ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 0.562s ok github.com/google/syzkaller/pkg/ast 4.193s ok github.com/google/syzkaller/pkg/bisect 117.007s ok github.com/google/syzkaller/pkg/build (cached) ok github.com/google/syzkaller/pkg/compiler 20.054s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/cover (cached) ? github.com/google/syzkaller/pkg/cover/backend [no test files] --- FAIL: TestGenerate (65.43s) --- FAIL: TestGenerate/openbsd/amd64 (0.88s) csource_test.go:68: seed=1609282412027762998 --- FAIL: TestGenerate/openbsd/amd64/14 (4.03s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:true} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { fprintf(stderr, "### start\n"); int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); fprintf(stderr, "### call=0 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); fprintf(stderr, "### call=1 errno=%u\n", res == -1 ? errno : 0); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; res = syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); fprintf(stderr, "### call=2 errno=%u\n", res == -1 ? errno : 0); break; case 3: *(uint32_t*)0x20000080 = 0xcb; res = syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); fprintf(stderr, "### call=3 errno=%u\n", res == -1 ? errno : 0); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); res = syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); fprintf(stderr, "### call=4 errno=%u\n", res == -1 ? errno : 0); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; res = syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); fprintf(stderr, "### call=5 errno=%u\n", res == -1 ? errno : 0); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); fprintf(stderr, "### call=6 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); fprintf(stderr, "### call=7 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); fprintf(stderr, "### call=8 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; res = syscall(SYS_getgroups, 4ul, 0x20000240ul); fprintf(stderr, "### call=9 errno=%u\n", res == -1 ? errno : 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); (void)res; break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); res = -1; errno = EFAULT; res = syz_execute_func(0x20001240); fprintf(stderr, "### call=11 errno=%u\n", res == -1 ? errno : 0); break; case 12: (void)res; break; case 13: res = -1; errno = EFAULT; res = syz_open_pts(); fprintf(stderr, "### call=13 errno=%u\n", res == -1 ? errno : 0); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :331:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :329:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor709069389 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/8 (4.13s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox: Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); loop(); return 0; } :305:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :303:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor804755272 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/12 (4.22s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:true Repro:false Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) ({ int ok = 1; __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } else ok = 0; __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); ok; }) static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: NONFAILING(*(uint64_t*)0x20000040 = 0x20000000); NONFAILING(memcpy((void*)0x20000000, "./file0\000", 8)); NONFAILING(*(uint32_t*)0x20000048 = -1); NONFAILING(*(uint32_t*)0x2000004c = 0); syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: NONFAILING(*(uint32_t*)0x20000080 = 0xcb); syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: NONFAILING(memcpy((void*)0x200000c0, "./file0\000", 8)); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: NONFAILING(*(uint64_t*)0x20000148 = 0x20000100); NONFAILING(*(uint32_t*)0x20000100 = 0); NONFAILING(*(uint32_t*)0x20000104 = 7); NONFAILING(*(uint32_t*)0x20000108 = 2); NONFAILING(*(uint32_t*)0x2000010c = 0x18000); NONFAILING(*(uint32_t*)0x20000110 = 6); NONFAILING(*(uint32_t*)0x20000114 = 3); NONFAILING(*(uint32_t*)0x20000118 = 0x8000000); NONFAILING(*(uint32_t*)0x2000011c = 0x20); NONFAILING(*(uint32_t*)0x20000120 = 0); syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: NONFAILING(*(uint32_t*)0x200001c0 = 0xc); res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) NONFAILING(r[1] = *(uint32_t*)0x20000188); break; case 7: NONFAILING(*(uint32_t*)0x20000200 = -1); NONFAILING(*(uint32_t*)0x20000204 = r[0]); NONFAILING(*(uint32_t*)0x20000208 = 0); res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) NONFAILING(r[2] = *(uint32_t*)0x20000208); break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: NONFAILING(*(uint32_t*)0x20000240 = r[1]); NONFAILING(*(uint32_t*)0x20000244 = r[0]); NONFAILING(*(uint32_t*)0x20000248 = r[2]); NONFAILING(*(uint32_t*)0x2000024c = r[3]); syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: NONFAILING(*(uint8_t*)0x20000000 = 0xaa); NONFAILING(*(uint8_t*)0x20000001 = 0xaa); NONFAILING(*(uint8_t*)0x20000002 = 0xaa); NONFAILING(*(uint8_t*)0x20000003 = 0xaa); NONFAILING(*(uint8_t*)0x20000004 = 0xaa); NONFAILING(*(uint8_t*)0x20000005 = 0xbb); NONFAILING(*(uint8_t*)0x20000006 = 0xaa); NONFAILING(*(uint8_t*)0x20000007 = 0xaa); NONFAILING(*(uint8_t*)0x20000008 = 0xaa); NONFAILING(*(uint8_t*)0x20000009 = 0xaa); NONFAILING(*(uint8_t*)0x2000000a = 0xaa); NONFAILING(*(uint8_t*)0x2000000b = 0xbb); NONFAILING(*(uint16_t*)0x2000000c = htobe16(0x86dd)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4)); NONFAILING(memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3)); NONFAILING(*(uint16_t*)0x20000012 = htobe16(0x11d8)); NONFAILING(*(uint8_t*)0x20000014 = 0x11); NONFAILING(*(uint8_t*)0x20000015 = 0); NONFAILING(*(uint8_t*)0x20000016 = 0xfe); NONFAILING(*(uint8_t*)0x20000017 = 0x80); NONFAILING(*(uint8_t*)0x20000018 = 0); NONFAILING(*(uint8_t*)0x20000019 = 0); NONFAILING(*(uint8_t*)0x2000001a = 0); NONFAILING(*(uint8_t*)0x2000001b = 0); NONFAILING(*(uint8_t*)0x2000001c = 0); NONFAILING(*(uint8_t*)0x2000001d = 0); NONFAILING(*(uint8_t*)0x2000001e = 0); NONFAILING(*(uint8_t*)0x2000001f = 0); NONFAILING(*(uint8_t*)0x20000020 = 0); NONFAILING(*(uint8_t*)0x20000021 = 0); NONFAILING(*(uint8_t*)0x20000022 = 0); NONFAILING(*(uint8_t*)0x20000023 = 0); NONFAILING(*(uint8_t*)0x20000024 = 0); NONFAILING(*(uint8_t*)0x20000025 = 0xbb); NONFAILING(*(uint8_t*)0x20000026 = 0); NONFAILING(*(uint8_t*)0x20000027 = 0); NONFAILING(*(uint8_t*)0x20000028 = 0); NONFAILING(*(uint8_t*)0x20000029 = 0); NONFAILING(*(uint8_t*)0x2000002a = 0); NONFAILING(*(uint8_t*)0x2000002b = 0); NONFAILING(*(uint8_t*)0x2000002c = 0); NONFAILING(*(uint8_t*)0x2000002d = 0); NONFAILING(*(uint8_t*)0x2000002e = 0); NONFAILING(*(uint8_t*)0x2000002f = 0); NONFAILING(*(uint8_t*)0x20000030 = 0); NONFAILING(*(uint8_t*)0x20000031 = 0); NONFAILING(*(uint8_t*)0x20000032 = 0); NONFAILING(*(uint8_t*)0x20000033 = 0); NONFAILING(*(uint8_t*)0x20000034 = 0); NONFAILING(*(uint8_t*)0x20000035 = 0); NONFAILING(*(uint8_t*)0x20000036 = 0x32); NONFAILING(*(uint8_t*)0x20000037 = 5); NONFAILING(*(uint8_t*)0x20000038 = 0); NONFAILING(*(uint8_t*)0x20000039 = 0); NONFAILING(*(uint8_t*)0x2000003a = 0); NONFAILING(*(uint8_t*)0x2000003b = 0); NONFAILING(*(uint8_t*)0x2000003c = 0); NONFAILING(*(uint8_t*)0x2000003d = 0); NONFAILING(*(uint8_t*)0x2000003e = 1); NONFAILING(*(uint8_t*)0x2000003f = 8); NONFAILING(*(uint8_t*)0x20000040 = 0); NONFAILING(*(uint8_t*)0x20000041 = 0); NONFAILING(*(uint8_t*)0x20000042 = 0); NONFAILING(*(uint8_t*)0x20000043 = 0); NONFAILING(*(uint8_t*)0x20000044 = 0); NONFAILING(*(uint8_t*)0x20000045 = 0); NONFAILING(*(uint8_t*)0x20000046 = 0); NONFAILING(*(uint8_t*)0x20000047 = 0); NONFAILING(*(uint8_t*)0x20000048 = 0); NONFAILING(*(uint8_t*)0x20000049 = 1); NONFAILING(*(uint8_t*)0x2000004a = 0); NONFAILING(*(uint8_t*)0x2000004b = 6); NONFAILING(*(uint8_t*)0x2000004c = 0); NONFAILING(memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096)); NONFAILING(*(uint8_t*)0x2000104d = 0); NONFAILING(*(uint8_t*)0x2000104e = 1); NONFAILING(*(uint8_t*)0x2000104f = 0); NONFAILING(*(uint8_t*)0x20001050 = 0xc2); NONFAILING(*(uint8_t*)0x20001051 = 4); NONFAILING(*(uint32_t*)0x20001052 = htobe32(1)); NONFAILING(*(uint8_t*)0x20001056 = 9); NONFAILING(*(uint8_t*)0x20001057 = 0x15); NONFAILING(memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21)); NONFAILING(*(uint8_t*)0x2000106e = 0x67); NONFAILING(*(uint8_t*)0x2000106f = 6); NONFAILING(*(uint8_t*)0x20001070 = 0); NONFAILING(*(uint8_t*)0x20001071 = 0x20); NONFAILING(*(uint32_t*)0x20001072 = 0); NONFAILING(*(uint8_t*)0x20001076 = -1); NONFAILING(*(uint8_t*)0x20001077 = 1); NONFAILING(*(uint8_t*)0x20001078 = 0); NONFAILING(*(uint8_t*)0x20001079 = 0); NONFAILING(*(uint8_t*)0x2000107a = 0); NONFAILING(*(uint8_t*)0x2000107b = 0); NONFAILING(*(uint8_t*)0x2000107c = 0); NONFAILING(*(uint8_t*)0x2000107d = 0); NONFAILING(*(uint8_t*)0x2000107e = 0); NONFAILING(*(uint8_t*)0x2000107f = 0); NONFAILING(*(uint8_t*)0x20001080 = 0); NONFAILING(*(uint8_t*)0x20001081 = 0); NONFAILING(*(uint8_t*)0x20001082 = 0); NONFAILING(*(uint8_t*)0x20001083 = 0); NONFAILING(*(uint8_t*)0x20001084 = 0); NONFAILING(*(uint8_t*)0x20001085 = 1); NONFAILING(*(uint8_t*)0x20001086 = -1); NONFAILING(*(uint8_t*)0x20001087 = 1); NONFAILING(*(uint8_t*)0x20001088 = 0); NONFAILING(*(uint8_t*)0x20001089 = 0); NONFAILING(*(uint8_t*)0x2000108a = 0); NONFAILING(*(uint8_t*)0x2000108b = 0); NONFAILING(*(uint8_t*)0x2000108c = 0); NONFAILING(*(uint8_t*)0x2000108d = 0); NONFAILING(*(uint8_t*)0x2000108e = 0); NONFAILING(*(uint8_t*)0x2000108f = 0); NONFAILING(*(uint8_t*)0x20001090 = 0); NONFAILING(*(uint8_t*)0x20001091 = 0); NONFAILING(*(uint8_t*)0x20001092 = 0); NONFAILING(*(uint8_t*)0x20001093 = 0); NONFAILING(*(uint8_t*)0x20001094 = 0); NONFAILING(*(uint8_t*)0x20001095 = 1); NONFAILING(*(uint8_t*)0x20001096 = 0); NONFAILING(*(uint8_t*)0x20001097 = 0); NONFAILING(*(uint8_t*)0x20001098 = 0); NONFAILING(*(uint8_t*)0x20001099 = 0); NONFAILING(*(uint8_t*)0x2000109a = 0); NONFAILING(*(uint8_t*)0x2000109b = 0); NONFAILING(*(uint8_t*)0x2000109c = 0); NONFAILING(*(uint8_t*)0x2000109d = 0); NONFAILING(*(uint8_t*)0x2000109e = 0); NONFAILING(*(uint8_t*)0x2000109f = 0); NONFAILING(*(uint8_t*)0x200010a0 = 0); NONFAILING(*(uint8_t*)0x200010a1 = 0); NONFAILING(*(uint8_t*)0x200010a2 = 0); NONFAILING(*(uint8_t*)0x200010a3 = 0); NONFAILING(*(uint8_t*)0x200010a4 = 0); NONFAILING(*(uint8_t*)0x200010a5 = 0); NONFAILING(*(uint8_t*)0x200010a6 = 4); NONFAILING(*(uint8_t*)0x200010a7 = 0x19); NONFAILING(*(uint8_t*)0x200010a8 = 0); NONFAILING(*(uint8_t*)0x200010a9 = 0); NONFAILING(*(uint8_t*)0x200010aa = 0); NONFAILING(*(uint8_t*)0x200010ab = 0); NONFAILING(*(uint8_t*)0x200010ac = 0); NONFAILING(*(uint8_t*)0x200010ad = 0); NONFAILING(*(uint8_t*)0x200010ae = 0xa8); NONFAILING(*(uint8_t*)0x200010af = 0x9b); NONFAILING(memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155)); NONFAILING(*(uint8_t*)0x2000114b = 0xc2); NONFAILING(*(uint8_t*)0x2000114c = 4); NONFAILING(*(uint32_t*)0x2000114d = htobe32(0x10001)); NONFAILING(*(uint8_t*)0x20001151 = 1); NONFAILING(*(uint8_t*)0x20001152 = 3); NONFAILING(*(uint8_t*)0x20001153 = 0); NONFAILING(*(uint8_t*)0x20001154 = 0); NONFAILING(*(uint8_t*)0x20001155 = 0); NONFAILING(*(uint8_t*)0x20001156 = 0); NONFAILING(*(uint8_t*)0x20001157 = 1); NONFAILING(*(uint8_t*)0x20001158 = 0); NONFAILING(*(uint8_t*)0x20001159 = 8); NONFAILING(*(uint8_t*)0x2000115a = 0x1d); NONFAILING(memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29)); NONFAILING(*(uint8_t*)0x20001178 = 5); NONFAILING(*(uint8_t*)0x20001179 = 2); NONFAILING(*(uint16_t*)0x2000117a = htobe16(0x7fff)); NONFAILING(*(uint8_t*)0x2000117e = 0x27); NONFAILING(*(uint8_t*)0x2000117f = 6); NONFAILING(*(uint8_t*)0x20001180 = 0); NONFAILING(*(uint8_t*)0x20001181 = 5); NONFAILING(*(uint32_t*)0x20001182 = 0); NONFAILING(*(uint8_t*)0x20001186 = -1); NONFAILING(*(uint8_t*)0x20001187 = 1); NONFAILING(*(uint8_t*)0x20001188 = 0); NONFAILING(*(uint8_t*)0x20001189 = 0); NONFAILING(*(uint8_t*)0x2000118a = 0); NONFAILING(*(uint8_t*)0x2000118b = 0); NONFAILING(*(uint8_t*)0x2000118c = 0); NONFAILING(*(uint8_t*)0x2000118d = 0); NONFAILING(*(uint8_t*)0x2000118e = 0); NONFAILING(*(uint8_t*)0x2000118f = 0); NONFAILING(*(uint8_t*)0x20001190 = 0); NONFAILING(*(uint8_t*)0x20001191 = 0); NONFAILING(*(uint8_t*)0x20001192 = 0); NONFAILING(*(uint8_t*)0x20001193 = 0); NONFAILING(*(uint8_t*)0x20001194 = 0); NONFAILING(*(uint8_t*)0x20001195 = 1); NONFAILING(*(uint8_t*)0x20001196 = 0); NONFAILING(*(uint8_t*)0x20001197 = 0); NONFAILING(*(uint8_t*)0x20001198 = 0); NONFAILING(*(uint8_t*)0x20001199 = 0); NONFAILING(*(uint8_t*)0x2000119a = 0); NONFAILING(*(uint8_t*)0x2000119b = 0); NONFAILING(*(uint8_t*)0x2000119c = 0); NONFAILING(*(uint8_t*)0x2000119d = 0); NONFAILING(*(uint8_t*)0x2000119e = 0); NONFAILING(*(uint8_t*)0x2000119f = 0); NONFAILING(*(uint8_t*)0x200011a0 = 0); NONFAILING(*(uint8_t*)0x200011a1 = 0); NONFAILING(*(uint8_t*)0x200011a2 = 0); NONFAILING(*(uint8_t*)0x200011a3 = 0); NONFAILING(*(uint8_t*)0x200011a4 = 0); NONFAILING(*(uint8_t*)0x200011a5 = 0); NONFAILING(*(uint64_t*)0x200011a6 = htobe64(0)); NONFAILING(*(uint64_t*)0x200011ae = htobe64(1)); NONFAILING(*(uint8_t*)0x200011b6 = 0x2c); NONFAILING(*(uint8_t*)0x200011b7 = 0); NONFAILING(*(uint8_t*)0x200011b8 = 0); NONFAILING(*(uint8_t*)0x200011b9 = 0); NONFAILING(*(uint8_t*)0x200011ba = 0); NONFAILING(*(uint8_t*)0x200011bb = 0); NONFAILING(*(uint8_t*)0x200011bc = 0); NONFAILING(*(uint8_t*)0x200011bd = 0); NONFAILING(*(uint8_t*)0x200011be = 0); NONFAILING(*(uint8_t*)0x200011bf = 1); NONFAILING(*(uint8_t*)0x200011c0 = 0); NONFAILING(*(uint8_t*)0x200011c6 = 3); NONFAILING(*(uint8_t*)0x200011c7 = 3); NONFAILING(*(uint8_t*)0x200011c8 = 0); NONFAILING(*(uint8_t*)0x200011c9 = 0); NONFAILING(*(uint8_t*)0x200011ca = 0); NONFAILING(*(uint8_t*)0x200011cb = 0); NONFAILING(*(uint8_t*)0x200011cc = 0); NONFAILING(*(uint8_t*)0x200011cd = 0); NONFAILING(*(uint8_t*)0x200011ce = 0xc2); NONFAILING(*(uint8_t*)0x200011cf = 4); NONFAILING(*(uint32_t*)0x200011d0 = htobe32(0)); NONFAILING(*(uint8_t*)0x200011d4 = 5); NONFAILING(*(uint8_t*)0x200011d5 = 2); NONFAILING(*(uint16_t*)0x200011d6 = htobe16(0x20)); NONFAILING(*(uint8_t*)0x200011d8 = 5); NONFAILING(*(uint8_t*)0x200011d9 = 2); NONFAILING(*(uint16_t*)0x200011da = htobe16(9)); NONFAILING(*(uint8_t*)0x200011dc = 0xc2); NONFAILING(*(uint8_t*)0x200011dd = 4); NONFAILING(*(uint32_t*)0x200011de = htobe32(3)); NONFAILING(*(uint8_t*)0x200011e2 = 1); NONFAILING(*(uint8_t*)0x200011e3 = 1); NONFAILING(*(uint8_t*)0x200011e4 = 0); NONFAILING(*(uint8_t*)0x200011e5 = 5); NONFAILING(*(uint8_t*)0x200011e6 = 2); NONFAILING(*(uint16_t*)0x200011e7 = htobe16(0x7f)); NONFAILING(*(uint8_t*)0x200011e9 = 5); NONFAILING(*(uint8_t*)0x200011ea = 2); NONFAILING(*(uint16_t*)0x200011eb = htobe16(3)); NONFAILING(*(uint8_t*)0x200011ee = 0xd8); NONFAILING(*(uint8_t*)0x200011ef = 0); NONFAILING(*(uint8_t*)0x200011f0 = 8); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5)); NONFAILING(*(uint32_t*)0x200011f2 = 0x68); NONFAILING(*(uint8_t*)0x200011f6 = 0x82); NONFAILING(*(uint8_t*)0x200011f7 = 0); NONFAILING(*(uint16_t*)0x200011f8 = htobe16(0)); NONFAILING(*(uint16_t*)0x200011fa = htobe16(0x3ff)); NONFAILING(*(uint16_t*)0x200011fc = 9); NONFAILING(*(uint8_t*)0x200011fe = -1); NONFAILING(*(uint8_t*)0x200011ff = 2); NONFAILING(*(uint8_t*)0x20001200 = 0); NONFAILING(*(uint8_t*)0x20001201 = 0); NONFAILING(*(uint8_t*)0x20001202 = 0); NONFAILING(*(uint8_t*)0x20001203 = 0); NONFAILING(*(uint8_t*)0x20001204 = 0); NONFAILING(*(uint8_t*)0x20001205 = 0); NONFAILING(*(uint8_t*)0x20001206 = 0); NONFAILING(*(uint8_t*)0x20001207 = 0); NONFAILING(*(uint8_t*)0x20001208 = 0); NONFAILING(*(uint8_t*)0x20001209 = 0); NONFAILING(*(uint8_t*)0x2000120a = 0); NONFAILING(*(uint8_t*)0x2000120b = 0); NONFAILING(*(uint8_t*)0x2000120c = 0); NONFAILING(*(uint8_t*)0x2000120d = 1); struct csum_inet csum_1; csum_inet_init(&csum_1); NONFAILING(csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16)); NONFAILING(csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16)); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); NONFAILING(csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24)); NONFAILING(*(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1)); break; case 11: NONFAILING(memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53)); NONFAILING(syz_execute_func(0x20001240)); break; case 12: break; case 13: NONFAILING(syz_open_pts()); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); install_segv_handler(); use_temporary_dir(); do_sandbox_none(); return 0; } :359:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :357:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor076918279 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/9 (4.67s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:setuid Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, WUNTRACED) != pid) { } return WEXITSTATUS(status); } static int do_sandbox_setuid(void) { int pid = fork(); if (pid != 0) return wait_for_loop(pid); sandbox_common(); char pwbuf[1024]; struct passwd *pw, pwres; if (getpwnam_r("nobody", &pwres, pwbuf, sizeof(pwbuf), &pw) != 0 || !pw) exit(1); if (setgroups(0, NULL)) exit(1); if (setgid(pw->pw_gid)) exit(1); if (setuid(pw->pw_uid)) exit(1); loop(); exit(1); } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_setuid(); return 0; } :353:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :351:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor917843409 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/0 (5.95s) csource_test.go:124: opts: {Threaded:false Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_one(void) { intptr_t res = 0; res = syscall(SYS_getgid); if (res != -1) r[0] = res; syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; res = syscall(SYS_getgid); if (res != -1) r[3] = res; *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); syz_open_pts(); } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :193:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :191:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor090812710 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/10 (5.33s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static int tunfd = -1; #define MAX_TUN 4 #define TUN_IFACE "tap%d" #define TUN_DEVICE "/dev/tap%d" #define LOCAL_MAC "aa:aa:aa:aa:aa:aa" #define REMOTE_MAC "aa:aa:aa:aa:aa:bb" #define LOCAL_IPV4 "172.20.%d.170" #define REMOTE_IPV4 "172.20.%d.187" #define LOCAL_IPV6 "fe80::%02hxaa" #define REMOTE_IPV6 "fe80::%02hxbb" static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv = vsnprintf(str, size, format, args); if (rv < 0) exit(1); if ((size_t)rv >= size) exit(1); } static void snprintf_check(char* str, size_t size, const char* format, ...) { va_list args; va_start(args, format); vsnprintf_check(str, size, format, args); va_end(args); } #define COMMAND_MAX_LEN 128 #define PATH_PREFIX "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin " #define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1) static void execute_command(bool panic, const char* format, ...) { va_list args; va_start(args, format); char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN]; memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN); vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args); va_end(args); int rv = system(command); if (rv) { if (panic) exit(1); } } static void initialize_tun(int tun_id) { if (tun_id < 0 || tun_id >= MAX_TUN) { exit(1); } char tun_device[sizeof(TUN_DEVICE)]; snprintf_check(tun_device, sizeof(tun_device), TUN_DEVICE, tun_id); char tun_iface[sizeof(TUN_IFACE)]; snprintf_check(tun_iface, sizeof(tun_iface), TUN_IFACE, tun_id); execute_command(0, "ifconfig %s destroy", tun_device); tunfd = open(tun_device, O_RDWR | O_NONBLOCK); if (tunfd == -1) { printf("tun: can't open %s: errno=%d\n", tun_device, errno); return; } const int kTunFd = 240; if (dup2(tunfd, kTunFd) < 0) exit(1); close(tunfd); tunfd = kTunFd; char local_mac[sizeof(LOCAL_MAC)]; snprintf_check(local_mac, sizeof(local_mac), LOCAL_MAC); execute_command(1, "ifconfig %s lladdr %s", tun_iface, local_mac); char local_ipv4[sizeof(LOCAL_IPV4)]; snprintf_check(local_ipv4, sizeof(local_ipv4), LOCAL_IPV4, tun_id); execute_command(1, "ifconfig %s inet %s netmask 255.255.255.0", tun_iface, local_ipv4); char remote_mac[sizeof(REMOTE_MAC)]; char remote_ipv4[sizeof(REMOTE_IPV4)]; snprintf_check(remote_mac, sizeof(remote_mac), REMOTE_MAC); snprintf_check(remote_ipv4, sizeof(remote_ipv4), REMOTE_IPV4, tun_id); execute_command(0, "arp -s %s %s", remote_ipv4, remote_mac); char local_ipv6[sizeof(LOCAL_IPV6)]; snprintf_check(local_ipv6, sizeof(local_ipv6), LOCAL_IPV6, tun_id); execute_command(1, "ifconfig %s inet6 %s", tun_iface, local_ipv6); char remote_ipv6[sizeof(REMOTE_IPV6)]; snprintf_check(remote_ipv6, sizeof(remote_ipv6), REMOTE_IPV6, tun_id); execute_command(0, "ndp -s %s%%%s %s", remote_ipv6, tun_iface, remote_mac); } static long syz_emit_ethernet(volatile long a0, volatile long a1) { if (tunfd < 0) return (uintptr_t)-1; size_t length = a0; const char* data = (char*)a1; return write(tunfd, data, length); } static int read_tun(char* data, int size) { if (tunfd < 0) return -1; int rv = read(tunfd, data, size); if (rv < 0) { if (errno == EAGAIN) return -1; exit(1); } return rv; } struct tcp_resources { uint32_t seq; uint32_t ack; }; static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile long a2) { if (tunfd < 0) return (uintptr_t)-1; char data[1000]; int rv = read_tun(&data[0], sizeof(data)); if (rv == -1) return (uintptr_t)-1; size_t length = rv; if (length < sizeof(struct ether_header)) return (uintptr_t)-1; struct ether_header* ethhdr = (struct ether_header*)&data[0]; struct tcphdr* tcphdr = 0; if (ethhdr->ether_type == htons(ETHERTYPE_IP)) { if (length < sizeof(struct ether_header) + sizeof(struct ip)) return (uintptr_t)-1; struct ip* iphdr = (struct ip*)&data[sizeof(struct ether_header)]; if (iphdr->ip_p != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ether_header) + iphdr->ip_hl * 4 + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ether_header) + iphdr->ip_hl * 4]; } else { if (length < sizeof(struct ether_header) + sizeof(struct ip6_hdr)) return (uintptr_t)-1; struct ip6_hdr* ipv6hdr = (struct ip6_hdr*)&data[sizeof(struct ether_header)]; if (ipv6hdr->ip6_nxt != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ether_header) + sizeof(struct ip6_hdr) + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ether_header) + sizeof(struct ip6_hdr)]; } struct tcp_resources* res = (struct tcp_resources*)a0; res->seq = htonl(ntohl(tcphdr->th_seq) + (uint32_t)a1); res->ack = htonl(ntohl(tcphdr->th_ack) + (uint32_t)a2); return 0; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); initialize_tun(procid); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); syz_emit_ethernet(0x120e, 0x20000000); break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); break; case 12: syz_extract_tcp_res(0x20001280, 0x401, 1); break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :498:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :496:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor480198074 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/15 (6.30s) csource_test.go:124: opts: {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; int collide = 0; again: for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0 + procid*1; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :342:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :340:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor447008508 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/13 (7.82s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :332:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :330:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor011291179 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/11 (7.94s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:false HandleSegv:false Repro:false Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); do_sandbox_none(); return 0; } :278:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :276:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor060775822 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/4 (8.87s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = getgid() mquery(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x80) ioctl$DIOCMAP(0xffffffffffffff9c, 0xc0106477, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, &(0x7f0000000080)=0xcb) unlinkat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8) ioctl$BIOCGDLTLIST(0xffffffffffffff9c, 0xc010427b, &(0x7f0000000140)={0x9, &(0x7f0000000100)=[0x0, 0x7, 0x2, 0x18000, 0x6, 0x3, 0x8000000, 0x20, 0x0]}) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x3, &(0x7f0000000200)=[0xffffffffffffffff, r0, 0x0]) r3 = getgid() getgroups(0x4, &(0x7f0000000240)=[r1, r0, r2, r3]) syz_emit_ethernet(0x120e, &(0x7f0000000000)={@remote, @remote, [], {@ipv6={0x86dd, {0x1, 0x6, "b588d1", 0x11d8, 0x11, 0x0, @remote={0xfe, 0x80, [], 0x0}, @empty, {[@dstopts={0x32, 0x205, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x6, 0x1000, "7d7312bf2f976b286cf33b3a7660af2f30cb34f9a86a2db188c5d76df22900976b027211513627f37cb64221551888028062f7e96e29502c8230cb07ed13fb79ee022afacfb0fdb9fdd62ac37dfa4f6b34fcbee4c380fa32c35d695cca5e60b4fe8ddf4e9fd6c26810eab11156f5f11cff1548bc51648f66404bacd55f29d8349635356e8711ba71763c2e3dae08ceca72daaf10868c22ac2d429c17228cb0fa6a92eddafaf821e084cdd55affffce12097a2772ef8ab4bc862213c765c3c5bb6cb25206a5f87d2034b922cd8a54fd1f39938081132c0491f0258b9d5b90206398281bd745907571e7944936e2d4097eec6b58ed963a26c7ab84ad1084f4b8fe735e2c7a5073344b225dd2917d1035d525e3fca4bf750dc4474b2645770b1ca240e54b5d0d4dc7ef29a3a61669e0bc94741f97c66216511a0b772e8813b7e01c740f8ed1fa8909f5700d3403d21c720a5902de2e1c32556eca20d374473cd817427a1c9cd58e2e0aefa447fb5a819c5f0f58b27756a2ab59c7904bd86a7e178629ad0bf9acc4272dc48011d27c262fe7ea1754391b04e3144db1eec8b7fded123a6e0d848e26d3a48db19cdac570a9f88259994a988bafd8db39128ec209c2f4a1c3a0090fb48b2c98c66c31a9d0c4377d6e63c82afdf734861249d4a187b99c2c03ea42efb67963c7f5e058b9ea734e124abcff107a29e339704bc5c174895b10fabef1dd6966930a398295f238abeba33093a7e5d4ebf3c134b00eac453659d9a5ed6722b28668f0de27fcbfcc665f9b79f51aa266f061a9d3582fe787f1cd3d6b2a4d5b7670d91c9f19da4cdf5c47edb015a154227797a6b56a27e32276f07e6cc20ec6885bc261055b4ad4f66c09e27673c407023fb6d0c61139245b190861816a03ae7d9627100ab2a1f1f38198e820967923fdf0a95e9088ffe6779f1eea151123e919bde1ea78746cc30768220ff953d10588589701f70e66392524a78562a838205af4bfc28c4a6884b425c109ea7ff16d9f1bcb77459ccb5b81045b6cb2dcebdae46f6d70b44ff8dc6f522c77db1471ce1163a7a5640d02e469e5dee1ff25b7f7325baeb10ecb4bc48f8692d5376dad7c9125ecb61d00e759b8f3179df636389f62f51face3013a62a9656fec592601942743778d7b7c838cdf30fe87b7503aab17d8d8f5f30a3a03f105dd389658c187823d1c5ec9af9dce05decfa6192a6514896e99f47847e83719f79cd37b118184d34ca20e884bd255f199acef2ed48011cff2695977dd7b1ae1f08d27f947cd1aff97a19e3f93c659d10ff5a776f291022df261b792935a1c5882f920c9442e563f878801beecbba89c1eab9d2b96285f3493483b49f269e8d684330037dafedbcbb3bc500e65b5e69c3a4f6f15e42cb595cce04c891818f28a69ef73c0ecf8efbef8bc1e5f7d07f5ca828d9a8460a297a2b6f158413fd2738e6168377a49bd43a70a36e7c39d8d548783285675417c6207bebeb3224faab81eef708601be613697967c31f6b8a2c21c469273d79b15b80d8a0b6c6ed4356d002e424944b661b4d5fb114841b9cbaf8d4c16d7f687362aee164756e05fa1d579f082003ac1103a007c2fcea486f32e6e72d141c1e233330a3b3d8135840a9fbc503526e44876e702309c3cb1a6c4020bae2ef85146a3438bd9b341b719dfa5b519fca6bc1746b47ac4991722b9777d92480065e3d70bb6b202e98d5d08c1b215a5012210ef9e2b9fea630e4d8217c501dee6b46a3b887c71f3c4c603af56a86734236f068e072aa63f2a70d488fe9091a8530585e4d611ad9fe23593cb410e5eed9187ed55652bef39b8e867a879f89735e7cadfb36a183867cdc3322b21427a498d12d566af1b7ed235034feeaa2cbd795c2363ec9845a504073181ef95121548bd6e88486a261cb52f6f7970b99f53de0f426ffcae940f83ac20138c7d5b3520214e44a403c84fdacc6557c8b859c9918e78377261722f1f2913d0dfe99d93de5f2a67c3775a7681c9b8fdb811ead0bad8ec771ef38dc0da259047ecaab608e8e7c45113ce2681a8377df054e8e48485bf16d1222ccf2214b8115e0af090742f1c7b77645bde02541071d92f5eb24bc1942ff691016d1d0844daecc89df8b58f05e0fc3856881413920359c90927b85cdb99629791341d07f6bd042ea457128ac91c4ab33b169935a1a0214e74dd2d098abc1d16b59abf377401dbd0904f7dcb351fa4dd8e36cbf4b8dc28e811bd7dc9b8a2f6021c44e85e1ebe1c68e03595aded1d0f5bdc563e612367ae89e46094a2e341ce2bdf0cdd0d0e71af4ce34700bb15898b2d3f559f466a6fbda1e005df5e76968fc0070a860e8eefb40180d6493a17903698a9f809ab5120cc72a205e3265236c67d7c85e581ed378d3326111813041da2d8d3c888d1236649129c37021fbfde4b873dbc3cc9fe18dc922a62d50686f9d7e15c2c4c51e25d9852385f024670dd5eaa98661a3fd645f5e3cf1a0381e878776d79039db945f680b0cba8a7e3875727a07be161c854491d396fbf40b50298b1a84b0cf8b61e18767bab36a013f0acf45569ed1882c3fea9e20189822e2b9bacbc4155842246c183f295912d6480a05a2d59ff2990bbbb8c7e9079f1a039bf31fd2cc28312cff2461af871dde9b27201e66d89f62196b632ef97424d2529d0973457cf4595f6751928457b7de885f43cf64577bd6d099d9adfe45a4e6d704bfd3edc85ddbb11dedd5e2d3e50a55d7a7dcfde4efd11dcd20f6285b74ea194da7f31a4983a14f167a847d279ef28557419506de34b34f237f3c66ed257246d04824f4f8d97092e55e095ecf4f3647ebd6c39538c4c7565b23d81f0cc3d6170d8a0d5050fe7e4f8d4fe07cea0d5db6d5f966afa39dec34a8ce32b67d4918ea8d96af5c7fd899945449e051ef34400cbd4badd786d20b1c77d23670b2065bc8f671150336c4228f49c2e07954d4b165d222cae2a5f5dc9fd328a21eb4b2033447dd9b0b56d12bc93148595a649d5cd3a9b56c33249c979cfd321eb720afca706fc263dfc06be97c2b805a7ccc54cd8e247e64dce1607ba96d146a977c247b3072ad2cb2c116c75493185ac9d6124070f674e1a83c4e4fc7a2d46be93c2eb3dc26dd659261cb020788b5bf4c21a5a31e363065e3d81a64886a0b48c8fd33505b2e1a158a60c29b6a4b0d9d3cc4e30cdbbfdc5895ad59b25f8e356616b352e0af4b55615315d389d963125e086d4f38f9837551d5aea90d51c86072518e6b3d9f810386933830b012a939f7f6269f3516cf361a7b204c687b122d7c967f3f9cbfaa3b5170ac5bf030f5fcf5cc60e67d69aed12a9b64eac186eea7ffd2198ce338fd58fa6b1c818a2bf7ee355c9932fa88b6c1e549217366606b04ef454e6fed865eb44a2cf2bffe792464ecd22121dec54fa518f2a148981956b9b06314ff478738f0328a253394e7c1ac4db3ba527c75361582cca56a12730d5b016258f025dc641647adc06d6b3eec0483f2f71ac9db0c45443e31c3d47d7ab7bf336104083017a985d2e83169cbe9fc9f9080cbbbafaefd7e7d0637933533f8fbd2e1abba019b83ca10f3791ad04d64283a0bcdb8c85718434642f6e156fa694ab98d475876a1768f9b595ff823dc4cdda9f080f094e1261a54c7fb8fd381d5a0d51ba8d6055ef43b035490df5dc92b8c3be5b58788866dc09a3563b25b64de0c0280370d8ae3bc317b89e32a5ec6cf14e9df6733b93263f8adf908b632fa2a94a2a5a22d781f562e5521bb07caba5b56ce799e6caac20c8bd10f0dcc765b5ad59ee88cfac53654b85fc6d3d7d1ec37230537d65519aa03d2d87001c3781063bb0275bd96c452c120d9adc12353cb56a565ffb5c3cf81d0497c3a680a68610acbb492b19b29ad601504aa1b3ff00dc5247b883e822cbe8c86673353ead6e044941bb4fbfc3e5ccba04f93cd9c264d9ec2c1f5221ca0767d3bf65f4330bdb4a94d6468bfa9dfa5bcbaa511450e6a0ca9a56c5f20558ea7076a67b5bdd8523f1515caed40dc2eaf06b08b176355dad11f1265b8187485d1a799d86d06f06d933f424f9ed654d2dde7c0e66dbf3d156db2d67941b92080f04581e0249734f2bf4920a3551d06c4ccb8f730deb91b6f6ce210cb41dab8fcbe39d14e918a3629e826e1d60e164e06d6237d382d0f3ec2734117368555e699a650f02d4a886ab679ec194c821b1f4262946eef5a0a3dcb5645c0543560464d86381a425d04218e58aaabf3c5ed4c2273cc0d4c2c28e12ecd4ddcecd67186dacec662c65d323496b9be38496acfb5bb1ce106bbaac84bac733df84e6e31713243df9845b9b630a9714ef11bb21b0e80c6ce1afc63ca722cc238ac448f229aa614e9eaec78e5c27921bbed167057607d383cda42a91f89b25ecea59686a8f07b1c2d73b6b2aa9899c3dcf20401721a1019abb89d5177d74dd1bb794e0d479ebbfb213e13dd5f06377eb87c53c09a3fc2078fe0db301ccb114f8cf3112445a1e7fad70dcf2c6e8cad450dc73c6427e017e0e93d25ef60e80f556462d78b85aed474a6bdb29bdf5a93908f43a77d82d0da55e7dc8a0064d721858ec5f8b3c5d441b66b3267e8103d27f5faf8660662e86593a48d4bfd64ceebd9bf69258232881e2f0f9d0c59f89f3c89a2ecb569d146bd3f872629aa250410cdecc3701fcfe95fbeefc976bd7e305c102e307e0c04f5d40374b93606dd09fc0026b4f0d185ea8051003a55646e32e3278dfd3f061a4c481639fe9507a8e5c04e46377544f2841ef9bea40da683f669f6f2da6a9282d74d46bc7d17845ed0e63886aee7362e12909d459217d092358bf71f2fd1fda7274468a5c64f68dbc912e12414cb841618e6d961e79699187efa265557d052006450eeab52153282396dcc67638f44e8bdc1cf8ac1aa3cefde7b3e97b3f1ade0587ccc459d2b71d8f4c85666f88560ae13d11fd7d7f1214557967aa6221b05ba9a90faad9c1111038f9a1a16b64a40bf5f969f74f32ed6338eb702cb85773bc0495e31ac37ca0b88bb028da0e9721b407afd1e2fa460b204db7dfcd729459b2f125bf42ddf1380eb499691e08275ee42427c0c2db7064a386b52a6ac1a7ade2da86e5c5e5c667e459d0031046ac3b08cf51b0e79004bc73c3f9f7e769fa244fabd9100007a4ed5e2306997ff31489c13c52b2cdf0226cdc4f8522529a2610234aed95eb841f5d242cef7c49363af04985d3c3e53924f352b54eadece3a9522f4835113a3b490b612dacdb8dbfbee79428b808e626214cfcb2bfd4abe6b74f15f08c76d88182322042da026a7e5b1394c9c439dfa596a7a88107370c2cab92f90601b50f0b3181dec56a7136db75650a7a28578087cc87fada0c4a7e1432a6220d7308fccaad29fbe32e42b6593110cda94ce04ff6ed3a9662c4b81d14856f4fc1ac0d4fab9b4d5992650fcb2cfed1b6f60c8c73685c733be133f819a5688d8c6a7e6209969b46b091445021fc19cbd563bd76df96aa65f1d7216a31dc9c4a4f74a24a224a2aa60cb5d0d7c31e6af622e5a7c80c98727cd163e5097d86d4d4d91e7c89fe6151903d7c0f878da1a83e6fcc50fe9990da6640535e685b1c269c950d073762ce899f82aeb933106337f87a7138d1fb7b15b24ac8cc1c093469e61509fc24cfb79e66390a15483e9a5a1a313ff961d0f9fe8c5579014cf5689e368608104f96449b246439af197959e5edf4887497d48974c208cd68cfc7b3e0956c5088120da1daf4aa90b6d2c1b7088131ff296b"}, @pad1, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x15, "5575113921ad0bc9e2e82b28a66b8f508cd3a98acf"}]}, @routing={0x67, 0x6, 0x0, 0x20, 0x0, [@mcast1, @mcast1, @empty]}, @dstopts={0x4, 0x19, [], [@generic={0xa8, 0x9b, "0271097870d6d06b47d83a5b3763f1a2fffb78c9fd5151fe45854469564af3c3949e4a58781ce848a5e9a6fed080306acd0311a5e5b9f900de3f656ec5f517f3a67949354e8a19f5b116e360f8bebf10566eae08582e6be7beeec7668afd637ca6a19c0a8787a4548138d8a06874d550624c0f1ebd2a2267bbca14f2247ab5be2d68e264aa7d651fd4e5e5ef5723b844f64a822f58e7bc5accf588"}, @jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @generic={0x8, 0x1d, "94d6efb5a9f58f859b75be24586f382eeed7a76a6562b978071e71be75"}, @ra={0x5, 0x2, 0x7fff}]}, @routing={0x27, 0x6, 0x0, 0x5, 0x0, [@mcast1, @empty, @loopback]}, @dstopts={0x2c, 0x0, [], [@pad1]}, @dstopts={0x3, 0x3, [], [@jumbo, @ra={0x5, 0x2, 0x20}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0x3}, @padn={0x1, 0x1, [0x0]}, @ra={0x5, 0x2, 0x7f}, @ra={0x5, 0x2, 0x3}]}, @fragment={0xd8, 0x0, 0x8, 0x1, 0x0, 0x8, 0x68}], @icmpv6=@mld={0x82, 0x0, 0x0, 0x3ff, 0x9, @mcast2}}}}}}) syz_execute_func(&(0x7f0000001240)="47669018a9e1170000c4c20d074cd3f636f30f1182feefffffc44155efeaf20f2b9999899999c481fd2817c4a2a5295293f3ab66ac") syz_extract_tcp_res(&(0x7f0000001280), 0x401, 0x1) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (; iter < 10; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[4] = {0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_getgid); if (res != -1) r[0] = res; break; case 1: syscall(SYS_mquery, 0x20ffb000ul, 0x3000ul, 2ul, 0x10ul, -1, 0x80ul); break; case 2: *(uint64_t*)0x20000040 = 0x20000000; memcpy((void*)0x20000000, "./file0\000", 8); *(uint32_t*)0x20000048 = -1; *(uint32_t*)0x2000004c = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc0106477ul, 0x20000040ul); break; case 3: *(uint32_t*)0x20000080 = 0xcb; syscall(SYS_ioctl, -1, 0x80044275ul, 0x20000080ul); break; case 4: memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_unlinkat, 0xffffff9c, 0x200000c0ul, 8ul); break; case 5: *(uint64_t*)0x20000148 = 0x20000100; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 7; *(uint32_t*)0x20000108 = 2; *(uint32_t*)0x2000010c = 0x18000; *(uint32_t*)0x20000110 = 6; *(uint32_t*)0x20000114 = 3; *(uint32_t*)0x20000118 = 0x8000000; *(uint32_t*)0x2000011c = 0x20; *(uint32_t*)0x20000120 = 0; syscall(SYS_ioctl, 0xffffff9c, 0xc010427bul, 0x20000140ul); break; case 6: *(uint32_t*)0x200001c0 = 0xc; res = syscall(SYS_getsockopt, -1, 0xffff, 0x1022, 0x20000180ul, 0x200001c0ul); if (res != -1) r[1] = *(uint32_t*)0x20000188; break; case 7: *(uint32_t*)0x20000200 = -1; *(uint32_t*)0x20000204 = r[0]; *(uint32_t*)0x20000208 = 0; res = syscall(SYS_getgroups, 3ul, 0x20000200ul); if (res != -1) r[2] = *(uint32_t*)0x20000208; break; case 8: res = syscall(SYS_getgid); if (res != -1) r[3] = res; break; case 9: *(uint32_t*)0x20000240 = r[1]; *(uint32_t*)0x20000244 = r[0]; *(uint32_t*)0x20000248 = r[2]; *(uint32_t*)0x2000024c = r[3]; syscall(SYS_getgroups, 4ul, 0x20000240ul); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xbb; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xbb; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\xb5\x88\xd1", 3); *(uint16_t*)0x20000012 = htobe16(0x11d8); *(uint8_t*)0x20000014 = 0x11; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xbb; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0; *(uint8_t*)0x20000036 = 0x32; *(uint8_t*)0x20000037 = 5; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 1; *(uint8_t*)0x2000003f = 8; *(uint8_t*)0x20000040 = 0; *(uint8_t*)0x20000041 = 0; *(uint8_t*)0x20000042 = 0; *(uint8_t*)0x20000043 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 0; *(uint8_t*)0x20000046 = 0; *(uint8_t*)0x20000047 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 1; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 6; *(uint8_t*)0x2000004c = 0; memcpy((void*)0x2000004d, "\x7d\x73\x12\xbf\x2f\x97\x6b\x28\x6c\xf3\x3b\x3a\x76\x60\xaf\x2f\x30\xcb\x34\xf9\xa8\x6a\x2d\xb1\x88\xc5\xd7\x6d\xf2\x29\x00\x97\x6b\x02\x72\x11\x51\x36\x27\xf3\x7c\xb6\x42\x21\x55\x18\x88\x02\x80\x62\xf7\xe9\x6e\x29\x50\x2c\x82\x30\xcb\x07\xed\x13\xfb\x79\xee\x02\x2a\xfa\xcf\xb0\xfd\xb9\xfd\xd6\x2a\xc3\x7d\xfa\x4f\x6b\x34\xfc\xbe\xe4\xc3\x80\xfa\x32\xc3\x5d\x69\x5c\xca\x5e\x60\xb4\xfe\x8d\xdf\x4e\x9f\xd6\xc2\x68\x10\xea\xb1\x11\x56\xf5\xf1\x1c\xff\x15\x48\xbc\x51\x64\x8f\x66\x40\x4b\xac\xd5\x5f\x29\xd8\x34\x96\x35\x35\x6e\x87\x11\xba\x71\x76\x3c\x2e\x3d\xae\x08\xce\xca\x72\xda\xaf\x10\x86\x8c\x22\xac\x2d\x42\x9c\x17\x22\x8c\xb0\xfa\x6a\x92\xed\xda\xfa\xf8\x21\xe0\x84\xcd\xd5\x5a\xff\xff\xce\x12\x09\x7a\x27\x72\xef\x8a\xb4\xbc\x86\x22\x13\xc7\x65\xc3\xc5\xbb\x6c\xb2\x52\x06\xa5\xf8\x7d\x20\x34\xb9\x22\xcd\x8a\x54\xfd\x1f\x39\x93\x80\x81\x13\x2c\x04\x91\xf0\x25\x8b\x9d\x5b\x90\x20\x63\x98\x28\x1b\xd7\x45\x90\x75\x71\xe7\x94\x49\x36\xe2\xd4\x09\x7e\xec\x6b\x58\xed\x96\x3a\x26\xc7\xab\x84\xad\x10\x84\xf4\xb8\xfe\x73\x5e\x2c\x7a\x50\x73\x34\x4b\x22\x5d\xd2\x91\x7d\x10\x35\xd5\x25\xe3\xfc\xa4\xbf\x75\x0d\xc4\x47\x4b\x26\x45\x77\x0b\x1c\xa2\x40\xe5\x4b\x5d\x0d\x4d\xc7\xef\x29\xa3\xa6\x16\x69\xe0\xbc\x94\x74\x1f\x97\xc6\x62\x16\x51\x1a\x0b\x77\x2e\x88\x13\xb7\xe0\x1c\x74\x0f\x8e\xd1\xfa\x89\x09\xf5\x70\x0d\x34\x03\xd2\x1c\x72\x0a\x59\x02\xde\x2e\x1c\x32\x55\x6e\xca\x20\xd3\x74\x47\x3c\xd8\x17\x42\x7a\x1c\x9c\xd5\x8e\x2e\x0a\xef\xa4\x47\xfb\x5a\x81\x9c\x5f\x0f\x58\xb2\x77\x56\xa2\xab\x59\xc7\x90\x4b\xd8\x6a\x7e\x17\x86\x29\xad\x0b\xf9\xac\xc4\x27\x2d\xc4\x80\x11\xd2\x7c\x26\x2f\xe7\xea\x17\x54\x39\x1b\x04\xe3\x14\x4d\xb1\xee\xc8\xb7\xfd\xed\x12\x3a\x6e\x0d\x84\x8e\x26\xd3\xa4\x8d\xb1\x9c\xda\xc5\x70\xa9\xf8\x82\x59\x99\x4a\x98\x8b\xaf\xd8\xdb\x39\x12\x8e\xc2\x09\xc2\xf4\xa1\xc3\xa0\x09\x0f\xb4\x8b\x2c\x98\xc6\x6c\x31\xa9\xd0\xc4\x37\x7d\x6e\x63\xc8\x2a\xfd\xf7\x34\x86\x12\x49\xd4\xa1\x87\xb9\x9c\x2c\x03\xea\x42\xef\xb6\x79\x63\xc7\xf5\xe0\x58\xb9\xea\x73\x4e\x12\x4a\xbc\xff\x10\x7a\x29\xe3\x39\x70\x4b\xc5\xc1\x74\x89\x5b\x10\xfa\xbe\xf1\xdd\x69\x66\x93\x0a\x39\x82\x95\xf2\x38\xab\xeb\xa3\x30\x93\xa7\xe5\xd4\xeb\xf3\xc1\x34\xb0\x0e\xac\x45\x36\x59\xd9\xa5\xed\x67\x22\xb2\x86\x68\xf0\xde\x27\xfc\xbf\xcc\x66\x5f\x9b\x79\xf5\x1a\xa2\x66\xf0\x61\xa9\xd3\x58\x2f\xe7\x87\xf1\xcd\x3d\x6b\x2a\x4d\x5b\x76\x70\xd9\x1c\x9f\x19\xda\x4c\xdf\x5c\x47\xed\xb0\x15\xa1\x54\x22\x77\x97\xa6\xb5\x6a\x27\xe3\x22\x76\xf0\x7e\x6c\xc2\x0e\xc6\x88\x5b\xc2\x61\x05\x5b\x4a\xd4\xf6\x6c\x09\xe2\x76\x73\xc4\x07\x02\x3f\xb6\xd0\xc6\x11\x39\x24\x5b\x19\x08\x61\x81\x6a\x03\xae\x7d\x96\x27\x10\x0a\xb2\xa1\xf1\xf3\x81\x98\xe8\x20\x96\x79\x23\xfd\xf0\xa9\x5e\x90\x88\xff\xe6\x77\x9f\x1e\xea\x15\x11\x23\xe9\x19\xbd\xe1\xea\x78\x74\x6c\xc3\x07\x68\x22\x0f\xf9\x53\xd1\x05\x88\x58\x97\x01\xf7\x0e\x66\x39\x25\x24\xa7\x85\x62\xa8\x38\x20\x5a\xf4\xbf\xc2\x8c\x4a\x68\x84\xb4\x25\xc1\x09\xea\x7f\xf1\x6d\x9f\x1b\xcb\x77\x45\x9c\xcb\x5b\x81\x04\x5b\x6c\xb2\xdc\xeb\xda\xe4\x6f\x6d\x70\xb4\x4f\xf8\xdc\x6f\x52\x2c\x77\xdb\x14\x71\xce\x11\x63\xa7\xa5\x64\x0d\x02\xe4\x69\xe5\xde\xe1\xff\x25\xb7\xf7\x32\x5b\xae\xb1\x0e\xcb\x4b\xc4\x8f\x86\x92\xd5\x37\x6d\xad\x7c\x91\x25\xec\xb6\x1d\x00\xe7\x59\xb8\xf3\x17\x9d\xf6\x36\x38\x9f\x62\xf5\x1f\xac\xe3\x01\x3a\x62\xa9\x65\x6f\xec\x59\x26\x01\x94\x27\x43\x77\x8d\x7b\x7c\x83\x8c\xdf\x30\xfe\x87\xb7\x50\x3a\xab\x17\xd8\xd8\xf5\xf3\x0a\x3a\x03\xf1\x05\xdd\x38\x96\x58\xc1\x87\x82\x3d\x1c\x5e\xc9\xaf\x9d\xce\x05\xde\xcf\xa6\x19\x2a\x65\x14\x89\x6e\x99\xf4\x78\x47\xe8\x37\x19\xf7\x9c\xd3\x7b\x11\x81\x84\xd3\x4c\xa2\x0e\x88\x4b\xd2\x55\xf1\x99\xac\xef\x2e\xd4\x80\x11\xcf\xf2\x69\x59\x77\xdd\x7b\x1a\xe1\xf0\x8d\x27\xf9\x47\xcd\x1a\xff\x97\xa1\x9e\x3f\x93\xc6\x59\xd1\x0f\xf5\xa7\x76\xf2\x91\x02\x2d\xf2\x61\xb7\x92\x93\x5a\x1c\x58\x82\xf9\x20\xc9\x44\x2e\x56\x3f\x87\x88\x01\xbe\xec\xbb\xa8\x9c\x1e\xab\x9d\x2b\x96\x28\x5f\x34\x93\x48\x3b\x49\xf2\x69\xe8\xd6\x84\x33\x00\x37\xda\xfe\xdb\xcb\xb3\xbc\x50\x0e\x65\xb5\xe6\x9c\x3a\x4f\x6f\x15\xe4\x2c\xb5\x95\xcc\xe0\x4c\x89\x18\x18\xf2\x8a\x69\xef\x73\xc0\xec\xf8\xef\xbe\xf8\xbc\x1e\x5f\x7d\x07\xf5\xca\x82\x8d\x9a\x84\x60\xa2\x97\xa2\xb6\xf1\x58\x41\x3f\xd2\x73\x8e\x61\x68\x37\x7a\x49\xbd\x43\xa7\x0a\x36\xe7\xc3\x9d\x8d\x54\x87\x83\x28\x56\x75\x41\x7c\x62\x07\xbe\xbe\xb3\x22\x4f\xaa\xb8\x1e\xef\x70\x86\x01\xbe\x61\x36\x97\x96\x7c\x31\xf6\xb8\xa2\xc2\x1c\x46\x92\x73\xd7\x9b\x15\xb8\x0d\x8a\x0b\x6c\x6e\xd4\x35\x6d\x00\x2e\x42\x49\x44\xb6\x61\xb4\xd5\xfb\x11\x48\x41\xb9\xcb\xaf\x8d\x4c\x16\xd7\xf6\x87\x36\x2a\xee\x16\x47\x56\xe0\x5f\xa1\xd5\x79\xf0\x82\x00\x3a\xc1\x10\x3a\x00\x7c\x2f\xce\xa4\x86\xf3\x2e\x6e\x72\xd1\x41\xc1\xe2\x33\x33\x0a\x3b\x3d\x81\x35\x84\x0a\x9f\xbc\x50\x35\x26\xe4\x48\x76\xe7\x02\x30\x9c\x3c\xb1\xa6\xc4\x02\x0b\xae\x2e\xf8\x51\x46\xa3\x43\x8b\xd9\xb3\x41\xb7\x19\xdf\xa5\xb5\x19\xfc\xa6\xbc\x17\x46\xb4\x7a\xc4\x99\x17\x22\xb9\x77\x7d\x92\x48\x00\x65\xe3\xd7\x0b\xb6\xb2\x02\xe9\x8d\x5d\x08\xc1\xb2\x15\xa5\x01\x22\x10\xef\x9e\x2b\x9f\xea\x63\x0e\x4d\x82\x17\xc5\x01\xde\xe6\xb4\x6a\x3b\x88\x7c\x71\xf3\xc4\xc6\x03\xaf\x56\xa8\x67\x34\x23\x6f\x06\x8e\x07\x2a\xa6\x3f\x2a\x70\xd4\x88\xfe\x90\x91\xa8\x53\x05\x85\xe4\xd6\x11\xad\x9f\xe2\x35\x93\xcb\x41\x0e\x5e\xed\x91\x87\xed\x55\x65\x2b\xef\x39\xb8\xe8\x67\xa8\x79\xf8\x97\x35\xe7\xca\xdf\xb3\x6a\x18\x38\x67\xcd\xc3\x32\x2b\x21\x42\x7a\x49\x8d\x12\xd5\x66\xaf\x1b\x7e\xd2\x35\x03\x4f\xee\xaa\x2c\xbd\x79\x5c\x23\x63\xec\x98\x45\xa5\x04\x07\x31\x81\xef\x95\x12\x15\x48\xbd\x6e\x88\x48\x6a\x26\x1c\xb5\x2f\x6f\x79\x70\xb9\x9f\x53\xde\x0f\x42\x6f\xfc\xae\x94\x0f\x83\xac\x20\x13\x8c\x7d\x5b\x35\x20\x21\x4e\x44\xa4\x03\xc8\x4f\xda\xcc\x65\x57\xc8\xb8\x59\xc9\x91\x8e\x78\x37\x72\x61\x72\x2f\x1f\x29\x13\xd0\xdf\xe9\x9d\x93\xde\x5f\x2a\x67\xc3\x77\x5a\x76\x81\xc9\xb8\xfd\xb8\x11\xea\xd0\xba\xd8\xec\x77\x1e\xf3\x8d\xc0\xda\x25\x90\x47\xec\xaa\xb6\x08\xe8\xe7\xc4\x51\x13\xce\x26\x81\xa8\x37\x7d\xf0\x54\xe8\xe4\x84\x85\xbf\x16\xd1\x22\x2c\xcf\x22\x14\xb8\x11\x5e\x0a\xf0\x90\x74\x2f\x1c\x7b\x77\x64\x5b\xde\x02\x54\x10\x71\xd9\x2f\x5e\xb2\x4b\xc1\x94\x2f\xf6\x91\x01\x6d\x1d\x08\x44\xda\xec\xc8\x9d\xf8\xb5\x8f\x05\xe0\xfc\x38\x56\x88\x14\x13\x92\x03\x59\xc9\x09\x27\xb8\x5c\xdb\x99\x62\x97\x91\x34\x1d\x07\xf6\xbd\x04\x2e\xa4\x57\x12\x8a\xc9\x1c\x4a\xb3\x3b\x16\x99\x35\xa1\xa0\x21\x4e\x74\xdd\x2d\x09\x8a\xbc\x1d\x16\xb5\x9a\xbf\x37\x74\x01\xdb\xd0\x90\x4f\x7d\xcb\x35\x1f\xa4\xdd\x8e\x36\xcb\xf4\xb8\xdc\x28\xe8\x11\xbd\x7d\xc9\xb8\xa2\xf6\x02\x1c\x44\xe8\x5e\x1e\xbe\x1c\x68\xe0\x35\x95\xad\xed\x1d\x0f\x5b\xdc\x56\x3e\x61\x23\x67\xae\x89\xe4\x60\x94\xa2\xe3\x41\xce\x2b\xdf\x0c\xdd\x0d\x0e\x71\xaf\x4c\xe3\x47\x00\xbb\x15\x89\x8b\x2d\x3f\x55\x9f\x46\x6a\x6f\xbd\xa1\xe0\x05\xdf\x5e\x76\x96\x8f\xc0\x07\x0a\x86\x0e\x8e\xef\xb4\x01\x80\xd6\x49\x3a\x17\x90\x36\x98\xa9\xf8\x09\xab\x51\x20\xcc\x72\xa2\x05\xe3\x26\x52\x36\xc6\x7d\x7c\x85\xe5\x81\xed\x37\x8d\x33\x26\x11\x18\x13\x04\x1d\xa2\xd8\xd3\xc8\x88\xd1\x23\x66\x49\x12\x9c\x37\x02\x1f\xbf\xde\x4b\x87\x3d\xbc\x3c\xc9\xfe\x18\xdc\x92\x2a\x62\xd5\x06\x86\xf9\xd7\xe1\x5c\x2c\x4c\x51\xe2\x5d\x98\x52\x38\x5f\x02\x46\x70\xdd\x5e\xaa\x98\x66\x1a\x3f\xd6\x45\xf5\xe3\xcf\x1a\x03\x81\xe8\x78\x77\x6d\x79\x03\x9d\xb9\x45\xf6\x80\xb0\xcb\xa8\xa7\xe3\x87\x57\x27\xa0\x7b\xe1\x61\xc8\x54\x49\x1d\x39\x6f\xbf\x40\xb5\x02\x98\xb1\xa8\x4b\x0c\xf8\xb6\x1e\x18\x76\x7b\xab\x36\xa0\x13\xf0\xac\xf4\x55\x69\xed\x18\x82\xc3\xfe\xa9\xe2\x01\x89\x82\x2e\x2b\x9b\xac\xbc\x41\x55\x84\x22\x46\xc1\x83\xf2\x95\x91\x2d\x64\x80\xa0\x5a\x2d\x59\xff\x29\x90\xbb\xbb\x8c\x7e\x90\x79\xf1\xa0\x39\xbf\x31\xfd\x2c\xc2\x83\x12\xcf\xf2\x46\x1a\xf8\x71\xdd\xe9\xb2\x72\x01\xe6\x6d\x89\xf6\x21\x96\xb6\x32\xef\x97\x42\x4d\x25\x29\xd0\x97\x34\x57\xcf\x45\x95\xf6\x75\x19\x28\x45\x7b\x7d\xe8\x85\xf4\x3c\xf6\x45\x77\xbd\x6d\x09\x9d\x9a\xdf\xe4\x5a\x4e\x6d\x70\x4b\xfd\x3e\xdc\x85\xdd\xbb\x11\xde\xdd\x5e\x2d\x3e\x50\xa5\x5d\x7a\x7d\xcf\xde\x4e\xfd\x11\xdc\xd2\x0f\x62\x85\xb7\x4e\xa1\x94\xda\x7f\x31\xa4\x98\x3a\x14\xf1\x67\xa8\x47\xd2\x79\xef\x28\x55\x74\x19\x50\x6d\xe3\x4b\x34\xf2\x37\xf3\xc6\x6e\xd2\x57\x24\x6d\x04\x82\x4f\x4f\x8d\x97\x09\x2e\x55\xe0\x95\xec\xf4\xf3\x64\x7e\xbd\x6c\x39\x53\x8c\x4c\x75\x65\xb2\x3d\x81\xf0\xcc\x3d\x61\x70\xd8\xa0\xd5\x05\x0f\xe7\xe4\xf8\xd4\xfe\x07\xce\xa0\xd5\xdb\x6d\x5f\x96\x6a\xfa\x39\xde\xc3\x4a\x8c\xe3\x2b\x67\xd4\x91\x8e\xa8\xd9\x6a\xf5\xc7\xfd\x89\x99\x45\x44\x9e\x05\x1e\xf3\x44\x00\xcb\xd4\xba\xdd\x78\x6d\x20\xb1\xc7\x7d\x23\x67\x0b\x20\x65\xbc\x8f\x67\x11\x50\x33\x6c\x42\x28\xf4\x9c\x2e\x07\x95\x4d\x4b\x16\x5d\x22\x2c\xae\x2a\x5f\x5d\xc9\xfd\x32\x8a\x21\xeb\x4b\x20\x33\x44\x7d\xd9\xb0\xb5\x6d\x12\xbc\x93\x14\x85\x95\xa6\x49\xd5\xcd\x3a\x9b\x56\xc3\x32\x49\xc9\x79\xcf\xd3\x21\xeb\x72\x0a\xfc\xa7\x06\xfc\x26\x3d\xfc\x06\xbe\x97\xc2\xb8\x05\xa7\xcc\xc5\x4c\xd8\xe2\x47\xe6\x4d\xce\x16\x07\xba\x96\xd1\x46\xa9\x77\xc2\x47\xb3\x07\x2a\xd2\xcb\x2c\x11\x6c\x75\x49\x31\x85\xac\x9d\x61\x24\x07\x0f\x67\x4e\x1a\x83\xc4\xe4\xfc\x7a\x2d\x46\xbe\x93\xc2\xeb\x3d\xc2\x6d\xd6\x59\x26\x1c\xb0\x20\x78\x8b\x5b\xf4\xc2\x1a\x5a\x31\xe3\x63\x06\x5e\x3d\x81\xa6\x48\x86\xa0\xb4\x8c\x8f\xd3\x35\x05\xb2\xe1\xa1\x58\xa6\x0c\x29\xb6\xa4\xb0\xd9\xd3\xcc\x4e\x30\xcd\xbb\xfd\xc5\x89\x5a\xd5\x9b\x25\xf8\xe3\x56\x61\x6b\x35\x2e\x0a\xf4\xb5\x56\x15\x31\x5d\x38\x9d\x96\x31\x25\xe0\x86\xd4\xf3\x8f\x98\x37\x55\x1d\x5a\xea\x90\xd5\x1c\x86\x07\x25\x18\xe6\xb3\xd9\xf8\x10\x38\x69\x33\x83\x0b\x01\x2a\x93\x9f\x7f\x62\x69\xf3\x51\x6c\xf3\x61\xa7\xb2\x04\xc6\x87\xb1\x22\xd7\xc9\x67\xf3\xf9\xcb\xfa\xa3\xb5\x17\x0a\xc5\xbf\x03\x0f\x5f\xcf\x5c\xc6\x0e\x67\xd6\x9a\xed\x12\xa9\xb6\x4e\xac\x18\x6e\xea\x7f\xfd\x21\x98\xce\x33\x8f\xd5\x8f\xa6\xb1\xc8\x18\xa2\xbf\x7e\xe3\x55\xc9\x93\x2f\xa8\x8b\x6c\x1e\x54\x92\x17\x36\x66\x06\xb0\x4e\xf4\x54\xe6\xfe\xd8\x65\xeb\x44\xa2\xcf\x2b\xff\xe7\x92\x46\x4e\xcd\x22\x12\x1d\xec\x54\xfa\x51\x8f\x2a\x14\x89\x81\x95\x6b\x9b\x06\x31\x4f\xf4\x78\x73\x8f\x03\x28\xa2\x53\x39\x4e\x7c\x1a\xc4\xdb\x3b\xa5\x27\xc7\x53\x61\x58\x2c\xca\x56\xa1\x27\x30\xd5\xb0\x16\x25\x8f\x02\x5d\xc6\x41\x64\x7a\xdc\x06\xd6\xb3\xee\xc0\x48\x3f\x2f\x71\xac\x9d\xb0\xc4\x54\x43\xe3\x1c\x3d\x47\xd7\xab\x7b\xf3\x36\x10\x40\x83\x01\x7a\x98\x5d\x2e\x83\x16\x9c\xbe\x9f\xc9\xf9\x08\x0c\xbb\xba\xfa\xef\xd7\xe7\xd0\x63\x79\x33\x53\x3f\x8f\xbd\x2e\x1a\xbb\xa0\x19\xb8\x3c\xa1\x0f\x37\x91\xad\x04\xd6\x42\x83\xa0\xbc\xdb\x8c\x85\x71\x84\x34\x64\x2f\x6e\x15\x6f\xa6\x94\xab\x98\xd4\x75\x87\x6a\x17\x68\xf9\xb5\x95\xff\x82\x3d\xc4\xcd\xda\x9f\x08\x0f\x09\x4e\x12\x61\xa5\x4c\x7f\xb8\xfd\x38\x1d\x5a\x0d\x51\xba\x8d\x60\x55\xef\x43\xb0\x35\x49\x0d\xf5\xdc\x92\xb8\xc3\xbe\x5b\x58\x78\x88\x66\xdc\x09\xa3\x56\x3b\x25\xb6\x4d\xe0\xc0\x28\x03\x70\xd8\xae\x3b\xc3\x17\xb8\x9e\x32\xa5\xec\x6c\xf1\x4e\x9d\xf6\x73\x3b\x93\x26\x3f\x8a\xdf\x90\x8b\x63\x2f\xa2\xa9\x4a\x2a\x5a\x22\xd7\x81\xf5\x62\xe5\x52\x1b\xb0\x7c\xab\xa5\xb5\x6c\xe7\x99\xe6\xca\xac\x20\xc8\xbd\x10\xf0\xdc\xc7\x65\xb5\xad\x59\xee\x88\xcf\xac\x53\x65\x4b\x85\xfc\x6d\x3d\x7d\x1e\xc3\x72\x30\x53\x7d\x65\x51\x9a\xa0\x3d\x2d\x87\x00\x1c\x37\x81\x06\x3b\xb0\x27\x5b\xd9\x6c\x45\x2c\x12\x0d\x9a\xdc\x12\x35\x3c\xb5\x6a\x56\x5f\xfb\x5c\x3c\xf8\x1d\x04\x97\xc3\xa6\x80\xa6\x86\x10\xac\xbb\x49\x2b\x19\xb2\x9a\xd6\x01\x50\x4a\xa1\xb3\xff\x00\xdc\x52\x47\xb8\x83\xe8\x22\xcb\xe8\xc8\x66\x73\x35\x3e\xad\x6e\x04\x49\x41\xbb\x4f\xbf\xc3\xe5\xcc\xba\x04\xf9\x3c\xd9\xc2\x64\xd9\xec\x2c\x1f\x52\x21\xca\x07\x67\xd3\xbf\x65\xf4\x33\x0b\xdb\x4a\x94\xd6\x46\x8b\xfa\x9d\xfa\x5b\xcb\xaa\x51\x14\x50\xe6\xa0\xca\x9a\x56\xc5\xf2\x05\x58\xea\x70\x76\xa6\x7b\x5b\xdd\x85\x23\xf1\x51\x5c\xae\xd4\x0d\xc2\xea\xf0\x6b\x08\xb1\x76\x35\x5d\xad\x11\xf1\x26\x5b\x81\x87\x48\x5d\x1a\x79\x9d\x86\xd0\x6f\x06\xd9\x33\xf4\x24\xf9\xed\x65\x4d\x2d\xde\x7c\x0e\x66\xdb\xf3\xd1\x56\xdb\x2d\x67\x94\x1b\x92\x08\x0f\x04\x58\x1e\x02\x49\x73\x4f\x2b\xf4\x92\x0a\x35\x51\xd0\x6c\x4c\xcb\x8f\x73\x0d\xeb\x91\xb6\xf6\xce\x21\x0c\xb4\x1d\xab\x8f\xcb\xe3\x9d\x14\xe9\x18\xa3\x62\x9e\x82\x6e\x1d\x60\xe1\x64\xe0\x6d\x62\x37\xd3\x82\xd0\xf3\xec\x27\x34\x11\x73\x68\x55\x5e\x69\x9a\x65\x0f\x02\xd4\xa8\x86\xab\x67\x9e\xc1\x94\xc8\x21\xb1\xf4\x26\x29\x46\xee\xf5\xa0\xa3\xdc\xb5\x64\x5c\x05\x43\x56\x04\x64\xd8\x63\x81\xa4\x25\xd0\x42\x18\xe5\x8a\xaa\xbf\x3c\x5e\xd4\xc2\x27\x3c\xc0\xd4\xc2\xc2\x8e\x12\xec\xd4\xdd\xce\xcd\x67\x18\x6d\xac\xec\x66\x2c\x65\xd3\x23\x49\x6b\x9b\xe3\x84\x96\xac\xfb\x5b\xb1\xce\x10\x6b\xba\xac\x84\xba\xc7\x33\xdf\x84\xe6\xe3\x17\x13\x24\x3d\xf9\x84\x5b\x9b\x63\x0a\x97\x14\xef\x11\xbb\x21\xb0\xe8\x0c\x6c\xe1\xaf\xc6\x3c\xa7\x22\xcc\x23\x8a\xc4\x48\xf2\x29\xaa\x61\x4e\x9e\xae\xc7\x8e\x5c\x27\x92\x1b\xbe\xd1\x67\x05\x76\x07\xd3\x83\xcd\xa4\x2a\x91\xf8\x9b\x25\xec\xea\x59\x68\x6a\x8f\x07\xb1\xc2\xd7\x3b\x6b\x2a\xa9\x89\x9c\x3d\xcf\x20\x40\x17\x21\xa1\x01\x9a\xbb\x89\xd5\x17\x7d\x74\xdd\x1b\xb7\x94\xe0\xd4\x79\xeb\xbf\xb2\x13\xe1\x3d\xd5\xf0\x63\x77\xeb\x87\xc5\x3c\x09\xa3\xfc\x20\x78\xfe\x0d\xb3\x01\xcc\xb1\x14\xf8\xcf\x31\x12\x44\x5a\x1e\x7f\xad\x70\xdc\xf2\xc6\xe8\xca\xd4\x50\xdc\x73\xc6\x42\x7e\x01\x7e\x0e\x93\xd2\x5e\xf6\x0e\x80\xf5\x56\x46\x2d\x78\xb8\x5a\xed\x47\x4a\x6b\xdb\x29\xbd\xf5\xa9\x39\x08\xf4\x3a\x77\xd8\x2d\x0d\xa5\x5e\x7d\xc8\xa0\x06\x4d\x72\x18\x58\xec\x5f\x8b\x3c\x5d\x44\x1b\x66\xb3\x26\x7e\x81\x03\xd2\x7f\x5f\xaf\x86\x60\x66\x2e\x86\x59\x3a\x48\xd4\xbf\xd6\x4c\xee\xbd\x9b\xf6\x92\x58\x23\x28\x81\xe2\xf0\xf9\xd0\xc5\x9f\x89\xf3\xc8\x9a\x2e\xcb\x56\x9d\x14\x6b\xd3\xf8\x72\x62\x9a\xa2\x50\x41\x0c\xde\xcc\x37\x01\xfc\xfe\x95\xfb\xee\xfc\x97\x6b\xd7\xe3\x05\xc1\x02\xe3\x07\xe0\xc0\x4f\x5d\x40\x37\x4b\x93\x60\x6d\xd0\x9f\xc0\x02\x6b\x4f\x0d\x18\x5e\xa8\x05\x10\x03\xa5\x56\x46\xe3\x2e\x32\x78\xdf\xd3\xf0\x61\xa4\xc4\x81\x63\x9f\xe9\x50\x7a\x8e\x5c\x04\xe4\x63\x77\x54\x4f\x28\x41\xef\x9b\xea\x40\xda\x68\x3f\x66\x9f\x6f\x2d\xa6\xa9\x28\x2d\x74\xd4\x6b\xc7\xd1\x78\x45\xed\x0e\x63\x88\x6a\xee\x73\x62\xe1\x29\x09\xd4\x59\x21\x7d\x09\x23\x58\xbf\x71\xf2\xfd\x1f\xda\x72\x74\x46\x8a\x5c\x64\xf6\x8d\xbc\x91\x2e\x12\x41\x4c\xb8\x41\x61\x8e\x6d\x96\x1e\x79\x69\x91\x87\xef\xa2\x65\x55\x7d\x05\x20\x06\x45\x0e\xea\xb5\x21\x53\x28\x23\x96\xdc\xc6\x76\x38\xf4\x4e\x8b\xdc\x1c\xf8\xac\x1a\xa3\xce\xfd\xe7\xb3\xe9\x7b\x3f\x1a\xde\x05\x87\xcc\xc4\x59\xd2\xb7\x1d\x8f\x4c\x85\x66\x6f\x88\x56\x0a\xe1\x3d\x11\xfd\x7d\x7f\x12\x14\x55\x79\x67\xaa\x62\x21\xb0\x5b\xa9\xa9\x0f\xaa\xd9\xc1\x11\x10\x38\xf9\xa1\xa1\x6b\x64\xa4\x0b\xf5\xf9\x69\xf7\x4f\x32\xed\x63\x38\xeb\x70\x2c\xb8\x57\x73\xbc\x04\x95\xe3\x1a\xc3\x7c\xa0\xb8\x8b\xb0\x28\xda\x0e\x97\x21\xb4\x07\xaf\xd1\xe2\xfa\x46\x0b\x20\x4d\xb7\xdf\xcd\x72\x94\x59\xb2\xf1\x25\xbf\x42\xdd\xf1\x38\x0e\xb4\x99\x69\x1e\x08\x27\x5e\xe4\x24\x27\xc0\xc2\xdb\x70\x64\xa3\x86\xb5\x2a\x6a\xc1\xa7\xad\xe2\xda\x86\xe5\xc5\xe5\xc6\x67\xe4\x59\xd0\x03\x10\x46\xac\x3b\x08\xcf\x51\xb0\xe7\x90\x04\xbc\x73\xc3\xf9\xf7\xe7\x69\xfa\x24\x4f\xab\xd9\x10\x00\x07\xa4\xed\x5e\x23\x06\x99\x7f\xf3\x14\x89\xc1\x3c\x52\xb2\xcd\xf0\x22\x6c\xdc\x4f\x85\x22\x52\x9a\x26\x10\x23\x4a\xed\x95\xeb\x84\x1f\x5d\x24\x2c\xef\x7c\x49\x36\x3a\xf0\x49\x85\xd3\xc3\xe5\x39\x24\xf3\x52\xb5\x4e\xad\xec\xe3\xa9\x52\x2f\x48\x35\x11\x3a\x3b\x49\x0b\x61\x2d\xac\xdb\x8d\xbf\xbe\xe7\x94\x28\xb8\x08\xe6\x26\x21\x4c\xfc\xb2\xbf\xd4\xab\xe6\xb7\x4f\x15\xf0\x8c\x76\xd8\x81\x82\x32\x20\x42\xda\x02\x6a\x7e\x5b\x13\x94\xc9\xc4\x39\xdf\xa5\x96\xa7\xa8\x81\x07\x37\x0c\x2c\xab\x92\xf9\x06\x01\xb5\x0f\x0b\x31\x81\xde\xc5\x6a\x71\x36\xdb\x75\x65\x0a\x7a\x28\x57\x80\x87\xcc\x87\xfa\xda\x0c\x4a\x7e\x14\x32\xa6\x22\x0d\x73\x08\xfc\xca\xad\x29\xfb\xe3\x2e\x42\xb6\x59\x31\x10\xcd\xa9\x4c\xe0\x4f\xf6\xed\x3a\x96\x62\xc4\xb8\x1d\x14\x85\x6f\x4f\xc1\xac\x0d\x4f\xab\x9b\x4d\x59\x92\x65\x0f\xcb\x2c\xfe\xd1\xb6\xf6\x0c\x8c\x73\x68\x5c\x73\x3b\xe1\x33\xf8\x19\xa5\x68\x8d\x8c\x6a\x7e\x62\x09\x96\x9b\x46\xb0\x91\x44\x50\x21\xfc\x19\xcb\xd5\x63\xbd\x76\xdf\x96\xaa\x65\xf1\xd7\x21\x6a\x31\xdc\x9c\x4a\x4f\x74\xa2\x4a\x22\x4a\x2a\xa6\x0c\xb5\xd0\xd7\xc3\x1e\x6a\xf6\x22\xe5\xa7\xc8\x0c\x98\x72\x7c\xd1\x63\xe5\x09\x7d\x86\xd4\xd4\xd9\x1e\x7c\x89\xfe\x61\x51\x90\x3d\x7c\x0f\x87\x8d\xa1\xa8\x3e\x6f\xcc\x50\xfe\x99\x90\xda\x66\x40\x53\x5e\x68\x5b\x1c\x26\x9c\x95\x0d\x07\x37\x62\xce\x89\x9f\x82\xae\xb9\x33\x10\x63\x37\xf8\x7a\x71\x38\xd1\xfb\x7b\x15\xb2\x4a\xc8\xcc\x1c\x09\x34\x69\xe6\x15\x09\xfc\x24\xcf\xb7\x9e\x66\x39\x0a\x15\x48\x3e\x9a\x5a\x1a\x31\x3f\xf9\x61\xd0\xf9\xfe\x8c\x55\x79\x01\x4c\xf5\x68\x9e\x36\x86\x08\x10\x4f\x96\x44\x9b\x24\x64\x39\xaf\x19\x79\x59\xe5\xed\xf4\x88\x74\x97\xd4\x89\x74\xc2\x08\xcd\x68\xcf\xc7\xb3\xe0\x95\x6c\x50\x88\x12\x0d\xa1\xda\xf4\xaa\x90\xb6\xd2\xc1\xb7\x08\x81\x31\xff\x29\x6b", 4096); *(uint8_t*)0x2000104d = 0; *(uint8_t*)0x2000104e = 1; *(uint8_t*)0x2000104f = 0; *(uint8_t*)0x20001050 = 0xc2; *(uint8_t*)0x20001051 = 4; *(uint32_t*)0x20001052 = htobe32(1); *(uint8_t*)0x20001056 = 9; *(uint8_t*)0x20001057 = 0x15; memcpy((void*)0x20001058, "\x55\x75\x11\x39\x21\xad\x0b\xc9\xe2\xe8\x2b\x28\xa6\x6b\x8f\x50\x8c\xd3\xa9\x8a\xcf", 21); *(uint8_t*)0x2000106e = 0x67; *(uint8_t*)0x2000106f = 6; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0x20; *(uint32_t*)0x20001072 = 0; *(uint8_t*)0x20001076 = -1; *(uint8_t*)0x20001077 = 1; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0; *(uint8_t*)0x2000107e = 0; *(uint8_t*)0x2000107f = 0; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 1; *(uint8_t*)0x20001086 = -1; *(uint8_t*)0x20001087 = 1; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 0; *(uint8_t*)0x2000108e = 0; *(uint8_t*)0x2000108f = 0; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 1; *(uint8_t*)0x20001096 = 0; *(uint8_t*)0x20001097 = 0; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 0; *(uint8_t*)0x2000109d = 0; *(uint8_t*)0x2000109e = 0; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 0; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0; *(uint8_t*)0x200010a3 = 0; *(uint8_t*)0x200010a4 = 0; *(uint8_t*)0x200010a5 = 0; *(uint8_t*)0x200010a6 = 4; *(uint8_t*)0x200010a7 = 0x19; *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0; *(uint8_t*)0x200010aa = 0; *(uint8_t*)0x200010ab = 0; *(uint8_t*)0x200010ac = 0; *(uint8_t*)0x200010ad = 0; *(uint8_t*)0x200010ae = 0xa8; *(uint8_t*)0x200010af = 0x9b; memcpy((void*)0x200010b0, "\x02\x71\x09\x78\x70\xd6\xd0\x6b\x47\xd8\x3a\x5b\x37\x63\xf1\xa2\xff\xfb\x78\xc9\xfd\x51\x51\xfe\x45\x85\x44\x69\x56\x4a\xf3\xc3\x94\x9e\x4a\x58\x78\x1c\xe8\x48\xa5\xe9\xa6\xfe\xd0\x80\x30\x6a\xcd\x03\x11\xa5\xe5\xb9\xf9\x00\xde\x3f\x65\x6e\xc5\xf5\x17\xf3\xa6\x79\x49\x35\x4e\x8a\x19\xf5\xb1\x16\xe3\x60\xf8\xbe\xbf\x10\x56\x6e\xae\x08\x58\x2e\x6b\xe7\xbe\xee\xc7\x66\x8a\xfd\x63\x7c\xa6\xa1\x9c\x0a\x87\x87\xa4\x54\x81\x38\xd8\xa0\x68\x74\xd5\x50\x62\x4c\x0f\x1e\xbd\x2a\x22\x67\xbb\xca\x14\xf2\x24\x7a\xb5\xbe\x2d\x68\xe2\x64\xaa\x7d\x65\x1f\xd4\xe5\xe5\xef\x57\x23\xb8\x44\xf6\x4a\x82\x2f\x58\xe7\xbc\x5a\xcc\xf5\x88", 155); *(uint8_t*)0x2000114b = 0xc2; *(uint8_t*)0x2000114c = 4; *(uint32_t*)0x2000114d = htobe32(0x10001); *(uint8_t*)0x20001151 = 1; *(uint8_t*)0x20001152 = 3; *(uint8_t*)0x20001153 = 0; *(uint8_t*)0x20001154 = 0; *(uint8_t*)0x20001155 = 0; *(uint8_t*)0x20001156 = 0; *(uint8_t*)0x20001157 = 1; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 8; *(uint8_t*)0x2000115a = 0x1d; memcpy((void*)0x2000115b, "\x94\xd6\xef\xb5\xa9\xf5\x8f\x85\x9b\x75\xbe\x24\x58\x6f\x38\x2e\xee\xd7\xa7\x6a\x65\x62\xb9\x78\x07\x1e\x71\xbe\x75", 29); *(uint8_t*)0x20001178 = 5; *(uint8_t*)0x20001179 = 2; *(uint16_t*)0x2000117a = htobe16(0x7fff); *(uint8_t*)0x2000117e = 0x27; *(uint8_t*)0x2000117f = 6; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 5; *(uint32_t*)0x20001182 = 0; *(uint8_t*)0x20001186 = -1; *(uint8_t*)0x20001187 = 1; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 1; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0; *(uint8_t*)0x2000119e = 0; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0; *(uint8_t*)0x200011a1 = 0; *(uint8_t*)0x200011a2 = 0; *(uint8_t*)0x200011a3 = 0; *(uint8_t*)0x200011a4 = 0; *(uint8_t*)0x200011a5 = 0; *(uint64_t*)0x200011a6 = htobe64(0); *(uint64_t*)0x200011ae = htobe64(1); *(uint8_t*)0x200011b6 = 0x2c; *(uint8_t*)0x200011b7 = 0; *(uint8_t*)0x200011b8 = 0; *(uint8_t*)0x200011b9 = 0; *(uint8_t*)0x200011ba = 0; *(uint8_t*)0x200011bb = 0; *(uint8_t*)0x200011bc = 0; *(uint8_t*)0x200011bd = 0; *(uint8_t*)0x200011be = 0; *(uint8_t*)0x200011bf = 1; *(uint8_t*)0x200011c0 = 0; *(uint8_t*)0x200011c6 = 3; *(uint8_t*)0x200011c7 = 3; *(uint8_t*)0x200011c8 = 0; *(uint8_t*)0x200011c9 = 0; *(uint8_t*)0x200011ca = 0; *(uint8_t*)0x200011cb = 0; *(uint8_t*)0x200011cc = 0; *(uint8_t*)0x200011cd = 0; *(uint8_t*)0x200011ce = 0xc2; *(uint8_t*)0x200011cf = 4; *(uint32_t*)0x200011d0 = htobe32(0); *(uint8_t*)0x200011d4 = 5; *(uint8_t*)0x200011d5 = 2; *(uint16_t*)0x200011d6 = htobe16(0x20); *(uint8_t*)0x200011d8 = 5; *(uint8_t*)0x200011d9 = 2; *(uint16_t*)0x200011da = htobe16(9); *(uint8_t*)0x200011dc = 0xc2; *(uint8_t*)0x200011dd = 4; *(uint32_t*)0x200011de = htobe32(3); *(uint8_t*)0x200011e2 = 1; *(uint8_t*)0x200011e3 = 1; *(uint8_t*)0x200011e4 = 0; *(uint8_t*)0x200011e5 = 5; *(uint8_t*)0x200011e6 = 2; *(uint16_t*)0x200011e7 = htobe16(0x7f); *(uint8_t*)0x200011e9 = 5; *(uint8_t*)0x200011ea = 2; *(uint16_t*)0x200011eb = htobe16(3); *(uint8_t*)0x200011ee = 0xd8; *(uint8_t*)0x200011ef = 0; *(uint8_t*)0x200011f0 = 8; STORE_BY_BITMASK(uint8_t, , 0x200011f1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011f1, 8, 3, 5); *(uint32_t*)0x200011f2 = 0x68; *(uint8_t*)0x200011f6 = 0x82; *(uint8_t*)0x200011f7 = 0; *(uint16_t*)0x200011f8 = htobe16(0); *(uint16_t*)0x200011fa = htobe16(0x3ff); *(uint16_t*)0x200011fc = 9; *(uint8_t*)0x200011fe = -1; *(uint8_t*)0x200011ff = 2; *(uint8_t*)0x20001200 = 0; *(uint8_t*)0x20001201 = 0; *(uint8_t*)0x20001202 = 0; *(uint8_t*)0x20001203 = 0; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 0; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 0; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 0; *(uint8_t*)0x2000120b = 0; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 1; struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x18000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x3a000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x200011f6, 24); *(uint16_t*)0x200011f8 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001240, "\x47\x66\x90\x18\xa9\xe1\x17\x00\x00\xc4\xc2\x0d\x07\x4c\xd3\xf6\x36\xf3\x0f\x11\x82\xfe\xef\xff\xff\xc4\x41\x55\xef\xea\xf2\x0f\x2b\x99\x99\x89\x99\x99\xc4\x81\xfd\x28\x17\xc4\xa2\xa5\x29\x52\x93\xf3\xab\x66\xac", 53); syz_execute_func(0x20001240); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :330:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :328:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor229328789 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/2 (5.13s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/6 (7.14s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/5 (7.43s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/7 (8.18s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/1 (8.43s) csource_test.go:122: FAIL FAIL github.com/google/syzkaller/pkg/csource 98.055s ok github.com/google/syzkaller/pkg/db (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ok github.com/google/syzkaller/pkg/email (cached) ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host (cached) ? github.com/google/syzkaller/pkg/html [no test files] ok github.com/google/syzkaller/pkg/ifuzz (cached) ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ok github.com/google/syzkaller/pkg/instance (cached) ok github.com/google/syzkaller/pkg/ipc (cached) ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ok github.com/google/syzkaller/pkg/kconfig 0.258s ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig (cached) ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro (cached) ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest (cached) ok github.com/google/syzkaller/pkg/serializer (cached) ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/symbolizer (cached) ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs (cached) ok github.com/google/syzkaller/prog (cached) ok github.com/google/syzkaller/prog/test (cached) ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ok github.com/google/syzkaller/sys/linux (cached) ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd (cached) ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci (cached) ok github.com/google/syzkaller/syz-fuzzer (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state (cached) ok github.com/google/syzkaller/syz-manager (cached) ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-kconf [no test files] ok github.com/google/syzkaller/tools/syz-linter (cached) ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm (cached) ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ok github.com/google/syzkaller/vm/isolated (cached) ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ok github.com/google/syzkaller/vm/vmimpl (cached) ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] FAIL