// https://syzkaller.appspot.com/bug?id=697ba811b2d6a22ccbbbcef9a0b11d1683adedf4
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <pthread.h>
#include <sched.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/epoll.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

#include <linux/capability.h>
#include <linux/rfkill.h>

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static bool write_file(const char* file, const char* what, ...)
{
  char buf[1024];
  va_list args;
  va_start(args, what);
  vsnprintf(buf, sizeof(buf), what, args);
  va_end(args);
  buf[sizeof(buf) - 1] = 0;
  int len = strlen(buf);
  int fd = open(file, O_WRONLY | O_CLOEXEC);
  if (fd == -1)
    return false;
  if (write(fd, buf, len) != len) {
    int err = errno;
    close(fd);
    errno = err;
    return false;
  }
  close(fd);
  return true;
}

const int kInitNetNsFd = 201;

#define MAX_FDS 30

static long syz_init_net_socket(volatile long domain, volatile long type,
                                volatile long proto)
{
  int netns = open("/proc/self/ns/net", O_RDONLY);
  if (netns == -1)
    return netns;
  if (setns(kInitNetNsFd, 0))
    return -1;
  int sock = syscall(__NR_socket, domain, type, proto);
  int err = errno;
  if (setns(netns, 0))
    exit(1);
  close(netns);
  errno = err;
  return sock;
}

#define BTPROTO_HCI 1
#define ACL_LINK 1
#define SCAN_PAGE 2

typedef struct {
  uint8_t b[6];
} __attribute__((packed)) bdaddr_t;

#define HCI_COMMAND_PKT 1
#define HCI_EVENT_PKT 4
#define HCI_VENDOR_PKT 0xff

struct hci_command_hdr {
  uint16_t opcode;
  uint8_t plen;
} __attribute__((packed));

struct hci_event_hdr {
  uint8_t evt;
  uint8_t plen;
} __attribute__((packed));

#define HCI_EV_CONN_COMPLETE 0x03
struct hci_ev_conn_complete {
  uint8_t status;
  uint16_t handle;
  bdaddr_t bdaddr;
  uint8_t link_type;
  uint8_t encr_mode;
} __attribute__((packed));

#define HCI_EV_CONN_REQUEST 0x04
struct hci_ev_conn_request {
  bdaddr_t bdaddr;
  uint8_t dev_class[3];
  uint8_t link_type;
} __attribute__((packed));

#define HCI_EV_REMOTE_FEATURES 0x0b
struct hci_ev_remote_features {
  uint8_t status;
  uint16_t handle;
  uint8_t features[8];
} __attribute__((packed));

#define HCI_EV_CMD_COMPLETE 0x0e
struct hci_ev_cmd_complete {
  uint8_t ncmd;
  uint16_t opcode;
} __attribute__((packed));

#define HCI_OP_WRITE_SCAN_ENABLE 0x0c1a

#define HCI_OP_READ_BUFFER_SIZE 0x1005
struct hci_rp_read_buffer_size {
  uint8_t status;
  uint16_t acl_mtu;
  uint8_t sco_mtu;
  uint16_t acl_max_pkt;
  uint16_t sco_max_pkt;
} __attribute__((packed));

#define HCI_OP_READ_BD_ADDR 0x1009
struct hci_rp_read_bd_addr {
  uint8_t status;
  bdaddr_t bdaddr;
} __attribute__((packed));

#define HCI_EV_LE_META 0x3e
struct hci_ev_le_meta {
  uint8_t subevent;
} __attribute__((packed));

#define HCI_EV_LE_CONN_COMPLETE 0x01
struct hci_ev_le_conn_complete {
  uint8_t status;
  uint16_t handle;
  uint8_t role;
  uint8_t bdaddr_type;
  bdaddr_t bdaddr;
  uint16_t interval;
  uint16_t latency;
  uint16_t supervision_timeout;
  uint8_t clk_accurancy;
} __attribute__((packed));

struct hci_dev_req {
  uint16_t dev_id;
  uint32_t dev_opt;
};

struct vhci_vendor_pkt_request {
  uint8_t type;
  uint8_t opcode;
} __attribute__((packed));

struct vhci_pkt {
  uint8_t type;
  union {
    struct {
      uint8_t opcode;
      uint16_t id;
    } __attribute__((packed)) vendor_pkt;
    struct hci_command_hdr command_hdr;
  };
} __attribute__((packed));

#define HCIDEVUP _IOW('H', 201, int)
#define HCISETSCAN _IOW('H', 221, int)

static int vhci_fd = -1;

static void rfkill_unblock_all()
{
  int fd = open("/dev/rfkill", O_WRONLY);
  if (fd < 0)
    exit(1);
  struct rfkill_event event = {0};
  event.idx = 0;
  event.type = RFKILL_TYPE_ALL;
  event.op = RFKILL_OP_CHANGE_ALL;
  event.soft = 0;
  event.hard = 0;
  if (write(fd, &event, sizeof(event)) < 0)
    exit(1);
  close(fd);
}

static void hci_send_event_packet(int fd, uint8_t evt, void* data,
                                  size_t data_len)
{
  struct iovec iv[3];
  struct hci_event_hdr hdr;
  hdr.evt = evt;
  hdr.plen = data_len;
  uint8_t type = HCI_EVENT_PKT;
  iv[0].iov_base = &type;
  iv[0].iov_len = sizeof(type);
  iv[1].iov_base = &hdr;
  iv[1].iov_len = sizeof(hdr);
  iv[2].iov_base = data;
  iv[2].iov_len = data_len;
  if (writev(fd, iv, sizeof(iv) / sizeof(struct iovec)) < 0)
    exit(1);
}

static void hci_send_event_cmd_complete(int fd, uint16_t opcode, void* data,
                                        size_t data_len)
{
  struct iovec iv[4];
  struct hci_event_hdr hdr;
  hdr.evt = HCI_EV_CMD_COMPLETE;
  hdr.plen = sizeof(struct hci_ev_cmd_complete) + data_len;
  struct hci_ev_cmd_complete evt_hdr;
  evt_hdr.ncmd = 1;
  evt_hdr.opcode = opcode;
  uint8_t type = HCI_EVENT_PKT;
  iv[0].iov_base = &type;
  iv[0].iov_len = sizeof(type);
  iv[1].iov_base = &hdr;
  iv[1].iov_len = sizeof(hdr);
  iv[2].iov_base = &evt_hdr;
  iv[2].iov_len = sizeof(evt_hdr);
  iv[3].iov_base = data;
  iv[3].iov_len = data_len;
  if (writev(fd, iv, sizeof(iv) / sizeof(struct iovec)) < 0)
    exit(1);
}

static bool process_command_pkt(int fd, char* buf, ssize_t buf_size)
{
  struct hci_command_hdr* hdr = (struct hci_command_hdr*)buf;
  if (buf_size < (ssize_t)sizeof(struct hci_command_hdr) ||
      hdr->plen != buf_size - sizeof(struct hci_command_hdr))
    exit(1);
  switch (hdr->opcode) {
  case HCI_OP_WRITE_SCAN_ENABLE: {
    uint8_t status = 0;
    hci_send_event_cmd_complete(fd, hdr->opcode, &status, sizeof(status));
    return true;
  }
  case HCI_OP_READ_BD_ADDR: {
    struct hci_rp_read_bd_addr rp = {0};
    rp.status = 0;
    memset(&rp.bdaddr, 0xaa, 6);
    hci_send_event_cmd_complete(fd, hdr->opcode, &rp, sizeof(rp));
    return false;
  }
  case HCI_OP_READ_BUFFER_SIZE: {
    struct hci_rp_read_buffer_size rp = {0};
    rp.status = 0;
    rp.acl_mtu = 1021;
    rp.sco_mtu = 96;
    rp.acl_max_pkt = 4;
    rp.sco_max_pkt = 6;
    hci_send_event_cmd_complete(fd, hdr->opcode, &rp, sizeof(rp));
    return false;
  }
  }
  char dummy[0xf9] = {0};
  hci_send_event_cmd_complete(fd, hdr->opcode, dummy, sizeof(dummy));
  return false;
}

static void* event_thread(void* arg)
{
  while (1) {
    char buf[1024] = {0};
    ssize_t buf_size = read(vhci_fd, buf, sizeof(buf));
    if (buf_size < 0)
      exit(1);
    if (buf_size > 0 && buf[0] == HCI_COMMAND_PKT) {
      if (process_command_pkt(vhci_fd, buf + 1, buf_size - 1))
        break;
    }
  }
  return NULL;
}
#define HCI_HANDLE_1 200
#define HCI_HANDLE_2 201

#define HCI_PRIMARY 0
#define HCI_OP_RESET 0x0c03

static void initialize_vhci()
{
  int hci_sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI);
  if (hci_sock < 0)
    exit(1);
  vhci_fd = open("/dev/vhci", O_RDWR);
  if (vhci_fd == -1)
    exit(1);
  const int kVhciFd = 202;
  if (dup2(vhci_fd, kVhciFd) < 0)
    exit(1);
  close(vhci_fd);
  vhci_fd = kVhciFd;
  struct vhci_vendor_pkt_request vendor_pkt_req = {HCI_VENDOR_PKT, HCI_PRIMARY};
  if (write(vhci_fd, &vendor_pkt_req, sizeof(vendor_pkt_req)) !=
      sizeof(vendor_pkt_req))
    exit(1);
  struct vhci_pkt vhci_pkt;
  if (read(vhci_fd, &vhci_pkt, sizeof(vhci_pkt)) != sizeof(vhci_pkt))
    exit(1);
  if (vhci_pkt.type == HCI_COMMAND_PKT &&
      vhci_pkt.command_hdr.opcode == HCI_OP_RESET) {
    char response[1] = {0};
    hci_send_event_cmd_complete(vhci_fd, HCI_OP_RESET, response,
                                sizeof(response));
    if (read(vhci_fd, &vhci_pkt, sizeof(vhci_pkt)) != sizeof(vhci_pkt))
      exit(1);
  }
  if (vhci_pkt.type != HCI_VENDOR_PKT)
    exit(1);
  int dev_id = vhci_pkt.vendor_pkt.id;
  pthread_t th;
  if (pthread_create(&th, NULL, event_thread, NULL))
    exit(1);
  int ret = ioctl(hci_sock, HCIDEVUP, dev_id);
  if (ret) {
    if (errno == ERFKILL) {
      rfkill_unblock_all();
      ret = ioctl(hci_sock, HCIDEVUP, dev_id);
    }
    if (ret && errno != EALREADY)
      exit(1);
  }
  struct hci_dev_req dr = {0};
  dr.dev_id = dev_id;
  dr.dev_opt = SCAN_PAGE;
  if (ioctl(hci_sock, HCISETSCAN, &dr))
    exit(1);
  struct hci_ev_conn_request request;
  memset(&request, 0, sizeof(request));
  memset(&request.bdaddr, 0xaa, 6);
  *(uint8_t*)&request.bdaddr.b[5] = 0x10;
  request.link_type = ACL_LINK;
  hci_send_event_packet(vhci_fd, HCI_EV_CONN_REQUEST, &request,
                        sizeof(request));
  struct hci_ev_conn_complete complete;
  memset(&complete, 0, sizeof(complete));
  complete.status = 0;
  complete.handle = HCI_HANDLE_1;
  memset(&complete.bdaddr, 0xaa, 6);
  *(uint8_t*)&complete.bdaddr.b[5] = 0x10;
  complete.link_type = ACL_LINK;
  complete.encr_mode = 0;
  hci_send_event_packet(vhci_fd, HCI_EV_CONN_COMPLETE, &complete,
                        sizeof(complete));
  struct hci_ev_remote_features features;
  memset(&features, 0, sizeof(features));
  features.status = 0;
  features.handle = HCI_HANDLE_1;
  hci_send_event_packet(vhci_fd, HCI_EV_REMOTE_FEATURES, &features,
                        sizeof(features));
  struct {
    struct hci_ev_le_meta le_meta;
    struct hci_ev_le_conn_complete le_conn;
  } le_conn;
  memset(&le_conn, 0, sizeof(le_conn));
  le_conn.le_meta.subevent = HCI_EV_LE_CONN_COMPLETE;
  memset(&le_conn.le_conn.bdaddr, 0xaa, 6);
  *(uint8_t*)&le_conn.le_conn.bdaddr.b[5] = 0x11;
  le_conn.le_conn.role = 1;
  le_conn.le_conn.handle = HCI_HANDLE_2;
  hci_send_event_packet(vhci_fd, HCI_EV_LE_META, &le_conn, sizeof(le_conn));
  pthread_join(th, NULL);
  close(hci_sock);
}

static void setup_common()
{
  if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) {
  }
}

static void setup_binderfs()
{
  if (mkdir("/dev/binderfs", 0777)) {
  }
  if (mount("binder", "/dev/binderfs", "binder", 0, NULL)) {
  }
  if (symlink("/dev/binderfs", "./binderfs")) {
  }
}

static void loop();

static void sandbox_common()
{
  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
  setsid();
  int netns = open("/proc/self/ns/net", O_RDONLY);
  if (netns == -1)
    exit(1);
  if (dup2(netns, kInitNetNsFd) < 0)
    exit(1);
  close(netns);
  struct rlimit rlim;
  rlim.rlim_cur = rlim.rlim_max = (200 << 20);
  setrlimit(RLIMIT_AS, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 32 << 20;
  setrlimit(RLIMIT_MEMLOCK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 136 << 20;
  setrlimit(RLIMIT_FSIZE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 1 << 20;
  setrlimit(RLIMIT_STACK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 128 << 20;
  setrlimit(RLIMIT_CORE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 256;
  setrlimit(RLIMIT_NOFILE, &rlim);
  if (unshare(CLONE_NEWNS)) {
  }
  if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) {
  }
  if (unshare(CLONE_NEWIPC)) {
  }
  if (unshare(0x02000000)) {
  }
  if (unshare(CLONE_NEWUTS)) {
  }
  if (unshare(CLONE_SYSVSEM)) {
  }
  typedef struct {
    const char* name;
    const char* value;
  } sysctl_t;
  static const sysctl_t sysctls[] = {
      {"/proc/sys/kernel/shmmax", "16777216"},
      {"/proc/sys/kernel/shmall", "536870912"},
      {"/proc/sys/kernel/shmmni", "1024"},
      {"/proc/sys/kernel/msgmax", "8192"},
      {"/proc/sys/kernel/msgmni", "1024"},
      {"/proc/sys/kernel/msgmnb", "1024"},
      {"/proc/sys/kernel/sem", "1024 1048576 500 1024"},
  };
  unsigned i;
  for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++)
    write_file(sysctls[i].name, sysctls[i].value);
}

static int wait_for_loop(int pid)
{
  if (pid < 0)
    exit(1);
  int status = 0;
  while (waitpid(-1, &status, __WALL) != pid) {
  }
  return WEXITSTATUS(status);
}

static void drop_caps(void)
{
  struct __user_cap_header_struct cap_hdr = {};
  struct __user_cap_data_struct cap_data[2] = {};
  cap_hdr.version = _LINUX_CAPABILITY_VERSION_3;
  cap_hdr.pid = getpid();
  if (syscall(SYS_capget, &cap_hdr, &cap_data))
    exit(1);
  const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE);
  cap_data[0].effective &= ~drop;
  cap_data[0].permitted &= ~drop;
  cap_data[0].inheritable &= ~drop;
  if (syscall(SYS_capset, &cap_hdr, &cap_data))
    exit(1);
}

static int do_sandbox_none(void)
{
  if (unshare(CLONE_NEWPID)) {
  }
  int pid = fork();
  if (pid != 0)
    return wait_for_loop(pid);
  setup_common();
  initialize_vhci();
  sandbox_common();
  drop_caps();
  if (unshare(CLONE_NEWNET)) {
  }
  write_file("/proc/sys/net/ipv4/ping_group_range", "0 65535");
  setup_binderfs();
  loop();
  exit(1);
}

static void kill_and_wait(int pid, int* status)
{
  kill(-pid, SIGKILL);
  kill(pid, SIGKILL);
  for (int i = 0; i < 100; i++) {
    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
      return;
    usleep(1000);
  }
  DIR* dir = opendir("/sys/fs/fuse/connections");
  if (dir) {
    for (;;) {
      struct dirent* ent = readdir(dir);
      if (!ent)
        break;
      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
        continue;
      char abort[300];
      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
               ent->d_name);
      int fd = open(abort, O_WRONLY);
      if (fd == -1) {
        continue;
      }
      if (write(fd, abort, 1) < 0) {
      }
      close(fd);
    }
    closedir(dir);
  } else {
  }
  while (waitpid(-1, status, __WALL) != pid) {
  }
}

static void setup_test()
{
  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
  setpgrp();
  write_file("/proc/self/oom_score_adj", "1000");
}

static void close_fds()
{
  for (int fd = 3; fd < MAX_FDS; fd++)
    close(fd);
}

static void execute_one(void);

#define WAIT_FLAGS __WALL

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      setup_test();
      execute_one();
      close_fds();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  res = -1;
  res = syz_init_net_socket(/*fam=*/0x1f, /*type=*/1, /*proto=*/3);
  if (res != -1)
    r[0] = res;
  *(uint16_t*)0x20000000 = 0x1f;
  memset((void*)0x20000002, 170, 5);
  *(uint8_t*)0x20000007 = 0;
  *(uint8_t*)0x20000008 = 8;
  syscall(__NR_connect, /*fd=*/r[0], /*addr=*/0x20000000ul, /*addrlen=*/0xaul);
  *(uint64_t*)0x200000c0 = 0;
  *(uint64_t*)0x200000c8 = 0;
  memcpy(
      (void*)0x200000d0,
      "\x01\xac\xc2\x89\x8e\xb8\x27\x54\x88\x83\x06\x17\x45\x89\xb4\xac\xdc\x8c"
      "\x02\x75\x12\x8f\x4e\x5c\x6e\xda\x10\x73\x7d\xcb\xe9\x38\xa6\x44\xa5\x18"
      "\xc3\xcb\x9c\xf9\x30\x99\x0e\x50\xa3\xe7\xc2\x97\xa0\xe4\x38\x90\xe4\xf3"
      "\x94\x6e\xa9\x9d\xf5\x79\xab\x8a\x2d\x4f\xf6\x7d\x92\xaa\x0f\x71\xc4\x48"
      "\xc8\x49\x96\xd6\xe9\x0a\xd9\x9f\x76\xc4\xe9\x9a\x5e\x63\x47\x94\x20\x71"
      "\xf6\x15\x1d\x98\xae\x1c\x98\x59\xff\x52\x58\x1b\x3d\x00\x8f\xab\xd3\xba"
      "\x74\xc7\x1e\x17\x2b\x69\x7a\x3e\x38\x35\x71\x03\x69\x56\x92\x21\x93\x2c"
      "\x05\xc1\x2a\xc0\xe0\x02\x91\xfa\xff\xf7\x5d\xce\x67\xb1\x95\x1e\xf2\x5b"
      "\xf2\x47\x06\x1e\x16\x88\x53\xee\x10\x4d\xe5\xb5\x4e\x9f\x08\xc5\x32\x1b"
      "\xf1\xfa\xf0\x53\x48\x14\x20\xd8\xac\xf6\xdb\x13\xf1\xd5\x25\xb6\x0c\xd3"
      "\xf7\xec\xa5\x1f\x60\xa3\x4d\x77\x15\x35\xfe\x4a\x96\x22\xff\x06\xa2\x3d"
      "\xb0\x91\x08\xc9\x46\x4c\x3e\x50\x3c\x09\xf7\xad\xb7\x65\x22\x5b\x7c\xa7"
      "\xa2\x20\xbe\x50\x56\x86\x92\xd3\x1a\xd2\x2e\xd0\xc4\x0e\x28\x50\x22\xb5"
      "\xac\x20\x62\x8b\x91\x11\x3b\x6b\x1c\xff\x93\x2f\x17\xb7\x1c\xd9\x5e\x85"
      "\xb8\x8c\x96\x01",
      256);
  memcpy(
      (void*)0x200001d0,
      "\x3f\x52\x2b\xd7\xde\x63\x94\x75\xf4\x58\x7f\xe2\x3b\x17\x11\x79\x86\x9e"
      "\x96\x6a\xdb\xa5\x96\x35\x6d\xa6\xab\xa4\x73\x0d\xc2\x5c\x82\x08\x68\x57"
      "\x66\x00\x78\x14\xb0\xdf\x8b\x9a\x5a\x1c\x03\xbf\xb4\xe3\xca\xef\x5d\xce"
      "\xfe\x49\x3b\x04\xa9\x26\xd8\xcc\x4b\x82\x07\xbd\x53\xa5\x37\xc8\x89\x38"
      "\xca\x66\xf0\x8e\x1d\x11\x28\x7d\x91\x4b\x81\x5c\x2b\x21\x22\x12\xc5\xfc"
      "\xf2\x30\x4f\xb5\xff\x0f\x67\x01\x71\x00\xb1\x4f\x89\x4f\x8c\x40\xdd\x18"
      "\x47\xad\x67\xf2\x2f\x25\x7e\xf0\x73\xa9\x2e\x3c\x35\xa2\x7d\xc1\x6a\xd1"
      "\xc9\xde\xd9\x25\x63\xcb\x05\xde\xb4\x3c\xe3\x39\x61\x4d\x0d\x55\x2e\xaa"
      "\x94\xda\xa3\x31\x1b\x8e\x5a\x2f\x89\x1d\x13\x1e\xfd\x45\xb2\xc4\x01\xe8"
      "\x5a\xf5\x0a\x47\x29\x4e\x2e\xb7\xa0\xc6\xdf\xdd\x07\xda\x0c\x19\xe3\x59"
      "\xb1\x43\x58\x24\xde\x33\x6f\x9f\xfd\xf5\xac\xaf\x75\x6d\x76\x4b\xf7\x70"
      "\x2d\x67\x84\x4c\xfb\x09\xc4\x31\xbc\x33\xa5\x94\xc0\x7f\x95\x37\x6e\x5f"
      "\x2e\x84\x4a\x39\xa9\xf4\x47\xb7\x11\xad\x51\xa7\xf1\xa5\x5d\x01\x13\x7d"
      "\x1a\xac\x55\xdf\x44\xaf\x9b\x9c\x68\x69\x1e\x5c\x48\x02\x51\x98\x8d\x45"
      "\x62\xef\x2a\x97\x26\xcc\x94\x36\x69\x22\xdc\x07\xd0\x2f\x28\x25\xa1\x3f"
      "\x6d\x1f\x0e\x8a\x3d\xb8\x15\xed\x57\x07\x28\x4f\x72\xf3\x4f\xbb\xb4\x0c"
      "\x40\x53\x8a\x75\xb8\xc7\x30\xb7\xb2\xbc\xe8\x69\x66\xb8\x63\xf4\x2d\x64"
      "\xbf\x3a\x74\x8a\xf3\x03\x7f\x30\x7c\xbe\x94\xae\xf6\xa6\x55\x4c\xf2\x83"
      "\xd7\x82\xff\xb0\x08\x9e\xfe\xfb\x67\x3b\xcb\xe8\xa8\x34\x9e\xdb\xe1\x34"
      "\x26\x6e\x4a\x4e\xfb\x39\x8f\xca\xd3\xb1\x0c\x49\x73\xd6\xe5\xaf\x28\x39"
      "\x57\x4e\xb0\x9f\x0d\xdc\xb8\x75\x22\xf7\x4f\xce\x6e\x8c\x5f\xfc\xcd\x58"
      "\x2a\x15\xbe\x8c\x52\x7f\xb5\xfa\xc1\x77\x21\x0c\xb8\x7f\xe0\x1c\x64\x15"
      "\x62\x4e\x09\x5a\xc3\xcd\xb9\xd1\x74\xa3\xd3\x2d\xe7\x6e\x67\xb1\x44\x8a"
      "\xe7\xd9\xb9\x06\x9f\xeb\xf9\x64\x24\x30\x18\x94\xf6\xb2\x94\xc1\x2e\x4c"
      "\x22\x65\x30\xee\x15\x7b\x3e\x3e\x6c\xc6\x65\xbc\x5e\x39\xdd\x5a\x32\x28"
      "\x56\xe4\xe9\x5d\x16\x12\x98\xa5\x52\x86\xca\x67\x70\xeb\xe8\xab\xde\x79"
      "\xb4\x4e\x02\x4e\xfb\xb1\x51\xbd\x33\x84\x12\xbe\xc5\xa0\x94\xb8\xdc\x64"
      "\x9e\x20\xf5\x4c\x77\xa6\x2c\xf1\xfb\x66\xcd\x9a\x01\x3f\xb7\x3e\x8a\x12"
      "\x50\xb3\x85\xe0\xde\x70\xd1\x3f\xa0\xee\xe4\x7c\x8a\xf7\x09\x3e\xde\x65"
      "\x89\x63\x6a\x18\xfb\xfd\x8e\x12\x72\xb3\x97\x0c\x6f\x54\x1d\x05\x2e\x72"
      "\xbb\xc4\x3f\x74\xc1\x4c\x3b\xcf\xc1\xdf\x34\xa4\x45\x79\x8b\x7b\xeb\xfc"
      "\x72\x1a\x2f\x9c\xd0\x32\x17\xd8\x86\x80\x0e\x38\x4f\xbc\x83\x38\xe7\x33"
      "\xb9\x3b\x8d\x10\x5d\x2a\x37\x13\x65\x0b\xc1\x8d\xfa\x00\xca\xf6\x3a\x84"
      "\x63\xaa\x9f\xb0\xe1\x85\x69\x94\x35\x00\x05\x6c\xa4\x0b\x3a\xd4\x0c\x7c"
      "\x3f\x75\xaa\x1a\xc7\xc9\x30\x36\x51\xa0\x44\x5a\x50\xa2\xb3\x4e\x7b\x7b"
      "\xe5\x95\xdf\x03\xf2\x24\xac\xcf\x39\x3a\x7d\x8b\x4e\xb6\xce\xe6\xa0\x10"
      "\xdb\x59\xf2\x84\x32\xc2\x4b\x07\x63\x7f\xea\x1e\x46\x1f\x55\xf3\x83\x8a"
      "\x42\x3c\xe1\xad\xd0\x11\x17\x16\x73\xf1\x9a\xfe\xdb\x9e\x94\xd7\xfc\x85"
      "\xc2\x6c\x07\x79\x25\x3b\x63\xcb\x0d\x1b\x77\xe9\x2c\x0b\xc4\x46\x68\x94"
      "\xd1\x95\x4e\x94\x65\xe2\x3e\x9f\xcb\xcb\x7f\x49\xde\xad\x69\xc6\x2b\x0c"
      "\x7f\xb1\x18\xca\x8d\x18\x99\x4c\xb4\x15\x67\xbc\x58\x93\x46\x49\x10\x4b"
      "\x76\xe4\x57\x69\x8a\xe6\x88\x5c\xfe\x5e\x12\x62\x2e\xa7\x99\x69\xd1\xaf"
      "\x46\x36\x93\x28\x3d\x08\x6a\x74\xeb\xde\xb5\xfc\x4f\x28\x8f\x0b\x87\xe1"
      "\x8c\xb9\xca\xf0\x79\x65\xbd\xe5\x4b\xde\x58\x83\x48\x96\xbf\xe2\x1b\xe8"
      "\x72\x4d\x04\x87\x58\x17\xc8\x71\x6b\x04\x5e\x69\x24\xc5\x74\xf4\xa0\x19"
      "\x0e\xf2\xa4\x78\xf8\xe5\x09\x81\xcb\xd1\x06\x2f\x3f\x63\x29\x90\xb2\x35"
      "\x70\x32\xb3\x84\xc8\x80\x43\xc1\xd7\x75\xda\x9a\xfe\x28\xe5\xa5\x9b\xc7"
      "\xe7\x82\xd0\x21\xa5\xac\x6c\xa6\x2d\x89\xac\xf3\x50\x24\x7d\x24\x97\xf1"
      "\xc2\xce\xbb\xcc\xcd\x7c\xb8\xb1\xb4\x91\xba\xd6\x40\x73\x8b\xb3\x96\x78"
      "\x8c\x21\x6a\x96\x7c\xd3\x6a\x39\xbd\x7f\xf1\x06\xad\x84\xae\xdb\x18\x6c"
      "\x16\xab\x33\x97\x52\xc8\x6c\x58\xdd\x0f\xc4\x66\x9f\x3d\xc6\xc3\x40\xc2"
      "\xea\x20\x40\x57\x17\x87\x33\x29\x68\xa0\x53\x55\x02\xc2\xa1\x46\xd0\x5d"
      "\x92\x82\x85\xaa\x77\xad\x95\x79\x46\xb6\xf2\x54\x26\xc1\x6d\x26\xec\x8f"
      "\x11\x8c\x4f\x96\x1e\x14\xc2\x98\x11\x48\x7a\x36\x55\xcf\x37\xdd\xaa\xd2"
      "\x23\x20\x0a\xf3\x8c\x9e\x62\xd4\x6e\x9d\x9b\x99\x23\xa9\x5f\x9d\x39\xbc"
      "\x45\xe0\x07\x40\x29\x3a\xd6\x45\x97\x7a\x68\x19\x2a\xc9\x0b\x61\xed\x09"
      "\x17\xc9\x1d\xeb\x87\x2b\x96\x72\x54\xef\x0e\x42\xe8\xfa\x3c\xe8\xad\x38"
      "\x55\xcb\x14\x6a\x66\xac\xbd\x34\xbb\xff\x35\x19\x2b\xd8\x62\x80\x17\xa5"
      "\x87\xc5\x1f\xf9\x80\x30\xac\xd8\x9e\x9a\x3f\x7e\x06\xaf\x68\x31\xf3\xd6"
      "\xf4\xb4\x8d\xc5\xd4\xce\xef\xc8\x02\xb0\x1c\x49\x7e\x13\xb7\x26\x14\x6f"
      "\xa5\xf1\xd6\x42\x77\xb6\x36\xbe\x85\x9d\x3a\xa8\x35\xa5\x4f\x34\xb0\xa0"
      "\x36\xde\x26\x6c\x99\x81\x1e\xc9\xc0\xfb\xff\x62\x88\x2a\x4d\x83\x08\xc3"
      "\x16\x6d\x06\x88\x71\xb4\x9e\x2f\xa3\x75\xe4\x0b\xee\x36\x56\xbb\x3c\x79"
      "\x21\x25\x03\x34\x82\x53\xd9\x3d\xd0\xd6\xb7\xe3\x03\x76\x9b\x80\xe7\x4c"
      "\xff\xd1\x48\x4d\x00\x9f\x3b\xc2\x4c\xf5\xb5\xa8\x7b\x64\x21\xdc\x21\x7e"
      "\x0d\x2f\x45\x9c\x2c\x41\xd0\xa1\x84\xf0\x90\xc4\x43\x7d\xa1\x2c\x4d\x23"
      "\xee\x78\xd6\x50\x2b\x02\xe5\x11\x87\xfe\x1f\xa3\x25\xb6\x00\xa2\x73\x83"
      "\xcb\x39\xf2\xc8\x82\x8b\x17\x1c\xb9\xd0\x4e\x52\x33\x31\xc9\xd0\xdc\x34"
      "\xf0\x1c\xc6\x63\x2c\x93\xf0\x6e\xb7\x76\xe7\x8d\xc4\x5f\xcb\x35\xd2\x29"
      "\x01\x56\xa2\x5c\x5a\x88\x7e\xdb\x55\x31\xba\x0f\xad\x77\xf2\x15\x2e\x91"
      "\x5f\x84\xc3\xa8\x60\xf2\x5f\x70\x59\x2c\x39\x1a\x04\xab\x55\x0c\x77\xdc"
      "\x73\x05\x20\x8a\xbb\xb7\xea\x63\xc9\x2b\x4a\x51\x74\xd0\xae\xf0\x73\x61"
      "\x24\x10\x03\x63\xe6\x8b\x54\x93\xb7\x82\x7b\x23\x94\x07\xaf\x7a\x6d\xc8"
      "\x62\x55\x44\x52\x90\x9e\x42\x5f\xde\x15\x9e\xc9\xa7\xbf\x30\x1f\x79\xf6"
      "\x4a\x8d\x23\xa9\xca\xf5\x82\x2c\x62\x36\x12\x12\xfb\x93\x2d\xd5\x7c\x42"
      "\x0d\x9c\xcc\xa4\x50\xe8\xa4\xa6\x5d\xd0\x27\x57\x4c\x81\xde\xc9\xcd\x8d"
      "\x3d\x1b\x15\x22\xbd\xdb\x68\xe8\xa9\xae\xd5\x47\xdc\x8c\x1c\x52\x1a\xc7"
      "\xe8\xc6\xa9\x61\x4b\x5f\x0c\xba\x4a\x5e\x11\xbf\x5d\x57\x58\xf2\xbd\xaf"
      "\xd2\x04\xea\x8d\x2a\x61\x9e\xa6\x18\x4d\x32\x71\xef\xc6\xd6\xa7\xee\x93"
      "\x65\xf0\xce\xcb\xa2\x4e\x7d\x3f\x02\x64\x53\xff\x2b\x26\xdb\x2f\xe8\xea"
      "\x5d\x65\x3f\xe5\xa5\x20\x37\x2a\x6a\xb5\x46\x20\xb8\x78\x47\x13\x9e\x47"
      "\xd9\xb9\xc9\x1b\x01\x82\x44\x7c\x26\x62\x35\x1e\xef\xe1\x72\xe1\x83\xce"
      "\x1e\x2b\x34\x80\xca\xac\x9e\xc3\xff\xa2\xcf\x4f\x49\xdb\x73\x9d\xc8\x46"
      "\xa4\x46\x6e\xad\x9b\xb7\x6a\xd9\x18\x9f\x4a\xcf\xe3\xfd\x38\xf7\xf7\x1e"
      "\xfd\x3f\x82\xde\x66\x66\xc2\xfa\xc5\x44\x9f\x96\xf4\xa5\x30\xee\xcf\x0a"
      "\x9d\x61\xba\xc8\x25\x16\xfe\x63\xb5\x00\xb6\x2a\x8a\xcc\x9d\x8a\x55\xcd"
      "\xba\x0c\x56\xb9\xbc\x12\xde\xe1\x78\x57\x8a\xb5\xba\x5b\xdd\xc4\x66\xcd"
      "\x05\x36\xfa\x36\x59\x7e\x99\x3c\x5b\x8b\x70\x62\x54\x9e\x43\x9e\xfa\x3b"
      "\x19\xcf\x9c\xd1\xf3\xe0\xeb\xb4\x48\xa2\xfd\x17\xd1\xe4\xa9\xaf\xff\x59"
      "\x5a\x50\x3c\xe1\x07\x8b\xc2\xf4\xbf\x8d\x8d\x50\x40\x29\xdc\x19\x7f\xb5"
      "\x00\x13\xb4\x62\x8c\xda\xe6\x38\xe2\xe0\x8e\x0b\x08\x7d\x22\x60\xec\x45"
      "\x75\x8b\xc2\xf8\x1a\x4b\x3b\xe9\xb4\xcb\x69\xc1\x53\x5c\x0d\xfc\x85\x9c"
      "\x83\xc7\x9f\x86\x60\xe9\xe0\x52\x0f\x74\xec\x3d\x35\x06\x73\xeb\x1c\x2c"
      "\xc1\xad\x78\xd4\xb4\x07\xd6\xa9\x75\x56\xcd\x2d\xbd\xd8\x62\xc6\x08\x4d"
      "\x5e\x24\x51\xeb\x8e\x09\x73\xd8\xf3\xcd\x74\xb3\x05\x89\xdd\x51\x92\x74"
      "\xb0\x06\xb3\x1d\x61\x3f\x47\x2d\x4a\x84\xae\x72\x79\x5c\x8d\xbf\x00\xb8"
      "\xc7\x3d\x77\x7c\x2f\xae\x26\xef\xb8\x9a\x37\x62\xdb\x57\x44\xf3\x16\xf4"
      "\x34\x5c\x0b\xef\x02\xec\x63\xce\x22\x3a\x43\xe6\xef\xcf\x21\x91\x28\x74"
      "\x3d\x03\x09\xf0\x3c\x24\x56\x17\x1c\x8b\xb6\x3a\x1e\x57\xff\x28\x9a\x64"
      "\x39\xc7\xc0\x81\x2f\x13\xa3\xa9\xe3\x64\x27\x12\x68\x8d\x0e\xca\xf5\x5c"
      "\xf0\xb4\x1b\x24\x5f\xda\x6c\x4a\xcd\xff\x05\x28\x83\x81\x63\x7c\x94\x1f"
      "\x16\x6d\xe9\x74\xdd\xa4\x0b\xef\x43\xa8\xb2\x54\x8c\x7a\xd1\x80\xbf\x0a"
      "\x58\x57\x3c\xbc\xad\xe1\xc3\x1d\xde\x65\x71\x2d\xb5\x71\xb9\xf6\xfa\x9e"
      "\x26\x79\x17\x6e\x01\x56\xe0\xa0\x57\xde\xca\x76\x33\x5d\x9c\x94\x8d\x0a"
      "\xa1\x5e\xc9\xb3\x7c\x75\xfc\x0c\x37\x18\x01\x36\x6a\x01\x55\x60\xb4\x97"
      "\xd0\x69\x18\xca\x3e\xfe\xb4\x01\xaa\x95\x29\x56\x42\xb3\x1c\x0c\xe0\x09"
      "\xec\x40\xd9\x2d\x0d\x3d\x1b\xae\x52\xea\x63\x21\x93\xcb\x17\x97\xaf\x9e"
      "\x9b\xc8\xfc\x61\xdc\x3d\x50\x08\xa8\x10\x72\x88\x6a\x36\xca\x58\xb0\x3d"
      "\xe1\x9e\x58\x23\xe3\x8a\xe7\xb0\x9b\x04\x7f\xf1\x98\xdb\xca\x89\x7c\xb2"
      "\xaf\xad\xf4\xbc\xf4\x78\x43\xdb\x8a\x52\xa1\xc1\x5b\xb1\xce\x1b\xab\x9b"
      "\x2d\xfb\x5d\x5a\xb4\x89\x64\x3d\xcb\x64\x7f\x65\x4b\x97\x39\x23\xbe\xd9"
      "\x1e\x0c\x72\x12\x9b\x89\x3b\x8c\x06\x7f\xe2\x76\x4a\x0a\x67\xc6\xe5\x6f"
      "\x54\xb5\x9b\x4d\xaa\x3d\x60\xf2\xb2\x39\x76\x11\xcd\xa9\xd7\xbe\x9a\xc4"
      "\xdf\xa6\xb4\x40\x67\x5c\xef\x67\x4a\x31\x46\x04\x75\x13\x9f\x5e\x3c\xa4"
      "\x48\xd2\x8f\xa4\x7d\x06\xa1\xe7\x8b\xea\xbd\x82\xab\x00\xcc\x32\xa9\x0f"
      "\x4d\x39\xd8\x16\x17\x51\x42\x4f\xbb\xde\x2b\x51\xcd\x24\x54\xb8\x02\x2e"
      "\x29\x33\xe2\x15\x0f\xb9\xc3\x26\x7f\x7f\x8d\x0b\xef\x56\x9a\xfa\x28\x6d"
      "\x38\x2a\xe4\x71\xf7\x86\x8b\x90\xdf\xfb\x15\xd5\x83\x6f\x6d\x37\x50\x1f"
      "\x5c\xbd\x98\xeb\xbe\xb6\x04\xf6\xfc\x11\x8e\x27\xe8\x67\xd8\xee\x26\xc1"
      "\xab\x8b\x6d\x57\x5f\x80\xde\x06\x41\x99\x97\x8d\xe5\xbc\x43\xc1\xba\x11"
      "\x72\x92\x79\x49\xc1\xa2\x7f\xf9\x5a\x91\xc6\x11\x62\x2e\x8c\x3d\xe9\x75"
      "\x8b\x79\x45\x47\xcb\x49\x90\x61\xdc\x5e\x4d\x4d\x26\x7d\xf1\x2f\x9c\x0a"
      "\x77\x9b\x52\xe3\x6a\xf9\x78\xae\x21\xfa\xb7\xa8\x6a\xcc\xd9\xa6\x17\xd2"
      "\xe4\x73\x32\xa0\x2c\xe6\x74\x23\xb4\xc4\xc9\x1a\xb9\x80\x05\x4c\x3d\x57"
      "\x64\x63\xeb\x92\x8e\x83\xc7\xfd\xf5\x65\x3b\x76\x98\x17\x4c\x1d\xa9\xe9"
      "\x66\xe7\x84\xe1\xc6\xc6\x1c\x08\xe6\x71\x3a\x51\x01\x02\x2c\xeb\x1e\x9a"
      "\x0d\x9e\x2c\x2e\x81\x5e\x4f\xd1\x8f\xaf\x78\x23\xab\xa4\x24\xc2\xdf\x1c"
      "\xce\xbb\x18\xca\x0b\x68\x7a\x67\x16\xc3\xb8\xbb\x87\xd4\x35\x1e\x94\x66"
      "\xc7\x0e\x9c\xd3\x73\x28\xf3\x6d\xe6\xcd\xb8\xdc\xa5\xf7\x0b\x29\x30\x00"
      "\x9d\x84\xd2\x93\x56\x3d\x17\xf6\x63\x2f\xa7\x8c\xa3\x85\xbf\x22\x7d\xfb"
      "\xe0\xd0\xff\x06\xd4\x10\x79\xf3\xa9\x86\x42\xd2\xd3\x5f\xad\xd8\x14\x56"
      "\xa5\x65\xfc\x4c\x6d\x26\xfc\xff\x88\xe5\xb7\xa8\xf4\xca\x0f\xf9\x47\xd7"
      "\x1f\x7e\x85\x54\xb6\x9a\xab\x15\xdd\x8b\xb9\x7a\x60\x4f\x9d\x43\xf0\x9d"
      "\x4a\xf3\xc9\x40\x21\xc0\xfe\x26\x44\x13\xc1\xf1\x6d\x7f\xdc\x04\x8b\x37"
      "\xc8\x92\x0c\x78\x8b\x72\x7f\xe3\x02\x42\x83\xd6\xb9\xad\xfa\xcf\x30\x20"
      "\x66\xc6\x01\xb6\x3b\x2b\x9e\x4d\x1d\x50\x79\x19\x9c\x1e\x69\x9e\xeb\x39"
      "\x1e\xac\x93\x69\xde\xb7\x75\x81\xbb\x49\x57\xd7\xfd\x73\xc7\x3e\xeb\xf2"
      "\x86\x7d\xab\xcf\x7a\x1c\x5a\x9d\x56\x15\x43\xaf\x04\x59\x06\x34\x80\x55"
      "\x1c\x14\xdf\x1b\x8b\x34\xd6\x97\xe7\xc9\x83\x68\x5c\x9a\x84\xd1\x4a\x43"
      "\x4a\xf2\x58\x0f\xf8\x14\xe8\xd1\x36\xe3\x0a\xd6\x6f\x28\xb7\x71\x44\x59"
      "\x5b\xc5\x98\xb9\xd2\xe8\x02\x5a\x92\x33\x9f\x96\x0f\xd6\x19\xfd\x64\x09"
      "\x28\x6e\xa2\xb6\xaf\x9e\xb6\xeb\x94\x1a\x29\x40\xec\x59\xc2\x04\xc7\x07"
      "\x4d\xc7\xcd\x69\xc0\x97\xbb\xa4\x43\x45\xf0\x92\x76\x68\x68\x7b\x90\x2a"
      "\x97\xd7\x41\x52\x61\x3e\x94\xcf\xda\xc2\x88\x92\x69\xe6\xd7\x03\x52\xc0"
      "\xb3\x95\x3e\x69\xe8\x52\xf9\xa2\xd5\x50\x1a\x22\x08\xc5\x99\x16\x97\x5b"
      "\xac\xb8\x88\xe7\x4f\xe1\x7c\x1f\x1b\xe1\xb9\x8e\xf5\x97\x88\x6e\xad\x58"
      "\x16\x74\x49\x57\x9f\x73\x5d\x3a\xcf\xd3\xbe\x23\xaa\x97\x4f\xa8\x0a\x77"
      "\x56\x37\x3e\x69\xb0\xcb\x59\x2c\xae\x4b\x73\x1a\x30\x02\x4c\xef\xf3\x1b"
      "\x4a\x92\x85\xd6\xde\x86\xc2\xcd\xc0\xcb\x58\xee\x22\x0e\x2b\x46\x96\xf3"
      "\x56\xcd\x87\x84\x71\x37\xc9\x58\x97\xd4\x9c\x04\x70\xac\x09\x9c\xc2\x0a"
      "\x88\xf4\x46\xe6\x46\x8e\xc1\x2a\x81\x39\x48\x46\xbe\xb2\x43\x80\x90\x60"
      "\x25\x76\xca\xfe\xa8\xa8\x3f\x62\x26\xe2\xb9\x0c\x68\xb4\x94\x96\x5e\x85"
      "\xf5\xf0\xe9\x82\x8f\x3a\xf7\x62\x83\x32\x8c\x7d\xd7\xef\x3b\x71\xb0\x66"
      "\xb4\x5e\x5c\x5e\xad\x76\xa8\x71\xf0\x19\x58\xa2\xdb\xf6\xfb\xd5\xe4\x45"
      "\x74\xc9\x3d\xa4\x84\x1f\x20\x5b\x43\x74\x0e\x1f\x59\x95\x4f\xb5\x70\x83"
      "\xba\xd4\xbb\x37\x23\xe5\x07\xf9\x65\xf3\x89\x2e\x3d\x17\x31\x62\xba\x83"
      "\xf7\xdd\xb8\x4a\x69\x59\x5e\x19\x6b\x8f\x92\xac\xed\x0d\xb3\x1f\xf9\xee"
      "\xea\x3b\x2b\x01\x8b\x97\x84\x79\x18\xc1\xf1\x81\x9c\x55\xf5\x61\xfa\xf7"
      "\xfe\x57\x28\x8d\x3d\x7d\xc9\xf9\x55\xe1\xec\x83\xab\xef\x7a\xed\xc7\x9e"
      "\xc9\x6e\xc8\x99\x06\x79\xba\xea\x55\x26\x8d\xf3\xea\x27\xc0\x35\xf3\x1a"
      "\x74\xe7\x2c\x3c\x67\x01\x0a\xfa\x85\xa0\xe1\xfa\xfd\x87\x4a\x0e\x61\x94"
      "\xd7\x28\xbf\x2c\x38\x01\x12\x27\x47\x93\x59\x64\x39\x86\x31\x47\x6a\xc3"
      "\xd1\xfd\xe4\x3c\x04\xf7\x46\x55\xc3\x65\x55\xde\x4c\x11\x9e\x02\x96\xa3"
      "\x2d\x0a\x11\xae\xc1\x2c\x63\x81\x0c\x81\xf0\x3d\xc7\x39\xbe\x22\x14\xff"
      "\x57\x0f\xe7\xff\x54\xc9\x57\x45\x97\x77\x31\xab\x2b\x41\x6a\x6d\xf9\x77"
      "\xc2\xbe\x09\x11\xd9\xfd\x8f\x3a\x58\xd1\x24\xc8\x10\x67\xc5\x43\x07\xf9"
      "\x1a\x3b\x75\x02\x02\x83\x78\x08\xf8\xdc\xa6\x17\x7f\x03\xff\x32\xf4\xb6"
      "\x56\x5d\xac\x39\x03\xaa\x74\xfc\xb9\xd3\x66\x0f\x6a\x55\x0f\xe3\x68\xc6"
      "\xe4\x30\x49\xb6\xa0\xdf\x34\x66\x23\xa2\x40\x20\x39\xbf\x68\xdd\xac\x36"
      "\x00\x83\x93\x91\x1a\xb7\xbe\x20\x3e\x89\xf9\x2e\xae\x2d\xcc\xec\xff\x2e"
      "\x6c\xe5\x04\x76\x1e\x12\x0e\x21\x58\xce\x37\x50\xe6\x10\xac\xe9\xe7\xac"
      "\x7e\x14\x21\x4e\xf2\xfc\xf9\x6d\xb3\x65\x4d\xec\xe5\xae\xc0\xcc\x29\x3f"
      "\x53\xd0\x86\xd1\x05\xaf\x6a\xe8\x31\x08\x4b\x62\x04\x3c\x73\xf5\x64\xee"
      "\x76\xe3\xc8\x35\x3b\x32\x63\xac\xa5\x81\x6a\x9a\x3a\x47\x48\x44\xa9\x4c"
      "\xd5\xca\xf8\x5b\xa1\x68\x2f\x16\x4f\xd3\xe7\xb9\x30\xb6\x62\x8c\xdd\x6f"
      "\xd4\xaa\x06\x09\x02\x55\x7c\x54\x5a\xcc\xfe\x4d\xa8\x2f\xc2\xca\xf1\x0a"
      "\xa6\x1d\x38\x1b\x6d\xb0\xbf\xae\x6a\x7b\xa2\xd8\xbe\xf0\x3c\x7b\xd8\x92"
      "\x85\xfe\x92\xab\xbf\x6d\xcf\x6e\xdd\x1e\x58\x15\x25\x08\x73\x8b\x7a\x87"
      "\x54\x90\x46\x03\x5a\x2c\xd0\xca\xf1\xfc\x97\xa3\xdc\x9c\xf6\x50\x20\x0d"
      "\x04\x91\x1e\x72\xf0\xa0\x8e\x4a\x60\xdf\xb4\x44\xcf\x47\x20\x74\x98\x09"
      "\xe0\x56\xb1\x92\x92\xc8\x34\x84\x95\xde\xe2\x62\x48\x7a\xff\x4e\xd1\x75"
      "\x0f\x60\x25\xc9\x87\xe9\x1d\x32\x86\xc5\xf8\xeb\xf7\xf0\xa9\x04\xda\xde"
      "\xb9\xb6\x84\x17\x28\x05\x27\x26\xb9\x9f\x43\x4f\xc7\xbc\xdc\xf1\xd9\x81"
      "\x1b\x32\x1e\x7b\x04\xe5\xbb\x11\x8c\x3e\x02\xe6\xac\xc9\x14\x80\xa5\xae"
      "\x6b\x6e\x61\x82\xbc\xdb\xd8\xd8\x69\x02\xa0\xce\xea\x1f\xa5\x78\x2b\x74"
      "\x95\x3e\x90\x93\xc7\xbd\x82\x87\xc7\xa3\xb7\xb7\x53\x2c\x41\xcf\x93\x3b"
      "\x23\xdf\x0e\x02\x46\xad\xcb\xca\xeb\x34\xdf\x63\xcb\x01\x4b\x41\x0d\x6d"
      "\x43\xd1\xb0\x43\xea\xdf\x73\xe1\xa5\x65\xbd\x16\x4e\xc0\x2b\x42\xe0\xf7"
      "\x14\x85\x49\xb9\x58\xd6\x54\x95\xc8\xb2\x61\x15\x04\x25\x6f\xf5\x7f\x6c"
      "\x29\xb0\x45\x3b\xbe\x82\x8a\xdf\x80\x61\x78\x09\x56\xdf\x96\xe8\x01\xcb"
      "\xe6\x3c\x89\x3f\x3a\x98\xb6\xf0\x63\x30\x73\x54\xbb\xe9\x89\xd4\x31\x4d"
      "\x61\x75\x84\xbe\xde\x29\x9c\x09\x05\xb5\x10\x64\x72\xa1\x30\xe6\x7d\x7a"
      "\xf8\xa2\x8c\xdb\xdf\x7e\x2e\x6b\x5d\x49\x5b\xa5\xbc\x22\x84\xee\xa2\x7a"
      "\x04\x34\x71\xa9\xb6\xd4\xf7\x45\x53\x91\x00\xe5\x16\x0c\x8b\x09\xd8\x5e"
      "\x51\x2b\x08\x89\x32\x00\x6d\xee\x28\xd8\x59\xc2\x73\x8b\x6c\x8f\x74\x58"
      "\x76\xab\x31\x27\xea\x0a\xf7\xcc\x4e\x65\xcb\xff\xa1\xb3\x60\x2d\xb7\x04"
      "\x46\x17\xca\xd2\xc6\x7b\xa7\xd3\xfa\xbc\x34\x1c\x68\x26\xf5\x09\x9e\x6b"
      "\x30\x3d\x5f\xc5\x38\x75\x55\xef\x3f\xe6\x48\xcd\x9f\x9a\x5f\xae\xbc\x31"
      "\xbb\x31\xc6\xb2\xa9\x50\x27\x30\x27\x25\x7e\x85\xb5\xc5\xa5\xb6\xda\xee"
      "\x7e\x34\xe8\xc3\x3f\x85\x4b\xcd\x42\x9d\x1c\x70\xfc\xbb\x0a\x60\x22\xa7"
      "\xfc\xa4\x7d\x8e\x1a\x36\xaa\x47\xc1\x82\xb9\xbc\x59\x0d\x14\x00\x66\x44"
      "\x7a\x07\x38\xdc\xb2\x75\x11\xb1\x02\xdb\xae\x53\xfb\xc4\x94\x15\xb8\xec"
      "\x20\x42\xd4\x67\x74\xf1\x64\x23\x9e\xdc\xbe\x52\x9b\xbe\x99\xe1\x52\x46"
      "\xf9\x9f\x17\x52\x0e\x42\xe7\x06\x03\x20\x82\xc7\xe1\xce\xfa\x09\x9c\x8d"
      "\x08\x8d\x8d\x82\x7e\x7c\x8c\xa4\x93\x37\xc8\x68\x0d\xf7\x1d\x77\x2d\x89"
      "\xe5\xfb\x39\x99\xa1\xd6\x2c\x20\x47\x76\xbd\x8c\x6f\xc6\x24\x41\xbb\x8f"
      "\x83\x9b\x35\x93\x7e\xd0\x20\xe3\x65\x10\xff\x69\xa3\x86\x48\x3a\xd6\x6b"
      "\x19\xe0\x27\x9d\x23\xf6\x75\x1a\xc6\x77\xaf\x06\x95\x31\x6f\xb5\x7d\x25"
      "\x57\xd1\x91\x53\x07\x59\x62\xe7\x8a\x59\xd1\x31\x01\xd4\x90\x1c\x16\x8e"
      "\x5f\x55\xb2\xac\xf7\x07\xd7\xdb\x30\x2f\xb8\x19\xe3\xff\xdf\xac\xa6\xda"
      "\x3f\x34\x07\xe0\x27\xd3\x00\xa8\xfb\x33\x47\x27\xf8\x50\xfe\x34\x5f\x20"
      "\x9a\x87\x72\x23\x35\x23\xe8\xeb\x84\x1b\x5e\x74\x43\x89\xac\xae\x29\x50"
      "\x35\x6f\x36\x22\x39\xf7\x69\x15",
      3824);
  syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xd000943e, /*arg=*/0x200000c0ul);
  res = -1;
  res = syz_init_net_socket(/*fam=*/0x1f, /*type=*/3, /*proto=*/3);
  if (res != -1)
    r[1] = res;
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x400452c8, /*arg=*/0x20000100ul);
}
int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul,
          /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
  do_sandbox_none();
  return 0;
}