x90\x7e\xee\xe0\xb2\x0f\xdd\x64\x71\x40\x59\x7b\x66\xf8\x21\x55\x6b\x56\x7f\xe6\x13\xc7\xec\xbc\xba\xe5\x0d\xb5\xfa\x7c\x9c\x0b\x5d\xcf\x26\xed\xdf\xfd\xcb\x09\xb9\xab\x9f\x2b\x5b\xee\x80\x98\x2f\xf3\x65\xfb\x81\x6e\x98\x18\x4e\xe6\x81\x5f\x6f\x62\x1f\x4d\x34\x52\x7d\x3c\xaa\x4c\xe6\x82\xcb\x06\xc7\x48", 223); *(uint8_t*)0x2000b1a7 = 0xb; *(uint8_t*)0x2000b1a8 = 0x10; *(uint8_t*)0x2000b1a9 = 1; *(uint8_t*)0x2000b1aa = 4; *(uint16_t*)0x2000b1ab = 0x10; *(uint8_t*)0x2000b1ad = 1; *(uint8_t*)0x2000b1ae = 0x3f; *(uint16_t*)0x2000b1af = 0xff; *(uint8_t*)0x2000b1b1 = 0x1f; *(uint8_t*)0x2000b1b2 = 3; *(uint8_t*)0x2000b1b3 = 0x10; *(uint8_t*)0x2000b1b4 = 0xb; *(uint8_t*)0x2000b1b5 = 0x2f; *(uint8_t*)0x2000b1b6 = 0x10; *(uint8_t*)0x2000b1b7 = 3; memcpy((void*)0x2000b1b8, "\x57\x12\x26\x74\x4f\x78\xfe\x77\x5a\xb8\x9d\xd7\x76\xdb\x3a\xaa\xce\x99\x82\xe7\xb2\x59\x4f\xd0\x85\x4a\x31\xd7\xec\x1d\x24\xae\xe6\x48\x2a\xa3\x93\x97\x98\xbd\x32\xd0\x60\xf0", 44); *(uint8_t*)0x2000b1e4 = 0xa; *(uint8_t*)0x2000b1e5 = 0x10; *(uint8_t*)0x2000b1e6 = 3; *(uint8_t*)0x2000b1e7 = 0; *(uint16_t*)0x2000b1e8 = 4; *(uint8_t*)0x2000b1ea = 0x24; *(uint8_t*)0x2000b1eb = 8; *(uint16_t*)0x2000b1ec = 0xe1; *(uint8_t*)0x2000b1ee = 0xe1; *(uint8_t*)0x2000b1ef = 0x10; *(uint8_t*)0x2000b1f0 = 1; memcpy((void*)0x2000b1f1, "\x1c\x43\x11\xd6\xc4\xec\x2d\xe7\x89\xb4\xf9\xf3\x9e\x67\x37\x02\xea\x35\xd9\x09\x99\x1c\xe4\xaf\x26\xcf\x0c\x07\x57\x9c\x1a\x40\x57\x35\x68\xf8\x37\x56\x9c\x64\x5d\xe2\xaf\x69\x81\x33\x52\x61\x69\xe5\x1a\x53\xf2\x15\x16\x76\x60\x35\x72\x59\xd5\x4d\x5a\xd7\x7a\xfb\x47\x8b\x18\x9e\x72\x86\x67\xa8\xb7\xe3\x89\x86\xbb\x19\xfe\xbe\x80\x70\x85\xec\x6d\x77\xdf\xb4\x81\x72\x59\x2d\x54\x9d\x7d\xbb\xf8\x02\xaa\xf9\x5b\xbf\x2d\xcd\x20\x05\x7a\x34\xee\xff\xca\xba\x3c\x40\x4e\x46\xa6\xe9\x0a\xd7\xe4\x38\x7e\x1e\x28\xcc\x21\x71\x88\x37\xe8\x1d\x22\x61\x5c\x4b\x42\xbc\xe0\x4c\x6b\xec\x4a\xa9\xa9\x9d\x05\xcb\x4f\x16\x8e\x11\x5e\xe3\x95\x65\x54\xe4\xe5\x8b\x13\x6f\x86\x73\x6e\x79\xe9\x1f\x9a\xcd\x49\xee\x66\x17\xb8\x4a\x56\x43\x92\xe8\x19\x91\xbb\xa6\x03\x20\x54\xd7\x09\x6f\x6c\x40\x00\x21\x37\x78\x2a\x1b\x11\x1d\x65\x27\x96\x83\x26\xf5\xe7\x0a\x8a\x23\x99\xe8\x33\xe7\x41\x5c\x20\x4a\x3a\x4b", 222); *(uint32_t*)0x2000b390 = 2; *(uint32_t*)0x2000b394 = 4; *(uint32_t*)0x2000b398 = 0x2000b300; *(uint8_t*)0x2000b300 = 4; *(uint8_t*)0x2000b301 = 3; *(uint16_t*)0x2000b302 = 0x459; *(uint32_t*)0x2000b39c = 4; *(uint32_t*)0x2000b3a0 = 0x2000b340; *(uint8_t*)0x2000b340 = 4; *(uint8_t*)0x2000b341 = 3; *(uint16_t*)0x2000b342 = 0x436; res = -1; res = syz_usb_connect(3, 0xe8, 0x2000af80, 0x2000b380); if (res != -1) r[23] = res; break; case 46: memcpy((void*)0x2000b3c0, "\x08\x63\x6e\x6c\x5e\x42\x1f\x7f\x71\x8c\x47\x84\xf3\x89\x67\x2c\x29\x11\xe5", 19); syz_usb_ep_write(r[23], 9, 0x13, 0x2000b3c0); break; case 47: syz_usbip_server_init(2); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); setup_fault(); use_temporary_dir(); loop(); return 0; } :122:17: error: 'csum_inet_digest' defined but not used [-Werror=unused-function] :109:13: error: 'csum_inet_update' defined but not used [-Werror=unused-function] :104:13: error: 'csum_inet_init' defined but not used [-Werror=unused-function] cc1: all warnings being treated as errors compiler invocation: x86_64-linux-gnu-gcc [-o /tmp/syz-executor768728178 -DGOOS_linux=1 -DGOARCH_386=1 -DHOSTGOOS_linux=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -Wno-overflow] --- FAIL: TestGenerate/linux/386/4 (3.20s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/19 (3.20s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/12 (3.21s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/16 (3.01s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/9 (3.25s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/5 (3.26s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/1 (3.26s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/15 (3.31s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/14 (3.65s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/21 (2.26s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/26 (2.06s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/20 (2.09s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/28 (2.15s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/25 (2.15s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/22 (2.23s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/24 (2.17s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/18 (2.71s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/30 (2.45s) csource_test.go:116: --- FAIL: TestGenerate/linux/386/29 (2.63s) csource_test.go:116: FAIL FAIL github.com/google/syzkaller/pkg/csource 45.551s ok github.com/google/syzkaller/pkg/db (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ok github.com/google/syzkaller/pkg/email (cached) ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host 19.516s ? github.com/google/syzkaller/pkg/html [no test files] ok github.com/google/syzkaller/pkg/ifuzz (cached) ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ok github.com/google/syzkaller/pkg/instance 3.535s ok github.com/google/syzkaller/pkg/ipc (cached) ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ok github.com/google/syzkaller/pkg/kconfig 1.115s ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig 1.461s ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro 0.222s ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest 56.921s ok github.com/google/syzkaller/pkg/serializer (cached) ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/symbolizer (cached) ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs (cached) ok github.com/google/syzkaller/prog 13.255s ok github.com/google/syzkaller/prog/test 0.963s ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/darwin [no test files] ? github.com/google/syzkaller/sys/darwin/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ok github.com/google/syzkaller/sys/linux (cached) ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd (cached) ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci 2.132s ok github.com/google/syzkaller/syz-fuzzer (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state 0.173s ok github.com/google/syzkaller/syz-manager 2.198s ? github.com/google/syzkaller/syz-runner [no test files] ok github.com/google/syzkaller/syz-verifier 0.132s ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-imagegen [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ok github.com/google/syzkaller/tools/syz-kconf (cached) ok github.com/google/syzkaller/tools/syz-linter (cached) ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm 8.130s ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ok github.com/google/syzkaller/vm/isolated (cached) ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ok github.com/google/syzkaller/vm/vmimpl (cached) ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] FAIL