? github.com/google/syzkaller/dashboard/app [no test files] ? github.com/google/syzkaller/dashboard/dashapi [no test files] ? github.com/google/syzkaller/executor [no test files] ok github.com/google/syzkaller/pkg/ast 0.694s ? github.com/google/syzkaller/pkg/bisect [no test files] ok github.com/google/syzkaller/pkg/build 0.114s ok github.com/google/syzkaller/pkg/compiler 1.230s ok github.com/google/syzkaller/pkg/config 0.007s ? github.com/google/syzkaller/pkg/cover [no test files] --- FAIL: TestGenerate (7.29s) --- FAIL: TestGenerate/linux/amd64 (0.13s) csource_test.go:68: seed=1556095245115313931 --- FAIL: TestGenerate/linux/amd64/34 (1.68s) csource_test.go:116: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 EnableTun:false EnableNetDev:false EnableNetReset:false EnableCgroups:false EnableBinfmtMisc:false EnableCloseFds:false UseTmpDir:true HandleSegv:true Repro:false Trace:false} program: getsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0xd000) semctl$GETVAL(0x0, 0x4, 0xc, &(0x7f0000000080)=""/56) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f00000000c0)) readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=""/172, 0xac) ioctl$CDROM_CHANGER_NSLOTS(0xffffffffffffffff, 0x5328) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000200)={0x0, 0x1000}, 0x8) getsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, &(0x7f0000000240), &(0x7f0000000280)=0x4) process_vm_writev(0x0, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/208, 0xd0}], 0x1, &(0x7f0000002880)=[{&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/223, 0xdf}, {&(0x7f0000001500)=""/156, 0x9c}, {&(0x7f00000015c0)=""/165, 0xa5}, {&(0x7f0000001680)=""/36, 0x24}, {&(0x7f00000016c0)=""/153, 0x99}, {&(0x7f0000001780)=""/236, 0xec}, {&(0x7f0000001880)=""/4096, 0x1000}], 0x8, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000002900)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}, &(0x7f0000002940)=0x10) syz_emit_ethernet(0x1022, &(0x7f0000000000)={@random="459264597916", @empty, [], {@mpls_uc={0x8847, {[{0x3ff, 0x20, 0xffff, 0x4913}, {0xfffffffffffffc01, 0x5, 0x7664, 0x8}, {0x7ff, 0x4, 0x3f, 0x6890}, {0x80, 0x1ff, 0x2, 0x59c}, {0x3f, 0x94, 0xeb0, 0x1000}], @generic="4a60a1a3da8713e16395a0096d85fb2f4bb3814d3722c87b74efcd87ac320751ef2162bcf84c19dcfba020324e92a22cedf600afe3c5f61abb2ae81213cac4a0e8c2d9e5d989879379cd097e3839a3b196870796c84d148815a5ca96ca624f728f0909dd8cd7adacef8f60f3e95f64ff1abf8c740faa0a8000dd7d022301bd24e87782bbc2a23ca00b9365c53107c449b10c72cc87cdcd1abcdc6feb939f43ba89b6adccf2366c2d8f72f046e52017e254acc92a0df1e357f38f999933d3708dd697f93d48be6d83ff6a5c7e039b970244f016f4d10e23610d960f16b4a15087099cb4e6849920a77fc793f8d3bf7ceb84d7a5b6a680a7bc077299dc7c90cee175f72720c926c1cdd3a6eef09915ebd769cb2b227d0c5707af9599aafe07929453337ce84d47e18e4157bdd9af6ff0462caff5cf24aa296ce36df2c76de9f5ac70e47b5fb6b82262a5a6f5ca3a017d434f9e96193847bf46318c1589ce0b70da1ca16b90060adf8b8e5b1a9277367f02e79966cd6cbfd5e4e026430697e9ad3c11e95df9bca2e3909b7e6e0dcb1d3ebabbf4412f91ed1c72580984407053ad6cc2f4bd85f3efc036189b57f1fb39a614f89fd12afca67e4c38700ff3b38a32c80760636269c9defcf2a29ce188eb68d2ce56c96c184c1c30c992ceb6f71a12e83e79e9032013e553054a7b8d104e46f67eb4359371d072575c992993c9b9d314f7f7122ae995b9c10c7575fcb7912244af5d652da32a41598315f088f0a6ff38efd937ab95778bf6f5b78c7e7f3f2bfe83fbec627d7483e8d512bfb16cbc35da318b44e12aea2efe4988f3074250c645137b16f7989ad3ab94295dbe1f045ac7a3f04270a04b2823dbd196830fca3abc8e9deea2b2cf86537b5be2c6c47f876f2349555e1a859bd0850158919839169b33129940beb3bc9fba839081d88fbd267d94da1ab81981963f6188bd7a130543f3ca8a85d30778d6dbe23122544aac361d017d5e01a9526edb9863f95218894c8794d4730d744adfd96fa5c0e2460f514a51128b0e55ec27c32f57ffbebb63c4f4b14570d1ee2da22f74350f2c5408cfad2b8027cadefe02ca4cdf0eb3e19c28c1c021201ccdecad50a50fa9cf281ef8dba99badec11ae41c3e093f42487a8442905cd09bab9d8998d05cd411fcfc6349a37e271fc9e1b03b0690a9370e9a8b9b2d642eb61d1a73671e2656f9811313c3c3a9bdf1d5967a7518219f6d40bdbc392ce13c07df852d8b9757b958aa15e8def0a853ce9945dc7ab38359236b5c6b41f1919790943f27f3e78c8c57a8ee5867fae714ff9e0156246b04eca8255d30cc513ae1262785fb22355eb56c8eaed21e45f5a9190b2930731f675a958d44c93d084cfe91dd78e33951e9ffbe200559a35e58d9015f004e55d487d71dd2001cb468c80a3792bc74530486fc8536b2726b8b13639609125463d87663149d368016f7e557cce492a3772d9409399e6aaa48825228be9fbc9df50ed87979438fbec4ea415b4fa084178d491978a0e376fe7bd1309ee1c9f0cdee30992de8f65c645e9d0ca53426ff5789cd9fcd44c44fd9fb1c4012b801b92b4ace6df1d00ba55e19aa2673f0a5fb2eabc410b0a9dd343ca9cca79a83708ef488f45f3fbd4b5a0e289dc6d03b06d7d32d96aeaa14e6b90f73f63fa436438423b0731800a1641d4f80296a50ae9cd8baa8ba36f6dcedd1d76fc07834f5d8a9b3b83bad8fa2103a77bbed3020d6016050e6314bc3a28e04370dd25e2e96fb9a81334edb03834f89b88accf254c44d190bf69eec956009a477e6020a639bcfac107a7b905eadb58af1bf043360a40d96701296eaabb7cf5098603eddc572621b705d0d6d293ac223231385c982fff33daa34ff5ad69dea48a453d60302309e63004a72c91554672fb63980284dadc4a413b531918be329835737069f795314171c0c47be8b0b5e96cbf5fd3e41ef96dc8e359bb90af451fb3318a364f5450b9a175cb5035309146186dd06ad3346110a17d4d5c8712cb9bea3b196b4d69a1cc702d9be4fd5b8bf62542ce824e5c150c6eb31d6da1181c477d10339e76c3635174dd2da59a4378aaa1b0450fc70047b06354b0ff4f639c80919686440feca2bddeb04698a6f3f0ee94628af69fec2c6139e68bfcb32bc61a7f1b371e1e1f2c5a33d66fb7b84cabd3a60c910e3309b21cade55c920fced5c979947b4bd4c6bcd4e099f79e18028fc889d90bd2d6fa2fb4554c246fd1b59301bd6817c6edad20041938ebcc668b89df6fd0d1be04a94ed12c614d17f4e4c16e99b415cf3ce46c01907ec3ba4a61919b99a5f1c6e6c6de5c78e49a050f81965f8df4e4815ecd19c24c18d1e05324e7400b02d69feb4a5c9131750762db4467012dd580d958efd36dee8586df3a167891e0d30be4bf8fd997440d0798b84a9f8995d607d0aecf77a7c01b9afd8aa2d3712818b39bde8023163c311f39af3716bc743d7abfb8ff0937f8f29aa3fb24193c621a72f348c0591ff0b81b313af55e81e6d4c6843a04246e9c41180c07ca6d9a1382b2dc2808ecb804be79df248729c94aa314155d91944d57309f358c30d17c4538677d5835ddc2e344adb4d940e3d23967ffeebb46b4d7c7893ad5a806ae2f8a69373c13317eb0c38226b5226725d15dd0f178f7c1a310d9d31a5301d03c708a89f74cd97cbed402b9ed6d75c6579b229c92ce1e0ce8966249bb6c98bba3c991c5517cb15e01f4669b0e7f4a32c97186486306c3f4318d96d8a198b722b76265c5d804b4353a14a9429e9f9e6dafad04513d0279f1d14a570989ef486e330c48f5aaebeea73c408b1ad62aaccfc187a2b34e03ef2f39c48c07825569407e2f2a45a84df3190faab4454f21b6c6bf03777b86c05dea8cca4d8c9c198cc5eb84c4b55614e04f109322baaeb9242311ebab462128a08c596195326314229d31ca798fb3db15a541f7a20830ef9828b16312cb7d7769fbf2bb732adc54a7c92f7735c35d9edae8a7edbe5386ee006e202e4bc188565c3f8bb1863339df01ce3bccddefde2481aadd51f536652a21d69ab60505d5cc1295519f6dfa580570048fe1752d6f68c84dc13de286b88c222bbd6032a88c3e29d1631a2d5168740ad4113942570768af12c65deee4ef967c799150177a9414e92037cb926dfce9012f084852f61724c9584d492ff10e9870dfcec0012c7708b9086a89585cfb2a4f9410cc897952394d4cc06b3a93695d9ad142ab04aa1e003dc687fd303b258a382e58a0d7825f45503781d1d8542455642b4e815bcb8504e358f6d1aebcb7385bf8943a035ee1ffa9c3a39593b56b124b395aa608f44f6bda1fdc3ae93cab2b13b164137d85bfc538c31ae3738e5b1649064a164cfc4898a3ff57442ed6608db86d0933b1fd9db15e49f8907000125e662b98866ff2043cb515f73581956bf15bf352dfee6d832d01f05834e31bae314653d7c948751b2aae7d2589c71d5b6193d15b47ca69e59f70a881269c53068bdc30a56f0933cfff2953229f300937f067b9ea1bda0fc66e91a8f53a8580da71b059cb2be5e4c43631b2eeaf92ea5ea65314a8608652a92867bafdd02466db455c18059615ed7f162e7eda5743db2c21805134a771dcafd33678da303fcedac3f7e7dc5cf11585d9372182d9da61436cc49838967705b774ab209882ec85e664081d7f37ed5161d12ee3872f9d150ad553ca6884ebb0414284eaca9180385e62f2d3b5dc8e04451dafc48e686f10a8e7db358b0fcba21128e7b49279fedc8f84b1c958b47ad2263e3eb8aa8ec2d31434fc98f6111523cd1ae1f70c993db28404190c5665ab6be4ed29f4accb5ec07056fb76cb0d8ca614f613566ae3dc4e0b5ccfb3ffa60853c042dffb59085ad632085a17fc835ee75851a907a418d5953358c7016fef21afdcd904e2476334dd854b763f3a4158544d8d83f2efd0364b7781d21074da091391d2facad52a218ddbe51a6e5148ed1d552f28f4dbc93b3272a89a11a24b2106f099f46e436d9d3cb8dcf300302f5309394e31846bb1cbe8f9b44b925939c3ee0e707d16a9f1dee7af35f818e909b0408aae1def4ec1c30773a4a695756c2f0ab17f090ce8facca5c396904a738c5eee4a9555319566bc93650c132ab7e6da51a7f581de854135b615eb7c45045b135bd2cf01e14e3e432ee6606d563eff05658ea839be32f6d6e9dd98b57e1fd4ea6b301db043d7205ab9d6ba5c468c1709d43eb7f56a9b98b93ddbc3cad9e7b0a3a6041f8bd78cca086c349933f29d6c7563240e67a03c26ad41868e4c19e15d5ca4ddddc95c172b7ee30fcc9f4e0883b6747ffc0aa87bb7ee91ac0a522d583f44efb3017a7bf1717e2818b715bfdd5b7cbd1c7e834a940bd27323d961842c7c5ae7748241e9a8c8ed78ad6835be2b151417406a001f33fe9b2a8f4dc8f4f3df8c6c16762b7be6ce58b92d0c4efeaffff63056b92df747919def28f3f6da3ce749dfdde8f7e33c27c9a768ba7e6da765a2e3c881b6d70b6fc7000029a44bc02eeb91c55315196071c71c1b1d08fc7df2ad752d01b28911eb534e043a2ad6db2ab047a71392034fb22f344bd06c6a5aaed82f89e0e13fab473002a1b2f0e75557ba1bfd256b88e4997549c18c8d228e6183c9e443d736664f9e1ca130312a04b38f437d0505743a7ad83245a09ba27e8cc8419106d2762776ebef390a426a5b9529ca6a9253748c5805f9ee7cbd52d46093043192fcd4844b48b13072cf12423c43d40fc58527636aa106cbeadad0744e2b36c17865894cdda673c423a76fff836a61a5c35df0f0694912ac615e3dcefcf31d3f104100a5075b339f477aa0469d1c4c5f7fae08c083c41098c30498255eed3a78d1563b51da6481835bbaaf9cfa6fdb32f9052188d758c1b44cbcfd84841dfa024369be0b3e5977521336f2052e3238244af0014ad4f2c6f2aacfa0420b3462c7b01f7afe1b58f2cbdc1adff7b99c23c4de1177a568da960fb4dca8ce30a861107e04f1c91a508a343ed2917ea1bc5599e6242674a97d847c0e87702909181debb6c4386b1164b6cbfb1fba7768f8f95e4249aa96812fc2aa9551ce81656a68815ffdee0d4595e1bcb855a40378079824bc6a899e8cb87c4a63656d7fb89f67e27766c24e11ac28951803bc2ed0f209148bd47cb4cbc0b53f6371b0f3b5f7e95eaf6cd8a7defbf61dfe8fb67d12eba61eba8c3272232f74ebb40757fbc25a39cbe2ca431493f6e7e9f9483115804561bcbabafe043f5311e9b81ae5c5b012af463319391f2401e70e7c40b0dd10f034702dbe4f8d63f88683a011e5f2fc5e89f151423893e8c31bbae9840c878cea114abf945ca2c7c2c0ad4a4ac245999d65a47bb61ce76d68dac0b3ff9dd7b9c16eb42598646290376ba83d3a50842c17e9564c6f3511c8f781bea7e4629ad951c0317eba13ea9a46af86376579684f9882d94081f5f1c784d1759a7da6263b80678eede7e288828e576e49dbe4058642ebdbfbf3d1d83ca959ad7c8d69200efb1c6de8eba13d2744f1c830ba8249f611840fe701fcf2a0baf9bf82cdcd461d7f627cb224f830add7ea73da51631710171d391a8e107ebad560e7bbc749943e976afe510a2dadb599c2d2c4cabc7f41b707da214307dbaab31735912819692f12b773a32409a36937ae486cb90eadd12d2f44b12e6357e89797cefd4058820f48be08a05a03bb57f85bdfbe82aa6a74c663e3a1fae6360648461c67f9e6bcb575cf5eaa9d3ff3402e1d277db18421f4b4c3"}}}}, &(0x7f0000001040)={0x0, 0x3, [0xf7, 0x5be, 0x323, 0x63f]}) syz_execute_func(&(0x7f0000001080)="f3366743d9f2c4430d060d9500000000660f59d6dec466410fc433000c07262e400f109200080000650ff90ec4235d7d835c85b769a0f3460fbd5de1") syz_extract_tcp_res(&(0x7f00000010c0), 0x4, 0x7fc0000) syz_genetlink_get_family_id$SEG6(&(0x7f0000001100)='SEG6\x00') syz_init_net_socket$ax25(0x3, 0x0, 0xcf) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000001180)=[{0x0, &(0x7f0000001140)="e4a187875d824cd5553c1bdd4813a1d2e36e97b13fe25527ef972bb0d6831d9e9ffe258a1831fe364dbe96cf64bc0378e3bd", 0x32}], 0x1, 0x0, &(0x7f00000011c0)=[@featur2={0x1, 0x2}], 0x1) syz_mount_image$bfs(&(0x7f0000001200)='bfs\x00', &(0x7f0000001240)='./file0\x00', 0x0, 0x3, &(0x7f0000001380)=[{&(0x7f0000001280)="91c4213cde40568d777fe0a2ce2049d3b19aceb358e085d705ac9b80f2033a5cd6635cf7d06a17d81707", 0x2a, 0x5}, {&(0x7f00000012c0), 0x0, 0xfffffffffffffff9}, {&(0x7f0000001300)="f741413445b600d0915f869cac33274135333072d880cd4c978690c4fa5d658e440bf1f95164465261538183c3c9b0484f845f02f3d7ff0cb7768bb31714eea95b29b4cc1dfcde7ead85db1d0a8337cd757c6a468fe49b52b54955fd501262cc065080834ba65e9458c9ef9ef659b393ab90988d951f75487487384fc39522", 0x7f, 0x34}], 0x800, 0x0) syz_open_dev$CDROM_DEV_LINK(&(0x7f0000001400)='/dev/cdrom\x00', 0xe5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001440)='net/snmp\x00') syz_open_pts(r0, 0x2000) syz_read_part_table(0xfffffffffffff800, 0x7, &(0x7f00000028c0)=[{&(0x7f0000001480)="a57ba8d8a14ec22750b7eda887d760288287279ba370a95376da60c3426dd51fd3c45a9e3211886bea4730859c49f6e77b3b379a2aff07555c054379bbc326d2ece3a2c83820a255bd20116da0c9c17656fbdfc2e3ce9bf90a110db95cee6f9a229afd49bdc4952f101116ebd8e17a74fb3f38bf5d040e14740555ccdd6bae5e47734e7e0bdd055db09459f4e025b3686fad50bd96792941588e452844fea7cc5a5802c290b33db9d93347b7f8dc825935f0d32c6cf7198809288381e323438323b9f15e92388d49c6440bdf0ebdb2462b29b2faf22430c597a738be50850ec3bd167307542c9dae531659ef7590550aa68099937cab91665a211c202c29ab78043feb015f4de7271970e022af495f4258771708cb1bf5044220180619efb7dcf46a2588f05048cd8a9873d70f2c3fb9c05b4cb8207ee6dea7052478993d1cd95612ed777c7f27f7ed87b519fdd961c6d1116dbbf93657ef1453ef7629a441a534baf106ff7d35c9889f2436de4d5edd0b293540d4e75659514def57426559fa559d0d590931b6a9e3275e3652b5715bfac76552b967b469baa865c40cb93cbb070373f8dbddfe195b5e26837afa7d9e0d9c8c47789083cf1960d0f4eb201db88d6562abac3a44b00f9aec7ddf49b2888e14b242c2d98aef9d48c7cfa8be0501ca8b2ba6d2f130e83c225b4fd33f2e6aec72e3900432aa4b342f346472ad5dcb8711c7297718fd47afaf1e6d328ef6b2c984c236a7bde240f1080ed67c63dd0bd3f005ad2741646a8b7b6fdc9c3b7b8f896d2aae5c1f4f8308d2d12a8976a5211c1cb834fd5e9206c721b76cbffee91d6a7a43618823a00a65c56a6ccaa13907427aea0e09bc5ea8a602fb774e8accc42c5c569577a9d1aca3e86266a3b36d31a266c768515d5340a182d28ba0384cd4368d383759108612af27a11afa79875d3f9d8f9d725bbd7189cc15058dce2f93b6e6c657c776d6082b69188271ea94a0380be64a0c0dc094e02f4ba8d6659518f7c625bfb0bb4eb8b66566cae98ea7f9fbdd93bd20c8373a84f73da7f45c2674af1b48c21ffc338976824b9f4e7a0b89c3ee34734341ec847e7ce72d40f50792bb5a3e332091a0076f323002917612196bbbe2556e3507a984fce71d942fa9093485ebf7d15706fb12c43ac061aafe38a5fc757fdbfacea29a61c147bade814ca2b5b034df8ec4ec27e441e3966b77ed5c567ba2af704ab97b46e819b62ae4927e5a82b62afec0a0c8bf0915660666c02e52e446e6c0765c4417bf7293e26d2d8cee1ee8e6383bfa45c5fa6bc9bd12a2e72304b4b78008749a64419ef35c3f596fac5889d4c94ad1c578433fa9cf74644da8edc5d5fd3f5fa84f9ff6d0d0c7a0ca6e4bbb32626711e1cf878e0d2f60eab6051f2ef0666532e0159bb87f5ae9a2c1612f4c25d532f2e3e9bb4a6130172e782313239f1d168fe79d05c699cc1819255036ac03c71105e44e70d24d5ead94f71e05ea6d6541b0a15cb0104b43fea02e1dfea52ef925a5f24bcc90dc99317394602cbee90240431e6d130dff9015ebab888d79b2854502d1cec534f417aa085d69de284dddd6749b465174728c1d40721f8c235f92b03cc18a1d647c9335b7838407aaf78e694c1c389ca550e195ef2d5901406535437e2e164249e838048a4a45221b47793e031bfd32ba6ab3da7d1d2a848cd8578b6d3904d10c402d6382d359bb61453271f1d3c1f091c97594a1c0a33d656fa7a9e3470bb642aa3d016a0692d69c1885a30893b45b27c65a049678ee3c793e77781459822f953106b7283f50ffa1a7e247bbbef8ef491891c4ce143e7bdb9a762642f8002077b02e6c51240b9a42b9c35bf23530f74637e377a55b1cdeb6a6bc1ef8150727999ef33dfa7ec2db1e6e6534a99c30f3c0ec030ee08edc224bbb1c8bb6c56a0d62870b19d8d9dffcd1bb9f0ac47eb8fb062afca965639b9cffb9eee546a7cb48e2ea84a689fb5574fb59673c3438a9a7b194269c6a3d6f7bd902fe8a7b1056f9fe504f1a3beca3d9dc3a34d8dee0f05dfc276a84a640fa7902aa0c6566e75ce1c926e1a036d398cc33fc231006b4221e883625c0e2dd5510e66005d33ab1ddd656973035c2f4a4e92325e504edfb077d4924176b8e59257bbdd5547fe9ce8e1f25e5d9fdecba7ca3f4f947eb12799b2123f1715f27d598dad46bf2b40c34023898198df51176020450d8dad5ce9297f6f04778cf37c070c6cca521d53cc2bcbe057698ce2daa7b4ace1c0beffe0db1c0a6f38896fe5cad0e00f4a0571793577a54f104318603a200c169d1ab7354ca30a72ea0253e280f8bff98cda4ef13ef8b4965d890a08369860a65fb9e86a357dc9326e925d5a7f9fba2f47e0c2e80043a844ac59930ca692d64db4241a9e92463f88e653ac5c47a1c8b628036aaaca6245213d172e20f1f23c7e0808000ac39d154554322135560bc2cc6ad5fd291d1879b1b6cdc4366e5000875c951ef724e8226372d1f631cf5e54f58696432033d50668228a1b5d37b40c23613579be701498ad8bf561b163e097b4b84b425174ba7625155f4338190fa1f07dce488cd2494010dad2eb5b5b46773f881bd1dd948daa02d49e2d5c9970cdf52492969f01ee485607b2e461ce7f48946952049813d46f1adabb1d54f5b4fb6e23b5c161082a093e6b5d346c47e7d9a388f13a4737441e0d69bf24a4ac35245c3f4bfda1f0a35c22cdc7decbd611f2dc783f3b48ecaf07a8763e3a397821869082828a85f74c5278758a5280decb5e88166f80613f786ea04a73e14a4c04cd82b6d45b563a8ac4e4ebc37d67eab1edcb5c5c627ccf41cbbd8fccd1d68ca5b159402e2977c38831bc1b8d61ab2e2be0206ff4561456b4cd37651690c06f6d2208431474423613978d007cfe1b04d7eeace9b7a3ff8c8ca6f6b79f62ab3e372069e5c8b694836d3dd871137d18991775a25da169665a37a2c324370225a9fd78d58fc6fb9245692ffb798d83bfa4454e234d232f7f81043c95e5d67e9c2bfdbedd032a899e4a36138620dd2866e292fbba896479018481ab920dbc74a49c8cf56740e5da63b69658958a5d2b3ba1190f86699318197de10ac5bfb0a286708303c38b68101654e70e4031d613f51a6830c0a5f40bb00dac8b62bb9dfa9cb0eae1eba2dda4cd1439eb48b29e6672430c0e4a5d05c58a4eef21226df5dba3f05b683d7534c6a7ea88842a4fed27417636c5093a030629cb6bdcde15be9a084e0479a4448a82e86a964da39b1162d87238235a0badbf4ea47b44d4a43eade00d3145f6b4f9c2678c91c20b38d8c4c8a701038b3fd2f1c3acfd2ef4a64559eb7899aec2476ca89e4e7cab25951a78c183fee30f6bc2f73f674bc1528594eacb73b068bf58b6d19f9419b1c89b5787e28cc3a27728558c0e58b05b38e56405317684837978d1f14b4ac4a28674f917cfeb13bc7d7322b37ef150a92d23b7a9b4ac7f1e3419003219f7c6470278a4126105b9177d15900033fab3f1d8fb4f3b09ba15c66476676503da06eae6cffffa32749a8e6adced14dc1132374507d74312b767684d964aa7b63dab11eefa4cb1b1c5f327e06ca07db346f2310a688a269f730cd7479bb4990d661dd45268684f68c39c8c8003d4ebb250c94698277c5bbeed3fcada2e5703f9c9796020a8119698a1fb0ca253276691b9484f51c80abf516e585a43b9595ab55bdeb94a7207e0880768ba0ec69d810f430bb4103c25eae82ea6073613d0152d530ec8d1df73bfffa3626d5276fca65e2c3b107957fdf2c629bd2d984feeea0f6b8698dc4c628c9e58ec26d12ae2384b82fd87c6cd771ec1bd53e94c347ec4f8e8115c12baa7675df9fa925b57388fb32e346c2ce8e7304e6eb4962a97af3e4a6a0e4a22b623a61d9cb5c05fd8ef68e98585a8e8a3349496cf69f1df50b740cb7269c7c1922312e43bb6fdd1d0ae6425a73860c1af9cd32234d9b6b3588cc6c2aa553262d08c8f40f7a3cd8d4b977496a9f1809fe052f4f043a5883f6db8a20ffc4c11f9369dfeaebaeb8a17dfe3e142d8ea9bde1683c596e40a3871d729cf511a3d729f3eef5c359823519456bf83262138bccef90c103e8c710cfe894975eb9590bf4f21af0e5d20520002d3d31eb99897e36d007d53cd30f959124c396432effe3649422cb6a9d72d385d7b31b2970c8a8b3f11a64df527f7be6e4dc37086c83e132ce1463892b0a063451f2bae2c44b973d1b7a562eb1e62a9fb1228d813dcdffcf78470d9bd02013bce8023ad870ac5372f96bb552c92202f4921ca3ab3be381c1de1caf48faa8be775021436322c1b96eb794bd7bf5349eb06d202c86bebee3ae965b20dd8eb5c46dc4358c0b1869c2e2db20b964956ce0843e4a09b5ead84e8408fea95799ad210651c7294b332338119d079a0b6162329106287aa1efdead9862ad8358b8a1bfaa52254dd16435b37db29558ecf327f7aed58ffccf933f58b25373874d3cb190110c3750bd6b4dc28d6bb8d6deb9ceb2c2e69e7cce83308b88b7e9705f5c83d9bbc49b2db1d8b2f4ffe44018e14f23170e1b6d5f71e75b5d4fd47022e455de20674fbced2c3827c4e5f52dc2e6748b7d687252448f13b0d8b434577a5064d7bc520e7c876f44eed4954f58746f36a2fa98bad7a23091d939183821359be18c8f14a3b6a05cdb145fee984f08cb1d383d81be3c71d1e53783e5192e0a9d1a9f5a5324f61c5f690581b23d096006c9d8186ee7b71a33abfd0cee451582932ff271dd1335d9a20d4567d9b85247164d39cb1611c6d4e071cf9f5233ce35ddc7d03f509bed6ad41576eac7922fe0a7a6540cf4331e927776b75ce1867b8a686730ffcc684cd9676eac4856b882c38c88953486ec96574f812d6d55f64ba2c18d71702fc125b3aa5d2ced6df0f442dfa0000bf72d61903e54afdce8eed9047164853c5d7a149fc18473274ce095730aac66ad08fce71ba686431bb600e51295eb948caba5a43ede1891e7a8bc0a934e5ffa69e116a5bfb56e285269b71ac211e20a28d14bd60113f9398c2a329d01881a5c7374f1dabf0cdfbc462e02fcd934d5246d8e74791f351c7c759f5f705dbb84453e0b76b177592c68d5f9f94aa43027dd940070228f8adfff700559fb684cb532e604fab7e115858f0645f5689a42be0bb01b37542af7a22b3d57e6f14a2b126680ad71c7732993f9248123b20c6f5c6ac2d129c029aae1399a37023fdf1fd448b43d177102c33fbd31515562da5d39a99b864d15e28a72b93e0b5c91560323c00277573bc7a2880ac54f1b734dfb805faa5d1c7b32f474082d8e7e47c6f7995c3412ed77e33301dc267ac067e3b0bc3c77ba404ca487f448d1876fd6c4cb639e5773492272c20ea41a9f922d69f0d239b52d7c43569868632837aad0fc1234f919443eab47e86e5788619a558257663ac3c331de07f733a3a23c5bc5e34dc0538cdfe1b80933e6f431a9f6dac0c29240974d87fd21bc4801fd24526db9dad321754fd7135220631918a9278e9649d9454689bb9a13bc29e57d9f95fd33b77bfb8d6f58a9260f2f25105786f08e64ca6cbaa4a38d26dc2e14ab618a83b9d54774d9a98843f3d5a8ee27df4d85d20f114526c873f0140f09a796e9a39d78289605c0ac4c22f65459120c72d9926f1ed363109e64c210dc1873d2577ffb1af3508d54de7baef2a8acd1eab30a08af2d2898289d5fc6de52df4a33defd84f46b45f0c36351979c25b4629ec8d31198523dd4cd1999fccccfeefc120a93d50c0a", 0x1000, 0x69a6}, {&(0x7f0000002480)="1611ae42609871579458de6dcb5c96a368f60e602ebd1443c0ab4c858d3b4f5aa3226e5acfe24cfe3284209722c4ce9dedb38a2820bcfc21adf247b290e49a6bb53e147f9be5fcf3c025d8", 0x4b, 0xfffffffffffffeff}, {&(0x7f0000002500)="a64cb938647aa7f2797014809c6e3109dce88a01e977de428ca4c470c7e3ac12aa097830561ae75345030ea4ab2fb4e0b2db744acb18cdd3d518f380dab5d18741f84a207f54069a9f0fed8b513ddf36344720f8017619987f976af26323be818454108166d7eba3d53df5f50a8b6a775d125e7d9ea559d4e14608ecf3e9288375ddd63f0e618a1e0f109b8940d8e12e15e076117933220edff36dfa592a15bc123f4b2555609f55dab44c2d7ee0d08d6a", 0xb1, 0x5}, {&(0x7f00000025c0)="b475d3ca5dd7a6dbbccd83440b3b116ea8821164d0d9be1c6b34ce840c4fd47ad60dd6c979e63abd6d3ac04854f6e2a6c6df6d2f1a1d7afa59722a9ef148df1af30cd116853a26b395fe41326c6cc195a4e251dea0c8807dec6a10ea166c71db961bac6f457fbcf15c68c86cbaf2aac536bd4dbb4a87a53e534156002d77d72f5543286012640a8802282a4c5d1e3931ecedc21b0f70ffaacd888205ba93102f801daf838885f55a32c1b678a1278648be8feef0e3f28889ee3ef9b30f8db41ab8809e7f79c361b2ec36bbe7c1917a02c208265671c5f83ac99ba54930237193c5a6fa3e26b9007833d58dc3336f877c21eb66478dc8", 0xf6, 0x7f}, {&(0x7f00000026c0)="b7c9ac0ccb2999d4201bbe79b6fb5169aec79e29ddd20d05cf74e56ae30be98df1b8dc610fe9c444030c2f981f1ba87588dc74d5a9db113977923a53", 0x3c, 0x6}, {&(0x7f0000002700)="e9010427286bd88955b9ab73f4275f3f23e2c4c89bbf25ec929911d9381d2c484b48ec00f73e912f2abb379cfaad2af0bfcede9f4f9f3e5b9b4c8c52146f93d3ab014572a8623b75ef4848e008bbcac1f866749100ef85f6e85025846b93212f3808442622a5f786c0e67f618589a0949d4bf1ba8ed143bcc39ff0806a12ec83ffb5d48f053292676e4fcef6e1f91ec6254aaf2da4148e618187ff8f654f1ab689000c434d393213bb259e36bd10a3b3324b7c05f034bf54ce8f3a4c0806138bdeca6b4b4acc3e2fa54387d30912f5bea216579410313379", 0xd8, 0xab}, {&(0x7f0000002800)="1cc7fb907bac4a25794495079d025465a2e7cbf359e4834011533eb7557c496f2fd3f1cd4bb7dd60a8b9e576a085ef0668e2d5b4920612d6b47aad6aa89d330a80ba6ba3578ca9319dd52248e1a03dac1c21aa1c637260b3360b0b16d0bb00ba38b5185dbcdafea4ef436ef8da4e0003c51fc06d02d56513e19127fafcc79cd77ea19b4595edc62955bde6", 0x8b, 0x3}]) r1 = syz_usb_connect(0x7, 0x243e, &(0x7f0000002980)={0x12, 0x1, 0x6, 0xe7, 0xc7, 0x63, 0x9, 0xf11, 0x2030, 0xf7c5, 0xff, 0x5, 0x6, 0x1, [{0x9, 0x2, 0x242c, 0x1, 0xf1db, 0x7, 0xa0, 0x2, [{0x9, 0x4, 0x9e, 0x4, 0x8, 0xda, 0x39, 0xfd, 0x3a4, [], [{0x7, 0x5, 0x5, 0x4, 0x8000, 0xea, 0x80000000, 0x0, [@generic={0xfe, 0x2f, "68ee61fdaad657e9531b27fde2bf3559165294559cb529cd44fc938b5be743262f71477381dabad941e291fcf81bdaed6f948d470ef69d3f4d91ba2f01b6f6cf517fc9d105e35b3246c710dd8ebf3a173df68c3c87631401bd014d96e166ae29920b80cfdf8194f24590aa964aef90eff72d58ea1009409bb3380207ed472b458c2a1ebf54854f5a3cea7f9c463c5b6a81805f3a2ff6044757c1bbfad8c903353e39c3a8744d9e660c641ce2811a4ee947d559b5d0a60ad8757b3c84bce6dd09ce6431af7cd060f0f835ad9bc9afa93b9e2509d26311cce28174e517bf94b1e5a1829c97d83e3807d2ca9e28755f43a3dfb915bdf021d3814a96b850"}]}, {0x7, 0x5, 0x100000001, 0x6, 0x8, 0x7f, 0x9, 0x1f, [@generic={0xd0, 0x2f, "641facfc4842e8191c14d8141b170892fdefa812c312e829498d9825262c2e5002d2e4d7d81e3ae762626fd0d28f00165523a33462d4c092acd21dd30e97d7113cb4c07e87183b47cc57d612cf87aac68bb9a0e4dca1d9315862df986cbe2ded8d466b3908ea94e713b31d355d77d7a48404dddda5f42c7695f270ceb48a1e5a67c79dd2faded628e8ebc59c24c98159d978415b4429e8b26ee245c2d776cc288ccfb44f360e449601c77ac6b97e2142568f4db7dc63a2c0ec125aef88145ade54d6ac69d7204a7db00737a85835"}, @generic={0x1002, 0x2f, "1b9b4f08154e55d1e87154aef08ca60027098d0bc81c9a4d60634e72758e3e2e4abb1d864930e1f398f31fb7311980f16d1179476db842545178d0e0e169f01c7bf350fec9a95009d99b253b0a83ca0a0f5118ab8a42fc7d15816c2acfc6970d785139f6b70c86fb5d4413e8affe1ba5faf004f4459eaec87018f3ceb1b89a6205aadc5a9fe4086cc6f75846e9a19ad3712ab12234e47bc7f174b49e23f9f94201d1de9fefa598717895a5d29bbe44541ebf8115c2504f497d63ea125de7c18acece5640d6d5a664643591db7f2ea2706f74dd8da19a4827d108130b6cfb8b9178c6176101a9bdbdc57903118a2580df98e1fab0bbce3c277b664370b82e83250a925209bd084e630e371ff90d9cdca829e9ff80b8911fb6c2e0a70149b93b4f3bc52f96de2c2e662fe1d834893422ef13ec3eb91d216f1afb6bbebedfa678c3954dcb8f055ed915d69b0e8830332b17831c6cd7af745b851660540329540298de6d3b8e0c175123efb55d895d0ff79175e624b12944664cc8debb5bf7404937a875ee057505299096d438a0caf9fa827b21beb46fbafc11fec4e60058acb382fcbbb849475a11aa18f4469975fb18332a63334d70c2359987ceb94806fd9204e6ca919ee9d0e7265aba18aa90e5fffcd19b252c52a55d512aefef31c05cd07ca1c7d7bc250d5976155e4f7f4574e520798c7935965f2195614a7ee0ef2f1aad552ed36a7e70595b81e32ee143b30d5a4df27e17a6e1d1d0bce8b0615552c6c55a98cc45439008ebde4eb05b5180c880e63d8caa5d97ab50a9857025eb6598c5b000ff98a8a636c9f84f416b27b6c6c340465503375d939cb99324ef7efc5346b2d3248226054544f76b0e448fcf5429a26b7804aba765b1863e28d3179c3e414c926c6de20a38ff40e896ec747832b74922bc5bbdb75a7a0866b51a0abb167675cc20875ebfc4d5ac2300f18323b6c2d41467428c43d8262b851e15600d099185645aeb5af6bd92de9bb7684622a38df5ebbed73d9798573f4e88ca632a4705a6adf5c5115b1124488236d8d25a2f42a753e90ba1a1d54aeacafc72793eb6e7f1572c69da2fd09a2b071c199f3384386cd74395baceb9d6be6cf58bc8043ddb28a33354ed4d4536054dc33090f8c2363a37256ee08cb7d9f4f15a1c56dc124046fd9f8e541b5571c9ac97fa4b6b4530a6aab0ba67e5ceb2303cc0fa99abdcd055934f120c85c0a2d4d88d318c5ba47d30b254dc1445bb07259e6d58fecb1f90eed1025731da0e94935f73b2083a8c512e8b4c898f5124336affa77592ed3bc70515b1c1ba96cd311517efe64d35d29a93e2a3d0fcba45db360027294686bb952f0fa3735add67c8db890e7b25579e7e77a9168330c143867099f6afa8905a4c02e3f034dc66282f2c77ef53c35eacc3266562647f0d6c10e82f838e8586dd2cfe5f9d3166b24bee3e3163726e9172e14a25a59c2b0fc85868e44f231632386b03fd762d66a1f51390d7178670c8000f764ed086f94a9e7026f47e838c607463fe11f44b7c3902cc3843709f903cfd8bcdc03236ed75b0b7bc478d872a66189b5e79142f2ac04050955e1d03ada7062ac2d3abf6f3dd567c8a843ae2835320fe15fdf8976c1d319956d5f9bed8c64b06cd7b7c60efdc2ab71a03855e17a0ff3c522d24f530c51a1d83ac6ace2c58b07c0e5a18e81f4d3386c439066ee2a17c856db865cad541ff3c464545b6f99aaf5d01a8134f1abf8fed07045c25176499eb11e317f88d68c0846f06856b27da48a36ebf3fadec37e03195e192f90fdad4228f47edc12444e31934e92107b13c49b14165a229753fd877735c46c3807722f745a510ff93e8a1a7f3204c9646b9bf2e56c2d5b3c5fef9346119a17ab0b8cea7bd6b13e1e10b6fe7f35ccd51debca31cb7e81c95ec5283ec9634b6e9de4723eee3f9290d65be0fdbbed9612cbbaf9e8572a20fcffde396ffbc8beae608eb822fcef628994439145bc94eb4cada45895b363b6bd82424f7258bb1f2509bea0792046d0ad07b444ef463b2fed0ca5dd1a6e602e88bdafe774b5a44a7047a092906105d6c246edff0085f526b93ca861ead37c194790f904924dab39d4482192a9e2f04ff44292854224d7ab66460a3b6c7775d6da64ab29c2b83167c175962a24eb91f81f944b968f64885c8df2fe17568053317e97c691f191a5b12678e6cd279c1e4d9fd06dc07b40081d76c1a1ef69aa15b2841c1d76f1240eacff527a005c21146f7b21aed2d26ac506d65d85d7cf40d20d093ef4e1b571777ea53d8bbe8a17b551983483840c21dfaa7257b50286e148896541d2e1678bf0efc775ef41aa283e8d07571f3f727d6d4115baf09fbf87d9e7c21e4e2a93a5048d1412a4fa9876c2b86e71126f12f69fc50838d9875d55237a3f8452bfc0a3cf0392936e3f82f1ffb31134c1b4f0da9774855ab8033ecdabb545f02c45c7a8d9934efe6eb8533aa2f590196402aa0fad472750bcd20f81aab64ef2154df6f26d2d9ce055fe008f59b529d6c65d01fd8eee5a9700adfb0a8d107a04777402d304ff4aa81ab66e2206afded2b7ba6665f60110c023ecad322d433f4bd96ca0fb85da7efd0b40a087db953b5a9815bdf19c656f6d07044738250f3e3e9fb1ec3083e4a7c3fad800c3cfae1f4d8d3674f41397e9c8f216d29071e7e8ec220afb41e64bd279d9e486d1325882a3dbed509990ca542311e227064589c95746b275941774ec2137db0b86491805d2d53ca9d971e9ab0fece6b616f89c07339951388641fe62fcab08758ce7b4409b65507bbe39e1cf4d8d5686ad22fcb2ff7e31b0b98945e50412eaf01e202549898162026c841630e356f46bc6e16077d268d66b651ec250d5f135f2465257be0337049432125a2a42bd606c70bdd272d9ce3b02a637ff35fb29a11ef0e14f6758037809f7f9ce2be309f599ea4b5e40d7e75a08019fca493252cdcf9d722195d1c11b8178a6ec10893877b8266ea609e6846acdff696ddaf5973befd93034a389d52f16749d01e795db515863f54e45e5ef7ed81aa54a00c08619b2e0ee01b856bcad5b035f6d1d8469338eac93b664901add116f46801cde337e133b75c0bb683a191d4aaaedc271f9072bdd9352570ab48abe2148271726ce76fe7b6880d08ab7a5730820b44627ff31f9be165cf6138cdcec6cae0157be9f377ec52a2a43c22ee0bf1e0aaef0d593c272da05e24397b4251706f9a838e5ddff6b3e7f5fe19a417bdcfb3a270b2a5d5e8b25b091dc10c307b86335b4ed988230625c33df07449ebf05aa2abd49ee0e686ebaa6374f83adcb10d39b38bc9a9b6d204cdfeb77b4ea8159a558b72b0614524f7a43c113bb2fc81dee9643dc768738f701eb888cc03386584cddb3f4eba382466ce9aa391b0dd7f22b73d7a9f25c49736f13d410fd9045d4ce1bc60a24ad335bd0342d4d81b35da8e0ddde5a28c519cb5a41df110cb5d8ceadc4a5ed13d27ab6384ab3ff4b2a2659a13f42b1cd4a09caeb8bb29fd431398ec1b931e0193d91176053517cf295b2e75954032e100c86133c06a900c200dd767d26f23479a0b63dc44ef3819a74a484c692e6c038b09f58bbe20bc518c46dfe98f094a825cc941663da76838aeb7a021ef99d13b622c2eb72da012d41713ec5f24504f27aff18ed8558e6ce85764f789ee00fc15cd90e769edfffc0c0f5a03794f9dc2c138f072411bd57cdd09b45f67877a98d2c3c16a891c201c45abfb40a2038c09689d6e3a9a4e45e625b0b362c904c03bf2e8cb27337bc41023c8307dffbe9afcab3f7e623cebd54abf8579857749865086cf27cc0cdf1d9ff1ead44c64fdcfe5782908d302a004bb5a56783c8280b9fab745fc243e66cfe3dd47a309af6a326d88d1ea26db029c1988f430944340bc9f27632e081f5720bb8399fe0b646c6719787538b32a6f26b492b9f224cbcfd43d067e7b3f1b394fa5bbbb391ff2fb46568c93fdc7cec0e490689a3728f36b007bb769ccb0f7ef4ab014b205e8232c33fb512e82c7101dfc024aa2e5d9b63f3acb391b26dde17bfaca8fd66256d733dd0e5552f4bd87c81139774f60cb7214d22b20a02fa3593619ee20f5c7841209f72c3ea8ac73c6933ae12975268173fd5265918ca394fdd83fba2f11a10e0475d95f1bd86fb6d296efbd4b00793db7b34a63a5611283303aa25199679b14da03bb36b2cbf31f7149f05851ee6bb236c93a964debb979f1bb28d1be92bcfd0a5ec008b4f06963f3d90a6093bac6c5c1ece5d2934d6921171943acf28c527d7500a15feafa98ec0c622bf8d7b9748c19425109a6c911ee574761367fef46dd00152ea57a2e29dfc4c67844575d20d332e726632b2c2fac7f89eae1d47b3224448689020f917a43b52d0719d96fe17b7e645e15fc1a90b5887aad092358794dac26638166447f0321d0b41372d91eafc006a0e09a5f47807ca88462c5be2e495a7b5f5488e9e295e0019f529dd895e873acda328f6ad664a067a50ff93c6185a6c44d7a14821b7ce98b44271194082afc0571ee2dacc0d9a4d292fccca503f38c54750b9c95d3539e06b7805b4ec7029b549b8efa73367d3b916535044d2e0db6c2d2a233bc2653c737a14d8172f58501cb99b2f17f179cdfb8ea2e28c438c6845ce8901112b0a60ced6302326c11c9c6fc51272e12c6a5cb29011de2ab05d889e827ca33ae9c148f5c03bb8cf72cc85eba0fe6ea7753674693aa558bfb67cf3d6554af3515530baf1ca272d6050f76650026b1653e999a9bd5e88ab3d87b45e7e57dd78b35cdbb25ae2e3fc3157c441d80636900e1839a3c71766fceabf811ab065d2c73982716416039ecfcfde622b55af716be559ad9842bb1b305a3c1b914a7a82c611132e7819d69f0b1de1618c5e08f86953b5ffcf8e356d4fe73ebe05ed914c741216947a1b50b0a4b2d7076085f8096accb392d8ab8f4d87522d2d90c9380da36a7e7fc1076738eab2bcfa20b0828632fd750232c07f1d15e2380fafada2bb58b6035ea32ce76352fa201ef79cec08ef12395e0e1af3ffc6acd80eccc823203f2223138eebc82530b4e5d3ca2c47f75b6ec288ecfb72dc14d48f437261ec2c3d754db474151f33e1052c129bc2237e8fd9e376b24f3c895ff29828576065f11abfe2aa6fcc6cebf432765958739ee23a09c23240386e5ae2f09f27d594c26de982ac14760b5b5cdcdef7e2bf8d16a8859a344a6a02c420d682f222aa93e5d06a739994f078b458b23e61e3f1d73bca446f1c7bb612fa78c492a2cc33e2862f5cb143f81cdacf7c8ae1d23abe7febaae2689a1e6f02518d1c87a76caf167b409808e61192e290a92b00b0a4586e7c510450d0b8863b6856ccb0db1756659823de54a5339af712e0265674e7dff6cc958614b39d9bcc5cb42da33968d43efd95c24c57734e698309a4a32d01c4068102d77299f6dc954f186a03a5c13fe7466b331dc40efc57005af3342cef602c0d1b342eef0baff2b7f1c0248184585a5b348faad45435888f6fa0111f34881c72d8d2372a3f5cffee4b16a4900ef7daf0321d23db0b380064172a65bd2503769331155eb9207da0b0b41c934bfbc904d819f9eacaff4c3429f191277a5872bcfefc24441d43425ef16f9649e2c06249a4a47d913adec69906e6ba2c66f4a43a19263d74fae7cf2431bc573a62eceb2442a2e464d9fe347291215ceaf9d2c25e97e725e1a68e645e0dd0f3571c51fed2e13272178f48d25cda7374be1257656f6e0177845474c1c"}]}, {0x7, 0x5, 0x3, 0x1, 0x4, 0x100000001, 0xb89, 0x2a}, {0x7, 0x5, 0x1ff, 0x0, 0x16d, 0x0, 0x7, 0x7ff, [@generic={0xd2, 0x3, "2d755d1478d923897660aebf033891134533a46b908d26f3988561c881fdbfcbb4cb20af55aa92b25252efffc885a2b3fd25b90dfacc806baec78fbb9b92f96ffa2d0a653032d358ce491b938a5d7cdfc7357e3ed518d3e78cd89e4295fd1c8d8ae19bc06fe7d1fbf4af5920ca33b33f13beebe4fd38b0724f3f9e759543c9966a7f2a8d98960f32a811e9b5f2d227a01ccd84d18bf43f0f89377a45f1d9466a83ef26acf86a6f728a6c00f654b0e292a9d25919e93355bccd59f06277a5639fb9ecab2cb8c614f814cdf3499afc30ab"}, @generic={0xb3, 0x31, "8400a8999892e6169b07a1cd06148977212bf76d21b1c76392c375d18854dfe7886769a9aeaa63e542c19e64bde1debbaedd25baa8cc21313c369a85d7a94e5295e854b83be156917c81eda1576ae3c474bf2332d093989d3e28dbe143494fc273e6a3d9f2295cdc84171ab057954dea92f0705dfbd2899195ba40ad6ff955eb32ffd8ea4b64abd0e3219210302b8319715cdd87d9af35de7fe4ba18040d6465b7cfdfa61aa321b9b1634235912995b0b9"}]}, {0x7, 0x5, 0x9, 0x0, 0xff, 0x9, 0x101, 0x1, [@generic={0x1002, 0x2, "7805165a453467802c905f8883d19e225ad57dddf1ac6dc6d69de62b38fcb7d1c1e805321cc4fbda35b85714d9419a7868ae75d63f09a834fff9ad13bd67472f123c8485132b217c6fbc010806a39377e650c0d69cf300486d0c550ea1f490d0da3b39a2b6dd02282ad8b4225231f915ce885169a5ffa23c29e15db86c28878bf57d400673c9b45ce4b15030c9efed9f754dff6c22b5a26e00a5b0ca418b6206c4f8abefb03ad895bae14933d530b00f5362c22f9dc2e8d27974a86087a94e9d3de42854377cc0b9aa0c09e13e4f5badf5a933afdac859b7f7170921cea6e328c46caf88fc438bf5161b677e437c808c4154745fd3e10648f3f94064597c657bf08e2aaaa0fa41495466445b4de5dff0060590f7f606a34f5127850fe2a49bd2d699e83cc9d6a9a57649ec25c9ad91fa9a5853845caa5d92ea676069fd8e346c9f08cb425a11959d740e82e48e025821767dbf73abc0248cece1466e08fdf7435979f99330b5dd349e29daafff036b35337af5254ee295c83c23ec82169ccbf545799a14c4391b54c12a89f650fe0e9e26fc1f0d0d88532b7d10a8be517bb6513238c2d1f4769589f7680f5979ebef484985960fad91199444970703dba251e24b89fc480746113a6861c9619b69ffdf19bed1caaca15f852e69303bb2d1e8f9eb1e8415f224181c2bdebbe214f802bfaddc865fdf91917687068cc57a15061221fb9522cfcd37f17af2d12aafbe28355e12203bdacb7e5abab044cb34fd1abd6febc0a8fc036b080721062b2985c6548439dc1dcdf26c5a5f2dfdae0bc3f57774cd22ce5972cafd0304a44a431b03e3cf132a87ae8c921555f6bd252e80edd1268cd805a81340501d4b6ac93fa71f5219d757eb3f9d7bb3d1845513acb6d42d1e39ac12e949bdca819437c5c4b01433a4ba50d91d6c6d1a4d6e3d475e972e21daaa8132382e04c3e87f18af61e4f39da1f30f5ec4f5be02964d77b04e09bcc98482284dedafba436cf8ba5934d4b7206a9cf3a148aa833a1cc61a358923f4f55d59c5459461fd44367e9afa2ba0715d46eb8aa7cb959219c1dca8fc6e77fec6b758cb3799b8274b58d03a62f52b245a74e42b33e5b89fb066235258d4fe5b661a876657b79b852967c492821b90aa1066a39a9b7156bb62201143d5d20cae8ac033c1d96159e78275c6ac412b8b5037cbe92cf5b05fbbbef64368fec7a996f472fabeca82efd5e77c99510a0b0e71f4d7b684ce0c4b639278a25b4c6dda7af5ec021320c2e943f2fcbeaa1ec13db16f8671bd09bc46dba732e2fd3554f81db33c70fdabebb309e129d053cb4ab7b9a49f9a1e2df25cbaf1a42eed21ac59284c179b864014a1295d2c70fd76b3b93fef4379a776308278f766587ad0f500cafc9a04b0b7da63fe4464a5bc6b3498c11af17c66d2cde78d7b54de3ceb76e1f1a49609bc7e1d601e8a81d13621e85dc0484c4e6878c9b34c6be25fd41504470d70e3702d327af6f207123084eec1d4dd7424eb5113f91720b39397ff4454038a962eebb98dbf8972e740dbf358ced4cc5b664792a16af2cf6e89028c2656329d7133610bfcc2e75136b1c76e18bcefdff5069236989501499098c065860726cbe1df975f80d277546ab37fce84d2332eff2ec81fe0122e43a320fa6cb5e2b6b4253ca840177b8744dfacd72d415058dcedc766f8ab377dc85ed8e6f6824c3788df30779fc74033add83d0ff82cc9cbab41246e86c6de8f54fbe18183a92d88e75e29f08c91bfed4dfa8b9e1e3e800a336eb7eadece23477e4cb3a2ed1b0362ba9bc573af9f01d2aa75fa6d8d9dd0697f9297a5688074dc63b4d7f882842ba42644ca749c552883f6b9649cb809eabb67770dd61275dcfe310ece2c650d11b5c93bcee931e574f65b56322d922be5c661d181b892842252a334c4e9d762d0cd9b83b4327f2c59923d283fc36481517b8c12565e94f1b46297b759032043161856f97c6deaed341b2bb0542a438117b23631847a32d0d68eda747bf754a09180beef32f0a1813afab1b869cc3b984132ee800f699ef07737463a2315d5f4eae74c4ee885307a9a0d6444f82af00190bd2c5f96b446ab13a4c5257a985b650644c19744378f49af218251b98ca045e6def76dd0e6f948d79a9580dd89d373379ebd70deb496c9822d29a71c066e37d3bc065936e4a1a2fcbcc34fa3e78f39f7f9b6962d1ee57c219d398f25d46f353e6b946abe71ebccd8a17b5d11df6dae09b4b7017cbe8eecd9db4295b48a979aa6d3d0bbb834bcffcd0271af356e19080dd66af7da3d37afe541dc2405fa0ac0bf9015e7d11dab48e0a6fd208714d968c95fec708283910fe7a76aa9e7ddf2e217f48c7ae5ce80e30554cfbe48546f9785a148641d3e07f25a48751b506f4f23755ddc2537c5910c730a693bbaf6f392cadfa421e21a6560d8c86df702912d92e4cadc52e11e1ec67ce49efd045eb0f8285b9f0bf7f5341823680e79a4491d2e993543f0606318a278f2c4a24b264282fb9b04341610fe74d01b7a41570acb23cb138b85d6d65fce474a8c018e1389ba6e5b9b37d0d5abe1d6a994005e9b135805a23bda05b4e4c30b76991b11a97d9dbe26c9bd5a4a03aab9269b07fb301eeeb83d226eec5a8db1345727f638a1a69afd606e962e68d3bdd178776b1dc20ce9728c68029c42bdab8c48f5b31c877f3664e6d4df5c6d72d3ccd65f62bc401ec32330d6f94694f96e0d18b538d64deb0498e1305a6416b4f5da60ab01ebda80545ee673c91dafc22a44fd7c3a0427d11ff010e19058b6f2ea9fb032a8fe1e77450d56f1fa80770b1ac36f80c6fb23d443aa3ac359bfcb0c52e1a794f32747dfc8aa5e8d23852ac50ba6fedc8a70f9e9aeae582576e002e5529c29aa2e6e86be83b5ea1c139db40175ac16569d562cfeb50a1761730b0651fadbac8f842b7f1519789bbb31eb1681bf859ccf0f98ba011a9cc63a7f1294fd93e58ec852a7b1ee647cb69499a45493da454fa67890cea3558c76ad012382240fdf5dff44fda6d9795603b9a57bd00bd07a95c81b53acfc03e22823962082bedf49c5d81b888cbdbda1f8519351473a4b74483471412aee2877db3253b8d581d24950ae6ac36de891d7689ce88f201681f74c10e07004e38d2bc8dd4d06545fa76c202182350fe890af06f8b3ad03ffd2919dd0b9bdd78740a4fac6747e1186f3c12d1968a4ed05ec3837b4a92740af11a7b166dd4897df646af2c3aa618d1c20531c192df9bf1c5f0c8b7e5c3b710f585c0564652462198862590bfe2e0315d93d190d592e84bfe280e76943912acccede7aa994e2dc773d7517a6b327202fa52794157458b5e99b50e0b79be32a367585aa301378ea34ea0080eaaaaaa2c963f6bf90fd825bf26e6817fc84d882506c5a6b5e8d58866148d5f23a8a7a27b1e1790e9527b6670502a61d03284a0446ca56e2e1e9c405297be36bb6abdd54f2f471104f2fa15f18a6669a4a1ead4587b52a7146e60c6908e5f246ffcb5163dee7fa6eb82ea37cee551993cb7a90c4ffebf062d33e09b4464c7684e6552120d6cca9f0ff8df9db9baa717af40d08777f930b7765efb58ff29dcd689219bfdb358a7152b351b8c8ec3d4addbbe15a24b8611dd0561e55cbdf0d70ee1bd6132e5cae088fae63849ca727df54538b753a1dd849bedf097c03c8691d4340290e9e7cae75736dd1dcc2a4219c023b2cdded2cd5a3041e856d426498f47556979dc87dd39f30d99f9a376de9d41c94885eac17757a4c5de72a8111fd86ca8b078a2a7c2c18e9ef8a0d6d9fdae3912426a1fce6377d491d2ee2b882a2c9e09c15bc48972c591e34899bb36aa53277045a00712f38431889dffe44b5a41d139c6da0d255661329b5448de5e35fe8abeb7b9b5c33587cc2890bdaa080d17e3c29ebfd4ea349b1c97d5bcbc672e745c818379d5b6b4b14dd6241b7e8031286a3ceace38a49c8e3bae1295d9e21c9066a51213ad55d2cd6823323569c551706282ac235b9cc24813f528b2e3d5c8e1368a1c9d91300ee4bd9486c3b0bdd4b21a6c8d19dfc2ede06622683f781f000a0d2ec6869beaf235fdc50b668bb260e1460ad9dbafa0d80f1bc3118458aa1712372d29109ad20dad90496fe01b3c0d043e01bc38b7386558e88a58c6bea6491e4f00d1d3257f85ba6c27ed26684ab15f289444b47d0a10dcc93bd75e4cb54d282807c7f3ff3be1dd78931ad73d09d6a261d22affcc9d425f8d3150c3bf1b31ebc199874f0f03eafd172b70ecaee2db851233566a24d3ead6712ea4073e0a227ef816474ef4319f92b92b34261f4425552fb73f58c904fdd5c630d03a0cf8e69add1c17bf26a40733a2aa0ed93668314100535a28419bd579b8eb0d7a045f16eabd1a2ba8635a5bd87557e5c3f7489d313f9bec2e9b0dfaade4b674248d6b64fc615b4d1491c8f3a566c52db13e91ebe6932ebac439e492076122d097e55f971ebd04107c2735b2b5048db86e32497115f3f48e6c0665c296988671a9ba8da9f25976c90fda94cd0136d91228f345381d525191cbbae066ece14935a950aa647172db6223873a54411eb192bb849634848d8171a48bdc75d4eb029cce5e1ba7286bba5805c133e4f7255ba408d4cee3ae84720239e6d1d5799c1fcc47b6ac8104a764ad7628985bcf68441ccf9f5836c078b9621bc87707218601c4ef5cb9a75cd57557366bbc892f5e5430c485573ab7d493e624e47d0539df06e2ed276c56cbffb81d0ffb7723a1a259a8b78211670abd4bca009297f578604b14923b25cce9b2b315b1e55fbf488408c1e2a4be83df294c2975b92e573f43795b07935b32428ba542682a1cb1fa2aa3684a5d36c0099169277c18e97dd6aa3d309c33fb3ab7a010821f9c154a802b1f4a22679f4fc46ed69098d2b88523239f188a38034f453c18e83db6ad2664a1fcafc15bb19baa8c5cb701d46f3970043035eb559bb86ba1a6a21c76897a061e4af2a7fa5b2fd52a17e31f4e268ccd818e1262af1ded32af665527a97c8c31917946249267fba9a8fc292a70397514fb4fa26974dc805ec840bd6157aa547fc4a0e8f1f9236c192f007513d3be1c1660bf17efdfc7330c516bd2f528df7a1c554fe391c002f178ff562241e3d64d94d04650d6b1b4805f11049ace32323aaea3946133e6507afca0e21bdeb6d33585895442ceeb9b5950eb410b4019b06209e95242816fd49c32a5d5dd83f3ff967ae5381d6ca974217d13cd018ad664b1f32e9ff137e4d12c7a538c4f2d2d96b33f369f43c79ddc8ba11fbbeb2261c65debe85150572c13e9d273f6ed221248b4979782849510f2d048ae9cc8de3787144dfdcc9e7824d6b1bc502012a8723910028c9ff4bd35a45d794be327bda40b27b3a6a3b715a7e73b3f843132101810597d8ad71296cef6e97e850b1fa054c47a93c68dfb26ffb9510de049e5493dcd8f3f82516f371d904bc7c377063657b8b5416214c7fcbeb365c78e5395c9c70e49163c11979a3e410798ddaccc4ada3fa5b5e8ed05f03ee8750918832063453953c0a06883bded8dbd50720828879b400283d9ca18c82626533df4d165efcd2eea3100dc3f79edb6909bfab2e5c90b17a138c49defaf7e007eeec8edcda422cbed223e43222c5da1cadf2d694e248cecef3747f881e88621abb4ed4931a440c905a1554358f3b25e666587b65f073ed442ef3affdce1cbe0fc61a1d618e1c7b56dce7b3e58d2736f9e51cce24faebdbcc94b21c6c25c4c7568bc5fec8bf"}]}, {0x7, 0x5, 0x8, 0x2, 0x5, 0x9a2, 0xfffffffffffffffa, 0x5, [@generic={0x4a, 0xc, "ec40c6950c2a82502b482565bc2b7c3ad8a750969824d7575efa686446cd47636df8477771a9be6053dd38b4f36433fea9f72363a0239faa084f6c74c744f5490f59b468accbf473"}, @generic={0x1b, 0x35, "96a7ce159a6dc50e71c0c45b7666342f1b9f89f6922a499d7c"}]}, {0x7, 0x5, 0xffff, 0x10, 0x1ff, 0x0, 0x9c1c, 0xe26, [@generic={0x16, 0x2e, "94804f7b262689b8ac76d73ef828705f8995b54a"}]}, {0x7, 0x5, 0x10001, 0x4, 0xe9, 0x400, 0x0, 0xeac}]}]}]}, &(0x7f0000004f80)={0xa, &(0x7f0000004dc0)={0xa, 0x6, 0x3b3, 0x8000, 0x34c, 0x8, 0x7f, 0xe07}, 0xd8, &(0x7f0000004e00)={0x5, 0xf, 0xd8, 0x4, [@generic={0x8d, 0x10, 0x2, "34012942a547b23ec424b52749e2774648522c73ad894e2ba503d7f223f1ddfb6c16917643a5f94982cda869a2f5e45cb7a466fe3a35f9fb0cab1a2190520fba88fbba4a72c00fee31b2ef0b246442dbd37772f1f22459cd92b79c0c0781d3d116a43672d73b4fb08c8880aee68abf530a1083f918d9d085d7751287eac4084780d3cce67def9550e855"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x5, 0x9d03, 0x7f}, @generic={0x38, 0x10, 0xa, "50a463c32b452fd93c71d77686bd8567a4ee3c3cb2321b27f58ea8bdf312e455ab7fe13c606f7ea86c4ec26fe0c6783bb33abe6cf8"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x401, 0x3ff, 0x8001}]}, 0x1, [{0x6b, &(0x7f0000004f00)={0x6b, 0x3, 0x0, "57a6a0586c8a869785166cd3ccd65846120fc5ad09b9a5d9a55262b75e219e8e26780a424e80dc5d621677265e8855e2dec170fdb7ea4769c16ade501da638defeaec0875b3168acd13e6b558b0f1c48b2b055a20616fc26173cbd898b6ca558da727984184fe6"}}]}) syz_usb_control_io(r1, &(0x7f0000005300)={0x34, &(0x7f0000004fc0)={0x40, 0xb, 0x85, {0x85, 0x25, "b31d85cff72090491fa6e84937ed7d0dce2ecf9975280d64b350d03f40adc2e4de5f410a51fe252d106415df79bc49ae2628fa453b74ebe4d0699f78006069abb6d893decace256b67bb74f2f0a979db58e64a83922ae91aee8dc98d3fadd9e07297d393a984be8e654cf8aba0c4df115b45286469915bc8dda4040a331284eac8d33b"}}, &(0x7f0000005080)={0x0, 0x3, 0x33, {0x33, 0x3, 0x140f, "c6af5440279c569222ece5f173985c3b6a1104382b4bc887968c13698f86dd918771acc7bc26530d3f6e1d887d7b7b"}}, &(0x7f00000050c0)={0x0, 0x22, 0x152, {[@long={0x6, 0x8, 0xf, 0x45, 0x2, "1acd2d2be88a4ac8df26278c5e02b3b4975469a32d7c10919c503919a13127407e62d13daa697c9099c3678f952ee5338f4a61fc4946977c2d2b248227c540c1875140b2ee"}, @long={0x6, 0x7, 0xf, 0x1a, 0x5, "7949f029c737c8ecae0b1ab201bdb016914e4d2eb540010088d6"}, @long={0x8001, 0x6000000000000000, 0xf, 0x3b, 0x7, "b019383e5942c4558d7876773e6e0bc979ffb3cdf8d26d5732319ac25aaf0a2f422ac9c88025eee2214e07e67e331ab45881f309d9ce3ab3f5fe59"}, @short=@item_012={0x0, 0x0, 0xf}, @long={0xdcb, 0x8, 0xf, 0x7f, 0x3, "1b554f4d4f67afb80c8729f714347fb751f5bd5700ac5f017a934b16cdac14706ef02e05e0329c001b546849fc9d1d8d3cee0be410c89a923f30ea204cb0ae24e4182088632ac1ea3f8cd53fa609def346838af7dd836fcbd0e187d3e84343edf8455c5aeed3b7df2708077ae4156cece92f1e12a5f87890ecb4414d4aa455"}, @long={0x7, 0x5c1be770, 0xf, 0x29, 0xa, "6b94a61ea6158a890ad3667e9bd3081c25aeb5ee3ea9bb7ce6f9ac781572ed0b833bcbf4bf6337bd0e"}]}}, &(0x7f0000005240)={0x0, 0xf, 0x2d, {0x5, 0xf, 0x2d, 0x4, [@ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xf, 0x5d6c, 0x1b1, 0x7}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "aaee4e14432598c568f95ce401821319"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x8000, 0x401, 0x4}]}}, &(0x7f0000005280)={0x0, 0x29, 0xf, {0xf, 0x29, 0x2, 0x3, 0x4, 0x0, "dfbeba47", "a82875f1"}}, &(0x7f00000052c0)={0x0, 0x2a, 0xc, {0xc, 0x2a, 0x15, 0x0, 0xfffffffffffff801, 0x0, 0x4, 0x393b, 0x2}}}, &(0x7f0000005680)={0x54, &(0x7f0000005340)={0x60, 0x6, 0xd0, "d80bfba3a43f961edd21f5f071c1be683b1dca55a46bcdc0ac235d7a28811ddc2e4aec3fd0e003dab4936774d703586573d783cc15c00540bc661e2411e1f68620a7ce65e3c810921a22ce3af613cab83cac7010b137854038a9111d2ea0dab3ae93d47c7de3c5e4fdac813e6742a0712c4644e14101f1c1767390353244a8948d85b49b1b7e2bb2d8590286641511b989249795067aa55d70f69bd18be2933b080bac20b19c4b585a242e1eddbab9b88afabafa10c5a51e0d80c9f3215ac98b6795edbe3d5311ead00509b59d21cacb"}, &(0x7f0000005440), &(0x7f0000005480)={0x20, 0xa, 0x1, 0x5}, &(0x7f00000054c0), &(0x7f0000005500)={0x20, 0x8, 0x1, 0xffffffffffff8001}, &(0x7f0000005540)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000005580)={0x20, 0x0, 0x4, {0x20, 0x80}}, &(0x7f00000055c0)={0x40, 0x1, 0x3, "91ece0"}, &(0x7f0000005600)={0x40, 0x9, 0x3, "6dd299"}, &(0x7f0000005640)={0x20, 0x80, 0x1c, {0x6, 0x2, 0xc68d, 0x6, 0x5, 0x1, 0x0, 0x3, 0x2, 0xb24, 0x40, 0x4}}}) syz_usb_disconnect(0xffffffffffffffff) syz_usb_ep_write(r1, 0x17, 0x10, &(0x7f0000005700)="178452d5ae99f219ed0b127ee30b1015") csource_test.go:117: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include unsigned long long procid; static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) { __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i; for (i = 0; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } #define USB_MAX_EP_NUM 32 struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; unsigned config_length; struct usb_interface_descriptor* iface; struct usb_endpoint_descriptor* eps[USB_MAX_EP_NUM]; unsigned eps_num; }; static bool parse_usb_descriptor(char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config) + sizeof(*index->iface)) return false; index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->config_length = length - sizeof(*index->dev); index->iface = (struct usb_interface_descriptor*)(buffer + sizeof(*index->dev) + sizeof(*index->config)); index->eps_num = 0; size_t offset = 0; while (true) { if (offset == length) break; if (offset + 1 < length) break; uint8_t length = buffer[offset]; uint8_t type = buffer[offset + 1]; if (type == USB_DT_ENDPOINT) { index->eps[index->eps_num] = (struct usb_endpoint_descriptor*)(buffer + offset); index->eps_num++; } if (index->eps_num == USB_MAX_EP_NUM) break; offset += length; } return true; } enum usb_fuzzer_event_type { USB_FUZZER_EVENT_INVALID, USB_FUZZER_EVENT_CONNECT, USB_FUZZER_EVENT_DISCONNECT, USB_FUZZER_EVENT_SUSPEND, USB_FUZZER_EVENT_RESUME, USB_FUZZER_EVENT_CONTROL, }; struct usb_fuzzer_event { uint32_t type; uint32_t length; char data[0]; }; struct usb_fuzzer_init { uint64_t speed; const char* driver_name; const char* device_name; }; struct usb_fuzzer_ep_io { uint16_t ep; uint16_t flags; uint32_t length; char data[0]; }; #define USB_FUZZER_IOCTL_INIT _IOW('U', 0, struct usb_fuzzer_init) #define USB_FUZZER_IOCTL_RUN _IO('U', 1) #define USB_FUZZER_IOCTL_EP0_READ _IOWR('U', 2, struct usb_fuzzer_event) #define USB_FUZZER_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_fuzzer_ep_io) #define USB_FUZZER_IOCTL_EP_ENABLE _IOW('U', 4, struct usb_endpoint_descriptor) #define USB_FUZZER_IOCTL_EP_WRITE _IOW('U', 6, struct usb_fuzzer_ep_io) #define USB_FUZZER_IOCTL_CONFIGURE _IO('U', 8) #define USB_FUZZER_IOCTL_VBUS_DRAW _IOW('U', 9, uint32_t) int usb_fuzzer_open() { return open("/sys/kernel/debug/usb-fuzzer", O_RDWR); } int usb_fuzzer_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_fuzzer_init arg; arg.speed = speed; arg.driver_name = driver; arg.device_name = device; return ioctl(fd, USB_FUZZER_IOCTL_INIT, &arg); } int usb_fuzzer_run(int fd) { return ioctl(fd, USB_FUZZER_IOCTL_RUN, 0); } int usb_fuzzer_ep0_read(int fd, struct usb_fuzzer_event* event) { return ioctl(fd, USB_FUZZER_IOCTL_EP0_READ, event); } int usb_fuzzer_ep0_write(int fd, struct usb_fuzzer_ep_io* io) { return ioctl(fd, USB_FUZZER_IOCTL_EP0_WRITE, io); } int usb_fuzzer_ep_write(int fd, struct usb_fuzzer_ep_io* io) { return ioctl(fd, USB_FUZZER_IOCTL_EP_WRITE, io); } int usb_fuzzer_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_FUZZER_IOCTL_EP_ENABLE, desc); } int usb_fuzzer_configure(int fd) { return ioctl(fd, USB_FUZZER_IOCTL_CONFIGURE, 0); } int usb_fuzzer_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_FUZZER_IOCTL_VBUS_DRAW, power); } #define USB_MAX_PACKET_SIZE 1024 struct usb_fuzzer_control_event { struct usb_fuzzer_event inner; struct usb_ctrlrequest ctrl; }; struct usb_fuzzer_ep_io_data { struct usb_fuzzer_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static bool lookup_connect_response(struct vusb_connect_descriptors* descs, struct usb_device_index* index, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length, bool* done) { uint8_t str_idx; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (str_idx >= descs->strs_len) return false; *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: *response_data = descs->qual; *response_length = descs->qual_len; return true; default: exit(1); return false; } break; case USB_REQ_SET_CONFIGURATION: *response_length = 0; *response_data = NULL; *done = true; return true; default: exit(1); return false; } break; default: exit(1); return false; } return false; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int64_t speed = a0; int64_t dev_len = a1; char* dev = (char*)a2; struct vusb_connect_descriptors* descs = (struct vusb_connect_descriptors*)a3; if (!dev) return -1; struct usb_device_index index; memset(&index, 0, sizeof(index)); int rv; NONFAILING(rv = parse_usb_descriptor(dev, dev_len, &index)); if (!rv) return -1; int fd = usb_fuzzer_open(); if (fd < 0) return -1; char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); rv = usb_fuzzer_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) return -1; rv = usb_fuzzer_run(fd); if (rv < 0) return -1; bool done = false; while (!done) { struct usb_fuzzer_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_fuzzer_ep0_read(fd, (struct usb_fuzzer_event*)&event); if (rv < 0) return -1; if (event.inner.type != USB_FUZZER_EVENT_CONTROL) continue; bool response_found; char* response_data = NULL; uint32_t response_length = 0; NONFAILING(response_found = lookup_connect_response(descs, &index, &event.ctrl, &response_data, &response_length, &done)); if (!response_found) return -1; if (done) { int rv = usb_fuzzer_vbus_draw(fd, index.config->bMaxPower); if (rv < 0) return -1; rv = usb_fuzzer_configure(fd); if (rv < 0) return -1; unsigned ep; for (ep = 0; ep < index.eps_num; ep++) { rv = usb_fuzzer_ep_enable(fd, index.eps[ep]); if (rv < 0) exit(1); } } struct usb_fuzzer_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); if (event.ctrl.wLength < response.inner.length) response.inner.length = event.ctrl.wLength; usb_fuzzer_ep0_write(fd, (struct usb_fuzzer_ep_io*)&response); } sleep_ms(200); return fd; } struct vusb_descriptor { uint8_t req_type; uint8_t desc_type; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_descriptors { uint32_t len; struct vusb_descriptor* generic; struct vusb_descriptor* descs[0]; } __attribute__((packed)); struct vusb_response { uint8_t type; uint8_t req; uint32_t len; char data[0]; } __attribute__((packed)); struct vusb_responses { uint32_t len; struct vusb_response* generic; struct vusb_response* resps[0]; } __attribute__((packed)); static bool lookup_control_io_response(struct vusb_descriptors* descs, struct vusb_responses* resps, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { int descs_num = (descs->len - offsetof(struct vusb_descriptors, descs)) / sizeof(descs->descs[0]); int resps_num = (resps->len - offsetof(struct vusb_responses, resps)) / sizeof(resps->resps[0]); uint8_t req = ctrl->bRequest; uint8_t req_type = ctrl->bRequestType & USB_TYPE_MASK; uint8_t desc_type = ctrl->wValue >> 8; if (req == USB_REQ_GET_DESCRIPTOR) { int i; for (i = 0; i < descs_num; i++) { struct vusb_descriptor* desc = descs->descs[i]; if (!desc) continue; if (desc->req_type == req_type && desc->desc_type == desc_type) { *response_length = desc->len; if (*response_length != 0) *response_data = &desc->data[0]; else *response_data = NULL; return true; } } if (descs->generic) { *response_data = &descs->generic->data[0]; *response_length = descs->generic->len; return true; } } else { int i; for (i = 0; i < resps_num; i++) { struct vusb_response* resp = resps->resps[i]; if (!resp) continue; if (resp->type == req_type && resp->req == req) { *response_length = resp->len; if (*response_length != 0) *response_data = &resp->data[0]; else *response_data = NULL; return true; } } if (resps->generic) { *response_data = &resps->generic->data[0]; *response_length = resps->generic->len; return true; } } return false; } static volatile long syz_usb_control_io(volatile long a0, volatile long a1, volatile long a2) { int fd = a0; struct vusb_descriptors* descs = (struct vusb_descriptors*)a1; struct vusb_responses* resps = (struct vusb_responses*)a2; struct usb_fuzzer_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); int rv = usb_fuzzer_ep0_read(fd, (struct usb_fuzzer_event*)&event); if (rv < 0) return -1; if (event.inner.type != USB_FUZZER_EVENT_CONTROL) return -1; bool response_found; char* response_data = NULL; uint32_t response_length = 0; NONFAILING(response_found = lookup_control_io_response(descs, resps, &event.ctrl, &response_data, &response_length)); if (!response_found) return -1; struct usb_fuzzer_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); if (event.ctrl.wLength < response.inner.length) response.inner.length = event.ctrl.wLength; usb_fuzzer_ep0_write(fd, (struct usb_fuzzer_ep_io*)&response); return 0; } static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { int fd = a0; uint16_t ep = a1; uint32_t len = a2; char* data = (char*)a3; struct usb_fuzzer_ep_io_data response; response.inner.ep = ep; response.inner.flags = 0; if (len > sizeof(response.data)) len = 0; response.inner.length = len; if (data) memcpy(&response.data[0], data, len); return usb_fuzzer_ep_write(fd, (struct usb_fuzzer_ep_io*)&response); } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; NONFAILING(strncpy(buf, (char*)a0, sizeof(buf) - 1)); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { NONFAILING(snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1)); } else if (a0 == -1) { NONFAILING(snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1)); } else { NONFAILING(snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1)); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_open_pts(volatile long a0, volatile long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } const int kInitNetNsFd = 239; static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } static long syz_genetlink_get_family_id(volatile long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; NONFAILING(strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ)); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define SYZ_memfd_create 319 static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments) { char loopname[64], linkname[64]; int loopfd, err = 0, res = -1; unsigned long i, j; struct fs_image_segment* segs = (struct fs_image_segment*)segments; if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; int memfd = syscall(SYZ_memfd_create, "syz_read_part_table", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } struct loop_info64 info; if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) { err = errno; goto error_clear_loop; } info.lo_flags |= LO_FLAGS_PARTSCAN; if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) { err = errno; goto error_clear_loop; } res = 0; for (i = 1, j = 0; i < 8; i++) { snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i); struct stat statbuf; if (stat(loopname, &statbuf) == 0) { snprintf(linkname, sizeof(linkname), "./file%d", (int)j++); if (symlink(loopname, linkname)) { } } } error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return res; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { char loopname[64], fs[32], opts[256]; int loopfd, err = 0, res = -1; unsigned long i; struct fs_image_segment* segs = (struct fs_image_segment*)segments; if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; int memfd = syscall(SYZ_memfd_create, "syz_mount_image", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } mkdir((char*)dir, 0777); memset(fs, 0, sizeof(fs)); NONFAILING(strncpy(fs, (char*)fsarg, sizeof(fs) - 1)); memset(opts, 0, sizeof(opts)); NONFAILING(strncpy(opts, (char*)optsarg, sizeof(opts) - 32)); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } if (mount(loopname, (char*)dir, fs, flags, opts)) { err = errno; goto error_clear_loop; } res = 0; error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return res; } const char kvm_asm16_cpl3[] = "\x0f\x20\xc0\x66\x83\xc8\x01\x0f\x22\xc0\xb8\xa0\x00\x0f\x00\xd8\xb8\x2b\x00\x8e\xd8\x8e\xc0\x8e\xe0\x8e\xe8\xbc\x00\x01\xc7\x06\x00\x01\x1d\xba\xc7\x06\x02\x01\x23\x00\xc7\x06\x04\x01\x00\x01\xc7\x06\x06\x01\x2b\x00\xcb"; const char kvm_asm32_paged[] = "\x0f\x20\xc0\x0d\x00\x00\x00\x80\x0f\x22\xc0"; const char kvm_asm32_vm86[] = "\x66\xb8\xb8\x00\x0f\x00\xd8\xea\x00\x00\x00\x00\xd0\x00"; const char kvm_asm32_paged_vm86[] = "\x0f\x20\xc0\x0d\x00\x00\x00\x80\x0f\x22\xc0\x66\xb8\xb8\x00\x0f\x00\xd8\xea\x00\x00\x00\x00\xd0\x00"; const char kvm_asm64_enable_long[] = "\x0f\x20\xc0\x0d\x00\x00\x00\x80\x0f\x22\xc0\xea\xde\xc0\xad\x0b\x50\x00\x48\xc7\xc0\xd8\x00\x00\x00\x0f\x00\xd8"; const char kvm_asm64_init_vm[] = "\x0f\x20\xc0\x0d\x00\x00\x00\x80\x0f\x22\xc0\xea\xde\xc0\xad\x0b\x50\x00\x48\xc7\xc0\xd8\x00\x00\x00\x0f\x00\xd8\x48\xc7\xc1\x3a\x00\x00\x00\x0f\x32\x48\x83\xc8\x05\x0f\x30\x0f\x20\xe0\x48\x0d\x00\x20\x00\x00\x0f\x22\xe0\x48\xc7\xc1\x80\x04\x00\x00\x0f\x32\x48\xc7\xc2\x00\x60\x00\x00\x89\x02\x48\xc7\xc2\x00\x70\x00\x00\x89\x02\x48\xc7\xc0\x00\x5f\x00\x00\xf3\x0f\xc7\x30\x48\xc7\xc0\x08\x5f\x00\x00\x66\x0f\xc7\x30\x0f\xc7\x30\x48\xc7\xc1\x81\x04\x00\x00\x0f\x32\x48\x83\xc8\x3f\x48\x21\xd0\x48\xc7\xc2\x00\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x02\x40\x00\x00\x48\xb8\x84\x9e\x99\xf3\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x1e\x40\x00\x00\x48\xc7\xc0\x81\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc1\x83\x04\x00\x00\x0f\x32\x48\x0d\xff\x6f\x03\x00\x48\x21\xd0\x48\xc7\xc2\x0c\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc1\x84\x04\x00\x00\x0f\x32\x48\x0d\xff\x17\x00\x00\x48\x21\xd0\x48\xc7\xc2\x12\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x04\x2c\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x00\x28\x00\x00\x48\xc7\xc0\xff\xff\xff\xff\x0f\x79\xd0\x48\xc7\xc2\x02\x0c\x00\x00\x48\xc7\xc0\x50\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc0\x58\x00\x00\x00\x48\xc7\xc2\x00\x0c\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x04\x0c\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x06\x0c\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x08\x0c\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0a\x0c\x00\x00\x0f\x79\xd0\x48\xc7\xc0\xd8\x00\x00\x00\x48\xc7\xc2\x0c\x0c\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x02\x2c\x00\x00\x48\xc7\xc0\x00\x05\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x00\x4c\x00\x00\x48\xc7\xc0\x50\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x10\x6c\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x12\x6c\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x0f\x20\xc0\x48\xc7\xc2\x00\x6c\x00\x00\x48\x89\xc0\x0f\x79\xd0\x0f\x20\xd8\x48\xc7\xc2\x02\x6c\x00\x00\x48\x89\xc0\x0f\x79\xd0\x0f\x20\xe0\x48\xc7\xc2\x04\x6c\x00\x00\x48\x89\xc0\x0f\x79\xd0\x48\xc7\xc2\x06\x6c\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x08\x6c\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0a\x6c\x00\x00\x48\xc7\xc0\x00\x3a\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0c\x6c\x00\x00\x48\xc7\xc0\x00\x10\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0e\x6c\x00\x00\x48\xc7\xc0\x00\x38\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x14\x6c\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x16\x6c\x00\x00\x48\x8b\x04\x25\x10\x5f\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x00\x00\x00\x00\x48\xc7\xc0\x01\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x02\x00\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x00\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x02\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x04\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x06\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc1\x77\x02\x00\x00\x0f\x32\x48\xc1\xe2\x20\x48\x09\xd0\x48\xc7\xc2\x00\x2c\x00\x00\x48\x89\xc0\x0f\x79\xd0\x48\xc7\xc2\x04\x40\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0a\x40\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0e\x40\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x10\x40\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x16\x40\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x14\x40\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x00\x60\x00\x00\x48\xc7\xc0\xff\xff\xff\xff\x0f\x79\xd0\x48\xc7\xc2\x02\x60\x00\x00\x48\xc7\xc0\xff\xff\xff\xff\x0f\x79\xd0\x48\xc7\xc2\x1c\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x1e\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x20\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x22\x20\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x00\x08\x00\x00\x48\xc7\xc0\x58\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x02\x08\x00\x00\x48\xc7\xc0\x50\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x04\x08\x00\x00\x48\xc7\xc0\x58\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x06\x08\x00\x00\x48\xc7\xc0\x58\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x08\x08\x00\x00\x48\xc7\xc0\x58\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0a\x08\x00\x00\x48\xc7\xc0\x58\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0c\x08\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0e\x08\x00\x00\x48\xc7\xc0\xd8\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x12\x68\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x14\x68\x00\x00\x48\xc7\xc0\x00\x3a\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x16\x68\x00\x00\x48\xc7\xc0\x00\x10\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x18\x68\x00\x00\x48\xc7\xc0\x00\x38\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x00\x48\x00\x00\x48\xc7\xc0\xff\xff\x0f\x00\x0f\x79\xd0\x48\xc7\xc2\x02\x48\x00\x00\x48\xc7\xc0\xff\xff\x0f\x00\x0f\x79\xd0\x48\xc7\xc2\x04\x48\x00\x00\x48\xc7\xc0\xff\xff\x0f\x00\x0f\x79\xd0\x48\xc7\xc2\x06\x48\x00\x00\x48\xc7\xc0\xff\xff\x0f\x00\x0f\x79\xd0\x48\xc7\xc2\x08\x48\x00\x00\x48\xc7\xc0\xff\xff\x0f\x00\x0f\x79\xd0\x48\xc7\xc2\x0a\x48\x00\x00\x48\xc7\xc0\xff\xff\x0f\x00\x0f\x79\xd0\x48\xc7\xc2\x0c\x48\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0e\x48\x00\x00\x48\xc7\xc0\xff\x1f\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x10\x48\x00\x00\x48\xc7\xc0\xff\x1f\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x12\x48\x00\x00\x48\xc7\xc0\xff\x1f\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x14\x48\x00\x00\x48\xc7\xc0\x93\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x16\x48\x00\x00\x48\xc7\xc0\x9b\x20\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x18\x48\x00\x00\x48\xc7\xc0\x93\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x1a\x48\x00\x00\x48\xc7\xc0\x93\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x1c\x48\x00\x00\x48\xc7\xc0\x93\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x1e\x48\x00\x00\x48\xc7\xc0\x93\x40\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x20\x48\x00\x00\x48\xc7\xc0\x82\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x22\x48\x00\x00\x48\xc7\xc0\x8b\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x1c\x68\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x1e\x68\x00\x00\x48\xc7\xc0\x00\x91\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x20\x68\x00\x00\x48\xc7\xc0\x02\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x06\x28\x00\x00\x48\xc7\xc0\x00\x05\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0a\x28\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0c\x28\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x0e\x28\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x48\xc7\xc2\x10\x28\x00\x00\x48\xc7\xc0\x00\x00\x00\x00\x0f\x79\xd0\x0f\x20\xc0\x48\xc7\xc2\x00\x68\x00\x00\x48\x89\xc0\x0f\x79\xd0\x0f\x20\xd8\x48\xc7\xc2\x02\x68\x00\x00\x48\x89\xc0\x0f\x79\xd0\x0f\x20\xe0\x48\xc7\xc2\x04\x68\x00\x00\x48\x89\xc0\x0f\x79\xd0\x48\xc7\xc0\x18\x5f\x00\x00\x48\x8b\x10\x48\xc7\xc0\x20\x5f\x00\x00\x48\x8b\x08\x48\x31\xc0\x0f\x78\xd0\x48\x31\xc8\x0f\x79\xd0\x0f\x01\xc2\x48\xc7\xc2\x00\x44\x00\x00\x0f\x78\xd0\xf4"; const char kvm_asm64_vm_exit[] = "\x48\xc7\xc3\x00\x44\x00\x00\x0f\x78\xda\x48\xc7\xc3\x02\x44\x00\x00\x0f\x78\xd9\x48\xc7\xc0\x00\x64\x00\x00\x0f\x78\xc0\x48\xc7\xc3\x1e\x68\x00\x00\x0f\x78\xdb\xf4"; const char kvm_asm64_cpl3[] = "\x0f\x20\xc0\x0d\x00\x00\x00\x80\x0f\x22\xc0\xea\xde\xc0\xad\x0b\x50\x00\x48\xc7\xc0\xd8\x00\x00\x00\x0f\x00\xd8\x48\xc7\xc0\x6b\x00\x00\x00\x8e\xd8\x8e\xc0\x8e\xe0\x8e\xe8\x48\xc7\xc4\x80\x0f\x00\x00\x48\xc7\x04\x24\x1d\xba\x00\x00\x48\xc7\x44\x24\x04\x63\x00\x00\x00\x48\xc7\x44\x24\x08\x80\x0f\x00\x00\x48\xc7\x44\x24\x0c\x6b\x00\x00\x00\xcb"; #define ADDR_TEXT 0x0000 #define ADDR_GDT 0x1000 #define ADDR_LDT 0x1800 #define ADDR_PML4 0x2000 #define ADDR_PDP 0x3000 #define ADDR_PD 0x4000 #define ADDR_STACK0 0x0f80 #define ADDR_VAR_HLT 0x2800 #define ADDR_VAR_SYSRET 0x2808 #define ADDR_VAR_SYSEXIT 0x2810 #define ADDR_VAR_IDT 0x3800 #define ADDR_VAR_TSS64 0x3a00 #define ADDR_VAR_TSS64_CPL3 0x3c00 #define ADDR_VAR_TSS16 0x3d00 #define ADDR_VAR_TSS16_2 0x3e00 #define ADDR_VAR_TSS16_CPL3 0x3f00 #define ADDR_VAR_TSS32 0x4800 #define ADDR_VAR_TSS32_2 0x4a00 #define ADDR_VAR_TSS32_CPL3 0x4c00 #define ADDR_VAR_TSS32_VM86 0x4e00 #define ADDR_VAR_VMXON_PTR 0x5f00 #define ADDR_VAR_VMCS_PTR 0x5f08 #define ADDR_VAR_VMEXIT_PTR 0x5f10 #define ADDR_VAR_VMWRITE_FLD 0x5f18 #define ADDR_VAR_VMWRITE_VAL 0x5f20 #define ADDR_VAR_VMXON 0x6000 #define ADDR_VAR_VMCS 0x7000 #define ADDR_VAR_VMEXIT_CODE 0x9000 #define ADDR_VAR_USER_CODE 0x9100 #define ADDR_VAR_USER_CODE2 0x9120 #define SEL_LDT (1 << 3) #define SEL_CS16 (2 << 3) #define SEL_DS16 (3 << 3) #define SEL_CS16_CPL3 ((4 << 3) + 3) #define SEL_DS16_CPL3 ((5 << 3) + 3) #define SEL_CS32 (6 << 3) #define SEL_DS32 (7 << 3) #define SEL_CS32_CPL3 ((8 << 3) + 3) #define SEL_DS32_CPL3 ((9 << 3) + 3) #define SEL_CS64 (10 << 3) #define SEL_DS64 (11 << 3) #define SEL_CS64_CPL3 ((12 << 3) + 3) #define SEL_DS64_CPL3 ((13 << 3) + 3) #define SEL_CGATE16 (14 << 3) #define SEL_TGATE16 (15 << 3) #define SEL_CGATE32 (16 << 3) #define SEL_TGATE32 (17 << 3) #define SEL_CGATE64 (18 << 3) #define SEL_CGATE64_HI (19 << 3) #define SEL_TSS16 (20 << 3) #define SEL_TSS16_2 (21 << 3) #define SEL_TSS16_CPL3 ((22 << 3) + 3) #define SEL_TSS32 (23 << 3) #define SEL_TSS32_2 (24 << 3) #define SEL_TSS32_CPL3 ((25 << 3) + 3) #define SEL_TSS32_VM86 (26 << 3) #define SEL_TSS64 (27 << 3) #define SEL_TSS64_HI (28 << 3) #define SEL_TSS64_CPL3 ((29 << 3) + 3) #define SEL_TSS64_CPL3_HI (30 << 3) #define MSR_IA32_FEATURE_CONTROL 0x3a #define MSR_IA32_VMX_BASIC 0x480 #define MSR_IA32_SMBASE 0x9e #define MSR_IA32_SYSENTER_CS 0x174 #define MSR_IA32_SYSENTER_ESP 0x175 #define MSR_IA32_SYSENTER_EIP 0x176 #define MSR_IA32_STAR 0xC0000081 #define MSR_IA32_LSTAR 0xC0000082 #define MSR_IA32_VMX_PROCBASED_CTLS2 0x48B #define NEXT_INSN $0xbadc0de #define PREFIX_SIZE 0xba1d #define KVM_SMI _IO(KVMIO, 0xb7) #define CR0_PE 1 #define CR0_MP (1 << 1) #define CR0_EM (1 << 2) #define CR0_TS (1 << 3) #define CR0_ET (1 << 4) #define CR0_NE (1 << 5) #define CR0_WP (1 << 16) #define CR0_AM (1 << 18) #define CR0_NW (1 << 29) #define CR0_CD (1 << 30) #define CR0_PG (1 << 31) #define CR4_VME 1 #define CR4_PVI (1 << 1) #define CR4_TSD (1 << 2) #define CR4_DE (1 << 3) #define CR4_PSE (1 << 4) #define CR4_PAE (1 << 5) #define CR4_MCE (1 << 6) #define CR4_PGE (1 << 7) #define CR4_PCE (1 << 8) #define CR4_OSFXSR (1 << 8) #define CR4_OSXMMEXCPT (1 << 10) #define CR4_UMIP (1 << 11) #define CR4_VMXE (1 << 13) #define CR4_SMXE (1 << 14) #define CR4_FSGSBASE (1 << 16) #define CR4_PCIDE (1 << 17) #define CR4_OSXSAVE (1 << 18) #define CR4_SMEP (1 << 20) #define CR4_SMAP (1 << 21) #define CR4_PKE (1 << 22) #define EFER_SCE 1 #define EFER_LME (1 << 8) #define EFER_LMA (1 << 10) #define EFER_NXE (1 << 11) #define EFER_SVME (1 << 12) #define EFER_LMSLE (1 << 13) #define EFER_FFXSR (1 << 14) #define EFER_TCE (1 << 15) #define PDE32_PRESENT 1 #define PDE32_RW (1 << 1) #define PDE32_USER (1 << 2) #define PDE32_PS (1 << 7) #define PDE64_PRESENT 1 #define PDE64_RW (1 << 1) #define PDE64_USER (1 << 2) #define PDE64_ACCESSED (1 << 5) #define PDE64_DIRTY (1 << 6) #define PDE64_PS (1 << 7) #define PDE64_G (1 << 8) struct tss16 { uint16_t prev; uint16_t sp0; uint16_t ss0; uint16_t sp1; uint16_t ss1; uint16_t sp2; uint16_t ss2; uint16_t ip; uint16_t flags; uint16_t ax; uint16_t cx; uint16_t dx; uint16_t bx; uint16_t sp; uint16_t bp; uint16_t si; uint16_t di; uint16_t es; uint16_t cs; uint16_t ss; uint16_t ds; uint16_t ldt; } __attribute__((packed)); struct tss32 { uint16_t prev, prevh; uint32_t sp0; uint16_t ss0, ss0h; uint32_t sp1; uint16_t ss1, ss1h; uint32_t sp2; uint16_t ss2, ss2h; uint32_t cr3; uint32_t ip; uint32_t flags; uint32_t ax; uint32_t cx; uint32_t dx; uint32_t bx; uint32_t sp; uint32_t bp; uint32_t si; uint32_t di; uint16_t es, esh; uint16_t cs, csh; uint16_t ss, ssh; uint16_t ds, dsh; uint16_t fs, fsh; uint16_t gs, gsh; uint16_t ldt, ldth; uint16_t trace; uint16_t io_bitmap; } __attribute__((packed)); struct tss64 { uint32_t reserved0; uint64_t rsp[3]; uint64_t reserved1; uint64_t ist[7]; uint64_t reserved2; uint32_t reserved3; uint32_t io_bitmap; } __attribute__((packed)); static void fill_segment_descriptor(uint64_t* dt, uint64_t* lt, struct kvm_segment* seg) { uint16_t index = seg->selector >> 3; uint64_t limit = seg->g ? seg->limit >> 12 : seg->limit; uint64_t sd = (limit & 0xffff) | (seg->base & 0xffffff) << 16 | (uint64_t)seg->type << 40 | (uint64_t)seg->s << 44 | (uint64_t)seg->dpl << 45 | (uint64_t)seg->present << 47 | (limit & 0xf0000ULL) << 48 | (uint64_t)seg->avl << 52 | (uint64_t)seg->l << 53 | (uint64_t)seg->db << 54 | (uint64_t)seg->g << 55 | (seg->base & 0xff000000ULL) << 56; NONFAILING(dt[index] = sd); NONFAILING(lt[index] = sd); } static void fill_segment_descriptor_dword(uint64_t* dt, uint64_t* lt, struct kvm_segment* seg) { fill_segment_descriptor(dt, lt, seg); uint16_t index = seg->selector >> 3; NONFAILING(dt[index + 1] = 0); NONFAILING(lt[index + 1] = 0); } static void setup_syscall_msrs(int cpufd, uint16_t sel_cs, uint16_t sel_cs_cpl3) { char buf[sizeof(struct kvm_msrs) + 5 * sizeof(struct kvm_msr_entry)]; memset(buf, 0, sizeof(buf)); struct kvm_msrs* msrs = (struct kvm_msrs*)buf; struct kvm_msr_entry* entries = msrs->entries; msrs->nmsrs = 5; entries[0].index = MSR_IA32_SYSENTER_CS; entries[0].data = sel_cs; entries[1].index = MSR_IA32_SYSENTER_ESP; entries[1].data = ADDR_STACK0; entries[2].index = MSR_IA32_SYSENTER_EIP; entries[2].data = ADDR_VAR_SYSEXIT; entries[3].index = MSR_IA32_STAR; entries[3].data = ((uint64_t)sel_cs << 32) | ((uint64_t)sel_cs_cpl3 << 48); entries[4].index = MSR_IA32_LSTAR; entries[4].data = ADDR_VAR_SYSRET; ioctl(cpufd, KVM_SET_MSRS, msrs); } static void setup_32bit_idt(struct kvm_sregs* sregs, char* host_mem, uintptr_t guest_mem) { sregs->idt.base = guest_mem + ADDR_VAR_IDT; sregs->idt.limit = 0x1ff; uint64_t* idt = (uint64_t*)(host_mem + sregs->idt.base); int i; for (i = 0; i < 32; i++) { struct kvm_segment gate; gate.selector = i << 3; switch (i % 6) { case 0: gate.type = 6; gate.base = SEL_CS16; break; case 1: gate.type = 7; gate.base = SEL_CS16; break; case 2: gate.type = 3; gate.base = SEL_TGATE16; break; case 3: gate.type = 14; gate.base = SEL_CS32; break; case 4: gate.type = 15; gate.base = SEL_CS32; break; case 6: gate.type = 11; gate.base = SEL_TGATE32; break; } gate.limit = guest_mem + ADDR_VAR_USER_CODE2; gate.present = 1; gate.dpl = 0; gate.s = 0; gate.g = 0; gate.db = 0; gate.l = 0; gate.avl = 0; fill_segment_descriptor(idt, idt, &gate); } } static void setup_64bit_idt(struct kvm_sregs* sregs, char* host_mem, uintptr_t guest_mem) { sregs->idt.base = guest_mem + ADDR_VAR_IDT; sregs->idt.limit = 0x1ff; uint64_t* idt = (uint64_t*)(host_mem + sregs->idt.base); int i; for (i = 0; i < 32; i++) { struct kvm_segment gate; gate.selector = (i * 2) << 3; gate.type = (i & 1) ? 14 : 15; gate.base = SEL_CS64; gate.limit = guest_mem + ADDR_VAR_USER_CODE2; gate.present = 1; gate.dpl = 0; gate.s = 0; gate.g = 0; gate.db = 0; gate.l = 0; gate.avl = 0; fill_segment_descriptor_dword(idt, idt, &gate); } } struct kvm_text { uintptr_t typ; const void* text; uintptr_t size; }; struct kvm_opt { uint64_t typ; uint64_t val; }; #define KVM_SETUP_PAGING (1 << 0) #define KVM_SETUP_PAE (1 << 1) #define KVM_SETUP_PROTECTED (1 << 2) #define KVM_SETUP_CPL3 (1 << 3) #define KVM_SETUP_VIRT86 (1 << 4) #define KVM_SETUP_SMM (1 << 5) #define KVM_SETUP_VM (1 << 6) static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7) { const int vmfd = a0; const int cpufd = a1; char* const host_mem = (char*)a2; const struct kvm_text* const text_array_ptr = (struct kvm_text*)a3; const uintptr_t text_count = a4; const uintptr_t flags = a5; const struct kvm_opt* const opt_array_ptr = (struct kvm_opt*)a6; uintptr_t opt_count = a7; const uintptr_t page_size = 4 << 10; const uintptr_t ioapic_page = 10; const uintptr_t guest_mem_size = 24 * page_size; const uintptr_t guest_mem = 0; (void)text_count; int text_type = 0; const void* text = 0; uintptr_t text_size = 0; NONFAILING(text_type = text_array_ptr[0].typ); NONFAILING(text = text_array_ptr[0].text); NONFAILING(text_size = text_array_ptr[0].size); uintptr_t i; for (i = 0; i < guest_mem_size / page_size; i++) { struct kvm_userspace_memory_region memreg; memreg.slot = i; memreg.flags = 0; memreg.guest_phys_addr = guest_mem + i * page_size; if (i == ioapic_page) memreg.guest_phys_addr = 0xfec00000; memreg.memory_size = page_size; memreg.userspace_addr = (uintptr_t)host_mem + i * page_size; ioctl(vmfd, KVM_SET_USER_MEMORY_REGION, &memreg); } struct kvm_userspace_memory_region memreg; memreg.slot = 1 + (1 << 16); memreg.flags = 0; memreg.guest_phys_addr = 0x30000; memreg.memory_size = 64 << 10; memreg.userspace_addr = (uintptr_t)host_mem; ioctl(vmfd, KVM_SET_USER_MEMORY_REGION, &memreg); struct kvm_sregs sregs; if (ioctl(cpufd, KVM_GET_SREGS, &sregs)) return -1; struct kvm_regs regs; memset(®s, 0, sizeof(regs)); regs.rip = guest_mem + ADDR_TEXT; regs.rsp = ADDR_STACK0; sregs.gdt.base = guest_mem + ADDR_GDT; sregs.gdt.limit = 256 * sizeof(uint64_t) - 1; uint64_t* gdt = (uint64_t*)(host_mem + sregs.gdt.base); struct kvm_segment seg_ldt; seg_ldt.selector = SEL_LDT; seg_ldt.type = 2; seg_ldt.base = guest_mem + ADDR_LDT; seg_ldt.limit = 256 * sizeof(uint64_t) - 1; seg_ldt.present = 1; seg_ldt.dpl = 0; seg_ldt.s = 0; seg_ldt.g = 0; seg_ldt.db = 1; seg_ldt.l = 0; sregs.ldt = seg_ldt; uint64_t* ldt = (uint64_t*)(host_mem + sregs.ldt.base); struct kvm_segment seg_cs16; seg_cs16.selector = SEL_CS16; seg_cs16.type = 11; seg_cs16.base = 0; seg_cs16.limit = 0xfffff; seg_cs16.present = 1; seg_cs16.dpl = 0; seg_cs16.s = 1; seg_cs16.g = 0; seg_cs16.db = 0; seg_cs16.l = 0; struct kvm_segment seg_ds16 = seg_cs16; seg_ds16.selector = SEL_DS16; seg_ds16.type = 3; struct kvm_segment seg_cs16_cpl3 = seg_cs16; seg_cs16_cpl3.selector = SEL_CS16_CPL3; seg_cs16_cpl3.dpl = 3; struct kvm_segment seg_ds16_cpl3 = seg_ds16; seg_ds16_cpl3.selector = SEL_DS16_CPL3; seg_ds16_cpl3.dpl = 3; struct kvm_segment seg_cs32 = seg_cs16; seg_cs32.selector = SEL_CS32; seg_cs32.db = 1; struct kvm_segment seg_ds32 = seg_ds16; seg_ds32.selector = SEL_DS32; seg_ds32.db = 1; struct kvm_segment seg_cs32_cpl3 = seg_cs32; seg_cs32_cpl3.selector = SEL_CS32_CPL3; seg_cs32_cpl3.dpl = 3; struct kvm_segment seg_ds32_cpl3 = seg_ds32; seg_ds32_cpl3.selector = SEL_DS32_CPL3; seg_ds32_cpl3.dpl = 3; struct kvm_segment seg_cs64 = seg_cs16; seg_cs64.selector = SEL_CS64; seg_cs64.l = 1; struct kvm_segment seg_ds64 = seg_ds32; seg_ds64.selector = SEL_DS64; struct kvm_segment seg_cs64_cpl3 = seg_cs64; seg_cs64_cpl3.selector = SEL_CS64_CPL3; seg_cs64_cpl3.dpl = 3; struct kvm_segment seg_ds64_cpl3 = seg_ds64; seg_ds64_cpl3.selector = SEL_DS64_CPL3; seg_ds64_cpl3.dpl = 3; struct kvm_segment seg_tss32; seg_tss32.selector = SEL_TSS32; seg_tss32.type = 9; seg_tss32.base = ADDR_VAR_TSS32; seg_tss32.limit = 0x1ff; seg_tss32.present = 1; seg_tss32.dpl = 0; seg_tss32.s = 0; seg_tss32.g = 0; seg_tss32.db = 0; seg_tss32.l = 0; struct kvm_segment seg_tss32_2 = seg_tss32; seg_tss32_2.selector = SEL_TSS32_2; seg_tss32_2.base = ADDR_VAR_TSS32_2; struct kvm_segment seg_tss32_cpl3 = seg_tss32; seg_tss32_cpl3.selector = SEL_TSS32_CPL3; seg_tss32_cpl3.base = ADDR_VAR_TSS32_CPL3; struct kvm_segment seg_tss32_vm86 = seg_tss32; seg_tss32_vm86.selector = SEL_TSS32_VM86; seg_tss32_vm86.base = ADDR_VAR_TSS32_VM86; struct kvm_segment seg_tss16 = seg_tss32; seg_tss16.selector = SEL_TSS16; seg_tss16.base = ADDR_VAR_TSS16; seg_tss16.limit = 0xff; seg_tss16.type = 1; struct kvm_segment seg_tss16_2 = seg_tss16; seg_tss16_2.selector = SEL_TSS16_2; seg_tss16_2.base = ADDR_VAR_TSS16_2; seg_tss16_2.dpl = 0; struct kvm_segment seg_tss16_cpl3 = seg_tss16; seg_tss16_cpl3.selector = SEL_TSS16_CPL3; seg_tss16_cpl3.base = ADDR_VAR_TSS16_CPL3; seg_tss16_cpl3.dpl = 3; struct kvm_segment seg_tss64 = seg_tss32; seg_tss64.selector = SEL_TSS64; seg_tss64.base = ADDR_VAR_TSS64; seg_tss64.limit = 0x1ff; struct kvm_segment seg_tss64_cpl3 = seg_tss64; seg_tss64_cpl3.selector = SEL_TSS64_CPL3; seg_tss64_cpl3.base = ADDR_VAR_TSS64_CPL3; seg_tss64_cpl3.dpl = 3; struct kvm_segment seg_cgate16; seg_cgate16.selector = SEL_CGATE16; seg_cgate16.type = 4; seg_cgate16.base = SEL_CS16 | (2 << 16); seg_cgate16.limit = ADDR_VAR_USER_CODE2; seg_cgate16.present = 1; seg_cgate16.dpl = 0; seg_cgate16.s = 0; seg_cgate16.g = 0; seg_cgate16.db = 0; seg_cgate16.l = 0; seg_cgate16.avl = 0; struct kvm_segment seg_tgate16 = seg_cgate16; seg_tgate16.selector = SEL_TGATE16; seg_tgate16.type = 3; seg_cgate16.base = SEL_TSS16_2; seg_tgate16.limit = 0; struct kvm_segment seg_cgate32 = seg_cgate16; seg_cgate32.selector = SEL_CGATE32; seg_cgate32.type = 12; seg_cgate32.base = SEL_CS32 | (2 << 16); struct kvm_segment seg_tgate32 = seg_cgate32; seg_tgate32.selector = SEL_TGATE32; seg_tgate32.type = 11; seg_tgate32.base = SEL_TSS32_2; seg_tgate32.limit = 0; struct kvm_segment seg_cgate64 = seg_cgate16; seg_cgate64.selector = SEL_CGATE64; seg_cgate64.type = 12; seg_cgate64.base = SEL_CS64; int kvmfd = open("/dev/kvm", O_RDWR); char buf[sizeof(struct kvm_cpuid2) + 128 * sizeof(struct kvm_cpuid_entry2)]; memset(buf, 0, sizeof(buf)); struct kvm_cpuid2* cpuid = (struct kvm_cpuid2*)buf; cpuid->nent = 128; ioctl(kvmfd, KVM_GET_SUPPORTED_CPUID, cpuid); ioctl(cpufd, KVM_SET_CPUID2, cpuid); close(kvmfd); const char* text_prefix = 0; int text_prefix_size = 0; char* host_text = host_mem + ADDR_TEXT; if (text_type == 8) { if (flags & KVM_SETUP_SMM) { if (flags & KVM_SETUP_PROTECTED) { sregs.cs = seg_cs16; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds16; sregs.cr0 |= CR0_PE; } else { sregs.cs.selector = 0; sregs.cs.base = 0; } NONFAILING(*(host_mem + ADDR_TEXT) = 0xf4); host_text = host_mem + 0x8000; ioctl(cpufd, KVM_SMI, 0); } else if (flags & KVM_SETUP_VIRT86) { sregs.cs = seg_cs32; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds32; sregs.cr0 |= CR0_PE; sregs.efer |= EFER_SCE; setup_syscall_msrs(cpufd, SEL_CS32, SEL_CS32_CPL3); setup_32bit_idt(&sregs, host_mem, guest_mem); if (flags & KVM_SETUP_PAGING) { uint64_t pd_addr = guest_mem + ADDR_PD; uint64_t* pd = (uint64_t*)(host_mem + ADDR_PD); NONFAILING(pd[0] = PDE32_PRESENT | PDE32_RW | PDE32_USER | PDE32_PS); sregs.cr3 = pd_addr; sregs.cr4 |= CR4_PSE; text_prefix = kvm_asm32_paged_vm86; text_prefix_size = sizeof(kvm_asm32_paged_vm86) - 1; } else { text_prefix = kvm_asm32_vm86; text_prefix_size = sizeof(kvm_asm32_vm86) - 1; } } else { sregs.cs.selector = 0; sregs.cs.base = 0; } } else if (text_type == 16) { if (flags & KVM_SETUP_CPL3) { sregs.cs = seg_cs16; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds16; text_prefix = kvm_asm16_cpl3; text_prefix_size = sizeof(kvm_asm16_cpl3) - 1; } else { sregs.cr0 |= CR0_PE; sregs.cs = seg_cs16; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds16; } } else if (text_type == 32) { sregs.cr0 |= CR0_PE; sregs.efer |= EFER_SCE; setup_syscall_msrs(cpufd, SEL_CS32, SEL_CS32_CPL3); setup_32bit_idt(&sregs, host_mem, guest_mem); if (flags & KVM_SETUP_SMM) { sregs.cs = seg_cs32; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds32; NONFAILING(*(host_mem + ADDR_TEXT) = 0xf4); host_text = host_mem + 0x8000; ioctl(cpufd, KVM_SMI, 0); } else if (flags & KVM_SETUP_PAGING) { sregs.cs = seg_cs32; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds32; uint64_t pd_addr = guest_mem + ADDR_PD; uint64_t* pd = (uint64_t*)(host_mem + ADDR_PD); NONFAILING(pd[0] = PDE32_PRESENT | PDE32_RW | PDE32_USER | PDE32_PS); sregs.cr3 = pd_addr; sregs.cr4 |= CR4_PSE; text_prefix = kvm_asm32_paged; text_prefix_size = sizeof(kvm_asm32_paged) - 1; } else if (flags & KVM_SETUP_CPL3) { sregs.cs = seg_cs32_cpl3; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds32_cpl3; } else { sregs.cs = seg_cs32; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds32; } } else { sregs.efer |= EFER_LME | EFER_SCE; sregs.cr0 |= CR0_PE; setup_syscall_msrs(cpufd, SEL_CS64, SEL_CS64_CPL3); setup_64bit_idt(&sregs, host_mem, guest_mem); sregs.cs = seg_cs32; sregs.ds = sregs.es = sregs.fs = sregs.gs = sregs.ss = seg_ds32; uint64_t pml4_addr = guest_mem + ADDR_PML4; uint64_t* pml4 = (uint64_t*)(host_mem + ADDR_PML4); uint64_t pdpt_addr = guest_mem + ADDR_PDP; uint64_t* pdpt = (uint64_t*)(host_mem + ADDR_PDP); uint64_t pd_addr = guest_mem + ADDR_PD; uint64_t* pd = (uint64_t*)(host_mem + ADDR_PD); NONFAILING(pml4[0] = PDE64_PRESENT | PDE64_RW | PDE64_USER | pdpt_addr); NONFAILING(pdpt[0] = PDE64_PRESENT | PDE64_RW | PDE64_USER | pd_addr); NONFAILING(pd[0] = PDE64_PRESENT | PDE64_RW | PDE64_USER | PDE64_PS); sregs.cr3 = pml4_addr; sregs.cr4 |= CR4_PAE; if (flags & KVM_SETUP_VM) { sregs.cr0 |= CR0_NE; NONFAILING(*((uint64_t*)(host_mem + ADDR_VAR_VMXON_PTR)) = ADDR_VAR_VMXON); NONFAILING(*((uint64_t*)(host_mem + ADDR_VAR_VMCS_PTR)) = ADDR_VAR_VMCS); NONFAILING(memcpy(host_mem + ADDR_VAR_VMEXIT_CODE, kvm_asm64_vm_exit, sizeof(kvm_asm64_vm_exit) - 1)); NONFAILING(*((uint64_t*)(host_mem + ADDR_VAR_VMEXIT_PTR)) = ADDR_VAR_VMEXIT_CODE); text_prefix = kvm_asm64_init_vm; text_prefix_size = sizeof(kvm_asm64_init_vm) - 1; } else if (flags & KVM_SETUP_CPL3) { text_prefix = kvm_asm64_cpl3; text_prefix_size = sizeof(kvm_asm64_cpl3) - 1; } else { text_prefix = kvm_asm64_enable_long; text_prefix_size = sizeof(kvm_asm64_enable_long) - 1; } } struct tss16 tss16; memset(&tss16, 0, sizeof(tss16)); tss16.ss0 = tss16.ss1 = tss16.ss2 = SEL_DS16; tss16.sp0 = tss16.sp1 = tss16.sp2 = ADDR_STACK0; tss16.ip = ADDR_VAR_USER_CODE2; tss16.flags = (1 << 1); tss16.cs = SEL_CS16; tss16.es = tss16.ds = tss16.ss = SEL_DS16; tss16.ldt = SEL_LDT; struct tss16* tss16_addr = (struct tss16*)(host_mem + seg_tss16_2.base); NONFAILING(memcpy(tss16_addr, &tss16, sizeof(tss16))); memset(&tss16, 0, sizeof(tss16)); tss16.ss0 = tss16.ss1 = tss16.ss2 = SEL_DS16; tss16.sp0 = tss16.sp1 = tss16.sp2 = ADDR_STACK0; tss16.ip = ADDR_VAR_USER_CODE2; tss16.flags = (1 << 1); tss16.cs = SEL_CS16_CPL3; tss16.es = tss16.ds = tss16.ss = SEL_DS16_CPL3; tss16.ldt = SEL_LDT; struct tss16* tss16_cpl3_addr = (struct tss16*)(host_mem + seg_tss16_cpl3.base); NONFAILING(memcpy(tss16_cpl3_addr, &tss16, sizeof(tss16))); struct tss32 tss32; memset(&tss32, 0, sizeof(tss32)); tss32.ss0 = tss32.ss1 = tss32.ss2 = SEL_DS32; tss32.sp0 = tss32.sp1 = tss32.sp2 = ADDR_STACK0; tss32.ip = ADDR_VAR_USER_CODE; tss32.flags = (1 << 1) | (1 << 17); tss32.ldt = SEL_LDT; tss32.cr3 = sregs.cr3; tss32.io_bitmap = offsetof(struct tss32, io_bitmap); struct tss32* tss32_addr = (struct tss32*)(host_mem + seg_tss32_vm86.base); NONFAILING(memcpy(tss32_addr, &tss32, sizeof(tss32))); memset(&tss32, 0, sizeof(tss32)); tss32.ss0 = tss32.ss1 = tss32.ss2 = SEL_DS32; tss32.sp0 = tss32.sp1 = tss32.sp2 = ADDR_STACK0; tss32.ip = ADDR_VAR_USER_CODE; tss32.flags = (1 << 1); tss32.cr3 = sregs.cr3; tss32.es = tss32.ds = tss32.ss = tss32.gs = tss32.fs = SEL_DS32; tss32.cs = SEL_CS32; tss32.ldt = SEL_LDT; tss32.cr3 = sregs.cr3; tss32.io_bitmap = offsetof(struct tss32, io_bitmap); struct tss32* tss32_cpl3_addr = (struct tss32*)(host_mem + seg_tss32_2.base); NONFAILING(memcpy(tss32_cpl3_addr, &tss32, sizeof(tss32))); struct tss64 tss64; memset(&tss64, 0, sizeof(tss64)); tss64.rsp[0] = ADDR_STACK0; tss64.rsp[1] = ADDR_STACK0; tss64.rsp[2] = ADDR_STACK0; tss64.io_bitmap = offsetof(struct tss64, io_bitmap); struct tss64* tss64_addr = (struct tss64*)(host_mem + seg_tss64.base); NONFAILING(memcpy(tss64_addr, &tss64, sizeof(tss64))); memset(&tss64, 0, sizeof(tss64)); tss64.rsp[0] = ADDR_STACK0; tss64.rsp[1] = ADDR_STACK0; tss64.rsp[2] = ADDR_STACK0; tss64.io_bitmap = offsetof(struct tss64, io_bitmap); struct tss64* tss64_cpl3_addr = (struct tss64*)(host_mem + seg_tss64_cpl3.base); NONFAILING(memcpy(tss64_cpl3_addr, &tss64, sizeof(tss64))); if (text_size > 1000) text_size = 1000; if (text_prefix) { NONFAILING(memcpy(host_text, text_prefix, text_prefix_size)); void* patch = 0; NONFAILING(patch = memmem(host_text, text_prefix_size, "\xde\xc0\xad\x0b", 4)); if (patch) NONFAILING(*((uint32_t*)patch) = guest_mem + ADDR_TEXT + ((char*)patch - host_text) + 6); uint16_t magic = PREFIX_SIZE; patch = 0; NONFAILING(patch = memmem(host_text, text_prefix_size, &magic, sizeof(magic))); if (patch) NONFAILING(*((uint16_t*)patch) = guest_mem + ADDR_TEXT + text_prefix_size); } NONFAILING(memcpy((void*)(host_text + text_prefix_size), text, text_size)); NONFAILING(*(host_text + text_prefix_size + text_size) = 0xf4); NONFAILING(memcpy(host_mem + ADDR_VAR_USER_CODE, text, text_size)); NONFAILING(*(host_mem + ADDR_VAR_USER_CODE + text_size) = 0xf4); NONFAILING(*(host_mem + ADDR_VAR_HLT) = 0xf4); NONFAILING(memcpy(host_mem + ADDR_VAR_SYSRET, "\x0f\x07\xf4", 3)); NONFAILING(memcpy(host_mem + ADDR_VAR_SYSEXIT, "\x0f\x35\xf4", 3)); NONFAILING(*(uint64_t*)(host_mem + ADDR_VAR_VMWRITE_FLD) = 0); NONFAILING(*(uint64_t*)(host_mem + ADDR_VAR_VMWRITE_VAL) = 0); if (opt_count > 2) opt_count = 2; for (i = 0; i < opt_count; i++) { uint64_t typ = 0; uint64_t val = 0; NONFAILING(typ = opt_array_ptr[i].typ); NONFAILING(val = opt_array_ptr[i].val); switch (typ % 9) { case 0: sregs.cr0 ^= val & (CR0_MP | CR0_EM | CR0_ET | CR0_NE | CR0_WP | CR0_AM | CR0_NW | CR0_CD); break; case 1: sregs.cr4 ^= val & (CR4_VME | CR4_PVI | CR4_TSD | CR4_DE | CR4_MCE | CR4_PGE | CR4_PCE | CR4_OSFXSR | CR4_OSXMMEXCPT | CR4_UMIP | CR4_VMXE | CR4_SMXE | CR4_FSGSBASE | CR4_PCIDE | CR4_OSXSAVE | CR4_SMEP | CR4_SMAP | CR4_PKE); break; case 2: sregs.efer ^= val & (EFER_SCE | EFER_NXE | EFER_SVME | EFER_LMSLE | EFER_FFXSR | EFER_TCE); break; case 3: val &= ((1 << 8) | (1 << 9) | (1 << 10) | (1 << 12) | (1 << 13) | (1 << 14) | (1 << 15) | (1 << 18) | (1 << 19) | (1 << 20) | (1 << 21)); regs.rflags ^= val; NONFAILING(tss16_addr->flags ^= val); NONFAILING(tss16_cpl3_addr->flags ^= val); NONFAILING(tss32_addr->flags ^= val); NONFAILING(tss32_cpl3_addr->flags ^= val); break; case 4: seg_cs16.type = val & 0xf; seg_cs32.type = val & 0xf; seg_cs64.type = val & 0xf; break; case 5: seg_cs16_cpl3.type = val & 0xf; seg_cs32_cpl3.type = val & 0xf; seg_cs64_cpl3.type = val & 0xf; break; case 6: seg_ds16.type = val & 0xf; seg_ds32.type = val & 0xf; seg_ds64.type = val & 0xf; break; case 7: seg_ds16_cpl3.type = val & 0xf; seg_ds32_cpl3.type = val & 0xf; seg_ds64_cpl3.type = val & 0xf; break; case 8: NONFAILING(*(uint64_t*)(host_mem + ADDR_VAR_VMWRITE_FLD) = (val & 0xffff)); NONFAILING(*(uint64_t*)(host_mem + ADDR_VAR_VMWRITE_VAL) = (val >> 16)); break; default: exit(1); } } regs.rflags |= 2; fill_segment_descriptor(gdt, ldt, &seg_ldt); fill_segment_descriptor(gdt, ldt, &seg_cs16); fill_segment_descriptor(gdt, ldt, &seg_ds16); fill_segment_descriptor(gdt, ldt, &seg_cs16_cpl3); fill_segment_descriptor(gdt, ldt, &seg_ds16_cpl3); fill_segment_descriptor(gdt, ldt, &seg_cs32); fill_segment_descriptor(gdt, ldt, &seg_ds32); fill_segment_descriptor(gdt, ldt, &seg_cs32_cpl3); fill_segment_descriptor(gdt, ldt, &seg_ds32_cpl3); fill_segment_descriptor(gdt, ldt, &seg_cs64); fill_segment_descriptor(gdt, ldt, &seg_ds64); fill_segment_descriptor(gdt, ldt, &seg_cs64_cpl3); fill_segment_descriptor(gdt, ldt, &seg_ds64_cpl3); fill_segment_descriptor(gdt, ldt, &seg_tss32); fill_segment_descriptor(gdt, ldt, &seg_tss32_2); fill_segment_descriptor(gdt, ldt, &seg_tss32_cpl3); fill_segment_descriptor(gdt, ldt, &seg_tss32_vm86); fill_segment_descriptor(gdt, ldt, &seg_tss16); fill_segment_descriptor(gdt, ldt, &seg_tss16_2); fill_segment_descriptor(gdt, ldt, &seg_tss16_cpl3); fill_segment_descriptor_dword(gdt, ldt, &seg_tss64); fill_segment_descriptor_dword(gdt, ldt, &seg_tss64_cpl3); fill_segment_descriptor(gdt, ldt, &seg_cgate16); fill_segment_descriptor(gdt, ldt, &seg_tgate16); fill_segment_descriptor(gdt, ldt, &seg_cgate32); fill_segment_descriptor(gdt, ldt, &seg_tgate32); fill_segment_descriptor_dword(gdt, ldt, &seg_cgate64); if (ioctl(cpufd, KVM_SET_SREGS, &sregs)) return -1; if (ioctl(cpufd, KVM_SET_REGS, ®s)) return -1; return 0; } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); if (unshare(CLONE_NEWNET)) { } loop(); exit(1); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { DIR* dp; struct dirent* ep; int iter = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); int i; for (i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); int i; for (i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } #define SYZ_HAVE_RESET_LOOP 1 static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } #define SYZ_HAVE_SETUP_TEST 1 static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static long syz_execute_func(volatile long text) { volatile long p[8] = {0}; (void)p; asm volatile("" ::"r"(0l), "r"(1l), "r"(2l), "r"(3l), "r"(4l), "r"(5l), "r"(6l), "r"(7l), "r"(8l), "r"(9l), "r"(10l), "r"(11l), "r"(12l), "r"(13l)); NONFAILING(((void (*)(void))(text))()); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 25; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter; for (iter = 0;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { long res; switch (call) { case 0: NONFAILING(*(uint32_t*)0x20000040 = 4); syscall(__NR_getsockopt, -1, 0x21, 0xb, 0x20000000, 0x20000040); break; case 1: syscall(__NR_ioctl, -1, 0xae47, 0xd000); break; case 2: syscall(__NR_semctl, 0, 4, 0xc, 0x20000080); break; case 3: syscall(__NR_ioctl, -1, 0x894b, 0x200000c0); break; case 4: NONFAILING(memcpy((void*)0x20000100, "./file0\000", 8)); syscall(__NR_readlinkat, -1, 0x20000100, 0x20000140, 0xac); break; case 5: syscall(__NR_ioctl, -1, 0x5328, 0); break; case 6: NONFAILING(*(uint32_t*)0x20000200 = 0); NONFAILING(*(uint32_t*)0x20000204 = 0x1000); syscall(__NR_setsockopt, -1, 0x84, 0x11, 0x20000200, 8); break; case 7: NONFAILING(*(uint32_t*)0x20000280 = 4); syscall(__NR_getsockopt, -1, 0x106, 1, 0x20000240, 0x20000280); break; case 8: NONFAILING(*(uint64_t*)0x200003c0 = 0x200002c0); NONFAILING(*(uint64_t*)0x200003c8 = 0xd0); NONFAILING(*(uint64_t*)0x20002880 = 0x20000400); NONFAILING(*(uint64_t*)0x20002888 = 0x1000); NONFAILING(*(uint64_t*)0x20002890 = 0x20001400); NONFAILING(*(uint64_t*)0x20002898 = 0xdf); NONFAILING(*(uint64_t*)0x200028a0 = 0x20001500); NONFAILING(*(uint64_t*)0x200028a8 = 0x9c); NONFAILING(*(uint64_t*)0x200028b0 = 0x200015c0); NONFAILING(*(uint64_t*)0x200028b8 = 0xa5); NONFAILING(*(uint64_t*)0x200028c0 = 0x20001680); NONFAILING(*(uint64_t*)0x200028c8 = 0x24); NONFAILING(*(uint64_t*)0x200028d0 = 0x200016c0); NONFAILING(*(uint64_t*)0x200028d8 = 0x99); NONFAILING(*(uint64_t*)0x200028e0 = 0x20001780); NONFAILING(*(uint64_t*)0x200028e8 = 0xec); NONFAILING(*(uint64_t*)0x200028f0 = 0x20001880); NONFAILING(*(uint64_t*)0x200028f8 = 0x1000); syscall(__NR_process_vm_writev, 0, 0x200003c0, 1, 0x20002880, 8, 0); break; case 9: NONFAILING(*(uint64_t*)0x20002900 = 0x20ffc000); NONFAILING(*(uint32_t*)0x20002908 = 0x3000); NONFAILING(*(uint32_t*)0x2000290c = 0); NONFAILING(*(uint32_t*)0x20002940 = 0x10); syscall(__NR_getsockopt, -1, 6, 0x23, 0x20002900, 0x20002940); break; case 10: NONFAILING(memcpy((void*)0x20000000, "\x45\x92\x64\x59\x79\x16", 6)); NONFAILING(*(uint8_t*)0x20000006 = 0); NONFAILING(*(uint8_t*)0x20000007 = 0); NONFAILING(*(uint8_t*)0x20000008 = 0); NONFAILING(*(uint8_t*)0x20000009 = 0); NONFAILING(*(uint8_t*)0x2000000a = 0); NONFAILING(*(uint8_t*)0x2000000b = 0); NONFAILING(*(uint16_t*)0x2000000c = htobe16(0x8847)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000000e, 0x3ff, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000000e, 0x20, 8, 1)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000000e, 0xffff, 9, 3)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000000e, 0x4913, 12, 20)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000012, 0xfffffc01, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000012, 5, 8, 1)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000012, 0x7664, 9, 3)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000012, 8, 12, 20)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000016, 0x7ff, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000016, 4, 8, 1)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000016, 0x3f, 9, 3)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x20000016, 0x6890, 12, 20)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001a, 0x80, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001a, 0x1ff, 8, 1)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001a, 2, 9, 3)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001a, 0x59c, 12, 20)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001e, 0x3f, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001e, 0x94, 8, 1)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001e, 0xeb0, 9, 3)); NONFAILING(STORE_BY_BITMASK(uint32_t, htobe32, 0x2000001e, 0x1000, 12, 20)); NONFAILING(memcpy((void*)0x20000022, "\x4a\x60\xa1\xa3\xda\x87\x13\xe1\x63\x95\xa0\x09\x6d\x85\xfb\x2f\x4b\xb3\x81\x4d\x37\x22\xc8\x7b\x74\xef\xcd\x87\xac\x32\x07\x51\xef\x21\x62\xbc\xf8\x4c\x19\xdc\xfb\xa0\x20\x32\x4e\x92\xa2\x2c\xed\xf6\x00\xaf\xe3\xc5\xf6\x1a\xbb\x2a\xe8\x12\x13\xca\xc4\xa0\xe8\xc2\xd9\xe5\xd9\x89\x87\x93\x79\xcd\x09\x7e\x38\x39\xa3\xb1\x96\x87\x07\x96\xc8\x4d\x14\x88\x15\xa5\xca\x96\xca\x62\x4f\x72\x8f\x09\x09\xdd\x8c\xd7\xad\xac\xef\x8f\x60\xf3\xe9\x5f\x64\xff\x1a\xbf\x8c\x74\x0f\xaa\x0a\x80\x00\xdd\x7d\x02\x23\x01\xbd\x24\xe8\x77\x82\xbb\xc2\xa2\x3c\xa0\x0b\x93\x65\xc5\x31\x07\xc4\x49\xb1\x0c\x72\xcc\x87\xcd\xcd\x1a\xbc\xdc\x6f\xeb\x93\x9f\x43\xba\x89\xb6\xad\xcc\xf2\x36\x6c\x2d\x8f\x72\xf0\x46\xe5\x20\x17\xe2\x54\xac\xc9\x2a\x0d\xf1\xe3\x57\xf3\x8f\x99\x99\x33\xd3\x70\x8d\xd6\x97\xf9\x3d\x48\xbe\x6d\x83\xff\x6a\x5c\x7e\x03\x9b\x97\x02\x44\xf0\x16\xf4\xd1\x0e\x23\x61\x0d\x96\x0f\x16\xb4\xa1\x50\x87\x09\x9c\xb4\xe6\x84\x99\x20\xa7\x7f\xc7\x93\xf8\xd3\xbf\x7c\xeb\x84\xd7\xa5\xb6\xa6\x80\xa7\xbc\x07\x72\x99\xdc\x7c\x90\xce\xe1\x75\xf7\x27\x20\xc9\x26\xc1\xcd\xd3\xa6\xee\xf0\x99\x15\xeb\xd7\x69\xcb\x2b\x22\x7d\x0c\x57\x07\xaf\x95\x99\xaa\xfe\x07\x92\x94\x53\x33\x7c\xe8\x4d\x47\xe1\x8e\x41\x57\xbd\xd9\xaf\x6f\xf0\x46\x2c\xaf\xf5\xcf\x24\xaa\x29\x6c\xe3\x6d\xf2\xc7\x6d\xe9\xf5\xac\x70\xe4\x7b\x5f\xb6\xb8\x22\x62\xa5\xa6\xf5\xca\x3a\x01\x7d\x43\x4f\x9e\x96\x19\x38\x47\xbf\x46\x31\x8c\x15\x89\xce\x0b\x70\xda\x1c\xa1\x6b\x90\x06\x0a\xdf\x8b\x8e\x5b\x1a\x92\x77\x36\x7f\x02\xe7\x99\x66\xcd\x6c\xbf\xd5\xe4\xe0\x26\x43\x06\x97\xe9\xad\x3c\x11\xe9\x5d\xf9\xbc\xa2\xe3\x90\x9b\x7e\x6e\x0d\xcb\x1d\x3e\xba\xbb\xf4\x41\x2f\x91\xed\x1c\x72\x58\x09\x84\x40\x70\x53\xad\x6c\xc2\xf4\xbd\x85\xf3\xef\xc0\x36\x18\x9b\x57\xf1\xfb\x39\xa6\x14\xf8\x9f\xd1\x2a\xfc\xa6\x7e\x4c\x38\x70\x0f\xf3\xb3\x8a\x32\xc8\x07\x60\x63\x62\x69\xc9\xde\xfc\xf2\xa2\x9c\xe1\x88\xeb\x68\xd2\xce\x56\xc9\x6c\x18\x4c\x1c\x30\xc9\x92\xce\xb6\xf7\x1a\x12\xe8\x3e\x79\xe9\x03\x20\x13\xe5\x53\x05\x4a\x7b\x8d\x10\x4e\x46\xf6\x7e\xb4\x35\x93\x71\xd0\x72\x57\x5c\x99\x29\x93\xc9\xb9\xd3\x14\xf7\xf7\x12\x2a\xe9\x95\xb9\xc1\x0c\x75\x75\xfc\xb7\x91\x22\x44\xaf\x5d\x65\x2d\xa3\x2a\x41\x59\x83\x15\xf0\x88\xf0\xa6\xff\x38\xef\xd9\x37\xab\x95\x77\x8b\xf6\xf5\xb7\x8c\x7e\x7f\x3f\x2b\xfe\x83\xfb\xec\x62\x7d\x74\x83\xe8\xd5\x12\xbf\xb1\x6c\xbc\x35\xda\x31\x8b\x44\xe1\x2a\xea\x2e\xfe\x49\x88\xf3\x07\x42\x50\xc6\x45\x13\x7b\x16\xf7\x98\x9a\xd3\xab\x94\x29\x5d\xbe\x1f\x04\x5a\xc7\xa3\xf0\x42\x70\xa0\x4b\x28\x23\xdb\xd1\x96\x83\x0f\xca\x3a\xbc\x8e\x9d\xee\xa2\xb2\xcf\x86\x53\x7b\x5b\xe2\xc6\xc4\x7f\x87\x6f\x23\x49\x55\x5e\x1a\x85\x9b\xd0\x85\x01\x58\x91\x98\x39\x16\x9b\x33\x12\x99\x40\xbe\xb3\xbc\x9f\xba\x83\x90\x81\xd8\x8f\xbd\x26\x7d\x94\xda\x1a\xb8\x19\x81\x96\x3f\x61\x88\xbd\x7a\x13\x05\x43\xf3\xca\x8a\x85\xd3\x07\x78\xd6\xdb\xe2\x31\x22\x54\x4a\xac\x36\x1d\x01\x7d\x5e\x01\xa9\x52\x6e\xdb\x98\x63\xf9\x52\x18\x89\x4c\x87\x94\xd4\x73\x0d\x74\x4a\xdf\xd9\x6f\xa5\xc0\xe2\x46\x0f\x51\x4a\x51\x12\x8b\x0e\x55\xec\x27\xc3\x2f\x57\xff\xbe\xbb\x63\xc4\xf4\xb1\x45\x70\xd1\xee\x2d\xa2\x2f\x74\x35\x0f\x2c\x54\x08\xcf\xad\x2b\x80\x27\xca\xde\xfe\x02\xca\x4c\xdf\x0e\xb3\xe1\x9c\x28\xc1\xc0\x21\x20\x1c\xcd\xec\xad\x50\xa5\x0f\xa9\xcf\x28\x1e\xf8\xdb\xa9\x9b\xad\xec\x11\xae\x41\xc3\xe0\x93\xf4\x24\x87\xa8\x44\x29\x05\xcd\x09\xba\xb9\xd8\x99\x8d\x05\xcd\x41\x1f\xcf\xc6\x34\x9a\x37\xe2\x71\xfc\x9e\x1b\x03\xb0\x69\x0a\x93\x70\xe9\xa8\xb9\xb2\xd6\x42\xeb\x61\xd1\xa7\x36\x71\xe2\x65\x6f\x98\x11\x31\x3c\x3c\x3a\x9b\xdf\x1d\x59\x67\xa7\x51\x82\x19\xf6\xd4\x0b\xdb\xc3\x92\xce\x13\xc0\x7d\xf8\x52\xd8\xb9\x75\x7b\x95\x8a\xa1\x5e\x8d\xef\x0a\x85\x3c\xe9\x94\x5d\xc7\xab\x38\x35\x92\x36\xb5\xc6\xb4\x1f\x19\x19\x79\x09\x43\xf2\x7f\x3e\x78\xc8\xc5\x7a\x8e\xe5\x86\x7f\xae\x71\x4f\xf9\xe0\x15\x62\x46\xb0\x4e\xca\x82\x55\xd3\x0c\xc5\x13\xae\x12\x62\x78\x5f\xb2\x23\x55\xeb\x56\xc8\xea\xed\x21\xe4\x5f\x5a\x91\x90\xb2\x93\x07\x31\xf6\x75\xa9\x58\xd4\x4c\x93\xd0\x84\xcf\xe9\x1d\xd7\x8e\x33\x95\x1e\x9f\xfb\xe2\x00\x55\x9a\x35\xe5\x8d\x90\x15\xf0\x04\xe5\x5d\x48\x7d\x71\xdd\x20\x01\xcb\x46\x8c\x80\xa3\x79\x2b\xc7\x45\x30\x48\x6f\xc8\x53\x6b\x27\x26\xb8\xb1\x36\x39\x60\x91\x25\x46\x3d\x87\x66\x31\x49\xd3\x68\x01\x6f\x7e\x55\x7c\xce\x49\x2a\x37\x72\xd9\x40\x93\x99\xe6\xaa\xa4\x88\x25\x22\x8b\xe9\xfb\xc9\xdf\x50\xed\x87\x97\x94\x38\xfb\xec\x4e\xa4\x15\xb4\xfa\x08\x41\x78\xd4\x91\x97\x8a\x0e\x37\x6f\xe7\xbd\x13\x09\xee\x1c\x9f\x0c\xde\xe3\x09\x92\xde\x8f\x65\xc6\x45\xe9\xd0\xca\x53\x42\x6f\xf5\x78\x9c\xd9\xfc\xd4\x4c\x44\xfd\x9f\xb1\xc4\x01\x2b\x80\x1b\x92\xb4\xac\xe6\xdf\x1d\x00\xba\x55\xe1\x9a\xa2\x67\x3f\x0a\x5f\xb2\xea\xbc\x41\x0b\x0a\x9d\xd3\x43\xca\x9c\xca\x79\xa8\x37\x08\xef\x48\x8f\x45\xf3\xfb\xd4\xb5\xa0\xe2\x89\xdc\x6d\x03\xb0\x6d\x7d\x32\xd9\x6a\xea\xa1\x4e\x6b\x90\xf7\x3f\x63\xfa\x43\x64\x38\x42\x3b\x07\x31\x80\x0a\x16\x41\xd4\xf8\x02\x96\xa5\x0a\xe9\xcd\x8b\xaa\x8b\xa3\x6f\x6d\xce\xdd\x1d\x76\xfc\x07\x83\x4f\x5d\x8a\x9b\x3b\x83\xba\xd8\xfa\x21\x03\xa7\x7b\xbe\xd3\x02\x0d\x60\x16\x05\x0e\x63\x14\xbc\x3a\x28\xe0\x43\x70\xdd\x25\xe2\xe9\x6f\xb9\xa8\x13\x34\xed\xb0\x38\x34\xf8\x9b\x88\xac\xcf\x25\x4c\x44\xd1\x90\xbf\x69\xee\xc9\x56\x00\x9a\x47\x7e\x60\x20\xa6\x39\xbc\xfa\xc1\x07\xa7\xb9\x05\xea\xdb\x58\xaf\x1b\xf0\x43\x36\x0a\x40\xd9\x67\x01\x29\x6e\xaa\xbb\x7c\xf5\x09\x86\x03\xed\xdc\x57\x26\x21\xb7\x05\xd0\xd6\xd2\x93\xac\x22\x32\x31\x38\x5c\x98\x2f\xff\x33\xda\xa3\x4f\xf5\xad\x69\xde\xa4\x8a\x45\x3d\x60\x30\x23\x09\xe6\x30\x04\xa7\x2c\x91\x55\x46\x72\xfb\x63\x98\x02\x84\xda\xdc\x4a\x41\x3b\x53\x19\x18\xbe\x32\x98\x35\x73\x70\x69\xf7\x95\x31\x41\x71\xc0\xc4\x7b\xe8\xb0\xb5\xe9\x6c\xbf\x5f\xd3\xe4\x1e\xf9\x6d\xc8\xe3\x59\xbb\x90\xaf\x45\x1f\xb3\x31\x8a\x36\x4f\x54\x50\xb9\xa1\x75\xcb\x50\x35\x30\x91\x46\x18\x6d\xd0\x6a\xd3\x34\x61\x10\xa1\x7d\x4d\x5c\x87\x12\xcb\x9b\xea\x3b\x19\x6b\x4d\x69\xa1\xcc\x70\x2d\x9b\xe4\xfd\x5b\x8b\xf6\x25\x42\xce\x82\x4e\x5c\x15\x0c\x6e\xb3\x1d\x6d\xa1\x18\x1c\x47\x7d\x10\x33\x9e\x76\xc3\x63\x51\x74\xdd\x2d\xa5\x9a\x43\x78\xaa\xa1\xb0\x45\x0f\xc7\x00\x47\xb0\x63\x54\xb0\xff\x4f\x63\x9c\x80\x91\x96\x86\x44\x0f\xec\xa2\xbd\xde\xb0\x46\x98\xa6\xf3\xf0\xee\x94\x62\x8a\xf6\x9f\xec\x2c\x61\x39\xe6\x8b\xfc\xb3\x2b\xc6\x1a\x7f\x1b\x37\x1e\x1e\x1f\x2c\x5a\x33\xd6\x6f\xb7\xb8\x4c\xab\xd3\xa6\x0c\x91\x0e\x33\x09\xb2\x1c\xad\xe5\x5c\x92\x0f\xce\xd5\xc9\x79\x94\x7b\x4b\xd4\xc6\xbc\xd4\xe0\x99\xf7\x9e\x18\x02\x8f\xc8\x89\xd9\x0b\xd2\xd6\xfa\x2f\xb4\x55\x4c\x24\x6f\xd1\xb5\x93\x01\xbd\x68\x17\xc6\xed\xad\x20\x04\x19\x38\xeb\xcc\x66\x8b\x89\xdf\x6f\xd0\xd1\xbe\x04\xa9\x4e\xd1\x2c\x61\x4d\x17\xf4\xe4\xc1\x6e\x99\xb4\x15\xcf\x3c\xe4\x6c\x01\x90\x7e\xc3\xba\x4a\x61\x91\x9b\x99\xa5\xf1\xc6\xe6\xc6\xde\x5c\x78\xe4\x9a\x05\x0f\x81\x96\x5f\x8d\xf4\xe4\x81\x5e\xcd\x19\xc2\x4c\x18\xd1\xe0\x53\x24\xe7\x40\x0b\x02\xd6\x9f\xeb\x4a\x5c\x91\x31\x75\x07\x62\xdb\x44\x67\x01\x2d\xd5\x80\xd9\x58\xef\xd3\x6d\xee\x85\x86\xdf\x3a\x16\x78\x91\xe0\xd3\x0b\xe4\xbf\x8f\xd9\x97\x44\x0d\x07\x98\xb8\x4a\x9f\x89\x95\xd6\x07\xd0\xae\xcf\x77\xa7\xc0\x1b\x9a\xfd\x8a\xa2\xd3\x71\x28\x18\xb3\x9b\xde\x80\x23\x16\x3c\x31\x1f\x39\xaf\x37\x16\xbc\x74\x3d\x7a\xbf\xb8\xff\x09\x37\xf8\xf2\x9a\xa3\xfb\x24\x19\x3c\x62\x1a\x72\xf3\x48\xc0\x59\x1f\xf0\xb8\x1b\x31\x3a\xf5\x5e\x81\xe6\xd4\xc6\x84\x3a\x04\x24\x6e\x9c\x41\x18\x0c\x07\xca\x6d\x9a\x13\x82\xb2\xdc\x28\x08\xec\xb8\x04\xbe\x79\xdf\x24\x87\x29\xc9\x4a\xa3\x14\x15\x5d\x91\x94\x4d\x57\x30\x9f\x35\x8c\x30\xd1\x7c\x45\x38\x67\x7d\x58\x35\xdd\xc2\xe3\x44\xad\xb4\xd9\x40\xe3\xd2\x39\x67\xff\xee\xbb\x46\xb4\xd7\xc7\x89\x3a\xd5\xa8\x06\xae\x2f\x8a\x69\x37\x3c\x13\x31\x7e\xb0\xc3\x82\x26\xb5\x22\x67\x25\xd1\x5d\xd0\xf1\x78\xf7\xc1\xa3\x10\xd9\xd3\x1a\x53\x01\xd0\x3c\x70\x8a\x89\xf7\x4c\xd9\x7c\xbe\xd4\x02\xb9\xed\x6d\x75\xc6\x57\x9b\x22\x9c\x92\xce\x1e\x0c\xe8\x96\x62\x49\xbb\x6c\x98\xbb\xa3\xc9\x91\xc5\x51\x7c\xb1\x5e\x01\xf4\x66\x9b\x0e\x7f\x4a\x32\xc9\x71\x86\x48\x63\x06\xc3\xf4\x31\x8d\x96\xd8\xa1\x98\xb7\x22\xb7\x62\x65\xc5\xd8\x04\xb4\x35\x3a\x14\xa9\x42\x9e\x9f\x9e\x6d\xaf\xad\x04\x51\x3d\x02\x79\xf1\xd1\x4a\x57\x09\x89\xef\x48\x6e\x33\x0c\x48\xf5\xaa\xeb\xee\xa7\x3c\x40\x8b\x1a\xd6\x2a\xac\xcf\xc1\x87\xa2\xb3\x4e\x03\xef\x2f\x39\xc4\x8c\x07\x82\x55\x69\x40\x7e\x2f\x2a\x45\xa8\x4d\xf3\x19\x0f\xaa\xb4\x45\x4f\x21\xb6\xc6\xbf\x03\x77\x7b\x86\xc0\x5d\xea\x8c\xca\x4d\x8c\x9c\x19\x8c\xc5\xeb\x84\xc4\xb5\x56\x14\xe0\x4f\x10\x93\x22\xba\xae\xb9\x24\x23\x11\xeb\xab\x46\x21\x28\xa0\x8c\x59\x61\x95\x32\x63\x14\x22\x9d\x31\xca\x79\x8f\xb3\xdb\x15\xa5\x41\xf7\xa2\x08\x30\xef\x98\x28\xb1\x63\x12\xcb\x7d\x77\x69\xfb\xf2\xbb\x73\x2a\xdc\x54\xa7\xc9\x2f\x77\x35\xc3\x5d\x9e\xda\xe8\xa7\xed\xbe\x53\x86\xee\x00\x6e\x20\x2e\x4b\xc1\x88\x56\x5c\x3f\x8b\xb1\x86\x33\x39\xdf\x01\xce\x3b\xcc\xdd\xef\xde\x24\x81\xaa\xdd\x51\xf5\x36\x65\x2a\x21\xd6\x9a\xb6\x05\x05\xd5\xcc\x12\x95\x51\x9f\x6d\xfa\x58\x05\x70\x04\x8f\xe1\x75\x2d\x6f\x68\xc8\x4d\xc1\x3d\xe2\x86\xb8\x8c\x22\x2b\xbd\x60\x32\xa8\x8c\x3e\x29\xd1\x63\x1a\x2d\x51\x68\x74\x0a\xd4\x11\x39\x42\x57\x07\x68\xaf\x12\xc6\x5d\xee\xe4\xef\x96\x7c\x79\x91\x50\x17\x7a\x94\x14\xe9\x20\x37\xcb\x92\x6d\xfc\xe9\x01\x2f\x08\x48\x52\xf6\x17\x24\xc9\x58\x4d\x49\x2f\xf1\x0e\x98\x70\xdf\xce\xc0\x01\x2c\x77\x08\xb9\x08\x6a\x89\x58\x5c\xfb\x2a\x4f\x94\x10\xcc\x89\x79\x52\x39\x4d\x4c\xc0\x6b\x3a\x93\x69\x5d\x9a\xd1\x42\xab\x04\xaa\x1e\x00\x3d\xc6\x87\xfd\x30\x3b\x25\x8a\x38\x2e\x58\xa0\xd7\x82\x5f\x45\x50\x37\x81\xd1\xd8\x54\x24\x55\x64\x2b\x4e\x81\x5b\xcb\x85\x04\xe3\x58\xf6\xd1\xae\xbc\xb7\x38\x5b\xf8\x94\x3a\x03\x5e\xe1\xff\xa9\xc3\xa3\x95\x93\xb5\x6b\x12\x4b\x39\x5a\xa6\x08\xf4\x4f\x6b\xda\x1f\xdc\x3a\xe9\x3c\xab\x2b\x13\xb1\x64\x13\x7d\x85\xbf\xc5\x38\xc3\x1a\xe3\x73\x8e\x5b\x16\x49\x06\x4a\x16\x4c\xfc\x48\x98\xa3\xff\x57\x44\x2e\xd6\x60\x8d\xb8\x6d\x09\x33\xb1\xfd\x9d\xb1\x5e\x49\xf8\x90\x70\x00\x12\x5e\x66\x2b\x98\x86\x6f\xf2\x04\x3c\xb5\x15\xf7\x35\x81\x95\x6b\xf1\x5b\xf3\x52\xdf\xee\x6d\x83\x2d\x01\xf0\x58\x34\xe3\x1b\xae\x31\x46\x53\xd7\xc9\x48\x75\x1b\x2a\xae\x7d\x25\x89\xc7\x1d\x5b\x61\x93\xd1\x5b\x47\xca\x69\xe5\x9f\x70\xa8\x81\x26\x9c\x53\x06\x8b\xdc\x30\xa5\x6f\x09\x33\xcf\xff\x29\x53\x22\x9f\x30\x09\x37\xf0\x67\xb9\xea\x1b\xda\x0f\xc6\x6e\x91\xa8\xf5\x3a\x85\x80\xda\x71\xb0\x59\xcb\x2b\xe5\xe4\xc4\x36\x31\xb2\xee\xaf\x92\xea\x5e\xa6\x53\x14\xa8\x60\x86\x52\xa9\x28\x67\xba\xfd\xd0\x24\x66\xdb\x45\x5c\x18\x05\x96\x15\xed\x7f\x16\x2e\x7e\xda\x57\x43\xdb\x2c\x21\x80\x51\x34\xa7\x71\xdc\xaf\xd3\x36\x78\xda\x30\x3f\xce\xda\xc3\xf7\xe7\xdc\x5c\xf1\x15\x85\xd9\x37\x21\x82\xd9\xda\x61\x43\x6c\xc4\x98\x38\x96\x77\x05\xb7\x74\xab\x20\x98\x82\xec\x85\xe6\x64\x08\x1d\x7f\x37\xed\x51\x61\xd1\x2e\xe3\x87\x2f\x9d\x15\x0a\xd5\x53\xca\x68\x84\xeb\xb0\x41\x42\x84\xea\xca\x91\x80\x38\x5e\x62\xf2\xd3\xb5\xdc\x8e\x04\x45\x1d\xaf\xc4\x8e\x68\x6f\x10\xa8\xe7\xdb\x35\x8b\x0f\xcb\xa2\x11\x28\xe7\xb4\x92\x79\xfe\xdc\x8f\x84\xb1\xc9\x58\xb4\x7a\xd2\x26\x3e\x3e\xb8\xaa\x8e\xc2\xd3\x14\x34\xfc\x98\xf6\x11\x15\x23\xcd\x1a\xe1\xf7\x0c\x99\x3d\xb2\x84\x04\x19\x0c\x56\x65\xab\x6b\xe4\xed\x29\xf4\xac\xcb\x5e\xc0\x70\x56\xfb\x76\xcb\x0d\x8c\xa6\x14\xf6\x13\x56\x6a\xe3\xdc\x4e\x0b\x5c\xcf\xb3\xff\xa6\x08\x53\xc0\x42\xdf\xfb\x59\x08\x5a\xd6\x32\x08\x5a\x17\xfc\x83\x5e\xe7\x58\x51\xa9\x07\xa4\x18\xd5\x95\x33\x58\xc7\x01\x6f\xef\x21\xaf\xdc\xd9\x04\xe2\x47\x63\x34\xdd\x85\x4b\x76\x3f\x3a\x41\x58\x54\x4d\x8d\x83\xf2\xef\xd0\x36\x4b\x77\x81\xd2\x10\x74\xda\x09\x13\x91\xd2\xfa\xca\xd5\x2a\x21\x8d\xdb\xe5\x1a\x6e\x51\x48\xed\x1d\x55\x2f\x28\xf4\xdb\xc9\x3b\x32\x72\xa8\x9a\x11\xa2\x4b\x21\x06\xf0\x99\xf4\x6e\x43\x6d\x9d\x3c\xb8\xdc\xf3\x00\x30\x2f\x53\x09\x39\x4e\x31\x84\x6b\xb1\xcb\xe8\xf9\xb4\x4b\x92\x59\x39\xc3\xee\x0e\x70\x7d\x16\xa9\xf1\xde\xe7\xaf\x35\xf8\x18\xe9\x09\xb0\x40\x8a\xae\x1d\xef\x4e\xc1\xc3\x07\x73\xa4\xa6\x95\x75\x6c\x2f\x0a\xb1\x7f\x09\x0c\xe8\xfa\xcc\xa5\xc3\x96\x90\x4a\x73\x8c\x5e\xee\x4a\x95\x55\x31\x95\x66\xbc\x93\x65\x0c\x13\x2a\xb7\xe6\xda\x51\xa7\xf5\x81\xde\x85\x41\x35\xb6\x15\xeb\x7c\x45\x04\x5b\x13\x5b\xd2\xcf\x01\xe1\x4e\x3e\x43\x2e\xe6\x60\x6d\x56\x3e\xff\x05\x65\x8e\xa8\x39\xbe\x32\xf6\xd6\xe9\xdd\x98\xb5\x7e\x1f\xd4\xea\x6b\x30\x1d\xb0\x43\xd7\x20\x5a\xb9\xd6\xba\x5c\x46\x8c\x17\x09\xd4\x3e\xb7\xf5\x6a\x9b\x98\xb9\x3d\xdb\xc3\xca\xd9\xe7\xb0\xa3\xa6\x04\x1f\x8b\xd7\x8c\xca\x08\x6c\x34\x99\x33\xf2\x9d\x6c\x75\x63\x24\x0e\x67\xa0\x3c\x26\xad\x41\x86\x8e\x4c\x19\xe1\x5d\x5c\xa4\xdd\xdd\xc9\x5c\x17\x2b\x7e\xe3\x0f\xcc\x9f\x4e\x08\x83\xb6\x74\x7f\xfc\x0a\xa8\x7b\xb7\xee\x91\xac\x0a\x52\x2d\x58\x3f\x44\xef\xb3\x01\x7a\x7b\xf1\x71\x7e\x28\x18\xb7\x15\xbf\xdd\x5b\x7c\xbd\x1c\x7e\x83\x4a\x94\x0b\xd2\x73\x23\xd9\x61\x84\x2c\x7c\x5a\xe7\x74\x82\x41\xe9\xa8\xc8\xed\x78\xad\x68\x35\xbe\x2b\x15\x14\x17\x40\x6a\x00\x1f\x33\xfe\x9b\x2a\x8f\x4d\xc8\xf4\xf3\xdf\x8c\x6c\x16\x76\x2b\x7b\xe6\xce\x58\xb9\x2d\x0c\x4e\xfe\xaf\xff\xf6\x30\x56\xb9\x2d\xf7\x47\x91\x9d\xef\x28\xf3\xf6\xda\x3c\xe7\x49\xdf\xdd\xe8\xf7\xe3\x3c\x27\xc9\xa7\x68\xba\x7e\x6d\xa7\x65\xa2\xe3\xc8\x81\xb6\xd7\x0b\x6f\xc7\x00\x00\x29\xa4\x4b\xc0\x2e\xeb\x91\xc5\x53\x15\x19\x60\x71\xc7\x1c\x1b\x1d\x08\xfc\x7d\xf2\xad\x75\x2d\x01\xb2\x89\x11\xeb\x53\x4e\x04\x3a\x2a\xd6\xdb\x2a\xb0\x47\xa7\x13\x92\x03\x4f\xb2\x2f\x34\x4b\xd0\x6c\x6a\x5a\xae\xd8\x2f\x89\xe0\xe1\x3f\xab\x47\x30\x02\xa1\xb2\xf0\xe7\x55\x57\xba\x1b\xfd\x25\x6b\x88\xe4\x99\x75\x49\xc1\x8c\x8d\x22\x8e\x61\x83\xc9\xe4\x43\xd7\x36\x66\x4f\x9e\x1c\xa1\x30\x31\x2a\x04\xb3\x8f\x43\x7d\x05\x05\x74\x3a\x7a\xd8\x32\x45\xa0\x9b\xa2\x7e\x8c\xc8\x41\x91\x06\xd2\x76\x27\x76\xeb\xef\x39\x0a\x42\x6a\x5b\x95\x29\xca\x6a\x92\x53\x74\x8c\x58\x05\xf9\xee\x7c\xbd\x52\xd4\x60\x93\x04\x31\x92\xfc\xd4\x84\x4b\x48\xb1\x30\x72\xcf\x12\x42\x3c\x43\xd4\x0f\xc5\x85\x27\x63\x6a\xa1\x06\xcb\xea\xda\xd0\x74\x4e\x2b\x36\xc1\x78\x65\x89\x4c\xdd\xa6\x73\xc4\x23\xa7\x6f\xff\x83\x6a\x61\xa5\xc3\x5d\xf0\xf0\x69\x49\x12\xac\x61\x5e\x3d\xce\xfc\xf3\x1d\x3f\x10\x41\x00\xa5\x07\x5b\x33\x9f\x47\x7a\xa0\x46\x9d\x1c\x4c\x5f\x7f\xae\x08\xc0\x83\xc4\x10\x98\xc3\x04\x98\x25\x5e\xed\x3a\x78\xd1\x56\x3b\x51\xda\x64\x81\x83\x5b\xba\xaf\x9c\xfa\x6f\xdb\x32\xf9\x05\x21\x88\xd7\x58\xc1\xb4\x4c\xbc\xfd\x84\x84\x1d\xfa\x02\x43\x69\xbe\x0b\x3e\x59\x77\x52\x13\x36\xf2\x05\x2e\x32\x38\x24\x4a\xf0\x01\x4a\xd4\xf2\xc6\xf2\xaa\xcf\xa0\x42\x0b\x34\x62\xc7\xb0\x1f\x7a\xfe\x1b\x58\xf2\xcb\xdc\x1a\xdf\xf7\xb9\x9c\x23\xc4\xde\x11\x77\xa5\x68\xda\x96\x0f\xb4\xdc\xa8\xce\x30\xa8\x61\x10\x7e\x04\xf1\xc9\x1a\x50\x8a\x34\x3e\xd2\x91\x7e\xa1\xbc\x55\x99\xe6\x24\x26\x74\xa9\x7d\x84\x7c\x0e\x87\x70\x29\x09\x18\x1d\xeb\xb6\xc4\x38\x6b\x11\x64\xb6\xcb\xfb\x1f\xba\x77\x68\xf8\xf9\x5e\x42\x49\xaa\x96\x81\x2f\xc2\xaa\x95\x51\xce\x81\x65\x6a\x68\x81\x5f\xfd\xee\x0d\x45\x95\xe1\xbc\xb8\x55\xa4\x03\x78\x07\x98\x24\xbc\x6a\x89\x9e\x8c\xb8\x7c\x4a\x63\x65\x6d\x7f\xb8\x9f\x67\xe2\x77\x66\xc2\x4e\x11\xac\x28\x95\x18\x03\xbc\x2e\xd0\xf2\x09\x14\x8b\xd4\x7c\xb4\xcb\xc0\xb5\x3f\x63\x71\xb0\xf3\xb5\xf7\xe9\x5e\xaf\x6c\xd8\xa7\xde\xfb\xf6\x1d\xfe\x8f\xb6\x7d\x12\xeb\xa6\x1e\xba\x8c\x32\x72\x23\x2f\x74\xeb\xb4\x07\x57\xfb\xc2\x5a\x39\xcb\xe2\xca\x43\x14\x93\xf6\xe7\xe9\xf9\x48\x31\x15\x80\x45\x61\xbc\xba\xba\xfe\x04\x3f\x53\x11\xe9\xb8\x1a\xe5\xc5\xb0\x12\xaf\x46\x33\x19\x39\x1f\x24\x01\xe7\x0e\x7c\x40\xb0\xdd\x10\xf0\x34\x70\x2d\xbe\x4f\x8d\x63\xf8\x86\x83\xa0\x11\xe5\xf2\xfc\x5e\x89\xf1\x51\x42\x38\x93\xe8\xc3\x1b\xba\xe9\x84\x0c\x87\x8c\xea\x11\x4a\xbf\x94\x5c\xa2\xc7\xc2\xc0\xad\x4a\x4a\xc2\x45\x99\x9d\x65\xa4\x7b\xb6\x1c\xe7\x6d\x68\xda\xc0\xb3\xff\x9d\xd7\xb9\xc1\x6e\xb4\x25\x98\x64\x62\x90\x37\x6b\xa8\x3d\x3a\x50\x84\x2c\x17\xe9\x56\x4c\x6f\x35\x11\xc8\xf7\x81\xbe\xa7\xe4\x62\x9a\xd9\x51\xc0\x31\x7e\xba\x13\xea\x9a\x46\xaf\x86\x37\x65\x79\x68\x4f\x98\x82\xd9\x40\x81\xf5\xf1\xc7\x84\xd1\x75\x9a\x7d\xa6\x26\x3b\x80\x67\x8e\xed\xe7\xe2\x88\x82\x8e\x57\x6e\x49\xdb\xe4\x05\x86\x42\xeb\xdb\xfb\xf3\xd1\xd8\x3c\xa9\x59\xad\x7c\x8d\x69\x20\x0e\xfb\x1c\x6d\xe8\xeb\xa1\x3d\x27\x44\xf1\xc8\x30\xba\x82\x49\xf6\x11\x84\x0f\xe7\x01\xfc\xf2\xa0\xba\xf9\xbf\x82\xcd\xcd\x46\x1d\x7f\x62\x7c\xb2\x24\xf8\x30\xad\xd7\xea\x73\xda\x51\x63\x17\x10\x17\x1d\x39\x1a\x8e\x10\x7e\xba\xd5\x60\xe7\xbb\xc7\x49\x94\x3e\x97\x6a\xfe\x51\x0a\x2d\xad\xb5\x99\xc2\xd2\xc4\xca\xbc\x7f\x41\xb7\x07\xda\x21\x43\x07\xdb\xaa\xb3\x17\x35\x91\x28\x19\x69\x2f\x12\xb7\x73\xa3\x24\x09\xa3\x69\x37\xae\x48\x6c\xb9\x0e\xad\xd1\x2d\x2f\x44\xb1\x2e\x63\x57\xe8\x97\x97\xce\xfd\x40\x58\x82\x0f\x48\xbe\x08\xa0\x5a\x03\xbb\x57\xf8\x5b\xdf\xbe\x82\xaa\x6a\x74\xc6\x63\xe3\xa1\xfa\xe6\x36\x06\x48\x46\x1c\x67\xf9\xe6\xbc\xb5\x75\xcf\x5e\xaa\x9d\x3f\xf3\x40\x2e\x1d\x27\x7d\xb1\x84\x21\xf4\xb4\xc3", 4096)); NONFAILING(*(uint32_t*)0x20001040 = 0); NONFAILING(*(uint32_t*)0x20001044 = 3); NONFAILING(*(uint32_t*)0x20001048 = 0xf7); NONFAILING(*(uint32_t*)0x2000104c = 0x5be); NONFAILING(*(uint32_t*)0x20001050 = 0x323); NONFAILING(*(uint32_t*)0x20001054 = 0x63f); break; case 11: NONFAILING(memcpy((void*)0x20001080, "\xf3\x36\x67\x43\xd9\xf2\xc4\x43\x0d\x06\x0d\x95\x00\x00\x00\x00\x66\x0f\x59\xd6\xde\xc4\x66\x41\x0f\xc4\x33\x00\x0c\x07\x26\x2e\x40\x0f\x10\x92\x00\x08\x00\x00\x65\x0f\xf9\x0e\xc4\x23\x5d\x7d\x83\x5c\x85\xb7\x69\xa0\xf3\x46\x0f\xbd\x5d\xe1", 60)); syz_execute_func(0x20001080); break; case 12: break; case 13: NONFAILING(memcpy((void*)0x20001100, "SEG6\000", 5)); syz_genetlink_get_family_id(0x20001100); break; case 14: syz_init_net_socket(3, 0, 0xcf); break; case 15: NONFAILING(*(uint64_t*)0x20001180 = 0); NONFAILING(*(uint64_t*)0x20001188 = 0x20001140); NONFAILING(memcpy((void*)0x20001140, "\xe4\xa1\x87\x87\x5d\x82\x4c\xd5\x55\x3c\x1b\xdd\x48\x13\xa1\xd2\xe3\x6e\x97\xb1\x3f\xe2\x55\x27\xef\x97\x2b\xb0\xd6\x83\x1d\x9e\x9f\xfe\x25\x8a\x18\x31\xfe\x36\x4d\xbe\x96\xcf\x64\xbc\x03\x78\xe3\xbd", 50)); NONFAILING(*(uint64_t*)0x20001190 = 0x32); NONFAILING(*(uint64_t*)0x200011c0 = 1); NONFAILING(*(uint64_t*)0x200011c8 = 2); syz_kvm_setup_cpu(-1, -1, 0x20fe7000, 0x20001180, 1, 0, 0x200011c0, 1); break; case 16: NONFAILING(memcpy((void*)0x20001200, "bfs\000", 4)); NONFAILING(memcpy((void*)0x20001240, "./file0\000", 8)); NONFAILING(*(uint64_t*)0x20001380 = 0x20001280); NONFAILING(memcpy((void*)0x20001280, "\x91\xc4\x21\x3c\xde\x40\x56\x8d\x77\x7f\xe0\xa2\xce\x20\x49\xd3\xb1\x9a\xce\xb3\x58\xe0\x85\xd7\x05\xac\x9b\x80\xf2\x03\x3a\x5c\xd6\x63\x5c\xf7\xd0\x6a\x17\xd8\x17\x07", 42)); NONFAILING(*(uint64_t*)0x20001388 = 0x2a); NONFAILING(*(uint64_t*)0x20001390 = 5); NONFAILING(*(uint64_t*)0x20001398 = 0x200012c0); NONFAILING(*(uint64_t*)0x200013a0 = 0); NONFAILING(*(uint64_t*)0x200013a8 = 0xfffffffffffffff9); NONFAILING(*(uint64_t*)0x200013b0 = 0x20001300); NONFAILING(memcpy((void*)0x20001300, "\xf7\x41\x41\x34\x45\xb6\x00\xd0\x91\x5f\x86\x9c\xac\x33\x27\x41\x35\x33\x30\x72\xd8\x80\xcd\x4c\x97\x86\x90\xc4\xfa\x5d\x65\x8e\x44\x0b\xf1\xf9\x51\x64\x46\x52\x61\x53\x81\x83\xc3\xc9\xb0\x48\x4f\x84\x5f\x02\xf3\xd7\xff\x0c\xb7\x76\x8b\xb3\x17\x14\xee\xa9\x5b\x29\xb4\xcc\x1d\xfc\xde\x7e\xad\x85\xdb\x1d\x0a\x83\x37\xcd\x75\x7c\x6a\x46\x8f\xe4\x9b\x52\xb5\x49\x55\xfd\x50\x12\x62\xcc\x06\x50\x80\x83\x4b\xa6\x5e\x94\x58\xc9\xef\x9e\xf6\x59\xb3\x93\xab\x90\x98\x8d\x95\x1f\x75\x48\x74\x87\x38\x4f\xc3\x95\x22", 127)); NONFAILING(*(uint64_t*)0x200013b8 = 0x7f); NONFAILING(*(uint64_t*)0x200013c0 = 0x34); syz_mount_image(0x20001200, 0x20001240, 0, 3, 0x20001380, 0x800, 0); break; case 17: NONFAILING(memcpy((void*)0x20001400, "/dev/cdrom\000", 11)); syz_open_dev(0x20001400, 0xe5, 0); break; case 18: NONFAILING(memcpy((void*)0x20001440, "net/snmp\000", 9)); res = syz_open_procfs(0, 0x20001440); if (res != -1) r[0] = res; break; case 19: syz_open_pts(r[0], 0x2000); break; case 20: NONFAILING(*(uint64_t*)0x200028c0 = 0x20001480); NONFAILING(memcpy((void*)0x20001480, "\xa5\x7b\xa8\xd8\xa1\x4e\xc2\x27\x50\xb7\xed\xa8\x87\xd7\x60\x28\x82\x87\x27\x9b\xa3\x70\xa9\x53\x76\xda\x60\xc3\x42\x6d\xd5\x1f\xd3\xc4\x5a\x9e\x32\x11\x88\x6b\xea\x47\x30\x85\x9c\x49\xf6\xe7\x7b\x3b\x37\x9a\x2a\xff\x07\x55\x5c\x05\x43\x79\xbb\xc3\x26\xd2\xec\xe3\xa2\xc8\x38\x20\xa2\x55\xbd\x20\x11\x6d\xa0\xc9\xc1\x76\x56\xfb\xdf\xc2\xe3\xce\x9b\xf9\x0a\x11\x0d\xb9\x5c\xee\x6f\x9a\x22\x9a\xfd\x49\xbd\xc4\x95\x2f\x10\x11\x16\xeb\xd8\xe1\x7a\x74\xfb\x3f\x38\xbf\x5d\x04\x0e\x14\x74\x05\x55\xcc\xdd\x6b\xae\x5e\x47\x73\x4e\x7e\x0b\xdd\x05\x5d\xb0\x94\x59\xf4\xe0\x25\xb3\x68\x6f\xad\x50\xbd\x96\x79\x29\x41\x58\x8e\x45\x28\x44\xfe\xa7\xcc\x5a\x58\x02\xc2\x90\xb3\x3d\xb9\xd9\x33\x47\xb7\xf8\xdc\x82\x59\x35\xf0\xd3\x2c\x6c\xf7\x19\x88\x09\x28\x83\x81\xe3\x23\x43\x83\x23\xb9\xf1\x5e\x92\x38\x8d\x49\xc6\x44\x0b\xdf\x0e\xbd\xb2\x46\x2b\x29\xb2\xfa\xf2\x24\x30\xc5\x97\xa7\x38\xbe\x50\x85\x0e\xc3\xbd\x16\x73\x07\x54\x2c\x9d\xae\x53\x16\x59\xef\x75\x90\x55\x0a\xa6\x80\x99\x93\x7c\xab\x91\x66\x5a\x21\x1c\x20\x2c\x29\xab\x78\x04\x3f\xeb\x01\x5f\x4d\xe7\x27\x19\x70\xe0\x22\xaf\x49\x5f\x42\x58\x77\x17\x08\xcb\x1b\xf5\x04\x42\x20\x18\x06\x19\xef\xb7\xdc\xf4\x6a\x25\x88\xf0\x50\x48\xcd\x8a\x98\x73\xd7\x0f\x2c\x3f\xb9\xc0\x5b\x4c\xb8\x20\x7e\xe6\xde\xa7\x05\x24\x78\x99\x3d\x1c\xd9\x56\x12\xed\x77\x7c\x7f\x27\xf7\xed\x87\xb5\x19\xfd\xd9\x61\xc6\xd1\x11\x6d\xbb\xf9\x36\x57\xef\x14\x53\xef\x76\x29\xa4\x41\xa5\x34\xba\xf1\x06\xff\x7d\x35\xc9\x88\x9f\x24\x36\xde\x4d\x5e\xdd\x0b\x29\x35\x40\xd4\xe7\x56\x59\x51\x4d\xef\x57\x42\x65\x59\xfa\x55\x9d\x0d\x59\x09\x31\xb6\xa9\xe3\x27\x5e\x36\x52\xb5\x71\x5b\xfa\xc7\x65\x52\xb9\x67\xb4\x69\xba\xa8\x65\xc4\x0c\xb9\x3c\xbb\x07\x03\x73\xf8\xdb\xdd\xfe\x19\x5b\x5e\x26\x83\x7a\xfa\x7d\x9e\x0d\x9c\x8c\x47\x78\x90\x83\xcf\x19\x60\xd0\xf4\xeb\x20\x1d\xb8\x8d\x65\x62\xab\xac\x3a\x44\xb0\x0f\x9a\xec\x7d\xdf\x49\xb2\x88\x8e\x14\xb2\x42\xc2\xd9\x8a\xef\x9d\x48\xc7\xcf\xa8\xbe\x05\x01\xca\x8b\x2b\xa6\xd2\xf1\x30\xe8\x3c\x22\x5b\x4f\xd3\x3f\x2e\x6a\xec\x72\xe3\x90\x04\x32\xaa\x4b\x34\x2f\x34\x64\x72\xad\x5d\xcb\x87\x11\xc7\x29\x77\x18\xfd\x47\xaf\xaf\x1e\x6d\x32\x8e\xf6\xb2\xc9\x84\xc2\x36\xa7\xbd\xe2\x40\xf1\x08\x0e\xd6\x7c\x63\xdd\x0b\xd3\xf0\x05\xad\x27\x41\x64\x6a\x8b\x7b\x6f\xdc\x9c\x3b\x7b\x8f\x89\x6d\x2a\xae\x5c\x1f\x4f\x83\x08\xd2\xd1\x2a\x89\x76\xa5\x21\x1c\x1c\xb8\x34\xfd\x5e\x92\x06\xc7\x21\xb7\x6c\xbf\xfe\xe9\x1d\x6a\x7a\x43\x61\x88\x23\xa0\x0a\x65\xc5\x6a\x6c\xca\xa1\x39\x07\x42\x7a\xea\x0e\x09\xbc\x5e\xa8\xa6\x02\xfb\x77\x4e\x8a\xcc\xc4\x2c\x5c\x56\x95\x77\xa9\xd1\xac\xa3\xe8\x62\x66\xa3\xb3\x6d\x31\xa2\x66\xc7\x68\x51\x5d\x53\x40\xa1\x82\xd2\x8b\xa0\x38\x4c\xd4\x36\x8d\x38\x37\x59\x10\x86\x12\xaf\x27\xa1\x1a\xfa\x79\x87\x5d\x3f\x9d\x8f\x9d\x72\x5b\xbd\x71\x89\xcc\x15\x05\x8d\xce\x2f\x93\xb6\xe6\xc6\x57\xc7\x76\xd6\x08\x2b\x69\x18\x82\x71\xea\x94\xa0\x38\x0b\xe6\x4a\x0c\x0d\xc0\x94\xe0\x2f\x4b\xa8\xd6\x65\x95\x18\xf7\xc6\x25\xbf\xb0\xbb\x4e\xb8\xb6\x65\x66\xca\xe9\x8e\xa7\xf9\xfb\xdd\x93\xbd\x20\xc8\x37\x3a\x84\xf7\x3d\xa7\xf4\x5c\x26\x74\xaf\x1b\x48\xc2\x1f\xfc\x33\x89\x76\x82\x4b\x9f\x4e\x7a\x0b\x89\xc3\xee\x34\x73\x43\x41\xec\x84\x7e\x7c\xe7\x2d\x40\xf5\x07\x92\xbb\x5a\x3e\x33\x20\x91\xa0\x07\x6f\x32\x30\x02\x91\x76\x12\x19\x6b\xbb\xe2\x55\x6e\x35\x07\xa9\x84\xfc\xe7\x1d\x94\x2f\xa9\x09\x34\x85\xeb\xf7\xd1\x57\x06\xfb\x12\xc4\x3a\xc0\x61\xaa\xfe\x38\xa5\xfc\x75\x7f\xdb\xfa\xce\xa2\x9a\x61\xc1\x47\xba\xde\x81\x4c\xa2\xb5\xb0\x34\xdf\x8e\xc4\xec\x27\xe4\x41\xe3\x96\x6b\x77\xed\x5c\x56\x7b\xa2\xaf\x70\x4a\xb9\x7b\x46\xe8\x19\xb6\x2a\xe4\x92\x7e\x5a\x82\xb6\x2a\xfe\xc0\xa0\xc8\xbf\x09\x15\x66\x06\x66\xc0\x2e\x52\xe4\x46\xe6\xc0\x76\x5c\x44\x17\xbf\x72\x93\xe2\x6d\x2d\x8c\xee\x1e\xe8\xe6\x38\x3b\xfa\x45\xc5\xfa\x6b\xc9\xbd\x12\xa2\xe7\x23\x04\xb4\xb7\x80\x08\x74\x9a\x64\x41\x9e\xf3\x5c\x3f\x59\x6f\xac\x58\x89\xd4\xc9\x4a\xd1\xc5\x78\x43\x3f\xa9\xcf\x74\x64\x4d\xa8\xed\xc5\xd5\xfd\x3f\x5f\xa8\x4f\x9f\xf6\xd0\xd0\xc7\xa0\xca\x6e\x4b\xbb\x32\x62\x67\x11\xe1\xcf\x87\x8e\x0d\x2f\x60\xea\xb6\x05\x1f\x2e\xf0\x66\x65\x32\xe0\x15\x9b\xb8\x7f\x5a\xe9\xa2\xc1\x61\x2f\x4c\x25\xd5\x32\xf2\xe3\xe9\xbb\x4a\x61\x30\x17\x2e\x78\x23\x13\x23\x9f\x1d\x16\x8f\xe7\x9d\x05\xc6\x99\xcc\x18\x19\x25\x50\x36\xac\x03\xc7\x11\x05\xe4\x4e\x70\xd2\x4d\x5e\xad\x94\xf7\x1e\x05\xea\x6d\x65\x41\xb0\xa1\x5c\xb0\x10\x4b\x43\xfe\xa0\x2e\x1d\xfe\xa5\x2e\xf9\x25\xa5\xf2\x4b\xcc\x90\xdc\x99\x31\x73\x94\x60\x2c\xbe\xe9\x02\x40\x43\x1e\x6d\x13\x0d\xff\x90\x15\xeb\xab\x88\x8d\x79\xb2\x85\x45\x02\xd1\xce\xc5\x34\xf4\x17\xaa\x08\x5d\x69\xde\x28\x4d\xdd\xd6\x74\x9b\x46\x51\x74\x72\x8c\x1d\x40\x72\x1f\x8c\x23\x5f\x92\xb0\x3c\xc1\x8a\x1d\x64\x7c\x93\x35\xb7\x83\x84\x07\xaa\xf7\x8e\x69\x4c\x1c\x38\x9c\xa5\x50\xe1\x95\xef\x2d\x59\x01\x40\x65\x35\x43\x7e\x2e\x16\x42\x49\xe8\x38\x04\x8a\x4a\x45\x22\x1b\x47\x79\x3e\x03\x1b\xfd\x32\xba\x6a\xb3\xda\x7d\x1d\x2a\x84\x8c\xd8\x57\x8b\x6d\x39\x04\xd1\x0c\x40\x2d\x63\x82\xd3\x59\xbb\x61\x45\x32\x71\xf1\xd3\xc1\xf0\x91\xc9\x75\x94\xa1\xc0\xa3\x3d\x65\x6f\xa7\xa9\xe3\x47\x0b\xb6\x42\xaa\x3d\x01\x6a\x06\x92\xd6\x9c\x18\x85\xa3\x08\x93\xb4\x5b\x27\xc6\x5a\x04\x96\x78\xee\x3c\x79\x3e\x77\x78\x14\x59\x82\x2f\x95\x31\x06\xb7\x28\x3f\x50\xff\xa1\xa7\xe2\x47\xbb\xbe\xf8\xef\x49\x18\x91\xc4\xce\x14\x3e\x7b\xdb\x9a\x76\x26\x42\xf8\x00\x20\x77\xb0\x2e\x6c\x51\x24\x0b\x9a\x42\xb9\xc3\x5b\xf2\x35\x30\xf7\x46\x37\xe3\x77\xa5\x5b\x1c\xde\xb6\xa6\xbc\x1e\xf8\x15\x07\x27\x99\x9e\xf3\x3d\xfa\x7e\xc2\xdb\x1e\x6e\x65\x34\xa9\x9c\x30\xf3\xc0\xec\x03\x0e\xe0\x8e\xdc\x22\x4b\xbb\x1c\x8b\xb6\xc5\x6a\x0d\x62\x87\x0b\x19\xd8\xd9\xdf\xfc\xd1\xbb\x9f\x0a\xc4\x7e\xb8\xfb\x06\x2a\xfc\xa9\x65\x63\x9b\x9c\xff\xb9\xee\xe5\x46\xa7\xcb\x48\xe2\xea\x84\xa6\x89\xfb\x55\x74\xfb\x59\x67\x3c\x34\x38\xa9\xa7\xb1\x94\x26\x9c\x6a\x3d\x6f\x7b\xd9\x02\xfe\x8a\x7b\x10\x56\xf9\xfe\x50\x4f\x1a\x3b\xec\xa3\xd9\xdc\x3a\x34\xd8\xde\xe0\xf0\x5d\xfc\x27\x6a\x84\xa6\x40\xfa\x79\x02\xaa\x0c\x65\x66\xe7\x5c\xe1\xc9\x26\xe1\xa0\x36\xd3\x98\xcc\x33\xfc\x23\x10\x06\xb4\x22\x1e\x88\x36\x25\xc0\xe2\xdd\x55\x10\xe6\x60\x05\xd3\x3a\xb1\xdd\xd6\x56\x97\x30\x35\xc2\xf4\xa4\xe9\x23\x25\xe5\x04\xed\xfb\x07\x7d\x49\x24\x17\x6b\x8e\x59\x25\x7b\xbd\xd5\x54\x7f\xe9\xce\x8e\x1f\x25\xe5\xd9\xfd\xec\xba\x7c\xa3\xf4\xf9\x47\xeb\x12\x79\x9b\x21\x23\xf1\x71\x5f\x27\xd5\x98\xda\xd4\x6b\xf2\xb4\x0c\x34\x02\x38\x98\x19\x8d\xf5\x11\x76\x02\x04\x50\xd8\xda\xd5\xce\x92\x97\xf6\xf0\x47\x78\xcf\x37\xc0\x70\xc6\xcc\xa5\x21\xd5\x3c\xc2\xbc\xbe\x05\x76\x98\xce\x2d\xaa\x7b\x4a\xce\x1c\x0b\xef\xfe\x0d\xb1\xc0\xa6\xf3\x88\x96\xfe\x5c\xad\x0e\x00\xf4\xa0\x57\x17\x93\x57\x7a\x54\xf1\x04\x31\x86\x03\xa2\x00\xc1\x69\xd1\xab\x73\x54\xca\x30\xa7\x2e\xa0\x25\x3e\x28\x0f\x8b\xff\x98\xcd\xa4\xef\x13\xef\x8b\x49\x65\xd8\x90\xa0\x83\x69\x86\x0a\x65\xfb\x9e\x86\xa3\x57\xdc\x93\x26\xe9\x25\xd5\xa7\xf9\xfb\xa2\xf4\x7e\x0c\x2e\x80\x04\x3a\x84\x4a\xc5\x99\x30\xca\x69\x2d\x64\xdb\x42\x41\xa9\xe9\x24\x63\xf8\x8e\x65\x3a\xc5\xc4\x7a\x1c\x8b\x62\x80\x36\xaa\xac\xa6\x24\x52\x13\xd1\x72\xe2\x0f\x1f\x23\xc7\xe0\x80\x80\x00\xac\x39\xd1\x54\x55\x43\x22\x13\x55\x60\xbc\x2c\xc6\xad\x5f\xd2\x91\xd1\x87\x9b\x1b\x6c\xdc\x43\x66\xe5\x00\x08\x75\xc9\x51\xef\x72\x4e\x82\x26\x37\x2d\x1f\x63\x1c\xf5\xe5\x4f\x58\x69\x64\x32\x03\x3d\x50\x66\x82\x28\xa1\xb5\xd3\x7b\x40\xc2\x36\x13\x57\x9b\xe7\x01\x49\x8a\xd8\xbf\x56\x1b\x16\x3e\x09\x7b\x4b\x84\xb4\x25\x17\x4b\xa7\x62\x51\x55\xf4\x33\x81\x90\xfa\x1f\x07\xdc\xe4\x88\xcd\x24\x94\x01\x0d\xad\x2e\xb5\xb5\xb4\x67\x73\xf8\x81\xbd\x1d\xd9\x48\xda\xa0\x2d\x49\xe2\xd5\xc9\x97\x0c\xdf\x52\x49\x29\x69\xf0\x1e\xe4\x85\x60\x7b\x2e\x46\x1c\xe7\xf4\x89\x46\x95\x20\x49\x81\x3d\x46\xf1\xad\xab\xb1\xd5\x4f\x5b\x4f\xb6\xe2\x3b\x5c\x16\x10\x82\xa0\x93\xe6\xb5\xd3\x46\xc4\x7e\x7d\x9a\x38\x8f\x13\xa4\x73\x74\x41\xe0\xd6\x9b\xf2\x4a\x4a\xc3\x52\x45\xc3\xf4\xbf\xda\x1f\x0a\x35\xc2\x2c\xdc\x7d\xec\xbd\x61\x1f\x2d\xc7\x83\xf3\xb4\x8e\xca\xf0\x7a\x87\x63\xe3\xa3\x97\x82\x18\x69\x08\x28\x28\xa8\x5f\x74\xc5\x27\x87\x58\xa5\x28\x0d\xec\xb5\xe8\x81\x66\xf8\x06\x13\xf7\x86\xea\x04\xa7\x3e\x14\xa4\xc0\x4c\xd8\x2b\x6d\x45\xb5\x63\xa8\xac\x4e\x4e\xbc\x37\xd6\x7e\xab\x1e\xdc\xb5\xc5\xc6\x27\xcc\xf4\x1c\xbb\xd8\xfc\xcd\x1d\x68\xca\x5b\x15\x94\x02\xe2\x97\x7c\x38\x83\x1b\xc1\xb8\xd6\x1a\xb2\xe2\xbe\x02\x06\xff\x45\x61\x45\x6b\x4c\xd3\x76\x51\x69\x0c\x06\xf6\xd2\x20\x84\x31\x47\x44\x23\x61\x39\x78\xd0\x07\xcf\xe1\xb0\x4d\x7e\xea\xce\x9b\x7a\x3f\xf8\xc8\xca\x6f\x6b\x79\xf6\x2a\xb3\xe3\x72\x06\x9e\x5c\x8b\x69\x48\x36\xd3\xdd\x87\x11\x37\xd1\x89\x91\x77\x5a\x25\xda\x16\x96\x65\xa3\x7a\x2c\x32\x43\x70\x22\x5a\x9f\xd7\x8d\x58\xfc\x6f\xb9\x24\x56\x92\xff\xb7\x98\xd8\x3b\xfa\x44\x54\xe2\x34\xd2\x32\xf7\xf8\x10\x43\xc9\x5e\x5d\x67\xe9\xc2\xbf\xdb\xed\xd0\x32\xa8\x99\xe4\xa3\x61\x38\x62\x0d\xd2\x86\x6e\x29\x2f\xbb\xa8\x96\x47\x90\x18\x48\x1a\xb9\x20\xdb\xc7\x4a\x49\xc8\xcf\x56\x74\x0e\x5d\xa6\x3b\x69\x65\x89\x58\xa5\xd2\xb3\xba\x11\x90\xf8\x66\x99\x31\x81\x97\xde\x10\xac\x5b\xfb\x0a\x28\x67\x08\x30\x3c\x38\xb6\x81\x01\x65\x4e\x70\xe4\x03\x1d\x61\x3f\x51\xa6\x83\x0c\x0a\x5f\x40\xbb\x00\xda\xc8\xb6\x2b\xb9\xdf\xa9\xcb\x0e\xae\x1e\xba\x2d\xda\x4c\xd1\x43\x9e\xb4\x8b\x29\xe6\x67\x24\x30\xc0\xe4\xa5\xd0\x5c\x58\xa4\xee\xf2\x12\x26\xdf\x5d\xba\x3f\x05\xb6\x83\xd7\x53\x4c\x6a\x7e\xa8\x88\x42\xa4\xfe\xd2\x74\x17\x63\x6c\x50\x93\xa0\x30\x62\x9c\xb6\xbd\xcd\xe1\x5b\xe9\xa0\x84\xe0\x47\x9a\x44\x48\xa8\x2e\x86\xa9\x64\xda\x39\xb1\x16\x2d\x87\x23\x82\x35\xa0\xba\xdb\xf4\xea\x47\xb4\x4d\x4a\x43\xea\xde\x00\xd3\x14\x5f\x6b\x4f\x9c\x26\x78\xc9\x1c\x20\xb3\x8d\x8c\x4c\x8a\x70\x10\x38\xb3\xfd\x2f\x1c\x3a\xcf\xd2\xef\x4a\x64\x55\x9e\xb7\x89\x9a\xec\x24\x76\xca\x89\xe4\xe7\xca\xb2\x59\x51\xa7\x8c\x18\x3f\xee\x30\xf6\xbc\x2f\x73\xf6\x74\xbc\x15\x28\x59\x4e\xac\xb7\x3b\x06\x8b\xf5\x8b\x6d\x19\xf9\x41\x9b\x1c\x89\xb5\x78\x7e\x28\xcc\x3a\x27\x72\x85\x58\xc0\xe5\x8b\x05\xb3\x8e\x56\x40\x53\x17\x68\x48\x37\x97\x8d\x1f\x14\xb4\xac\x4a\x28\x67\x4f\x91\x7c\xfe\xb1\x3b\xc7\xd7\x32\x2b\x37\xef\x15\x0a\x92\xd2\x3b\x7a\x9b\x4a\xc7\xf1\xe3\x41\x90\x03\x21\x9f\x7c\x64\x70\x27\x8a\x41\x26\x10\x5b\x91\x77\xd1\x59\x00\x03\x3f\xab\x3f\x1d\x8f\xb4\xf3\xb0\x9b\xa1\x5c\x66\x47\x66\x76\x50\x3d\xa0\x6e\xae\x6c\xff\xff\xa3\x27\x49\xa8\xe6\xad\xce\xd1\x4d\xc1\x13\x23\x74\x50\x7d\x74\x31\x2b\x76\x76\x84\xd9\x64\xaa\x7b\x63\xda\xb1\x1e\xef\xa4\xcb\x1b\x1c\x5f\x32\x7e\x06\xca\x07\xdb\x34\x6f\x23\x10\xa6\x88\xa2\x69\xf7\x30\xcd\x74\x79\xbb\x49\x90\xd6\x61\xdd\x45\x26\x86\x84\xf6\x8c\x39\xc8\xc8\x00\x3d\x4e\xbb\x25\x0c\x94\x69\x82\x77\xc5\xbb\xee\xd3\xfc\xad\xa2\xe5\x70\x3f\x9c\x97\x96\x02\x0a\x81\x19\x69\x8a\x1f\xb0\xca\x25\x32\x76\x69\x1b\x94\x84\xf5\x1c\x80\xab\xf5\x16\xe5\x85\xa4\x3b\x95\x95\xab\x55\xbd\xeb\x94\xa7\x20\x7e\x08\x80\x76\x8b\xa0\xec\x69\xd8\x10\xf4\x30\xbb\x41\x03\xc2\x5e\xae\x82\xea\x60\x73\x61\x3d\x01\x52\xd5\x30\xec\x8d\x1d\xf7\x3b\xff\xfa\x36\x26\xd5\x27\x6f\xca\x65\xe2\xc3\xb1\x07\x95\x7f\xdf\x2c\x62\x9b\xd2\xd9\x84\xfe\xee\xa0\xf6\xb8\x69\x8d\xc4\xc6\x28\xc9\xe5\x8e\xc2\x6d\x12\xae\x23\x84\xb8\x2f\xd8\x7c\x6c\xd7\x71\xec\x1b\xd5\x3e\x94\xc3\x47\xec\x4f\x8e\x81\x15\xc1\x2b\xaa\x76\x75\xdf\x9f\xa9\x25\xb5\x73\x88\xfb\x32\xe3\x46\xc2\xce\x8e\x73\x04\xe6\xeb\x49\x62\xa9\x7a\xf3\xe4\xa6\xa0\xe4\xa2\x2b\x62\x3a\x61\xd9\xcb\x5c\x05\xfd\x8e\xf6\x8e\x98\x58\x5a\x8e\x8a\x33\x49\x49\x6c\xf6\x9f\x1d\xf5\x0b\x74\x0c\xb7\x26\x9c\x7c\x19\x22\x31\x2e\x43\xbb\x6f\xdd\x1d\x0a\xe6\x42\x5a\x73\x86\x0c\x1a\xf9\xcd\x32\x23\x4d\x9b\x6b\x35\x88\xcc\x6c\x2a\xa5\x53\x26\x2d\x08\xc8\xf4\x0f\x7a\x3c\xd8\xd4\xb9\x77\x49\x6a\x9f\x18\x09\xfe\x05\x2f\x4f\x04\x3a\x58\x83\xf6\xdb\x8a\x20\xff\xc4\xc1\x1f\x93\x69\xdf\xea\xeb\xae\xb8\xa1\x7d\xfe\x3e\x14\x2d\x8e\xa9\xbd\xe1\x68\x3c\x59\x6e\x40\xa3\x87\x1d\x72\x9c\xf5\x11\xa3\xd7\x29\xf3\xee\xf5\xc3\x59\x82\x35\x19\x45\x6b\xf8\x32\x62\x13\x8b\xcc\xef\x90\xc1\x03\xe8\xc7\x10\xcf\xe8\x94\x97\x5e\xb9\x59\x0b\xf4\xf2\x1a\xf0\xe5\xd2\x05\x20\x00\x2d\x3d\x31\xeb\x99\x89\x7e\x36\xd0\x07\xd5\x3c\xd3\x0f\x95\x91\x24\xc3\x96\x43\x2e\xff\xe3\x64\x94\x22\xcb\x6a\x9d\x72\xd3\x85\xd7\xb3\x1b\x29\x70\xc8\xa8\xb3\xf1\x1a\x64\xdf\x52\x7f\x7b\xe6\xe4\xdc\x37\x08\x6c\x83\xe1\x32\xce\x14\x63\x89\x2b\x0a\x06\x34\x51\xf2\xba\xe2\xc4\x4b\x97\x3d\x1b\x7a\x56\x2e\xb1\xe6\x2a\x9f\xb1\x22\x8d\x81\x3d\xcd\xff\xcf\x78\x47\x0d\x9b\xd0\x20\x13\xbc\xe8\x02\x3a\xd8\x70\xac\x53\x72\xf9\x6b\xb5\x52\xc9\x22\x02\xf4\x92\x1c\xa3\xab\x3b\xe3\x81\xc1\xde\x1c\xaf\x48\xfa\xa8\xbe\x77\x50\x21\x43\x63\x22\xc1\xb9\x6e\xb7\x94\xbd\x7b\xf5\x34\x9e\xb0\x6d\x20\x2c\x86\xbe\xbe\xe3\xae\x96\x5b\x20\xdd\x8e\xb5\xc4\x6d\xc4\x35\x8c\x0b\x18\x69\xc2\xe2\xdb\x20\xb9\x64\x95\x6c\xe0\x84\x3e\x4a\x09\xb5\xea\xd8\x4e\x84\x08\xfe\xa9\x57\x99\xad\x21\x06\x51\xc7\x29\x4b\x33\x23\x38\x11\x9d\x07\x9a\x0b\x61\x62\x32\x91\x06\x28\x7a\xa1\xef\xde\xad\x98\x62\xad\x83\x58\xb8\xa1\xbf\xaa\x52\x25\x4d\xd1\x64\x35\xb3\x7d\xb2\x95\x58\xec\xf3\x27\xf7\xae\xd5\x8f\xfc\xcf\x93\x3f\x58\xb2\x53\x73\x87\x4d\x3c\xb1\x90\x11\x0c\x37\x50\xbd\x6b\x4d\xc2\x8d\x6b\xb8\xd6\xde\xb9\xce\xb2\xc2\xe6\x9e\x7c\xce\x83\x30\x8b\x88\xb7\xe9\x70\x5f\x5c\x83\xd9\xbb\xc4\x9b\x2d\xb1\xd8\xb2\xf4\xff\xe4\x40\x18\xe1\x4f\x23\x17\x0e\x1b\x6d\x5f\x71\xe7\x5b\x5d\x4f\xd4\x70\x22\xe4\x55\xde\x20\x67\x4f\xbc\xed\x2c\x38\x27\xc4\xe5\xf5\x2d\xc2\xe6\x74\x8b\x7d\x68\x72\x52\x44\x8f\x13\xb0\xd8\xb4\x34\x57\x7a\x50\x64\xd7\xbc\x52\x0e\x7c\x87\x6f\x44\xee\xd4\x95\x4f\x58\x74\x6f\x36\xa2\xfa\x98\xba\xd7\xa2\x30\x91\xd9\x39\x18\x38\x21\x35\x9b\xe1\x8c\x8f\x14\xa3\xb6\xa0\x5c\xdb\x14\x5f\xee\x98\x4f\x08\xcb\x1d\x38\x3d\x81\xbe\x3c\x71\xd1\xe5\x37\x83\xe5\x19\x2e\x0a\x9d\x1a\x9f\x5a\x53\x24\xf6\x1c\x5f\x69\x05\x81\xb2\x3d\x09\x60\x06\xc9\xd8\x18\x6e\xe7\xb7\x1a\x33\xab\xfd\x0c\xee\x45\x15\x82\x93\x2f\xf2\x71\xdd\x13\x35\xd9\xa2\x0d\x45\x67\xd9\xb8\x52\x47\x16\x4d\x39\xcb\x16\x11\xc6\xd4\xe0\x71\xcf\x9f\x52\x33\xce\x35\xdd\xc7\xd0\x3f\x50\x9b\xed\x6a\xd4\x15\x76\xea\xc7\x92\x2f\xe0\xa7\xa6\x54\x0c\xf4\x33\x1e\x92\x77\x76\xb7\x5c\xe1\x86\x7b\x8a\x68\x67\x30\xff\xcc\x68\x4c\xd9\x67\x6e\xac\x48\x56\xb8\x82\xc3\x8c\x88\x95\x34\x86\xec\x96\x57\x4f\x81\x2d\x6d\x55\xf6\x4b\xa2\xc1\x8d\x71\x70\x2f\xc1\x25\xb3\xaa\x5d\x2c\xed\x6d\xf0\xf4\x42\xdf\xa0\x00\x0b\xf7\x2d\x61\x90\x3e\x54\xaf\xdc\xe8\xee\xd9\x04\x71\x64\x85\x3c\x5d\x7a\x14\x9f\xc1\x84\x73\x27\x4c\xe0\x95\x73\x0a\xac\x66\xad\x08\xfc\xe7\x1b\xa6\x86\x43\x1b\xb6\x00\xe5\x12\x95\xeb\x94\x8c\xab\xa5\xa4\x3e\xde\x18\x91\xe7\xa8\xbc\x0a\x93\x4e\x5f\xfa\x69\xe1\x16\xa5\xbf\xb5\x6e\x28\x52\x69\xb7\x1a\xc2\x11\xe2\x0a\x28\xd1\x4b\xd6\x01\x13\xf9\x39\x8c\x2a\x32\x9d\x01\x88\x1a\x5c\x73\x74\xf1\xda\xbf\x0c\xdf\xbc\x46\x2e\x02\xfc\xd9\x34\xd5\x24\x6d\x8e\x74\x79\x1f\x35\x1c\x7c\x75\x9f\x5f\x70\x5d\xbb\x84\x45\x3e\x0b\x76\xb1\x77\x59\x2c\x68\xd5\xf9\xf9\x4a\xa4\x30\x27\xdd\x94\x00\x70\x22\x8f\x8a\xdf\xff\x70\x05\x59\xfb\x68\x4c\xb5\x32\xe6\x04\xfa\xb7\xe1\x15\x85\x8f\x06\x45\xf5\x68\x9a\x42\xbe\x0b\xb0\x1b\x37\x54\x2a\xf7\xa2\x2b\x3d\x57\xe6\xf1\x4a\x2b\x12\x66\x80\xad\x71\xc7\x73\x29\x93\xf9\x24\x81\x23\xb2\x0c\x6f\x5c\x6a\xc2\xd1\x29\xc0\x29\xaa\xe1\x39\x9a\x37\x02\x3f\xdf\x1f\xd4\x48\xb4\x3d\x17\x71\x02\xc3\x3f\xbd\x31\x51\x55\x62\xda\x5d\x39\xa9\x9b\x86\x4d\x15\xe2\x8a\x72\xb9\x3e\x0b\x5c\x91\x56\x03\x23\xc0\x02\x77\x57\x3b\xc7\xa2\x88\x0a\xc5\x4f\x1b\x73\x4d\xfb\x80\x5f\xaa\x5d\x1c\x7b\x32\xf4\x74\x08\x2d\x8e\x7e\x47\xc6\xf7\x99\x5c\x34\x12\xed\x77\xe3\x33\x01\xdc\x26\x7a\xc0\x67\xe3\xb0\xbc\x3c\x77\xba\x40\x4c\xa4\x87\xf4\x48\xd1\x87\x6f\xd6\xc4\xcb\x63\x9e\x57\x73\x49\x22\x72\xc2\x0e\xa4\x1a\x9f\x92\x2d\x69\xf0\xd2\x39\xb5\x2d\x7c\x43\x56\x98\x68\x63\x28\x37\xaa\xd0\xfc\x12\x34\xf9\x19\x44\x3e\xab\x47\xe8\x6e\x57\x88\x61\x9a\x55\x82\x57\x66\x3a\xc3\xc3\x31\xde\x07\xf7\x33\xa3\xa2\x3c\x5b\xc5\xe3\x4d\xc0\x53\x8c\xdf\xe1\xb8\x09\x33\xe6\xf4\x31\xa9\xf6\xda\xc0\xc2\x92\x40\x97\x4d\x87\xfd\x21\xbc\x48\x01\xfd\x24\x52\x6d\xb9\xda\xd3\x21\x75\x4f\xd7\x13\x52\x20\x63\x19\x18\xa9\x27\x8e\x96\x49\xd9\x45\x46\x89\xbb\x9a\x13\xbc\x29\xe5\x7d\x9f\x95\xfd\x33\xb7\x7b\xfb\x8d\x6f\x58\xa9\x26\x0f\x2f\x25\x10\x57\x86\xf0\x8e\x64\xca\x6c\xba\xa4\xa3\x8d\x26\xdc\x2e\x14\xab\x61\x8a\x83\xb9\xd5\x47\x74\xd9\xa9\x88\x43\xf3\xd5\xa8\xee\x27\xdf\x4d\x85\xd2\x0f\x11\x45\x26\xc8\x73\xf0\x14\x0f\x09\xa7\x96\xe9\xa3\x9d\x78\x28\x96\x05\xc0\xac\x4c\x22\xf6\x54\x59\x12\x0c\x72\xd9\x92\x6f\x1e\xd3\x63\x10\x9e\x64\xc2\x10\xdc\x18\x73\xd2\x57\x7f\xfb\x1a\xf3\x50\x8d\x54\xde\x7b\xae\xf2\xa8\xac\xd1\xea\xb3\x0a\x08\xaf\x2d\x28\x98\x28\x9d\x5f\xc6\xde\x52\xdf\x4a\x33\xde\xfd\x84\xf4\x6b\x45\xf0\xc3\x63\x51\x97\x9c\x25\xb4\x62\x9e\xc8\xd3\x11\x98\x52\x3d\xd4\xcd\x19\x99\xfc\xcc\xcf\xee\xfc\x12\x0a\x93\xd5\x0c\x0a", 4096)); NONFAILING(*(uint64_t*)0x200028c8 = 0x1000); NONFAILING(*(uint64_t*)0x200028d0 = 0x69a6); NONFAILING(*(uint64_t*)0x200028d8 = 0x20002480); NONFAILING(memcpy((void*)0x20002480, "\x16\x11\xae\x42\x60\x98\x71\x57\x94\x58\xde\x6d\xcb\x5c\x96\xa3\x68\xf6\x0e\x60\x2e\xbd\x14\x43\xc0\xab\x4c\x85\x8d\x3b\x4f\x5a\xa3\x22\x6e\x5a\xcf\xe2\x4c\xfe\x32\x84\x20\x97\x22\xc4\xce\x9d\xed\xb3\x8a\x28\x20\xbc\xfc\x21\xad\xf2\x47\xb2\x90\xe4\x9a\x6b\xb5\x3e\x14\x7f\x9b\xe5\xfc\xf3\xc0\x25\xd8", 75)); NONFAILING(*(uint64_t*)0x200028e0 = 0x4b); NONFAILING(*(uint64_t*)0x200028e8 = 0xfffffffffffffeff); NONFAILING(*(uint64_t*)0x200028f0 = 0x20002500); NONFAILING(memcpy((void*)0x20002500, "\xa6\x4c\xb9\x38\x64\x7a\xa7\xf2\x79\x70\x14\x80\x9c\x6e\x31\x09\xdc\xe8\x8a\x01\xe9\x77\xde\x42\x8c\xa4\xc4\x70\xc7\xe3\xac\x12\xaa\x09\x78\x30\x56\x1a\xe7\x53\x45\x03\x0e\xa4\xab\x2f\xb4\xe0\xb2\xdb\x74\x4a\xcb\x18\xcd\xd3\xd5\x18\xf3\x80\xda\xb5\xd1\x87\x41\xf8\x4a\x20\x7f\x54\x06\x9a\x9f\x0f\xed\x8b\x51\x3d\xdf\x36\x34\x47\x20\xf8\x01\x76\x19\x98\x7f\x97\x6a\xf2\x63\x23\xbe\x81\x84\x54\x10\x81\x66\xd7\xeb\xa3\xd5\x3d\xf5\xf5\x0a\x8b\x6a\x77\x5d\x12\x5e\x7d\x9e\xa5\x59\xd4\xe1\x46\x08\xec\xf3\xe9\x28\x83\x75\xdd\xd6\x3f\x0e\x61\x8a\x1e\x0f\x10\x9b\x89\x40\xd8\xe1\x2e\x15\xe0\x76\x11\x79\x33\x22\x0e\xdf\xf3\x6d\xfa\x59\x2a\x15\xbc\x12\x3f\x4b\x25\x55\x60\x9f\x55\xda\xb4\x4c\x2d\x7e\xe0\xd0\x8d\x6a", 177)); NONFAILING(*(uint64_t*)0x200028f8 = 0xb1); NONFAILING(*(uint64_t*)0x20002900 = 5); NONFAILING(*(uint64_t*)0x20002908 = 0x200025c0); NONFAILING(memcpy((void*)0x200025c0, "\xb4\x75\xd3\xca\x5d\xd7\xa6\xdb\xbc\xcd\x83\x44\x0b\x3b\x11\x6e\xa8\x82\x11\x64\xd0\xd9\xbe\x1c\x6b\x34\xce\x84\x0c\x4f\xd4\x7a\xd6\x0d\xd6\xc9\x79\xe6\x3a\xbd\x6d\x3a\xc0\x48\x54\xf6\xe2\xa6\xc6\xdf\x6d\x2f\x1a\x1d\x7a\xfa\x59\x72\x2a\x9e\xf1\x48\xdf\x1a\xf3\x0c\xd1\x16\x85\x3a\x26\xb3\x95\xfe\x41\x32\x6c\x6c\xc1\x95\xa4\xe2\x51\xde\xa0\xc8\x80\x7d\xec\x6a\x10\xea\x16\x6c\x71\xdb\x96\x1b\xac\x6f\x45\x7f\xbc\xf1\x5c\x68\xc8\x6c\xba\xf2\xaa\xc5\x36\xbd\x4d\xbb\x4a\x87\xa5\x3e\x53\x41\x56\x00\x2d\x77\xd7\x2f\x55\x43\x28\x60\x12\x64\x0a\x88\x02\x28\x2a\x4c\x5d\x1e\x39\x31\xec\xed\xc2\x1b\x0f\x70\xff\xaa\xcd\x88\x82\x05\xba\x93\x10\x2f\x80\x1d\xaf\x83\x88\x85\xf5\x5a\x32\xc1\xb6\x78\xa1\x27\x86\x48\xbe\x8f\xee\xf0\xe3\xf2\x88\x89\xee\x3e\xf9\xb3\x0f\x8d\xb4\x1a\xb8\x80\x9e\x7f\x79\xc3\x61\xb2\xec\x36\xbb\xe7\xc1\x91\x7a\x02\xc2\x08\x26\x56\x71\xc5\xf8\x3a\xc9\x9b\xa5\x49\x30\x23\x71\x93\xc5\xa6\xfa\x3e\x26\xb9\x00\x78\x33\xd5\x8d\xc3\x33\x6f\x87\x7c\x21\xeb\x66\x47\x8d\xc8", 246)); NONFAILING(*(uint64_t*)0x20002910 = 0xf6); NONFAILING(*(uint64_t*)0x20002918 = 0x7f); NONFAILING(*(uint64_t*)0x20002920 = 0x200026c0); NONFAILING(memcpy((void*)0x200026c0, "\xb7\xc9\xac\x0c\xcb\x29\x99\xd4\x20\x1b\xbe\x79\xb6\xfb\x51\x69\xae\xc7\x9e\x29\xdd\xd2\x0d\x05\xcf\x74\xe5\x6a\xe3\x0b\xe9\x8d\xf1\xb8\xdc\x61\x0f\xe9\xc4\x44\x03\x0c\x2f\x98\x1f\x1b\xa8\x75\x88\xdc\x74\xd5\xa9\xdb\x11\x39\x77\x92\x3a\x53", 60)); NONFAILING(*(uint64_t*)0x20002928 = 0x3c); NONFAILING(*(uint64_t*)0x20002930 = 6); NONFAILING(*(uint64_t*)0x20002938 = 0x20002700); NONFAILING(memcpy((void*)0x20002700, "\xe9\x01\x04\x27\x28\x6b\xd8\x89\x55\xb9\xab\x73\xf4\x27\x5f\x3f\x23\xe2\xc4\xc8\x9b\xbf\x25\xec\x92\x99\x11\xd9\x38\x1d\x2c\x48\x4b\x48\xec\x00\xf7\x3e\x91\x2f\x2a\xbb\x37\x9c\xfa\xad\x2a\xf0\xbf\xce\xde\x9f\x4f\x9f\x3e\x5b\x9b\x4c\x8c\x52\x14\x6f\x93\xd3\xab\x01\x45\x72\xa8\x62\x3b\x75\xef\x48\x48\xe0\x08\xbb\xca\xc1\xf8\x66\x74\x91\x00\xef\x85\xf6\xe8\x50\x25\x84\x6b\x93\x21\x2f\x38\x08\x44\x26\x22\xa5\xf7\x86\xc0\xe6\x7f\x61\x85\x89\xa0\x94\x9d\x4b\xf1\xba\x8e\xd1\x43\xbc\xc3\x9f\xf0\x80\x6a\x12\xec\x83\xff\xb5\xd4\x8f\x05\x32\x92\x67\x6e\x4f\xce\xf6\xe1\xf9\x1e\xc6\x25\x4a\xaf\x2d\xa4\x14\x8e\x61\x81\x87\xff\x8f\x65\x4f\x1a\xb6\x89\x00\x0c\x43\x4d\x39\x32\x13\xbb\x25\x9e\x36\xbd\x10\xa3\xb3\x32\x4b\x7c\x05\xf0\x34\xbf\x54\xce\x8f\x3a\x4c\x08\x06\x13\x8b\xde\xca\x6b\x4b\x4a\xcc\x3e\x2f\xa5\x43\x87\xd3\x09\x12\xf5\xbe\xa2\x16\x57\x94\x10\x31\x33\x79", 216)); NONFAILING(*(uint64_t*)0x20002940 = 0xd8); NONFAILING(*(uint64_t*)0x20002948 = 0xab); NONFAILING(*(uint64_t*)0x20002950 = 0x20002800); NONFAILING(memcpy((void*)0x20002800, "\x1c\xc7\xfb\x90\x7b\xac\x4a\x25\x79\x44\x95\x07\x9d\x02\x54\x65\xa2\xe7\xcb\xf3\x59\xe4\x83\x40\x11\x53\x3e\xb7\x55\x7c\x49\x6f\x2f\xd3\xf1\xcd\x4b\xb7\xdd\x60\xa8\xb9\xe5\x76\xa0\x85\xef\x06\x68\xe2\xd5\xb4\x92\x06\x12\xd6\xb4\x7a\xad\x6a\xa8\x9d\x33\x0a\x80\xba\x6b\xa3\x57\x8c\xa9\x31\x9d\xd5\x22\x48\xe1\xa0\x3d\xac\x1c\x21\xaa\x1c\x63\x72\x60\xb3\x36\x0b\x0b\x16\xd0\xbb\x00\xba\x38\xb5\x18\x5d\xbc\xda\xfe\xa4\xef\x43\x6e\xf8\xda\x4e\x00\x03\xc5\x1f\xc0\x6d\x02\xd5\x65\x13\xe1\x91\x27\xfa\xfc\xc7\x9c\xd7\x7e\xa1\x9b\x45\x95\xed\xc6\x29\x55\xbd\xe6", 139)); NONFAILING(*(uint64_t*)0x20002958 = 0x8b); NONFAILING(*(uint64_t*)0x20002960 = 3); syz_read_part_table(0xfffffffffffff800, 7, 0x200028c0); break; case 21: NONFAILING(*(uint8_t*)0x20002980 = 0x12); NONFAILING(*(uint8_t*)0x20002981 = 1); NONFAILING(*(uint16_t*)0x20002982 = 6); NONFAILING(*(uint8_t*)0x20002984 = 0xe7); NONFAILING(*(uint8_t*)0x20002985 = 0xc7); NONFAILING(*(uint8_t*)0x20002986 = 0x63); NONFAILING(*(uint8_t*)0x20002987 = 9); NONFAILING(*(uint16_t*)0x20002988 = 0xf11); NONFAILING(*(uint16_t*)0x2000298a = 0x2030); NONFAILING(*(uint16_t*)0x2000298c = 0xf7c5); NONFAILING(*(uint8_t*)0x2000298e = -1); NONFAILING(*(uint8_t*)0x2000298f = 5); NONFAILING(*(uint8_t*)0x20002990 = 6); NONFAILING(*(uint8_t*)0x20002991 = 1); NONFAILING(*(uint8_t*)0x20002992 = 9); NONFAILING(*(uint8_t*)0x20002993 = 2); NONFAILING(*(uint16_t*)0x20002994 = 0x242c); NONFAILING(*(uint8_t*)0x20002996 = 1); NONFAILING(*(uint8_t*)0x20002997 = 0xdb); NONFAILING(*(uint8_t*)0x20002998 = 7); NONFAILING(*(uint8_t*)0x20002999 = 0xa0); NONFAILING(*(uint8_t*)0x2000299a = 2); NONFAILING(*(uint8_t*)0x2000299b = 9); NONFAILING(*(uint8_t*)0x2000299c = 4); NONFAILING(*(uint8_t*)0x2000299d = 0x9e); NONFAILING(*(uint8_t*)0x2000299e = 4); NONFAILING(*(uint8_t*)0x2000299f = 8); NONFAILING(*(uint8_t*)0x200029a0 = 0xda); NONFAILING(*(uint8_t*)0x200029a1 = 0x39); NONFAILING(*(uint8_t*)0x200029a2 = 0xfd); NONFAILING(*(uint8_t*)0x200029a3 = 0xa4); NONFAILING(*(uint8_t*)0x200029a4 = 7); NONFAILING(*(uint8_t*)0x200029a5 = 5); NONFAILING(*(uint8_t*)0x200029a6 = 5); NONFAILING(*(uint8_t*)0x200029a7 = 4); NONFAILING(*(uint16_t*)0x200029a8 = 0x8000); NONFAILING(*(uint8_t*)0x200029aa = 0xea); NONFAILING(*(uint8_t*)0x200029ab = 0); NONFAILING(*(uint8_t*)0x200029ac = 0); NONFAILING(*(uint8_t*)0x200029ad = 0xfe); NONFAILING(*(uint8_t*)0x200029ae = 0x2f); NONFAILING(memcpy((void*)0x200029af, "\x68\xee\x61\xfd\xaa\xd6\x57\xe9\x53\x1b\x27\xfd\xe2\xbf\x35\x59\x16\x52\x94\x55\x9c\xb5\x29\xcd\x44\xfc\x93\x8b\x5b\xe7\x43\x26\x2f\x71\x47\x73\x81\xda\xba\xd9\x41\xe2\x91\xfc\xf8\x1b\xda\xed\x6f\x94\x8d\x47\x0e\xf6\x9d\x3f\x4d\x91\xba\x2f\x01\xb6\xf6\xcf\x51\x7f\xc9\xd1\x05\xe3\x5b\x32\x46\xc7\x10\xdd\x8e\xbf\x3a\x17\x3d\xf6\x8c\x3c\x87\x63\x14\x01\xbd\x01\x4d\x96\xe1\x66\xae\x29\x92\x0b\x80\xcf\xdf\x81\x94\xf2\x45\x90\xaa\x96\x4a\xef\x90\xef\xf7\x2d\x58\xea\x10\x09\x40\x9b\xb3\x38\x02\x07\xed\x47\x2b\x45\x8c\x2a\x1e\xbf\x54\x85\x4f\x5a\x3c\xea\x7f\x9c\x46\x3c\x5b\x6a\x81\x80\x5f\x3a\x2f\xf6\x04\x47\x57\xc1\xbb\xfa\xd8\xc9\x03\x35\x3e\x39\xc3\xa8\x74\x4d\x9e\x66\x0c\x64\x1c\xe2\x81\x1a\x4e\xe9\x47\xd5\x59\xb5\xd0\xa6\x0a\xd8\x75\x7b\x3c\x84\xbc\xe6\xdd\x09\xce\x64\x31\xaf\x7c\xd0\x60\xf0\xf8\x35\xad\x9b\xc9\xaf\xa9\x3b\x9e\x25\x09\xd2\x63\x11\xcc\xe2\x81\x74\xe5\x17\xbf\x94\xb1\xe5\xa1\x82\x9c\x97\xd8\x3e\x38\x07\xd2\xca\x9e\x28\x75\x5f\x43\xa3\xdf\xb9\x15\xbd\xf0\x21\xd3\x81\x4a\x96\xb8\x50", 252)); NONFAILING(*(uint8_t*)0x20002aab = 7); NONFAILING(*(uint8_t*)0x20002aac = 5); NONFAILING(*(uint8_t*)0x20002aad = 1); NONFAILING(*(uint8_t*)0x20002aae = 6); NONFAILING(*(uint16_t*)0x20002aaf = 8); NONFAILING(*(uint8_t*)0x20002ab1 = 0x7f); NONFAILING(*(uint8_t*)0x20002ab2 = 9); NONFAILING(*(uint8_t*)0x20002ab3 = 0x1f); NONFAILING(*(uint8_t*)0x20002ab4 = 0xd0); NONFAILING(*(uint8_t*)0x20002ab5 = 0x2f); NONFAILING(memcpy((void*)0x20002ab6, "\x64\x1f\xac\xfc\x48\x42\xe8\x19\x1c\x14\xd8\x14\x1b\x17\x08\x92\xfd\xef\xa8\x12\xc3\x12\xe8\x29\x49\x8d\x98\x25\x26\x2c\x2e\x50\x02\xd2\xe4\xd7\xd8\x1e\x3a\xe7\x62\x62\x6f\xd0\xd2\x8f\x00\x16\x55\x23\xa3\x34\x62\xd4\xc0\x92\xac\xd2\x1d\xd3\x0e\x97\xd7\x11\x3c\xb4\xc0\x7e\x87\x18\x3b\x47\xcc\x57\xd6\x12\xcf\x87\xaa\xc6\x8b\xb9\xa0\xe4\xdc\xa1\xd9\x31\x58\x62\xdf\x98\x6c\xbe\x2d\xed\x8d\x46\x6b\x39\x08\xea\x94\xe7\x13\xb3\x1d\x35\x5d\x77\xd7\xa4\x84\x04\xdd\xdd\xa5\xf4\x2c\x76\x95\xf2\x70\xce\xb4\x8a\x1e\x5a\x67\xc7\x9d\xd2\xfa\xde\xd6\x28\xe8\xeb\xc5\x9c\x24\xc9\x81\x59\xd9\x78\x41\x5b\x44\x29\xe8\xb2\x6e\xe2\x45\xc2\xd7\x76\xcc\x28\x8c\xcf\xb4\x4f\x36\x0e\x44\x96\x01\xc7\x7a\xc6\xb9\x7e\x21\x42\x56\x8f\x4d\xb7\xdc\x63\xa2\xc0\xec\x12\x5a\xef\x88\x14\x5a\xde\x54\xd6\xac\x69\xd7\x20\x4a\x7d\xb0\x07\x37\xa8\x58\x35", 206)); NONFAILING(*(uint8_t*)0x20002b84 = 2); NONFAILING(*(uint8_t*)0x20002b85 = 0x2f); NONFAILING(memcpy((void*)0x20002b86, "\x1b\x9b\x4f\x08\x15\x4e\x55\xd1\xe8\x71\x54\xae\xf0\x8c\xa6\x00\x27\x09\x8d\x0b\xc8\x1c\x9a\x4d\x60\x63\x4e\x72\x75\x8e\x3e\x2e\x4a\xbb\x1d\x86\x49\x30\xe1\xf3\x98\xf3\x1f\xb7\x31\x19\x80\xf1\x6d\x11\x79\x47\x6d\xb8\x42\x54\x51\x78\xd0\xe0\xe1\x69\xf0\x1c\x7b\xf3\x50\xfe\xc9\xa9\x50\x09\xd9\x9b\x25\x3b\x0a\x83\xca\x0a\x0f\x51\x18\xab\x8a\x42\xfc\x7d\x15\x81\x6c\x2a\xcf\xc6\x97\x0d\x78\x51\x39\xf6\xb7\x0c\x86\xfb\x5d\x44\x13\xe8\xaf\xfe\x1b\xa5\xfa\xf0\x04\xf4\x45\x9e\xae\xc8\x70\x18\xf3\xce\xb1\xb8\x9a\x62\x05\xaa\xdc\x5a\x9f\xe4\x08\x6c\xc6\xf7\x58\x46\xe9\xa1\x9a\xd3\x71\x2a\xb1\x22\x34\xe4\x7b\xc7\xf1\x74\xb4\x9e\x23\xf9\xf9\x42\x01\xd1\xde\x9f\xef\xa5\x98\x71\x78\x95\xa5\xd2\x9b\xbe\x44\x54\x1e\xbf\x81\x15\xc2\x50\x4f\x49\x7d\x63\xea\x12\x5d\xe7\xc1\x8a\xce\xce\x56\x40\xd6\xd5\xa6\x64\x64\x35\x91\xdb\x7f\x2e\xa2\x70\x6f\x74\xdd\x8d\xa1\x9a\x48\x27\xd1\x08\x13\x0b\x6c\xfb\x8b\x91\x78\xc6\x17\x61\x01\xa9\xbd\xbd\xc5\x79\x03\x11\x8a\x25\x80\xdf\x98\xe1\xfa\xb0\xbb\xce\x3c\x27\x7b\x66\x43\x70\xb8\x2e\x83\x25\x0a\x92\x52\x09\xbd\x08\x4e\x63\x0e\x37\x1f\xf9\x0d\x9c\xdc\xa8\x29\xe9\xff\x80\xb8\x91\x1f\xb6\xc2\xe0\xa7\x01\x49\xb9\x3b\x4f\x3b\xc5\x2f\x96\xde\x2c\x2e\x66\x2f\xe1\xd8\x34\x89\x34\x22\xef\x13\xec\x3e\xb9\x1d\x21\x6f\x1a\xfb\x6b\xbe\xbe\xdf\xa6\x78\xc3\x95\x4d\xcb\x8f\x05\x5e\xd9\x15\xd6\x9b\x0e\x88\x30\x33\x2b\x17\x83\x1c\x6c\xd7\xaf\x74\x5b\x85\x16\x60\x54\x03\x29\x54\x02\x98\xde\x6d\x3b\x8e\x0c\x17\x51\x23\xef\xb5\x5d\x89\x5d\x0f\xf7\x91\x75\xe6\x24\xb1\x29\x44\x66\x4c\xc8\xde\xbb\x5b\xf7\x40\x49\x37\xa8\x75\xee\x05\x75\x05\x29\x90\x96\xd4\x38\xa0\xca\xf9\xfa\x82\x7b\x21\xbe\xb4\x6f\xba\xfc\x11\xfe\xc4\xe6\x00\x58\xac\xb3\x82\xfc\xbb\xb8\x49\x47\x5a\x11\xaa\x18\xf4\x46\x99\x75\xfb\x18\x33\x2a\x63\x33\x4d\x70\xc2\x35\x99\x87\xce\xb9\x48\x06\xfd\x92\x04\xe6\xca\x91\x9e\xe9\xd0\xe7\x26\x5a\xba\x18\xaa\x90\xe5\xff\xfc\xd1\x9b\x25\x2c\x52\xa5\x5d\x51\x2a\xef\xef\x31\xc0\x5c\xd0\x7c\xa1\xc7\xd7\xbc\x25\x0d\x59\x76\x15\x5e\x4f\x7f\x45\x74\xe5\x20\x79\x8c\x79\x35\x96\x5f\x21\x95\x61\x4a\x7e\xe0\xef\x2f\x1a\xad\x55\x2e\xd3\x6a\x7e\x70\x59\x5b\x81\xe3\x2e\xe1\x43\xb3\x0d\x5a\x4d\xf2\x7e\x17\xa6\xe1\xd1\xd0\xbc\xe8\xb0\x61\x55\x52\xc6\xc5\x5a\x98\xcc\x45\x43\x90\x08\xeb\xde\x4e\xb0\x5b\x51\x80\xc8\x80\xe6\x3d\x8c\xaa\x5d\x97\xab\x50\xa9\x85\x70\x25\xeb\x65\x98\xc5\xb0\x00\xff\x98\xa8\xa6\x36\xc9\xf8\x4f\x41\x6b\x27\xb6\xc6\xc3\x40\x46\x55\x03\x37\x5d\x93\x9c\xb9\x93\x24\xef\x7e\xfc\x53\x46\xb2\xd3\x24\x82\x26\x05\x45\x44\xf7\x6b\x0e\x44\x8f\xcf\x54\x29\xa2\x6b\x78\x04\xab\xa7\x65\xb1\x86\x3e\x28\xd3\x17\x9c\x3e\x41\x4c\x92\x6c\x6d\xe2\x0a\x38\xff\x40\xe8\x96\xec\x74\x78\x32\xb7\x49\x22\xbc\x5b\xbd\xb7\x5a\x7a\x08\x66\xb5\x1a\x0a\xbb\x16\x76\x75\xcc\x20\x87\x5e\xbf\xc4\xd5\xac\x23\x00\xf1\x83\x23\xb6\xc2\xd4\x14\x67\x42\x8c\x43\xd8\x26\x2b\x85\x1e\x15\x60\x0d\x09\x91\x85\x64\x5a\xeb\x5a\xf6\xbd\x92\xde\x9b\xb7\x68\x46\x22\xa3\x8d\xf5\xeb\xbe\xd7\x3d\x97\x98\x57\x3f\x4e\x88\xca\x63\x2a\x47\x05\xa6\xad\xf5\xc5\x11\x5b\x11\x24\x48\x82\x36\xd8\xd2\x5a\x2f\x42\xa7\x53\xe9\x0b\xa1\xa1\xd5\x4a\xea\xca\xfc\x72\x79\x3e\xb6\xe7\xf1\x57\x2c\x69\xda\x2f\xd0\x9a\x2b\x07\x1c\x19\x9f\x33\x84\x38\x6c\xd7\x43\x95\xba\xce\xb9\xd6\xbe\x6c\xf5\x8b\xc8\x04\x3d\xdb\x28\xa3\x33\x54\xed\x4d\x45\x36\x05\x4d\xc3\x30\x90\xf8\xc2\x36\x3a\x37\x25\x6e\xe0\x8c\xb7\xd9\xf4\xf1\x5a\x1c\x56\xdc\x12\x40\x46\xfd\x9f\x8e\x54\x1b\x55\x71\xc9\xac\x97\xfa\x4b\x6b\x45\x30\xa6\xaa\xb0\xba\x67\xe5\xce\xb2\x30\x3c\xc0\xfa\x99\xab\xdc\xd0\x55\x93\x4f\x12\x0c\x85\xc0\xa2\xd4\xd8\x8d\x31\x8c\x5b\xa4\x7d\x30\xb2\x54\xdc\x14\x45\xbb\x07\x25\x9e\x6d\x58\xfe\xcb\x1f\x90\xee\xd1\x02\x57\x31\xda\x0e\x94\x93\x5f\x73\xb2\x08\x3a\x8c\x51\x2e\x8b\x4c\x89\x8f\x51\x24\x33\x6a\xff\xa7\x75\x92\xed\x3b\xc7\x05\x15\xb1\xc1\xba\x96\xcd\x31\x15\x17\xef\xe6\x4d\x35\xd2\x9a\x93\xe2\xa3\xd0\xfc\xba\x45\xdb\x36\x00\x27\x29\x46\x86\xbb\x95\x2f\x0f\xa3\x73\x5a\xdd\x67\xc8\xdb\x89\x0e\x7b\x25\x57\x9e\x7e\x77\xa9\x16\x83\x30\xc1\x43\x86\x70\x99\xf6\xaf\xa8\x90\x5a\x4c\x02\xe3\xf0\x34\xdc\x66\x28\x2f\x2c\x77\xef\x53\xc3\x5e\xac\xc3\x26\x65\x62\x64\x7f\x0d\x6c\x10\xe8\x2f\x83\x8e\x85\x86\xdd\x2c\xfe\x5f\x9d\x31\x66\xb2\x4b\xee\x3e\x31\x63\x72\x6e\x91\x72\xe1\x4a\x25\xa5\x9c\x2b\x0f\xc8\x58\x68\xe4\x4f\x23\x16\x32\x38\x6b\x03\xfd\x76\x2d\x66\xa1\xf5\x13\x90\xd7\x17\x86\x70\xc8\x00\x0f\x76\x4e\xd0\x86\xf9\x4a\x9e\x70\x26\xf4\x7e\x83\x8c\x60\x74\x63\xfe\x11\xf4\x4b\x7c\x39\x02\xcc\x38\x43\x70\x9f\x90\x3c\xfd\x8b\xcd\xc0\x32\x36\xed\x75\xb0\xb7\xbc\x47\x8d\x87\x2a\x66\x18\x9b\x5e\x79\x14\x2f\x2a\xc0\x40\x50\x95\x5e\x1d\x03\xad\xa7\x06\x2a\xc2\xd3\xab\xf6\xf3\xdd\x56\x7c\x8a\x84\x3a\xe2\x83\x53\x20\xfe\x15\xfd\xf8\x97\x6c\x1d\x31\x99\x56\xd5\xf9\xbe\xd8\xc6\x4b\x06\xcd\x7b\x7c\x60\xef\xdc\x2a\xb7\x1a\x03\x85\x5e\x17\xa0\xff\x3c\x52\x2d\x24\xf5\x30\xc5\x1a\x1d\x83\xac\x6a\xce\x2c\x58\xb0\x7c\x0e\x5a\x18\xe8\x1f\x4d\x33\x86\xc4\x39\x06\x6e\xe2\xa1\x7c\x85\x6d\xb8\x65\xca\xd5\x41\xff\x3c\x46\x45\x45\xb6\xf9\x9a\xaf\x5d\x01\xa8\x13\x4f\x1a\xbf\x8f\xed\x07\x04\x5c\x25\x17\x64\x99\xeb\x11\xe3\x17\xf8\x8d\x68\xc0\x84\x6f\x06\x85\x6b\x27\xda\x48\xa3\x6e\xbf\x3f\xad\xec\x37\xe0\x31\x95\xe1\x92\xf9\x0f\xda\xd4\x22\x8f\x47\xed\xc1\x24\x44\xe3\x19\x34\xe9\x21\x07\xb1\x3c\x49\xb1\x41\x65\xa2\x29\x75\x3f\xd8\x77\x73\x5c\x46\xc3\x80\x77\x22\xf7\x45\xa5\x10\xff\x93\xe8\xa1\xa7\xf3\x20\x4c\x96\x46\xb9\xbf\x2e\x56\xc2\xd5\xb3\xc5\xfe\xf9\x34\x61\x19\xa1\x7a\xb0\xb8\xce\xa7\xbd\x6b\x13\xe1\xe1\x0b\x6f\xe7\xf3\x5c\xcd\x51\xde\xbc\xa3\x1c\xb7\xe8\x1c\x95\xec\x52\x83\xec\x96\x34\xb6\xe9\xde\x47\x23\xee\xe3\xf9\x29\x0d\x65\xbe\x0f\xdb\xbe\xd9\x61\x2c\xbb\xaf\x9e\x85\x72\xa2\x0f\xcf\xfd\xe3\x96\xff\xbc\x8b\xea\xe6\x08\xeb\x82\x2f\xce\xf6\x28\x99\x44\x39\x14\x5b\xc9\x4e\xb4\xca\xda\x45\x89\x5b\x36\x3b\x6b\xd8\x24\x24\xf7\x25\x8b\xb1\xf2\x50\x9b\xea\x07\x92\x04\x6d\x0a\xd0\x7b\x44\x4e\xf4\x63\xb2\xfe\xd0\xca\x5d\xd1\xa6\xe6\x02\xe8\x8b\xda\xfe\x77\x4b\x5a\x44\xa7\x04\x7a\x09\x29\x06\x10\x5d\x6c\x24\x6e\xdf\xf0\x08\x5f\x52\x6b\x93\xca\x86\x1e\xad\x37\xc1\x94\x79\x0f\x90\x49\x24\xda\xb3\x9d\x44\x82\x19\x2a\x9e\x2f\x04\xff\x44\x29\x28\x54\x22\x4d\x7a\xb6\x64\x60\xa3\xb6\xc7\x77\x5d\x6d\xa6\x4a\xb2\x9c\x2b\x83\x16\x7c\x17\x59\x62\xa2\x4e\xb9\x1f\x81\xf9\x44\xb9\x68\xf6\x48\x85\xc8\xdf\x2f\xe1\x75\x68\x05\x33\x17\xe9\x7c\x69\x1f\x19\x1a\x5b\x12\x67\x8e\x6c\xd2\x79\xc1\xe4\xd9\xfd\x06\xdc\x07\xb4\x00\x81\xd7\x6c\x1a\x1e\xf6\x9a\xa1\x5b\x28\x41\xc1\xd7\x6f\x12\x40\xea\xcf\xf5\x27\xa0\x05\xc2\x11\x46\xf7\xb2\x1a\xed\x2d\x26\xac\x50\x6d\x65\xd8\x5d\x7c\xf4\x0d\x20\xd0\x93\xef\x4e\x1b\x57\x17\x77\xea\x53\xd8\xbb\xe8\xa1\x7b\x55\x19\x83\x48\x38\x40\xc2\x1d\xfa\xa7\x25\x7b\x50\x28\x6e\x14\x88\x96\x54\x1d\x2e\x16\x78\xbf\x0e\xfc\x77\x5e\xf4\x1a\xa2\x83\xe8\xd0\x75\x71\xf3\xf7\x27\xd6\xd4\x11\x5b\xaf\x09\xfb\xf8\x7d\x9e\x7c\x21\xe4\xe2\xa9\x3a\x50\x48\xd1\x41\x2a\x4f\xa9\x87\x6c\x2b\x86\xe7\x11\x26\xf1\x2f\x69\xfc\x50\x83\x8d\x98\x75\xd5\x52\x37\xa3\xf8\x45\x2b\xfc\x0a\x3c\xf0\x39\x29\x36\xe3\xf8\x2f\x1f\xfb\x31\x13\x4c\x1b\x4f\x0d\xa9\x77\x48\x55\xab\x80\x33\xec\xda\xbb\x54\x5f\x02\xc4\x5c\x7a\x8d\x99\x34\xef\xe6\xeb\x85\x33\xaa\x2f\x59\x01\x96\x40\x2a\xa0\xfa\xd4\x72\x75\x0b\xcd\x20\xf8\x1a\xab\x64\xef\x21\x54\xdf\x6f\x26\xd2\xd9\xce\x05\x5f\xe0\x08\xf5\x9b\x52\x9d\x6c\x65\xd0\x1f\xd8\xee\xe5\xa9\x70\x0a\xdf\xb0\xa8\xd1\x07\xa0\x47\x77\x40\x2d\x30\x4f\xf4\xaa\x81\xab\x66\xe2\x20\x6a\xfd\xed\x2b\x7b\xa6\x66\x5f\x60\x11\x0c\x02\x3e\xca\xd3\x22\xd4\x33\xf4\xbd\x96\xca\x0f\xb8\x5d\xa7\xef\xd0\xb4\x0a\x08\x7d\xb9\x53\xb5\xa9\x81\x5b\xdf\x19\xc6\x56\xf6\xd0\x70\x44\x73\x82\x50\xf3\xe3\xe9\xfb\x1e\xc3\x08\x3e\x4a\x7c\x3f\xad\x80\x0c\x3c\xfa\xe1\xf4\xd8\xd3\x67\x4f\x41\x39\x7e\x9c\x8f\x21\x6d\x29\x07\x1e\x7e\x8e\xc2\x20\xaf\xb4\x1e\x64\xbd\x27\x9d\x9e\x48\x6d\x13\x25\x88\x2a\x3d\xbe\xd5\x09\x99\x0c\xa5\x42\x31\x1e\x22\x70\x64\x58\x9c\x95\x74\x6b\x27\x59\x41\x77\x4e\xc2\x13\x7d\xb0\xb8\x64\x91\x80\x5d\x2d\x53\xca\x9d\x97\x1e\x9a\xb0\xfe\xce\x6b\x61\x6f\x89\xc0\x73\x39\x95\x13\x88\x64\x1f\xe6\x2f\xca\xb0\x87\x58\xce\x7b\x44\x09\xb6\x55\x07\xbb\xe3\x9e\x1c\xf4\xd8\xd5\x68\x6a\xd2\x2f\xcb\x2f\xf7\xe3\x1b\x0b\x98\x94\x5e\x50\x41\x2e\xaf\x01\xe2\x02\x54\x98\x98\x16\x20\x26\xc8\x41\x63\x0e\x35\x6f\x46\xbc\x6e\x16\x07\x7d\x26\x8d\x66\xb6\x51\xec\x25\x0d\x5f\x13\x5f\x24\x65\x25\x7b\xe0\x33\x70\x49\x43\x21\x25\xa2\xa4\x2b\xd6\x06\xc7\x0b\xdd\x27\x2d\x9c\xe3\xb0\x2a\x63\x7f\xf3\x5f\xb2\x9a\x11\xef\x0e\x14\xf6\x75\x80\x37\x80\x9f\x7f\x9c\xe2\xbe\x30\x9f\x59\x9e\xa4\xb5\xe4\x0d\x7e\x75\xa0\x80\x19\xfc\xa4\x93\x25\x2c\xdc\xf9\xd7\x22\x19\x5d\x1c\x11\xb8\x17\x8a\x6e\xc1\x08\x93\x87\x7b\x82\x66\xea\x60\x9e\x68\x46\xac\xdf\xf6\x96\xdd\xaf\x59\x73\xbe\xfd\x93\x03\x4a\x38\x9d\x52\xf1\x67\x49\xd0\x1e\x79\x5d\xb5\x15\x86\x3f\x54\xe4\x5e\x5e\xf7\xed\x81\xaa\x54\xa0\x0c\x08\x61\x9b\x2e\x0e\xe0\x1b\x85\x6b\xca\xd5\xb0\x35\xf6\xd1\xd8\x46\x93\x38\xea\xc9\x3b\x66\x49\x01\xad\xd1\x16\xf4\x68\x01\xcd\xe3\x37\xe1\x33\xb7\x5c\x0b\xb6\x83\xa1\x91\xd4\xaa\xae\xdc\x27\x1f\x90\x72\xbd\xd9\x35\x25\x70\xab\x48\xab\xe2\x14\x82\x71\x72\x6c\xe7\x6f\xe7\xb6\x88\x0d\x08\xab\x7a\x57\x30\x82\x0b\x44\x62\x7f\xf3\x1f\x9b\xe1\x65\xcf\x61\x38\xcd\xce\xc6\xca\xe0\x15\x7b\xe9\xf3\x77\xec\x52\xa2\xa4\x3c\x22\xee\x0b\xf1\xe0\xaa\xef\x0d\x59\x3c\x27\x2d\xa0\x5e\x24\x39\x7b\x42\x51\x70\x6f\x9a\x83\x8e\x5d\xdf\xf6\xb3\xe7\xf5\xfe\x19\xa4\x17\xbd\xcf\xb3\xa2\x70\xb2\xa5\xd5\xe8\xb2\x5b\x09\x1d\xc1\x0c\x30\x7b\x86\x33\x5b\x4e\xd9\x88\x23\x06\x25\xc3\x3d\xf0\x74\x49\xeb\xf0\x5a\xa2\xab\xd4\x9e\xe0\xe6\x86\xeb\xaa\x63\x74\xf8\x3a\xdc\xb1\x0d\x39\xb3\x8b\xc9\xa9\xb6\xd2\x04\xcd\xfe\xb7\x7b\x4e\xa8\x15\x9a\x55\x8b\x72\xb0\x61\x45\x24\xf7\xa4\x3c\x11\x3b\xb2\xfc\x81\xde\xe9\x64\x3d\xc7\x68\x73\x8f\x70\x1e\xb8\x88\xcc\x03\x38\x65\x84\xcd\xdb\x3f\x4e\xba\x38\x24\x66\xce\x9a\xa3\x91\xb0\xdd\x7f\x22\xb7\x3d\x7a\x9f\x25\xc4\x97\x36\xf1\x3d\x41\x0f\xd9\x04\x5d\x4c\xe1\xbc\x60\xa2\x4a\xd3\x35\xbd\x03\x42\xd4\xd8\x1b\x35\xda\x8e\x0d\xdd\xe5\xa2\x8c\x51\x9c\xb5\xa4\x1d\xf1\x10\xcb\x5d\x8c\xea\xdc\x4a\x5e\xd1\x3d\x27\xab\x63\x84\xab\x3f\xf4\xb2\xa2\x65\x9a\x13\xf4\x2b\x1c\xd4\xa0\x9c\xae\xb8\xbb\x29\xfd\x43\x13\x98\xec\x1b\x93\x1e\x01\x93\xd9\x11\x76\x05\x35\x17\xcf\x29\x5b\x2e\x75\x95\x40\x32\xe1\x00\xc8\x61\x33\xc0\x6a\x90\x0c\x20\x0d\xd7\x67\xd2\x6f\x23\x47\x9a\x0b\x63\xdc\x44\xef\x38\x19\xa7\x4a\x48\x4c\x69\x2e\x6c\x03\x8b\x09\xf5\x8b\xbe\x20\xbc\x51\x8c\x46\xdf\xe9\x8f\x09\x4a\x82\x5c\xc9\x41\x66\x3d\xa7\x68\x38\xae\xb7\xa0\x21\xef\x99\xd1\x3b\x62\x2c\x2e\xb7\x2d\xa0\x12\xd4\x17\x13\xec\x5f\x24\x50\x4f\x27\xaf\xf1\x8e\xd8\x55\x8e\x6c\xe8\x57\x64\xf7\x89\xee\x00\xfc\x15\xcd\x90\xe7\x69\xed\xff\xfc\x0c\x0f\x5a\x03\x79\x4f\x9d\xc2\xc1\x38\xf0\x72\x41\x1b\xd5\x7c\xdd\x09\xb4\x5f\x67\x87\x7a\x98\xd2\xc3\xc1\x6a\x89\x1c\x20\x1c\x45\xab\xfb\x40\xa2\x03\x8c\x09\x68\x9d\x6e\x3a\x9a\x4e\x45\xe6\x25\xb0\xb3\x62\xc9\x04\xc0\x3b\xf2\xe8\xcb\x27\x33\x7b\xc4\x10\x23\xc8\x30\x7d\xff\xbe\x9a\xfc\xab\x3f\x7e\x62\x3c\xeb\xd5\x4a\xbf\x85\x79\x85\x77\x49\x86\x50\x86\xcf\x27\xcc\x0c\xdf\x1d\x9f\xf1\xea\xd4\x4c\x64\xfd\xcf\xe5\x78\x29\x08\xd3\x02\xa0\x04\xbb\x5a\x56\x78\x3c\x82\x80\xb9\xfa\xb7\x45\xfc\x24\x3e\x66\xcf\xe3\xdd\x47\xa3\x09\xaf\x6a\x32\x6d\x88\xd1\xea\x26\xdb\x02\x9c\x19\x88\xf4\x30\x94\x43\x40\xbc\x9f\x27\x63\x2e\x08\x1f\x57\x20\xbb\x83\x99\xfe\x0b\x64\x6c\x67\x19\x78\x75\x38\xb3\x2a\x6f\x26\xb4\x92\xb9\xf2\x24\xcb\xcf\xd4\x3d\x06\x7e\x7b\x3f\x1b\x39\x4f\xa5\xbb\xbb\x39\x1f\xf2\xfb\x46\x56\x8c\x93\xfd\xc7\xce\xc0\xe4\x90\x68\x9a\x37\x28\xf3\x6b\x00\x7b\xb7\x69\xcc\xb0\xf7\xef\x4a\xb0\x14\xb2\x05\xe8\x23\x2c\x33\xfb\x51\x2e\x82\xc7\x10\x1d\xfc\x02\x4a\xa2\xe5\xd9\xb6\x3f\x3a\xcb\x39\x1b\x26\xdd\xe1\x7b\xfa\xca\x8f\xd6\x62\x56\xd7\x33\xdd\x0e\x55\x52\xf4\xbd\x87\xc8\x11\x39\x77\x4f\x60\xcb\x72\x14\xd2\x2b\x20\xa0\x2f\xa3\x59\x36\x19\xee\x20\xf5\xc7\x84\x12\x09\xf7\x2c\x3e\xa8\xac\x73\xc6\x93\x3a\xe1\x29\x75\x26\x81\x73\xfd\x52\x65\x91\x8c\xa3\x94\xfd\xd8\x3f\xba\x2f\x11\xa1\x0e\x04\x75\xd9\x5f\x1b\xd8\x6f\xb6\xd2\x96\xef\xbd\x4b\x00\x79\x3d\xb7\xb3\x4a\x63\xa5\x61\x12\x83\x30\x3a\xa2\x51\x99\x67\x9b\x14\xda\x03\xbb\x36\xb2\xcb\xf3\x1f\x71\x49\xf0\x58\x51\xee\x6b\xb2\x36\xc9\x3a\x96\x4d\xeb\xb9\x79\xf1\xbb\x28\xd1\xbe\x92\xbc\xfd\x0a\x5e\xc0\x08\xb4\xf0\x69\x63\xf3\xd9\x0a\x60\x93\xba\xc6\xc5\xc1\xec\xe5\xd2\x93\x4d\x69\x21\x17\x19\x43\xac\xf2\x8c\x52\x7d\x75\x00\xa1\x5f\xea\xfa\x98\xec\x0c\x62\x2b\xf8\xd7\xb9\x74\x8c\x19\x42\x51\x09\xa6\xc9\x11\xee\x57\x47\x61\x36\x7f\xef\x46\xdd\x00\x15\x2e\xa5\x7a\x2e\x29\xdf\xc4\xc6\x78\x44\x57\x5d\x20\xd3\x32\xe7\x26\x63\x2b\x2c\x2f\xac\x7f\x89\xea\xe1\xd4\x7b\x32\x24\x44\x86\x89\x02\x0f\x91\x7a\x43\xb5\x2d\x07\x19\xd9\x6f\xe1\x7b\x7e\x64\x5e\x15\xfc\x1a\x90\xb5\x88\x7a\xad\x09\x23\x58\x79\x4d\xac\x26\x63\x81\x66\x44\x7f\x03\x21\xd0\xb4\x13\x72\xd9\x1e\xaf\xc0\x06\xa0\xe0\x9a\x5f\x47\x80\x7c\xa8\x84\x62\xc5\xbe\x2e\x49\x5a\x7b\x5f\x54\x88\xe9\xe2\x95\xe0\x01\x9f\x52\x9d\xd8\x95\xe8\x73\xac\xda\x32\x8f\x6a\xd6\x64\xa0\x67\xa5\x0f\xf9\x3c\x61\x85\xa6\xc4\x4d\x7a\x14\x82\x1b\x7c\xe9\x8b\x44\x27\x11\x94\x08\x2a\xfc\x05\x71\xee\x2d\xac\xc0\xd9\xa4\xd2\x92\xfc\xcc\xa5\x03\xf3\x8c\x54\x75\x0b\x9c\x95\xd3\x53\x9e\x06\xb7\x80\x5b\x4e\xc7\x02\x9b\x54\x9b\x8e\xfa\x73\x36\x7d\x3b\x91\x65\x35\x04\x4d\x2e\x0d\xb6\xc2\xd2\xa2\x33\xbc\x26\x53\xc7\x37\xa1\x4d\x81\x72\xf5\x85\x01\xcb\x99\xb2\xf1\x7f\x17\x9c\xdf\xb8\xea\x2e\x28\xc4\x38\xc6\x84\x5c\xe8\x90\x11\x12\xb0\xa6\x0c\xed\x63\x02\x32\x6c\x11\xc9\xc6\xfc\x51\x27\x2e\x12\xc6\xa5\xcb\x29\x01\x1d\xe2\xab\x05\xd8\x89\xe8\x27\xca\x33\xae\x9c\x14\x8f\x5c\x03\xbb\x8c\xf7\x2c\xc8\x5e\xba\x0f\xe6\xea\x77\x53\x67\x46\x93\xaa\x55\x8b\xfb\x67\xcf\x3d\x65\x54\xaf\x35\x15\x53\x0b\xaf\x1c\xa2\x72\xd6\x05\x0f\x76\x65\x00\x26\xb1\x65\x3e\x99\x9a\x9b\xd5\xe8\x8a\xb3\xd8\x7b\x45\xe7\xe5\x7d\xd7\x8b\x35\xcd\xbb\x25\xae\x2e\x3f\xc3\x15\x7c\x44\x1d\x80\x63\x69\x00\xe1\x83\x9a\x3c\x71\x76\x6f\xce\xab\xf8\x11\xab\x06\x5d\x2c\x73\x98\x27\x16\x41\x60\x39\xec\xfc\xfd\xe6\x22\xb5\x5a\xf7\x16\xbe\x55\x9a\xd9\x84\x2b\xb1\xb3\x05\xa3\xc1\xb9\x14\xa7\xa8\x2c\x61\x11\x32\xe7\x81\x9d\x69\xf0\xb1\xde\x16\x18\xc5\xe0\x8f\x86\x95\x3b\x5f\xfc\xf8\xe3\x56\xd4\xfe\x73\xeb\xe0\x5e\xd9\x14\xc7\x41\x21\x69\x47\xa1\xb5\x0b\x0a\x4b\x2d\x70\x76\x08\x5f\x80\x96\xac\xcb\x39\x2d\x8a\xb8\xf4\xd8\x75\x22\xd2\xd9\x0c\x93\x80\xda\x36\xa7\xe7\xfc\x10\x76\x73\x8e\xab\x2b\xcf\xa2\x0b\x08\x28\x63\x2f\xd7\x50\x23\x2c\x07\xf1\xd1\x5e\x23\x80\xfa\xfa\xda\x2b\xb5\x8b\x60\x35\xea\x32\xce\x76\x35\x2f\xa2\x01\xef\x79\xce\xc0\x8e\xf1\x23\x95\xe0\xe1\xaf\x3f\xfc\x6a\xcd\x80\xec\xcc\x82\x32\x03\xf2\x22\x31\x38\xee\xbc\x82\x53\x0b\x4e\x5d\x3c\xa2\xc4\x7f\x75\xb6\xec\x28\x8e\xcf\xb7\x2d\xc1\x4d\x48\xf4\x37\x26\x1e\xc2\xc3\xd7\x54\xdb\x47\x41\x51\xf3\x3e\x10\x52\xc1\x29\xbc\x22\x37\xe8\xfd\x9e\x37\x6b\x24\xf3\xc8\x95\xff\x29\x82\x85\x76\x06\x5f\x11\xab\xfe\x2a\xa6\xfc\xc6\xce\xbf\x43\x27\x65\x95\x87\x39\xee\x23\xa0\x9c\x23\x24\x03\x86\xe5\xae\x2f\x09\xf2\x7d\x59\x4c\x26\xde\x98\x2a\xc1\x47\x60\xb5\xb5\xcd\xcd\xef\x7e\x2b\xf8\xd1\x6a\x88\x59\xa3\x44\xa6\xa0\x2c\x42\x0d\x68\x2f\x22\x2a\xa9\x3e\x5d\x06\xa7\x39\x99\x4f\x07\x8b\x45\x8b\x23\xe6\x1e\x3f\x1d\x73\xbc\xa4\x46\xf1\xc7\xbb\x61\x2f\xa7\x8c\x49\x2a\x2c\xc3\x3e\x28\x62\xf5\xcb\x14\x3f\x81\xcd\xac\xf7\xc8\xae\x1d\x23\xab\xe7\xfe\xba\xae\x26\x89\xa1\xe6\xf0\x25\x18\xd1\xc8\x7a\x76\xca\xf1\x67\xb4\x09\x80\x8e\x61\x19\x2e\x29\x0a\x92\xb0\x0b\x0a\x45\x86\xe7\xc5\x10\x45\x0d\x0b\x88\x63\xb6\x85\x6c\xcb\x0d\xb1\x75\x66\x59\x82\x3d\xe5\x4a\x53\x39\xaf\x71\x2e\x02\x65\x67\x4e\x7d\xff\x6c\xc9\x58\x61\x4b\x39\xd9\xbc\xc5\xcb\x42\xda\x33\x96\x8d\x43\xef\xd9\x5c\x24\xc5\x77\x34\xe6\x98\x30\x9a\x4a\x32\xd0\x1c\x40\x68\x10\x2d\x77\x29\x9f\x6d\xc9\x54\xf1\x86\xa0\x3a\x5c\x13\xfe\x74\x66\xb3\x31\xdc\x40\xef\xc5\x70\x05\xaf\x33\x42\xce\xf6\x02\xc0\xd1\xb3\x42\xee\xf0\xba\xff\x2b\x7f\x1c\x02\x48\x18\x45\x85\xa5\xb3\x48\xfa\xad\x45\x43\x58\x88\xf6\xfa\x01\x11\xf3\x48\x81\xc7\x2d\x8d\x23\x72\xa3\xf5\xcf\xfe\xe4\xb1\x6a\x49\x00\xef\x7d\xaf\x03\x21\xd2\x3d\xb0\xb3\x80\x06\x41\x72\xa6\x5b\xd2\x50\x37\x69\x33\x11\x55\xeb\x92\x07\xda\x0b\x0b\x41\xc9\x34\xbf\xbc\x90\x4d\x81\x9f\x9e\xac\xaf\xf4\xc3\x42\x9f\x19\x12\x77\xa5\x87\x2b\xcf\xef\xc2\x44\x41\xd4\x34\x25\xef\x16\xf9\x64\x9e\x2c\x06\x24\x9a\x4a\x47\xd9\x13\xad\xec\x69\x90\x6e\x6b\xa2\xc6\x6f\x4a\x43\xa1\x92\x63\xd7\x4f\xae\x7c\xf2\x43\x1b\xc5\x73\xa6\x2e\xce\xb2\x44\x2a\x2e\x46\x4d\x9f\xe3\x47\x29\x12\x15\xce\xaf\x9d\x2c\x25\xe9\x7e\x72\x5e\x1a\x68\xe6\x45\xe0\xdd\x0f\x35\x71\xc5\x1f\xed\x2e\x13\x27\x21\x78\xf4\x8d\x25\xcd\xa7\x37\x4b\xe1\x25\x76\x56\xf6\xe0\x17\x78\x45\x47\x4c\x1c", 4096)); NONFAILING(*(uint8_t*)0x20003b86 = 7); NONFAILING(*(uint8_t*)0x20003b87 = 5); NONFAILING(*(uint8_t*)0x20003b88 = 3); NONFAILING(*(uint8_t*)0x20003b89 = 1); NONFAILING(*(uint16_t*)0x20003b8a = 4); NONFAILING(*(uint8_t*)0x20003b8c = 1); NONFAILING(*(uint8_t*)0x20003b8d = 0x89); NONFAILING(*(uint8_t*)0x20003b8e = 0x2a); NONFAILING(*(uint8_t*)0x20003b8f = 7); NONFAILING(*(uint8_t*)0x20003b90 = 5); NONFAILING(*(uint8_t*)0x20003b91 = -1); NONFAILING(*(uint8_t*)0x20003b92 = 0); NONFAILING(*(uint16_t*)0x20003b93 = 0x16d); NONFAILING(*(uint8_t*)0x20003b95 = 0); NONFAILING(*(uint8_t*)0x20003b96 = 7); NONFAILING(*(uint8_t*)0x20003b97 = -1); NONFAILING(*(uint8_t*)0x20003b98 = 0xd2); NONFAILING(*(uint8_t*)0x20003b99 = 3); NONFAILING(memcpy((void*)0x20003b9a, "\x2d\x75\x5d\x14\x78\xd9\x23\x89\x76\x60\xae\xbf\x03\x38\x91\x13\x45\x33\xa4\x6b\x90\x8d\x26\xf3\x98\x85\x61\xc8\x81\xfd\xbf\xcb\xb4\xcb\x20\xaf\x55\xaa\x92\xb2\x52\x52\xef\xff\xc8\x85\xa2\xb3\xfd\x25\xb9\x0d\xfa\xcc\x80\x6b\xae\xc7\x8f\xbb\x9b\x92\xf9\x6f\xfa\x2d\x0a\x65\x30\x32\xd3\x58\xce\x49\x1b\x93\x8a\x5d\x7c\xdf\xc7\x35\x7e\x3e\xd5\x18\xd3\xe7\x8c\xd8\x9e\x42\x95\xfd\x1c\x8d\x8a\xe1\x9b\xc0\x6f\xe7\xd1\xfb\xf4\xaf\x59\x20\xca\x33\xb3\x3f\x13\xbe\xeb\xe4\xfd\x38\xb0\x72\x4f\x3f\x9e\x75\x95\x43\xc9\x96\x6a\x7f\x2a\x8d\x98\x96\x0f\x32\xa8\x11\xe9\xb5\xf2\xd2\x27\xa0\x1c\xcd\x84\xd1\x8b\xf4\x3f\x0f\x89\x37\x7a\x45\xf1\xd9\x46\x6a\x83\xef\x26\xac\xf8\x6a\x6f\x72\x8a\x6c\x00\xf6\x54\xb0\xe2\x92\xa9\xd2\x59\x19\xe9\x33\x55\xbc\xcd\x59\xf0\x62\x77\xa5\x63\x9f\xb9\xec\xab\x2c\xb8\xc6\x14\xf8\x14\xcd\xf3\x49\x9a\xfc\x30\xab", 208)); NONFAILING(*(uint8_t*)0x20003c6a = 0xb3); NONFAILING(*(uint8_t*)0x20003c6b = 0x31); NONFAILING(memcpy((void*)0x20003c6c, "\x84\x00\xa8\x99\x98\x92\xe6\x16\x9b\x07\xa1\xcd\x06\x14\x89\x77\x21\x2b\xf7\x6d\x21\xb1\xc7\x63\x92\xc3\x75\xd1\x88\x54\xdf\xe7\x88\x67\x69\xa9\xae\xaa\x63\xe5\x42\xc1\x9e\x64\xbd\xe1\xde\xbb\xae\xdd\x25\xba\xa8\xcc\x21\x31\x3c\x36\x9a\x85\xd7\xa9\x4e\x52\x95\xe8\x54\xb8\x3b\xe1\x56\x91\x7c\x81\xed\xa1\x57\x6a\xe3\xc4\x74\xbf\x23\x32\xd0\x93\x98\x9d\x3e\x28\xdb\xe1\x43\x49\x4f\xc2\x73\xe6\xa3\xd9\xf2\x29\x5c\xdc\x84\x17\x1a\xb0\x57\x95\x4d\xea\x92\xf0\x70\x5d\xfb\xd2\x89\x91\x95\xba\x40\xad\x6f\xf9\x55\xeb\x32\xff\xd8\xea\x4b\x64\xab\xd0\xe3\x21\x92\x10\x30\x2b\x83\x19\x71\x5c\xdd\x87\xd9\xaf\x35\xde\x7f\xe4\xba\x18\x04\x0d\x64\x65\xb7\xcf\xdf\xa6\x1a\xa3\x21\xb9\xb1\x63\x42\x35\x91\x29\x95\xb0\xb9", 177)); NONFAILING(*(uint8_t*)0x20003d1d = 7); NONFAILING(*(uint8_t*)0x20003d1e = 5); NONFAILING(*(uint8_t*)0x20003d1f = 9); NONFAILING(*(uint8_t*)0x20003d20 = 0); NONFAILING(*(uint16_t*)0x20003d21 = 0xff); NONFAILING(*(uint8_t*)0x20003d23 = 9); NONFAILING(*(uint8_t*)0x20003d24 = 1); NONFAILING(*(uint8_t*)0x20003d25 = 1); NONFAILING(*(uint8_t*)0x20003d26 = 2); NONFAILING(*(uint8_t*)0x20003d27 = 2); NONFAILING(memcpy((void*)0x20003d28, "\x78\x05\x16\x5a\x45\x34\x67\x80\x2c\x90\x5f\x88\x83\xd1\x9e\x22\x5a\xd5\x7d\xdd\xf1\xac\x6d\xc6\xd6\x9d\xe6\x2b\x38\xfc\xb7\xd1\xc1\xe8\x05\x32\x1c\xc4\xfb\xda\x35\xb8\x57\x14\xd9\x41\x9a\x78\x68\xae\x75\xd6\x3f\x09\xa8\x34\xff\xf9\xad\x13\xbd\x67\x47\x2f\x12\x3c\x84\x85\x13\x2b\x21\x7c\x6f\xbc\x01\x08\x06\xa3\x93\x77\xe6\x50\xc0\xd6\x9c\xf3\x00\x48\x6d\x0c\x55\x0e\xa1\xf4\x90\xd0\xda\x3b\x39\xa2\xb6\xdd\x02\x28\x2a\xd8\xb4\x22\x52\x31\xf9\x15\xce\x88\x51\x69\xa5\xff\xa2\x3c\x29\xe1\x5d\xb8\x6c\x28\x87\x8b\xf5\x7d\x40\x06\x73\xc9\xb4\x5c\xe4\xb1\x50\x30\xc9\xef\xed\x9f\x75\x4d\xff\x6c\x22\xb5\xa2\x6e\x00\xa5\xb0\xca\x41\x8b\x62\x06\xc4\xf8\xab\xef\xb0\x3a\xd8\x95\xba\xe1\x49\x33\xd5\x30\xb0\x0f\x53\x62\xc2\x2f\x9d\xc2\xe8\xd2\x79\x74\xa8\x60\x87\xa9\x4e\x9d\x3d\xe4\x28\x54\x37\x7c\xc0\xb9\xaa\x0c\x09\xe1\x3e\x4f\x5b\xad\xf5\xa9\x33\xaf\xda\xc8\x59\xb7\xf7\x17\x09\x21\xce\xa6\xe3\x28\xc4\x6c\xaf\x88\xfc\x43\x8b\xf5\x16\x1b\x67\x7e\x43\x7c\x80\x8c\x41\x54\x74\x5f\xd3\xe1\x06\x48\xf3\xf9\x40\x64\x59\x7c\x65\x7b\xf0\x8e\x2a\xaa\xa0\xfa\x41\x49\x54\x66\x44\x5b\x4d\xe5\xdf\xf0\x06\x05\x90\xf7\xf6\x06\xa3\x4f\x51\x27\x85\x0f\xe2\xa4\x9b\xd2\xd6\x99\xe8\x3c\xc9\xd6\xa9\xa5\x76\x49\xec\x25\xc9\xad\x91\xfa\x9a\x58\x53\x84\x5c\xaa\x5d\x92\xea\x67\x60\x69\xfd\x8e\x34\x6c\x9f\x08\xcb\x42\x5a\x11\x95\x9d\x74\x0e\x82\xe4\x8e\x02\x58\x21\x76\x7d\xbf\x73\xab\xc0\x24\x8c\xec\xe1\x46\x6e\x08\xfd\xf7\x43\x59\x79\xf9\x93\x30\xb5\xdd\x34\x9e\x29\xda\xaf\xff\x03\x6b\x35\x33\x7a\xf5\x25\x4e\xe2\x95\xc8\x3c\x23\xec\x82\x16\x9c\xcb\xf5\x45\x79\x9a\x14\xc4\x39\x1b\x54\xc1\x2a\x89\xf6\x50\xfe\x0e\x9e\x26\xfc\x1f\x0d\x0d\x88\x53\x2b\x7d\x10\xa8\xbe\x51\x7b\xb6\x51\x32\x38\xc2\xd1\xf4\x76\x95\x89\xf7\x68\x0f\x59\x79\xeb\xef\x48\x49\x85\x96\x0f\xad\x91\x19\x94\x44\x97\x07\x03\xdb\xa2\x51\xe2\x4b\x89\xfc\x48\x07\x46\x11\x3a\x68\x61\xc9\x61\x9b\x69\xff\xdf\x19\xbe\xd1\xca\xac\xa1\x5f\x85\x2e\x69\x30\x3b\xb2\xd1\xe8\xf9\xeb\x1e\x84\x15\xf2\x24\x18\x1c\x2b\xde\xbb\xe2\x14\xf8\x02\xbf\xad\xdc\x86\x5f\xdf\x91\x91\x76\x87\x06\x8c\xc5\x7a\x15\x06\x12\x21\xfb\x95\x22\xcf\xcd\x37\xf1\x7a\xf2\xd1\x2a\xaf\xbe\x28\x35\x5e\x12\x20\x3b\xda\xcb\x7e\x5a\xba\xb0\x44\xcb\x34\xfd\x1a\xbd\x6f\xeb\xc0\xa8\xfc\x03\x6b\x08\x07\x21\x06\x2b\x29\x85\xc6\x54\x84\x39\xdc\x1d\xcd\xf2\x6c\x5a\x5f\x2d\xfd\xae\x0b\xc3\xf5\x77\x74\xcd\x22\xce\x59\x72\xca\xfd\x03\x04\xa4\x4a\x43\x1b\x03\xe3\xcf\x13\x2a\x87\xae\x8c\x92\x15\x55\xf6\xbd\x25\x2e\x80\xed\xd1\x26\x8c\xd8\x05\xa8\x13\x40\x50\x1d\x4b\x6a\xc9\x3f\xa7\x1f\x52\x19\xd7\x57\xeb\x3f\x9d\x7b\xb3\xd1\x84\x55\x13\xac\xb6\xd4\x2d\x1e\x39\xac\x12\xe9\x49\xbd\xca\x81\x94\x37\xc5\xc4\xb0\x14\x33\xa4\xba\x50\xd9\x1d\x6c\x6d\x1a\x4d\x6e\x3d\x47\x5e\x97\x2e\x21\xda\xaa\x81\x32\x38\x2e\x04\xc3\xe8\x7f\x18\xaf\x61\xe4\xf3\x9d\xa1\xf3\x0f\x5e\xc4\xf5\xbe\x02\x96\x4d\x77\xb0\x4e\x09\xbc\xc9\x84\x82\x28\x4d\xed\xaf\xba\x43\x6c\xf8\xba\x59\x34\xd4\xb7\x20\x6a\x9c\xf3\xa1\x48\xaa\x83\x3a\x1c\xc6\x1a\x35\x89\x23\xf4\xf5\x5d\x59\xc5\x45\x94\x61\xfd\x44\x36\x7e\x9a\xfa\x2b\xa0\x71\x5d\x46\xeb\x8a\xa7\xcb\x95\x92\x19\xc1\xdc\xa8\xfc\x6e\x77\xfe\xc6\xb7\x58\xcb\x37\x99\xb8\x27\x4b\x58\xd0\x3a\x62\xf5\x2b\x24\x5a\x74\xe4\x2b\x33\xe5\xb8\x9f\xb0\x66\x23\x52\x58\xd4\xfe\x5b\x66\x1a\x87\x66\x57\xb7\x9b\x85\x29\x67\xc4\x92\x82\x1b\x90\xaa\x10\x66\xa3\x9a\x9b\x71\x56\xbb\x62\x20\x11\x43\xd5\xd2\x0c\xae\x8a\xc0\x33\xc1\xd9\x61\x59\xe7\x82\x75\xc6\xac\x41\x2b\x8b\x50\x37\xcb\xe9\x2c\xf5\xb0\x5f\xbb\xbe\xf6\x43\x68\xfe\xc7\xa9\x96\xf4\x72\xfa\xbe\xca\x82\xef\xd5\xe7\x7c\x99\x51\x0a\x0b\x0e\x71\xf4\xd7\xb6\x84\xce\x0c\x4b\x63\x92\x78\xa2\x5b\x4c\x6d\xda\x7a\xf5\xec\x02\x13\x20\xc2\xe9\x43\xf2\xfc\xbe\xaa\x1e\xc1\x3d\xb1\x6f\x86\x71\xbd\x09\xbc\x46\xdb\xa7\x32\xe2\xfd\x35\x54\xf8\x1d\xb3\x3c\x70\xfd\xab\xeb\xb3\x09\xe1\x29\xd0\x53\xcb\x4a\xb7\xb9\xa4\x9f\x9a\x1e\x2d\xf2\x5c\xba\xf1\xa4\x2e\xed\x21\xac\x59\x28\x4c\x17\x9b\x86\x40\x14\xa1\x29\x5d\x2c\x70\xfd\x76\xb3\xb9\x3f\xef\x43\x79\xa7\x76\x30\x82\x78\xf7\x66\x58\x7a\xd0\xf5\x00\xca\xfc\x9a\x04\xb0\xb7\xda\x63\xfe\x44\x64\xa5\xbc\x6b\x34\x98\xc1\x1a\xf1\x7c\x66\xd2\xcd\xe7\x8d\x7b\x54\xde\x3c\xeb\x76\xe1\xf1\xa4\x96\x09\xbc\x7e\x1d\x60\x1e\x8a\x81\xd1\x36\x21\xe8\x5d\xc0\x48\x4c\x4e\x68\x78\xc9\xb3\x4c\x6b\xe2\x5f\xd4\x15\x04\x47\x0d\x70\xe3\x70\x2d\x32\x7a\xf6\xf2\x07\x12\x30\x84\xee\xc1\xd4\xdd\x74\x24\xeb\x51\x13\xf9\x17\x20\xb3\x93\x97\xff\x44\x54\x03\x8a\x96\x2e\xeb\xb9\x8d\xbf\x89\x72\xe7\x40\xdb\xf3\x58\xce\xd4\xcc\x5b\x66\x47\x92\xa1\x6a\xf2\xcf\x6e\x89\x02\x8c\x26\x56\x32\x9d\x71\x33\x61\x0b\xfc\xc2\xe7\x51\x36\xb1\xc7\x6e\x18\xbc\xef\xdf\xf5\x06\x92\x36\x98\x95\x01\x49\x90\x98\xc0\x65\x86\x07\x26\xcb\xe1\xdf\x97\x5f\x80\xd2\x77\x54\x6a\xb3\x7f\xce\x84\xd2\x33\x2e\xff\x2e\xc8\x1f\xe0\x12\x2e\x43\xa3\x20\xfa\x6c\xb5\xe2\xb6\xb4\x25\x3c\xa8\x40\x17\x7b\x87\x44\xdf\xac\xd7\x2d\x41\x50\x58\xdc\xed\xc7\x66\xf8\xab\x37\x7d\xc8\x5e\xd8\xe6\xf6\x82\x4c\x37\x88\xdf\x30\x77\x9f\xc7\x40\x33\xad\xd8\x3d\x0f\xf8\x2c\xc9\xcb\xab\x41\x24\x6e\x86\xc6\xde\x8f\x54\xfb\xe1\x81\x83\xa9\x2d\x88\xe7\x5e\x29\xf0\x8c\x91\xbf\xed\x4d\xfa\x8b\x9e\x1e\x3e\x80\x0a\x33\x6e\xb7\xea\xde\xce\x23\x47\x7e\x4c\xb3\xa2\xed\x1b\x03\x62\xba\x9b\xc5\x73\xaf\x9f\x01\xd2\xaa\x75\xfa\x6d\x8d\x9d\xd0\x69\x7f\x92\x97\xa5\x68\x80\x74\xdc\x63\xb4\xd7\xf8\x82\x84\x2b\xa4\x26\x44\xca\x74\x9c\x55\x28\x83\xf6\xb9\x64\x9c\xb8\x09\xea\xbb\x67\x77\x0d\xd6\x12\x75\xdc\xfe\x31\x0e\xce\x2c\x65\x0d\x11\xb5\xc9\x3b\xce\xe9\x31\xe5\x74\xf6\x5b\x56\x32\x2d\x92\x2b\xe5\xc6\x61\xd1\x81\xb8\x92\x84\x22\x52\xa3\x34\xc4\xe9\xd7\x62\xd0\xcd\x9b\x83\xb4\x32\x7f\x2c\x59\x92\x3d\x28\x3f\xc3\x64\x81\x51\x7b\x8c\x12\x56\x5e\x94\xf1\xb4\x62\x97\xb7\x59\x03\x20\x43\x16\x18\x56\xf9\x7c\x6d\xea\xed\x34\x1b\x2b\xb0\x54\x2a\x43\x81\x17\xb2\x36\x31\x84\x7a\x32\xd0\xd6\x8e\xda\x74\x7b\xf7\x54\xa0\x91\x80\xbe\xef\x32\xf0\xa1\x81\x3a\xfa\xb1\xb8\x69\xcc\x3b\x98\x41\x32\xee\x80\x0f\x69\x9e\xf0\x77\x37\x46\x3a\x23\x15\xd5\xf4\xea\xe7\x4c\x4e\xe8\x85\x30\x7a\x9a\x0d\x64\x44\xf8\x2a\xf0\x01\x90\xbd\x2c\x5f\x96\xb4\x46\xab\x13\xa4\xc5\x25\x7a\x98\x5b\x65\x06\x44\xc1\x97\x44\x37\x8f\x49\xaf\x21\x82\x51\xb9\x8c\xa0\x45\xe6\xde\xf7\x6d\xd0\xe6\xf9\x48\xd7\x9a\x95\x80\xdd\x89\xd3\x73\x37\x9e\xbd\x70\xde\xb4\x96\xc9\x82\x2d\x29\xa7\x1c\x06\x6e\x37\xd3\xbc\x06\x59\x36\xe4\xa1\xa2\xfc\xbc\xc3\x4f\xa3\xe7\x8f\x39\xf7\xf9\xb6\x96\x2d\x1e\xe5\x7c\x21\x9d\x39\x8f\x25\xd4\x6f\x35\x3e\x6b\x94\x6a\xbe\x71\xeb\xcc\xd8\xa1\x7b\x5d\x11\xdf\x6d\xae\x09\xb4\xb7\x01\x7c\xbe\x8e\xec\xd9\xdb\x42\x95\xb4\x8a\x97\x9a\xa6\xd3\xd0\xbb\xb8\x34\xbc\xff\xcd\x02\x71\xaf\x35\x6e\x19\x08\x0d\xd6\x6a\xf7\xda\x3d\x37\xaf\xe5\x41\xdc\x24\x05\xfa\x0a\xc0\xbf\x90\x15\xe7\xd1\x1d\xab\x48\xe0\xa6\xfd\x20\x87\x14\xd9\x68\xc9\x5f\xec\x70\x82\x83\x91\x0f\xe7\xa7\x6a\xa9\xe7\xdd\xf2\xe2\x17\xf4\x8c\x7a\xe5\xce\x80\xe3\x05\x54\xcf\xbe\x48\x54\x6f\x97\x85\xa1\x48\x64\x1d\x3e\x07\xf2\x5a\x48\x75\x1b\x50\x6f\x4f\x23\x75\x5d\xdc\x25\x37\xc5\x91\x0c\x73\x0a\x69\x3b\xba\xf6\xf3\x92\xca\xdf\xa4\x21\xe2\x1a\x65\x60\xd8\xc8\x6d\xf7\x02\x91\x2d\x92\xe4\xca\xdc\x52\xe1\x1e\x1e\xc6\x7c\xe4\x9e\xfd\x04\x5e\xb0\xf8\x28\x5b\x9f\x0b\xf7\xf5\x34\x18\x23\x68\x0e\x79\xa4\x49\x1d\x2e\x99\x35\x43\xf0\x60\x63\x18\xa2\x78\xf2\xc4\xa2\x4b\x26\x42\x82\xfb\x9b\x04\x34\x16\x10\xfe\x74\xd0\x1b\x7a\x41\x57\x0a\xcb\x23\xcb\x13\x8b\x85\xd6\xd6\x5f\xce\x47\x4a\x8c\x01\x8e\x13\x89\xba\x6e\x5b\x9b\x37\xd0\xd5\xab\xe1\xd6\xa9\x94\x00\x5e\x9b\x13\x58\x05\xa2\x3b\xda\x05\xb4\xe4\xc3\x0b\x76\x99\x1b\x11\xa9\x7d\x9d\xbe\x26\xc9\xbd\x5a\x4a\x03\xaa\xb9\x26\x9b\x07\xfb\x30\x1e\xee\xb8\x3d\x22\x6e\xec\x5a\x8d\xb1\x34\x57\x27\xf6\x38\xa1\xa6\x9a\xfd\x60\x6e\x96\x2e\x68\xd3\xbd\xd1\x78\x77\x6b\x1d\xc2\x0c\xe9\x72\x8c\x68\x02\x9c\x42\xbd\xab\x8c\x48\xf5\xb3\x1c\x87\x7f\x36\x64\xe6\xd4\xdf\x5c\x6d\x72\xd3\xcc\xd6\x5f\x62\xbc\x40\x1e\xc3\x23\x30\xd6\xf9\x46\x94\xf9\x6e\x0d\x18\xb5\x38\xd6\x4d\xeb\x04\x98\xe1\x30\x5a\x64\x16\xb4\xf5\xda\x60\xab\x01\xeb\xda\x80\x54\x5e\xe6\x73\xc9\x1d\xaf\xc2\x2a\x44\xfd\x7c\x3a\x04\x27\xd1\x1f\xf0\x10\xe1\x90\x58\xb6\xf2\xea\x9f\xb0\x32\xa8\xfe\x1e\x77\x45\x0d\x56\xf1\xfa\x80\x77\x0b\x1a\xc3\x6f\x80\xc6\xfb\x23\xd4\x43\xaa\x3a\xc3\x59\xbf\xcb\x0c\x52\xe1\xa7\x94\xf3\x27\x47\xdf\xc8\xaa\x5e\x8d\x23\x85\x2a\xc5\x0b\xa6\xfe\xdc\x8a\x70\xf9\xe9\xae\xae\x58\x25\x76\xe0\x02\xe5\x52\x9c\x29\xaa\x2e\x6e\x86\xbe\x83\xb5\xea\x1c\x13\x9d\xb4\x01\x75\xac\x16\x56\x9d\x56\x2c\xfe\xb5\x0a\x17\x61\x73\x0b\x06\x51\xfa\xdb\xac\x8f\x84\x2b\x7f\x15\x19\x78\x9b\xbb\x31\xeb\x16\x81\xbf\x85\x9c\xcf\x0f\x98\xba\x01\x1a\x9c\xc6\x3a\x7f\x12\x94\xfd\x93\xe5\x8e\xc8\x52\xa7\xb1\xee\x64\x7c\xb6\x94\x99\xa4\x54\x93\xda\x45\x4f\xa6\x78\x90\xce\xa3\x55\x8c\x76\xad\x01\x23\x82\x24\x0f\xdf\x5d\xff\x44\xfd\xa6\xd9\x79\x56\x03\xb9\xa5\x7b\xd0\x0b\xd0\x7a\x95\xc8\x1b\x53\xac\xfc\x03\xe2\x28\x23\x96\x20\x82\xbe\xdf\x49\xc5\xd8\x1b\x88\x8c\xbd\xbd\xa1\xf8\x51\x93\x51\x47\x3a\x4b\x74\x48\x34\x71\x41\x2a\xee\x28\x77\xdb\x32\x53\xb8\xd5\x81\xd2\x49\x50\xae\x6a\xc3\x6d\xe8\x91\xd7\x68\x9c\xe8\x8f\x20\x16\x81\xf7\x4c\x10\xe0\x70\x04\xe3\x8d\x2b\xc8\xdd\x4d\x06\x54\x5f\xa7\x6c\x20\x21\x82\x35\x0f\xe8\x90\xaf\x06\xf8\xb3\xad\x03\xff\xd2\x91\x9d\xd0\xb9\xbd\xd7\x87\x40\xa4\xfa\xc6\x74\x7e\x11\x86\xf3\xc1\x2d\x19\x68\xa4\xed\x05\xec\x38\x37\xb4\xa9\x27\x40\xaf\x11\xa7\xb1\x66\xdd\x48\x97\xdf\x64\x6a\xf2\xc3\xaa\x61\x8d\x1c\x20\x53\x1c\x19\x2d\xf9\xbf\x1c\x5f\x0c\x8b\x7e\x5c\x3b\x71\x0f\x58\x5c\x05\x64\x65\x24\x62\x19\x88\x62\x59\x0b\xfe\x2e\x03\x15\xd9\x3d\x19\x0d\x59\x2e\x84\xbf\xe2\x80\xe7\x69\x43\x91\x2a\xcc\xce\xde\x7a\xa9\x94\xe2\xdc\x77\x3d\x75\x17\xa6\xb3\x27\x20\x2f\xa5\x27\x94\x15\x74\x58\xb5\xe9\x9b\x50\xe0\xb7\x9b\xe3\x2a\x36\x75\x85\xaa\x30\x13\x78\xea\x34\xea\x00\x80\xea\xaa\xaa\xa2\xc9\x63\xf6\xbf\x90\xfd\x82\x5b\xf2\x6e\x68\x17\xfc\x84\xd8\x82\x50\x6c\x5a\x6b\x5e\x8d\x58\x86\x61\x48\xd5\xf2\x3a\x8a\x7a\x27\xb1\xe1\x79\x0e\x95\x27\xb6\x67\x05\x02\xa6\x1d\x03\x28\x4a\x04\x46\xca\x56\xe2\xe1\xe9\xc4\x05\x29\x7b\xe3\x6b\xb6\xab\xdd\x54\xf2\xf4\x71\x10\x4f\x2f\xa1\x5f\x18\xa6\x66\x9a\x4a\x1e\xad\x45\x87\xb5\x2a\x71\x46\xe6\x0c\x69\x08\xe5\xf2\x46\xff\xcb\x51\x63\xde\xe7\xfa\x6e\xb8\x2e\xa3\x7c\xee\x55\x19\x93\xcb\x7a\x90\xc4\xff\xeb\xf0\x62\xd3\x3e\x09\xb4\x46\x4c\x76\x84\xe6\x55\x21\x20\xd6\xcc\xa9\xf0\xff\x8d\xf9\xdb\x9b\xaa\x71\x7a\xf4\x0d\x08\x77\x7f\x93\x0b\x77\x65\xef\xb5\x8f\xf2\x9d\xcd\x68\x92\x19\xbf\xdb\x35\x8a\x71\x52\xb3\x51\xb8\xc8\xec\x3d\x4a\xdd\xbb\xe1\x5a\x24\xb8\x61\x1d\xd0\x56\x1e\x55\xcb\xdf\x0d\x70\xee\x1b\xd6\x13\x2e\x5c\xae\x08\x8f\xae\x63\x84\x9c\xa7\x27\xdf\x54\x53\x8b\x75\x3a\x1d\xd8\x49\xbe\xdf\x09\x7c\x03\xc8\x69\x1d\x43\x40\x29\x0e\x9e\x7c\xae\x75\x73\x6d\xd1\xdc\xc2\xa4\x21\x9c\x02\x3b\x2c\xdd\xed\x2c\xd5\xa3\x04\x1e\x85\x6d\x42\x64\x98\xf4\x75\x56\x97\x9d\xc8\x7d\xd3\x9f\x30\xd9\x9f\x9a\x37\x6d\xe9\xd4\x1c\x94\x88\x5e\xac\x17\x75\x7a\x4c\x5d\xe7\x2a\x81\x11\xfd\x86\xca\x8b\x07\x8a\x2a\x7c\x2c\x18\xe9\xef\x8a\x0d\x6d\x9f\xda\xe3\x91\x24\x26\xa1\xfc\xe6\x37\x7d\x49\x1d\x2e\xe2\xb8\x82\xa2\xc9\xe0\x9c\x15\xbc\x48\x97\x2c\x59\x1e\x34\x89\x9b\xb3\x6a\xa5\x32\x77\x04\x5a\x00\x71\x2f\x38\x43\x18\x89\xdf\xfe\x44\xb5\xa4\x1d\x13\x9c\x6d\xa0\xd2\x55\x66\x13\x29\xb5\x44\x8d\xe5\xe3\x5f\xe8\xab\xeb\x7b\x9b\x5c\x33\x58\x7c\xc2\x89\x0b\xda\xa0\x80\xd1\x7e\x3c\x29\xeb\xfd\x4e\xa3\x49\xb1\xc9\x7d\x5b\xcb\xc6\x72\xe7\x45\xc8\x18\x37\x9d\x5b\x6b\x4b\x14\xdd\x62\x41\xb7\xe8\x03\x12\x86\xa3\xce\xac\xe3\x8a\x49\xc8\xe3\xba\xe1\x29\x5d\x9e\x21\xc9\x06\x6a\x51\x21\x3a\xd5\x5d\x2c\xd6\x82\x33\x23\x56\x9c\x55\x17\x06\x28\x2a\xc2\x35\xb9\xcc\x24\x81\x3f\x52\x8b\x2e\x3d\x5c\x8e\x13\x68\xa1\xc9\xd9\x13\x00\xee\x4b\xd9\x48\x6c\x3b\x0b\xdd\x4b\x21\xa6\xc8\xd1\x9d\xfc\x2e\xde\x06\x62\x26\x83\xf7\x81\xf0\x00\xa0\xd2\xec\x68\x69\xbe\xaf\x23\x5f\xdc\x50\xb6\x68\xbb\x26\x0e\x14\x60\xad\x9d\xba\xfa\x0d\x80\xf1\xbc\x31\x18\x45\x8a\xa1\x71\x23\x72\xd2\x91\x09\xad\x20\xda\xd9\x04\x96\xfe\x01\xb3\xc0\xd0\x43\xe0\x1b\xc3\x8b\x73\x86\x55\x8e\x88\xa5\x8c\x6b\xea\x64\x91\xe4\xf0\x0d\x1d\x32\x57\xf8\x5b\xa6\xc2\x7e\xd2\x66\x84\xab\x15\xf2\x89\x44\x4b\x47\xd0\xa1\x0d\xcc\x93\xbd\x75\xe4\xcb\x54\xd2\x82\x80\x7c\x7f\x3f\xf3\xbe\x1d\xd7\x89\x31\xad\x73\xd0\x9d\x6a\x26\x1d\x22\xaf\xfc\xc9\xd4\x25\xf8\xd3\x15\x0c\x3b\xf1\xb3\x1e\xbc\x19\x98\x74\xf0\xf0\x3e\xaf\xd1\x72\xb7\x0e\xca\xee\x2d\xb8\x51\x23\x35\x66\xa2\x4d\x3e\xad\x67\x12\xea\x40\x73\xe0\xa2\x27\xef\x81\x64\x74\xef\x43\x19\xf9\x2b\x92\xb3\x42\x61\xf4\x42\x55\x52\xfb\x73\xf5\x8c\x90\x4f\xdd\x5c\x63\x0d\x03\xa0\xcf\x8e\x69\xad\xd1\xc1\x7b\xf2\x6a\x40\x73\x3a\x2a\xa0\xed\x93\x66\x83\x14\x10\x05\x35\xa2\x84\x19\xbd\x57\x9b\x8e\xb0\xd7\xa0\x45\xf1\x6e\xab\xd1\xa2\xba\x86\x35\xa5\xbd\x87\x55\x7e\x5c\x3f\x74\x89\xd3\x13\xf9\xbe\xc2\xe9\xb0\xdf\xaa\xde\x4b\x67\x42\x48\xd6\xb6\x4f\xc6\x15\xb4\xd1\x49\x1c\x8f\x3a\x56\x6c\x52\xdb\x13\xe9\x1e\xbe\x69\x32\xeb\xac\x43\x9e\x49\x20\x76\x12\x2d\x09\x7e\x55\xf9\x71\xeb\xd0\x41\x07\xc2\x73\x5b\x2b\x50\x48\xdb\x86\xe3\x24\x97\x11\x5f\x3f\x48\xe6\xc0\x66\x5c\x29\x69\x88\x67\x1a\x9b\xa8\xda\x9f\x25\x97\x6c\x90\xfd\xa9\x4c\xd0\x13\x6d\x91\x22\x8f\x34\x53\x81\xd5\x25\x19\x1c\xbb\xae\x06\x6e\xce\x14\x93\x5a\x95\x0a\xa6\x47\x17\x2d\xb6\x22\x38\x73\xa5\x44\x11\xeb\x19\x2b\xb8\x49\x63\x48\x48\xd8\x17\x1a\x48\xbd\xc7\x5d\x4e\xb0\x29\xcc\xe5\xe1\xba\x72\x86\xbb\xa5\x80\x5c\x13\x3e\x4f\x72\x55\xba\x40\x8d\x4c\xee\x3a\xe8\x47\x20\x23\x9e\x6d\x1d\x57\x99\xc1\xfc\xc4\x7b\x6a\xc8\x10\x4a\x76\x4a\xd7\x62\x89\x85\xbc\xf6\x84\x41\xcc\xf9\xf5\x83\x6c\x07\x8b\x96\x21\xbc\x87\x70\x72\x18\x60\x1c\x4e\xf5\xcb\x9a\x75\xcd\x57\x55\x73\x66\xbb\xc8\x92\xf5\xe5\x43\x0c\x48\x55\x73\xab\x7d\x49\x3e\x62\x4e\x47\xd0\x53\x9d\xf0\x6e\x2e\xd2\x76\xc5\x6c\xbf\xfb\x81\xd0\xff\xb7\x72\x3a\x1a\x25\x9a\x8b\x78\x21\x16\x70\xab\xd4\xbc\xa0\x09\x29\x7f\x57\x86\x04\xb1\x49\x23\xb2\x5c\xce\x9b\x2b\x31\x5b\x1e\x55\xfb\xf4\x88\x40\x8c\x1e\x2a\x4b\xe8\x3d\xf2\x94\xc2\x97\x5b\x92\xe5\x73\xf4\x37\x95\xb0\x79\x35\xb3\x24\x28\xba\x54\x26\x82\xa1\xcb\x1f\xa2\xaa\x36\x84\xa5\xd3\x6c\x00\x99\x16\x92\x77\xc1\x8e\x97\xdd\x6a\xa3\xd3\x09\xc3\x3f\xb3\xab\x7a\x01\x08\x21\xf9\xc1\x54\xa8\x02\xb1\xf4\xa2\x26\x79\xf4\xfc\x46\xed\x69\x09\x8d\x2b\x88\x52\x32\x39\xf1\x88\xa3\x80\x34\xf4\x53\xc1\x8e\x83\xdb\x6a\xd2\x66\x4a\x1f\xca\xfc\x15\xbb\x19\xba\xa8\xc5\xcb\x70\x1d\x46\xf3\x97\x00\x43\x03\x5e\xb5\x59\xbb\x86\xba\x1a\x6a\x21\xc7\x68\x97\xa0\x61\xe4\xaf\x2a\x7f\xa5\xb2\xfd\x52\xa1\x7e\x31\xf4\xe2\x68\xcc\xd8\x18\xe1\x26\x2a\xf1\xde\xd3\x2a\xf6\x65\x52\x7a\x97\xc8\xc3\x19\x17\x94\x62\x49\x26\x7f\xba\x9a\x8f\xc2\x92\xa7\x03\x97\x51\x4f\xb4\xfa\x26\x97\x4d\xc8\x05\xec\x84\x0b\xd6\x15\x7a\xa5\x47\xfc\x4a\x0e\x8f\x1f\x92\x36\xc1\x92\xf0\x07\x51\x3d\x3b\xe1\xc1\x66\x0b\xf1\x7e\xfd\xfc\x73\x30\xc5\x16\xbd\x2f\x52\x8d\xf7\xa1\xc5\x54\xfe\x39\x1c\x00\x2f\x17\x8f\xf5\x62\x24\x1e\x3d\x64\xd9\x4d\x04\x65\x0d\x6b\x1b\x48\x05\xf1\x10\x49\xac\xe3\x23\x23\xaa\xea\x39\x46\x13\x3e\x65\x07\xaf\xca\x0e\x21\xbd\xeb\x6d\x33\x58\x58\x95\x44\x2c\xee\xb9\xb5\x95\x0e\xb4\x10\xb4\x01\x9b\x06\x20\x9e\x95\x24\x28\x16\xfd\x49\xc3\x2a\x5d\x5d\xd8\x3f\x3f\xf9\x67\xae\x53\x81\xd6\xca\x97\x42\x17\xd1\x3c\xd0\x18\xad\x66\x4b\x1f\x32\xe9\xff\x13\x7e\x4d\x12\xc7\xa5\x38\xc4\xf2\xd2\xd9\x6b\x33\xf3\x69\xf4\x3c\x79\xdd\xc8\xba\x11\xfb\xbe\xb2\x26\x1c\x65\xde\xbe\x85\x15\x05\x72\xc1\x3e\x9d\x27\x3f\x6e\xd2\x21\x24\x8b\x49\x79\x78\x28\x49\x51\x0f\x2d\x04\x8a\xe9\xcc\x8d\xe3\x78\x71\x44\xdf\xdc\xc9\xe7\x82\x4d\x6b\x1b\xc5\x02\x01\x2a\x87\x23\x91\x00\x28\xc9\xff\x4b\xd3\x5a\x45\xd7\x94\xbe\x32\x7b\xda\x40\xb2\x7b\x3a\x6a\x3b\x71\x5a\x7e\x73\xb3\xf8\x43\x13\x21\x01\x81\x05\x97\xd8\xad\x71\x29\x6c\xef\x6e\x97\xe8\x50\xb1\xfa\x05\x4c\x47\xa9\x3c\x68\xdf\xb2\x6f\xfb\x95\x10\xde\x04\x9e\x54\x93\xdc\xd8\xf3\xf8\x25\x16\xf3\x71\xd9\x04\xbc\x7c\x37\x70\x63\x65\x7b\x8b\x54\x16\x21\x4c\x7f\xcb\xeb\x36\x5c\x78\xe5\x39\x5c\x9c\x70\xe4\x91\x63\xc1\x19\x79\xa3\xe4\x10\x79\x8d\xda\xcc\xc4\xad\xa3\xfa\x5b\x5e\x8e\xd0\x5f\x03\xee\x87\x50\x91\x88\x32\x06\x34\x53\x95\x3c\x0a\x06\x88\x3b\xde\xd8\xdb\xd5\x07\x20\x82\x88\x79\xb4\x00\x28\x3d\x9c\xa1\x8c\x82\x62\x65\x33\xdf\x4d\x16\x5e\xfc\xd2\xee\xa3\x10\x0d\xc3\xf7\x9e\xdb\x69\x09\xbf\xab\x2e\x5c\x90\xb1\x7a\x13\x8c\x49\xde\xfa\xf7\xe0\x07\xee\xec\x8e\xdc\xda\x42\x2c\xbe\xd2\x23\xe4\x32\x22\xc5\xda\x1c\xad\xf2\xd6\x94\xe2\x48\xce\xce\xf3\x74\x7f\x88\x1e\x88\x62\x1a\xbb\x4e\xd4\x93\x1a\x44\x0c\x90\x5a\x15\x54\x35\x8f\x3b\x25\xe6\x66\x58\x7b\x65\xf0\x73\xed\x44\x2e\xf3\xaf\xfd\xce\x1c\xbe\x0f\xc6\x1a\x1d\x61\x8e\x1c\x7b\x56\xdc\xe7\xb3\xe5\x8d\x27\x36\xf9\xe5\x1c\xce\x24\xfa\xeb\xdb\xcc\x94\xb2\x1c\x6c\x25\xc4\xc7\x56\x8b\xc5\xfe\xc8\xbf", 4096)); NONFAILING(*(uint8_t*)0x20004d28 = 7); NONFAILING(*(uint8_t*)0x20004d29 = 5); NONFAILING(*(uint8_t*)0x20004d2a = 8); NONFAILING(*(uint8_t*)0x20004d2b = 2); NONFAILING(*(uint16_t*)0x20004d2c = 5); NONFAILING(*(uint8_t*)0x20004d2e = 0xa2); NONFAILING(*(uint8_t*)0x20004d2f = 0xfa); NONFAILING(*(uint8_t*)0x20004d30 = 5); NONFAILING(*(uint8_t*)0x20004d31 = 0x4a); NONFAILING(*(uint8_t*)0x20004d32 = 0xc); NONFAILING(memcpy((void*)0x20004d33, "\xec\x40\xc6\x95\x0c\x2a\x82\x50\x2b\x48\x25\x65\xbc\x2b\x7c\x3a\xd8\xa7\x50\x96\x98\x24\xd7\x57\x5e\xfa\x68\x64\x46\xcd\x47\x63\x6d\xf8\x47\x77\x71\xa9\xbe\x60\x53\xdd\x38\xb4\xf3\x64\x33\xfe\xa9\xf7\x23\x63\xa0\x23\x9f\xaa\x08\x4f\x6c\x74\xc7\x44\xf5\x49\x0f\x59\xb4\x68\xac\xcb\xf4\x73", 72)); NONFAILING(*(uint8_t*)0x20004d7b = 0x1b); NONFAILING(*(uint8_t*)0x20004d7c = 0x35); NONFAILING(memcpy((void*)0x20004d7d, "\x96\xa7\xce\x15\x9a\x6d\xc5\x0e\x71\xc0\xc4\x5b\x76\x66\x34\x2f\x1b\x9f\x89\xf6\x92\x2a\x49\x9d\x7c", 25)); NONFAILING(*(uint8_t*)0x20004d96 = 7); NONFAILING(*(uint8_t*)0x20004d97 = 5); NONFAILING(*(uint8_t*)0x20004d98 = -1); NONFAILING(*(uint8_t*)0x20004d99 = 0x10); NONFAILING(*(uint16_t*)0x20004d9a = 0x1ff); NONFAILING(*(uint8_t*)0x20004d9c = 0); NONFAILING(*(uint8_t*)0x20004d9d = 0x1c); NONFAILING(*(uint8_t*)0x20004d9e = 0x26); NONFAILING(*(uint8_t*)0x20004d9f = 0x16); NONFAILING(*(uint8_t*)0x20004da0 = 0x2e); NONFAILING(memcpy((void*)0x20004da1, "\x94\x80\x4f\x7b\x26\x26\x89\xb8\xac\x76\xd7\x3e\xf8\x28\x70\x5f\x89\x95\xb5\x4a", 20)); NONFAILING(*(uint8_t*)0x20004db5 = 7); NONFAILING(*(uint8_t*)0x20004db6 = 5); NONFAILING(*(uint8_t*)0x20004db7 = 1); NONFAILING(*(uint8_t*)0x20004db8 = 4); NONFAILING(*(uint16_t*)0x20004db9 = 0xe9); NONFAILING(*(uint8_t*)0x20004dbb = 0); NONFAILING(*(uint8_t*)0x20004dbc = 0); NONFAILING(*(uint8_t*)0x20004dbd = 0xac); NONFAILING(*(uint32_t*)0x20004f80 = 0xa); NONFAILING(*(uint64_t*)0x20004f84 = 0x20004dc0); NONFAILING(*(uint8_t*)0x20004dc0 = 0xa); NONFAILING(*(uint8_t*)0x20004dc1 = 6); NONFAILING(*(uint16_t*)0x20004dc2 = 0x3b3); NONFAILING(*(uint8_t*)0x20004dc4 = 0); NONFAILING(*(uint8_t*)0x20004dc5 = 0x4c); NONFAILING(*(uint8_t*)0x20004dc6 = 8); NONFAILING(*(uint8_t*)0x20004dc7 = 0x7f); NONFAILING(*(uint8_t*)0x20004dc8 = 7); NONFAILING(*(uint8_t*)0x20004dc9 = 0); NONFAILING(*(uint32_t*)0x20004f8c = 0xd8); NONFAILING(*(uint64_t*)0x20004f90 = 0x20004e00); NONFAILING(*(uint8_t*)0x20004e00 = 5); NONFAILING(*(uint8_t*)0x20004e01 = 0xf); NONFAILING(*(uint16_t*)0x20004e02 = 0xd8); NONFAILING(*(uint8_t*)0x20004e04 = 4); NONFAILING(*(uint8_t*)0x20004e05 = 0x8d); NONFAILING(*(uint8_t*)0x20004e06 = 0x10); NONFAILING(*(uint8_t*)0x20004e07 = 2); NONFAILING(memcpy((void*)0x20004e08, "\x34\x01\x29\x42\xa5\x47\xb2\x3e\xc4\x24\xb5\x27\x49\xe2\x77\x46\x48\x52\x2c\x73\xad\x89\x4e\x2b\xa5\x03\xd7\xf2\x23\xf1\xdd\xfb\x6c\x16\x91\x76\x43\xa5\xf9\x49\x82\xcd\xa8\x69\xa2\xf5\xe4\x5c\xb7\xa4\x66\xfe\x3a\x35\xf9\xfb\x0c\xab\x1a\x21\x90\x52\x0f\xba\x88\xfb\xba\x4a\x72\xc0\x0f\xee\x31\xb2\xef\x0b\x24\x64\x42\xdb\xd3\x77\x72\xf1\xf2\x24\x59\xcd\x92\xb7\x9c\x0c\x07\x81\xd3\xd1\x16\xa4\x36\x72\xd7\x3b\x4f\xb0\x8c\x88\x80\xae\xe6\x8a\xbf\x53\x0a\x10\x83\xf9\x18\xd9\xd0\x85\xd7\x75\x12\x87\xea\xc4\x08\x47\x80\xd3\xcc\xe6\x7d\xef\x95\x50\xe8\x55", 138)); NONFAILING(*(uint8_t*)0x20004e92 = 7); NONFAILING(*(uint8_t*)0x20004e93 = 0x10); NONFAILING(*(uint8_t*)0x20004e94 = 2); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004e95, 0, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004e95, 5, 8, 4)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004e95, 0x9d03, 12, 4)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004e95, 0x7f, 16, 16)); NONFAILING(*(uint8_t*)0x20004e99 = 0x38); NONFAILING(*(uint8_t*)0x20004e9a = 0x10); NONFAILING(*(uint8_t*)0x20004e9b = 0xa); NONFAILING(memcpy((void*)0x20004e9c, "\x50\xa4\x63\xc3\x2b\x45\x2f\xd9\x3c\x71\xd7\x76\x86\xbd\x85\x67\xa4\xee\x3c\x3c\xb2\x32\x1b\x27\xf5\x8e\xa8\xbd\xf3\x12\xe4\x55\xab\x7f\xe1\x3c\x60\x6f\x7e\xa8\x6c\x4e\xc2\x6f\xe0\xc6\x78\x3b\xb3\x3a\xbe\x6c\xf8", 53)); NONFAILING(*(uint8_t*)0x20004ed1 = 7); NONFAILING(*(uint8_t*)0x20004ed2 = 0x10); NONFAILING(*(uint8_t*)0x20004ed3 = 2); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004ed4, 8, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004ed4, 0x401, 8, 4)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004ed4, 0x3ff, 12, 4)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x20004ed4, 0x8001, 16, 16)); NONFAILING(*(uint32_t*)0x20004f98 = 1); NONFAILING(*(uint32_t*)0x20004f9c = 0x6b); NONFAILING(*(uint64_t*)0x20004fa0 = 0x20004f00); NONFAILING(*(uint8_t*)0x20004f00 = 0x6b); NONFAILING(*(uint8_t*)0x20004f01 = 3); NONFAILING(*(uint16_t*)0x20004f02 = 0); NONFAILING(memcpy((void*)0x20004f04, "\x57\xa6\xa0\x58\x6c\x8a\x86\x97\x85\x16\x6c\xd3\xcc\xd6\x58\x46\x12\x0f\xc5\xad\x09\xb9\xa5\xd9\xa5\x52\x62\xb7\x5e\x21\x9e\x8e\x26\x78\x0a\x42\x4e\x80\xdc\x5d\x62\x16\x77\x26\x5e\x88\x55\xe2\xde\xc1\x70\xfd\xb7\xea\x47\x69\xc1\x6a\xde\x50\x1d\xa6\x38\xde\xfe\xae\xc0\x87\x5b\x31\x68\xac\xd1\x3e\x6b\x55\x8b\x0f\x1c\x48\xb2\xb0\x55\xa2\x06\x16\xfc\x26\x17\x3c\xbd\x89\x8b\x6c\xa5\x58\xda\x72\x79\x84\x18\x4f\xe6", 103)); res = syz_usb_connect(7, 0x243e, 0x20002980, 0x20004f80); if (res != -1) r[1] = res; break; case 22: NONFAILING(*(uint32_t*)0x20005300 = 0x34); NONFAILING(*(uint64_t*)0x20005304 = 0x20004fc0); NONFAILING(*(uint8_t*)0x20004fc0 = 0x40); NONFAILING(*(uint8_t*)0x20004fc1 = 0xb); NONFAILING(*(uint32_t*)0x20004fc2 = 0x85); NONFAILING(*(uint8_t*)0x20004fc6 = 0x85); NONFAILING(*(uint8_t*)0x20004fc7 = 0x25); NONFAILING(memcpy((void*)0x20004fc8, "\xb3\x1d\x85\xcf\xf7\x20\x90\x49\x1f\xa6\xe8\x49\x37\xed\x7d\x0d\xce\x2e\xcf\x99\x75\x28\x0d\x64\xb3\x50\xd0\x3f\x40\xad\xc2\xe4\xde\x5f\x41\x0a\x51\xfe\x25\x2d\x10\x64\x15\xdf\x79\xbc\x49\xae\x26\x28\xfa\x45\x3b\x74\xeb\xe4\xd0\x69\x9f\x78\x00\x60\x69\xab\xb6\xd8\x93\xde\xca\xce\x25\x6b\x67\xbb\x74\xf2\xf0\xa9\x79\xdb\x58\xe6\x4a\x83\x92\x2a\xe9\x1a\xee\x8d\xc9\x8d\x3f\xad\xd9\xe0\x72\x97\xd3\x93\xa9\x84\xbe\x8e\x65\x4c\xf8\xab\xa0\xc4\xdf\x11\x5b\x45\x28\x64\x69\x91\x5b\xc8\xdd\xa4\x04\x0a\x33\x12\x84\xea\xc8\xd3\x3b", 131)); NONFAILING(*(uint64_t*)0x2000530c = 0x20005080); NONFAILING(*(uint8_t*)0x20005080 = 0); NONFAILING(*(uint8_t*)0x20005081 = 3); NONFAILING(*(uint32_t*)0x20005082 = 0x33); NONFAILING(*(uint8_t*)0x20005086 = 0x33); NONFAILING(*(uint8_t*)0x20005087 = 3); NONFAILING(*(uint16_t*)0x20005088 = 0x140f); NONFAILING(memcpy((void*)0x2000508a, "\xc6\xaf\x54\x40\x27\x9c\x56\x92\x22\xec\xe5\xf1\x73\x98\x5c\x3b\x6a\x11\x04\x38\x2b\x4b\xc8\x87\x96\x8c\x13\x69\x8f\x86\xdd\x91\x87\x71\xac\xc7\xbc\x26\x53\x0d\x3f\x6e\x1d\x88\x7d\x7b\x7b", 47)); NONFAILING(*(uint64_t*)0x20005314 = 0x200050c0); NONFAILING(*(uint8_t*)0x200050c0 = 0); NONFAILING(*(uint8_t*)0x200050c1 = 0x22); NONFAILING(*(uint32_t*)0x200050c2 = 0x152); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200050c6, 6, 0, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200050c6, 8, 2, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200050c6, 0xf, 4, 4)); NONFAILING(*(uint8_t*)0x200050c7 = 0x45); NONFAILING(*(uint8_t*)0x200050c8 = 2); NONFAILING(memcpy((void*)0x200050c9, "\x1a\xcd\x2d\x2b\xe8\x8a\x4a\xc8\xdf\x26\x27\x8c\x5e\x02\xb3\xb4\x97\x54\x69\xa3\x2d\x7c\x10\x91\x9c\x50\x39\x19\xa1\x31\x27\x40\x7e\x62\xd1\x3d\xaa\x69\x7c\x90\x99\xc3\x67\x8f\x95\x2e\xe5\x33\x8f\x4a\x61\xfc\x49\x46\x97\x7c\x2d\x2b\x24\x82\x27\xc5\x40\xc1\x87\x51\x40\xb2\xee", 69)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000510e, 6, 0, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000510e, 7, 2, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000510e, 0xf, 4, 4)); NONFAILING(*(uint8_t*)0x2000510f = 0x1a); NONFAILING(*(uint8_t*)0x20005110 = 5); NONFAILING(memcpy((void*)0x20005111, "\x79\x49\xf0\x29\xc7\x37\xc8\xec\xae\x0b\x1a\xb2\x01\xbd\xb0\x16\x91\x4e\x4d\x2e\xb5\x40\x01\x00\x88\xd6", 26)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000512b, 1, 0, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000512b, 0, 2, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000512b, 0xf, 4, 4)); NONFAILING(*(uint8_t*)0x2000512c = 0x3b); NONFAILING(*(uint8_t*)0x2000512d = 7); NONFAILING(memcpy((void*)0x2000512e, "\xb0\x19\x38\x3e\x59\x42\xc4\x55\x8d\x78\x76\x77\x3e\x6e\x0b\xc9\x79\xff\xb3\xcd\xf8\xd2\x6d\x57\x32\x31\x9a\xc2\x5a\xaf\x0a\x2f\x42\x2a\xc9\xc8\x80\x25\xee\xe2\x21\x4e\x07\xe6\x7e\x33\x1a\xb4\x58\x81\xf3\x09\xd9\xce\x3a\xb3\xf5\xfe\x59", 59)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x20005169, 0, 0, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x20005169, 0, 2, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x20005169, 0xf, 4, 4)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000516a, 0xcb, 0, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000516a, 8, 2, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000516a, 0xf, 4, 4)); NONFAILING(*(uint8_t*)0x2000516b = 0x7f); NONFAILING(*(uint8_t*)0x2000516c = 3); NONFAILING(memcpy((void*)0x2000516d, "\x1b\x55\x4f\x4d\x4f\x67\xaf\xb8\x0c\x87\x29\xf7\x14\x34\x7f\xb7\x51\xf5\xbd\x57\x00\xac\x5f\x01\x7a\x93\x4b\x16\xcd\xac\x14\x70\x6e\xf0\x2e\x05\xe0\x32\x9c\x00\x1b\x54\x68\x49\xfc\x9d\x1d\x8d\x3c\xee\x0b\xe4\x10\xc8\x9a\x92\x3f\x30\xea\x20\x4c\xb0\xae\x24\xe4\x18\x20\x88\x63\x2a\xc1\xea\x3f\x8c\xd5\x3f\xa6\x09\xde\xf3\x46\x83\x8a\xf7\xdd\x83\x6f\xcb\xd0\xe1\x87\xd3\xe8\x43\x43\xed\xf8\x45\x5c\x5a\xee\xd3\xb7\xdf\x27\x08\x07\x7a\xe4\x15\x6c\xec\xe9\x2f\x1e\x12\xa5\xf8\x78\x90\xec\xb4\x41\x4d\x4a\xa4\x55", 127)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200051ec, 7, 0, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200051ec, 0x70, 2, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200051ec, 0xf, 4, 4)); NONFAILING(*(uint8_t*)0x200051ed = 0x29); NONFAILING(*(uint8_t*)0x200051ee = 0xa); NONFAILING(memcpy((void*)0x200051ef, "\x6b\x94\xa6\x1e\xa6\x15\x8a\x89\x0a\xd3\x66\x7e\x9b\xd3\x08\x1c\x25\xae\xb5\xee\x3e\xa9\xbb\x7c\xe6\xf9\xac\x78\x15\x72\xed\x0b\x83\x3b\xcb\xf4\xbf\x63\x37\xbd\x0e", 41)); NONFAILING(*(uint64_t*)0x2000531c = 0x20005240); NONFAILING(*(uint8_t*)0x20005240 = 0); NONFAILING(*(uint8_t*)0x20005241 = 0xf); NONFAILING(*(uint32_t*)0x20005242 = 0x2d); NONFAILING(*(uint8_t*)0x20005246 = 5); NONFAILING(*(uint8_t*)0x20005247 = 0xf); NONFAILING(*(uint16_t*)0x20005248 = 0x2d); NONFAILING(*(uint8_t*)0x2000524a = 4); NONFAILING(*(uint8_t*)0x2000524b = 3); NONFAILING(*(uint8_t*)0x2000524c = 0x10); NONFAILING(*(uint8_t*)0x2000524d = 0xb); NONFAILING(*(uint8_t*)0x2000524e = 0xa); NONFAILING(*(uint8_t*)0x2000524f = 0x10); NONFAILING(*(uint8_t*)0x20005250 = 3); NONFAILING(*(uint8_t*)0x20005251 = 0); NONFAILING(*(uint16_t*)0x20005252 = 0xf); NONFAILING(*(uint8_t*)0x20005254 = 0x6c); NONFAILING(*(uint8_t*)0x20005255 = 0xb1); NONFAILING(*(uint16_t*)0x20005256 = 7); NONFAILING(*(uint8_t*)0x20005258 = 0x14); NONFAILING(*(uint8_t*)0x20005259 = 0x10); NONFAILING(*(uint8_t*)0x2000525a = 4); NONFAILING(*(uint8_t*)0x2000525b = 0); NONFAILING(memcpy((void*)0x2000525c, "\xaa\xee\x4e\x14\x43\x25\x98\xc5\x68\xf9\x5c\xe4\x01\x82\x13\x19", 16)); NONFAILING(*(uint8_t*)0x2000526c = 7); NONFAILING(*(uint8_t*)0x2000526d = 0x10); NONFAILING(*(uint8_t*)0x2000526e = 2); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x2000526f, 0x1c, 0, 8)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x2000526f, 0x8000, 8, 4)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x2000526f, 0x401, 12, 4)); NONFAILING(STORE_BY_BITMASK(uint32_t, , 0x2000526f, 4, 16, 16)); NONFAILING(*(uint64_t*)0x20005324 = 0x20005280); NONFAILING(*(uint8_t*)0x20005280 = 0); NONFAILING(*(uint8_t*)0x20005281 = 0x29); NONFAILING(*(uint32_t*)0x20005282 = 0xf); NONFAILING(*(uint8_t*)0x20005286 = 0xf); NONFAILING(*(uint8_t*)0x20005287 = 0x29); NONFAILING(*(uint8_t*)0x20005288 = 2); NONFAILING(*(uint16_t*)0x20005289 = 3); NONFAILING(*(uint8_t*)0x2000528b = 4); NONFAILING(*(uint8_t*)0x2000528c = 0); NONFAILING(memcpy((void*)0x2000528d, "\xdf\xbe\xba\x47", 4)); NONFAILING(memcpy((void*)0x20005291, "\xa8\x28\x75\xf1", 4)); NONFAILING(*(uint64_t*)0x2000532c = 0x200052c0); NONFAILING(*(uint8_t*)0x200052c0 = 0); NONFAILING(*(uint8_t*)0x200052c1 = 0x2a); NONFAILING(*(uint32_t*)0x200052c2 = 0xc); NONFAILING(*(uint8_t*)0x200052c6 = 0xc); NONFAILING(*(uint8_t*)0x200052c7 = 0x2a); NONFAILING(*(uint8_t*)0x200052c8 = 0x15); NONFAILING(*(uint16_t*)0x200052c9 = 0); NONFAILING(*(uint8_t*)0x200052cb = 1); NONFAILING(*(uint8_t*)0x200052cc = 0); NONFAILING(*(uint8_t*)0x200052cd = 4); NONFAILING(*(uint16_t*)0x200052ce = 0x393b); NONFAILING(*(uint16_t*)0x200052d0 = 2); NONFAILING(*(uint32_t*)0x20005680 = 0x54); NONFAILING(*(uint64_t*)0x20005684 = 0x20005340); NONFAILING(*(uint8_t*)0x20005340 = 0x60); NONFAILING(*(uint8_t*)0x20005341 = 6); NONFAILING(*(uint32_t*)0x20005342 = 0xd0); NONFAILING(memcpy((void*)0x20005346, "\xd8\x0b\xfb\xa3\xa4\x3f\x96\x1e\xdd\x21\xf5\xf0\x71\xc1\xbe\x68\x3b\x1d\xca\x55\xa4\x6b\xcd\xc0\xac\x23\x5d\x7a\x28\x81\x1d\xdc\x2e\x4a\xec\x3f\xd0\xe0\x03\xda\xb4\x93\x67\x74\xd7\x03\x58\x65\x73\xd7\x83\xcc\x15\xc0\x05\x40\xbc\x66\x1e\x24\x11\xe1\xf6\x86\x20\xa7\xce\x65\xe3\xc8\x10\x92\x1a\x22\xce\x3a\xf6\x13\xca\xb8\x3c\xac\x70\x10\xb1\x37\x85\x40\x38\xa9\x11\x1d\x2e\xa0\xda\xb3\xae\x93\xd4\x7c\x7d\xe3\xc5\xe4\xfd\xac\x81\x3e\x67\x42\xa0\x71\x2c\x46\x44\xe1\x41\x01\xf1\xc1\x76\x73\x90\x35\x32\x44\xa8\x94\x8d\x85\xb4\x9b\x1b\x7e\x2b\xb2\xd8\x59\x02\x86\x64\x15\x11\xb9\x89\x24\x97\x95\x06\x7a\xa5\x5d\x70\xf6\x9b\xd1\x8b\xe2\x93\x3b\x08\x0b\xac\x20\xb1\x9c\x4b\x58\x5a\x24\x2e\x1e\xdd\xba\xb9\xb8\x8a\xfa\xba\xfa\x10\xc5\xa5\x1e\x0d\x80\xc9\xf3\x21\x5a\xc9\x8b\x67\x95\xed\xbe\x3d\x53\x11\xea\xd0\x05\x09\xb5\x9d\x21\xca\xcb", 208)); NONFAILING(*(uint64_t*)0x2000568c = 0x20005440); NONFAILING(*(uint8_t*)0x20005440 = 0); NONFAILING(*(uint8_t*)0x20005441 = 0xb); NONFAILING(*(uint32_t*)0x20005442 = 0); NONFAILING(*(uint64_t*)0x20005694 = 0x20005480); NONFAILING(*(uint8_t*)0x20005480 = 0x20); NONFAILING(*(uint8_t*)0x20005481 = 0xa); NONFAILING(*(uint32_t*)0x20005482 = 1); NONFAILING(*(uint8_t*)0x20005486 = 5); NONFAILING(*(uint64_t*)0x2000569c = 0x200054c0); NONFAILING(*(uint8_t*)0x200054c0 = 0); NONFAILING(*(uint8_t*)0x200054c1 = 9); NONFAILING(*(uint32_t*)0x200054c2 = 0); NONFAILING(*(uint64_t*)0x200056a4 = 0x20005500); NONFAILING(*(uint8_t*)0x20005500 = 0x20); NONFAILING(*(uint8_t*)0x20005501 = 8); NONFAILING(*(uint32_t*)0x20005502 = 1); NONFAILING(*(uint8_t*)0x20005506 = 1); NONFAILING(*(uint64_t*)0x200056ac = 0x20005540); NONFAILING(*(uint8_t*)0x20005540 = 0x20); NONFAILING(*(uint8_t*)0x20005541 = 0); NONFAILING(*(uint32_t*)0x20005542 = 4); NONFAILING(*(uint16_t*)0x20005546 = 1); NONFAILING(*(uint16_t*)0x20005548 = 1); NONFAILING(*(uint64_t*)0x200056b4 = 0x20005580); NONFAILING(*(uint8_t*)0x20005580 = 0x20); NONFAILING(*(uint8_t*)0x20005581 = 0); NONFAILING(*(uint32_t*)0x20005582 = 4); NONFAILING(*(uint16_t*)0x20005586 = 0x20); NONFAILING(*(uint16_t*)0x20005588 = 0x80); NONFAILING(*(uint64_t*)0x200056bc = 0x200055c0); NONFAILING(*(uint8_t*)0x200055c0 = 0x40); NONFAILING(*(uint8_t*)0x200055c1 = 1); NONFAILING(*(uint32_t*)0x200055c2 = 3); NONFAILING(memcpy((void*)0x200055c6, "\x91\xec\xe0", 3)); NONFAILING(*(uint64_t*)0x200056c4 = 0x20005600); NONFAILING(*(uint8_t*)0x20005600 = 0x40); NONFAILING(*(uint8_t*)0x20005601 = 9); NONFAILING(*(uint32_t*)0x20005602 = 3); NONFAILING(memcpy((void*)0x20005606, "\x6d\xd2\x99", 3)); NONFAILING(*(uint64_t*)0x200056cc = 0x20005640); NONFAILING(*(uint8_t*)0x20005640 = 0x20); NONFAILING(*(uint8_t*)0x20005641 = 0x80); NONFAILING(*(uint32_t*)0x20005642 = 0x1c); NONFAILING(*(uint16_t*)0x20005646 = 6); NONFAILING(*(uint16_t*)0x20005648 = 2); NONFAILING(*(uint32_t*)0x2000564a = 0xc68d); NONFAILING(*(uint16_t*)0x2000564e = 6); NONFAILING(*(uint16_t*)0x20005650 = 5); NONFAILING(*(uint16_t*)0x20005652 = 1); NONFAILING(*(uint16_t*)0x20005654 = 0); NONFAILING(*(uint32_t*)0x20005656 = 3); NONFAILING(*(uint16_t*)0x2000565a = 2); NONFAILING(*(uint16_t*)0x2000565c = 0xb24); NONFAILING(*(uint16_t*)0x2000565e = 0x40); NONFAILING(*(uint16_t*)0x20005660 = 4); syz_usb_control_io(r[1], 0x20005300, 0x20005680); break; case 23: syz_usb_disconnect(-1); break; case 24: NONFAILING(memcpy((void*)0x20005700, "\x17\x84\x52\xd5\xae\x99\xf2\x19\xed\x0b\x12\x7e\xe3\x0b\x10\x15", 16)); syz_usb_ep_write(r[1], 0x17, 0x10, 0x20005700); break; } } int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); install_segv_handler(); use_temporary_dir(); do_sandbox_none(); return 0; } : In function ‘syz_usb_control_io.constprop’: :565:6: error: ‘response_found’ may be used uninitialized in this function [-Werror=maybe-uninitialized] cc1: all warnings being treated as errors compiler invocation: gcc [-o /tmp/syz-executor451363046 -DGOOS_linux=1 -DGOARCH_amd64=1 -DHOSTGOOS_linux=1 -x c - -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=8192 -m64 -static] FAIL FAIL github.com/google/syzkaller/pkg/csource 9.641s ok github.com/google/syzkaller/pkg/db 0.746s ok github.com/google/syzkaller/pkg/email 0.074s ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host 8.074s ? github.com/google/syzkaller/pkg/html [no test files] ok github.com/google/syzkaller/pkg/ifuzz 0.364s ? github.com/google/syzkaller/pkg/ifuzz/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/generated [no test files] ok github.com/google/syzkaller/pkg/instance 0.121s ok github.com/google/syzkaller/pkg/ipc 5.718s ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ok github.com/google/syzkaller/pkg/kd 0.006s ok github.com/google/syzkaller/pkg/log 0.010s ok github.com/google/syzkaller/pkg/mgrconfig 0.015s ok github.com/google/syzkaller/pkg/osutil 0.110s ok github.com/google/syzkaller/pkg/report 3.197s ok github.com/google/syzkaller/pkg/repro 0.179s ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest 16.254s ok github.com/google/syzkaller/pkg/serializer 0.008s ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/symbolizer 0.034s ok github.com/google/syzkaller/pkg/vcs 1.572s ok github.com/google/syzkaller/prog 11.632s ok github.com/google/syzkaller/prog/test 3.303s ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ok github.com/google/syzkaller/sys/linux 1.191s ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd 0.007s ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci 0.123s ? github.com/google/syzkaller/syz-fuzzer [no test files] ok github.com/google/syzkaller/syz-hub 0.009s ok github.com/google/syzkaller/syz-hub/state 0.029s ? github.com/google/syzkaller/syz-manager [no test files] ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-env [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-imagegen [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser 0.005s ok github.com/google/syzkaller/tools/syz-trace2syz/proggen 1.517s ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm 8.127s ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ? github.com/google/syzkaller/vm/isolated [no test files] ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ok github.com/google/syzkaller/vm/vmimpl 0.025s ? github.com/google/syzkaller/vm/vmm [no test files]