Google Git
Sign in
kernel / pub / scm / linux / kernel / git / shuah / linux-arts / 119d09e4764c87e4f4680df9d05a8eb141cd633e / . / syzkaller-repros / linux / f4ef381349e100280193c25f24e01d9d364132d9.c
blob: cd4d8fa04c4a3429e70f583d5f9ac9ab6ab58405 [file] [log] [blame]
// KASAN: use-after-free Read in rds_cong_queue_updates
// https://syzkaller.appspot.com/bug?id=f4ef381349e100280193c25f24e01d9d364132d9
// status:fixed
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <arpa/inet.h>
#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <errno.h>
#include <errno.h>
#include <errno.h>
#include <fcntl.h>
#include <fcntl.h>
#include <linux/futex.h>
#include <linux/if.h>
#include <linux/if_ether.h>
#include <linux/if_tun.h>
#include <linux/ip.h>
#include <linux/net.h>
#include <linux/tcp.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <pthread.h>
#include <sched.h>
#include <signal.h>
#include <signal.h>
#include <stdarg.h>
#include <stdarg.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdlib.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/wait.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
__attribute__((noreturn)) static void doexit(int status)
{
volatile unsigned i;
syscall(__NR_exit_group, status);
for (i = 0;; i++) {
}
}
#include <errno.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <string.h>
#include <sys/stat.h>
const int kFailStatus = 67;
const int kRetryStatus = 69;
static void fail(const char* msg, ...)
{
int e = errno;
va_list args;
va_start(args, msg);
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, " (errno %d)\n", e);
doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
}
static void exitf(const char* msg, ...)
{
int e = errno;
va_list args;
va_start(args, msg);
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, " (errno %d)\n", e);
doexit(kRetryStatus);
}
static __thread int skip_segv;
static __thread jmp_buf segv_env;
static void segv_handler(int sig, siginfo_t* info, void* uctx)
{
uintptr_t addr = (uintptr_t)info->si_addr;
const uintptr_t prog_start = 1 << 20;
const uintptr_t prog_end = 100 << 20;
if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) &&
(addr < prog_start || addr > prog_end)) {
_longjmp(segv_env, 1);
}
doexit(sig);
}
static void install_segv_handler()
{
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8);
syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8);
memset(&sa, 0, sizeof(sa));
sa.sa_sigaction = segv_handler;
sa.sa_flags = SA_NODEFER | SA_SIGINFO;
sigaction(SIGSEGV, &sa, NULL);
sigaction(SIGBUS, &sa, NULL);
}
#define NONFAILING(...) \
{ \
__atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \
if (_setjmp(segv_env) == 0) { \
__VA_ARGS__; \
} \
__atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \
}
static uint64_t current_time_ms()
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts))
fail("clock_gettime failed");
return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}
static void use_temporary_dir()
{
char tmpdir_template[] = "./syzkaller.XXXXXX";
char* tmpdir = mkdtemp(tmpdir_template);
if (!tmpdir)
fail("failed to mkdtemp");
if (chmod(tmpdir, 0777))
fail("failed to chmod");
if (chdir(tmpdir))
fail("failed to chdir");
}
static void vsnprintf_check(char* str, size_t size, const char* format,
va_list args)
{
int rv;
rv = vsnprintf(str, size, format, args);
if (rv < 0)
fail("tun: snprintf failed");
if ((size_t)rv >= size)
fail("tun: string '%s...' doesn't fit into buffer", str);
}
#define COMMAND_MAX_LEN 128
#define PATH_PREFIX \
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin "
#define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1)
static void execute_command(bool panic, const char* format, ...)
{
va_list args;
char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN];
int rv;
va_start(args, format);
memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN);
vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args);
va_end(args);
rv = system(command);
if (rv) {
if (panic)
fail("command '%s' failed: %d", &command[0], rv);
}
}
static int tunfd = -1;
static int tun_frags_enabled;
#define SYZ_TUN_MAX_PACKET_SIZE 1000
#define TUN_IFACE "syz_tun"
#define LOCAL_MAC "aa:aa:aa:aa:aa:aa"
#define REMOTE_MAC "aa:aa:aa:aa:aa:bb"
#define LOCAL_IPV4 "172.20.20.170"
#define REMOTE_IPV4 "172.20.20.187"
#define LOCAL_IPV6 "fe80::aa"
#define REMOTE_IPV6 "fe80::bb"
#define IFF_NAPI 0x0010
#define IFF_NAPI_FRAGS 0x0020
static void initialize_tun(void)
{
tunfd = open("/dev/net/tun", O_RDWR | O_NONBLOCK);
if (tunfd == -1) {
printf("tun: can't open /dev/net/tun: please enable CONFIG_TUN=y\n");
printf("otherwise fuzzing or reproducing might not work as intended\n");
return;
}
const int kTunFd = 252;
if (dup2(tunfd, kTunFd) < 0)
fail("dup2(tunfd, kTunFd) failed");
close(tunfd);
tunfd = kTunFd;
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, TUN_IFACE, IFNAMSIZ);
ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_NAPI | IFF_NAPI_FRAGS;
if (ioctl(tunfd, TUNSETIFF, (void*)&ifr) < 0) {
ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
if (ioctl(tunfd, TUNSETIFF, (void*)&ifr) < 0)
fail("tun: ioctl(TUNSETIFF) failed");
}
if (ioctl(tunfd, TUNGETIFF, (void*)&ifr) < 0)
fail("tun: ioctl(TUNGETIFF) failed");
tun_frags_enabled = (ifr.ifr_flags & IFF_NAPI_FRAGS) != 0;
execute_command(1, "sysctl -w net.ipv6.conf.%s.accept_dad=0", TUN_IFACE);
execute_command(1, "sysctl -w net.ipv6.conf.%s.router_solicitations=0",
TUN_IFACE);
execute_command(1, "ip link set dev %s address %s", TUN_IFACE, LOCAL_MAC);
execute_command(1, "ip addr add %s/24 dev %s", LOCAL_IPV4, TUN_IFACE);
execute_command(1, "ip -6 addr add %s/120 dev %s", LOCAL_IPV6, TUN_IFACE);
execute_command(1, "ip neigh add %s lladdr %s dev %s nud permanent",
REMOTE_IPV4, REMOTE_MAC, TUN_IFACE);
execute_command(1, "ip -6 neigh add %s lladdr %s dev %s nud permanent",
REMOTE_IPV6, REMOTE_MAC, TUN_IFACE);
execute_command(1, "ip link set dev %s up", TUN_IFACE);
}
#define DEV_IPV4 "172.20.20.%d"
#define DEV_IPV6 "fe80::%02hx"
#define DEV_MAC "aa:aa:aa:aa:aa:%02hx"
static void snprintf_check(char* str, size_t size, const char* format, ...)
{
va_list args;
va_start(args, format);
vsnprintf_check(str, size, format, args);
va_end(args);
}
static void initialize_netdevices(void)
{
unsigned i;
const char* devtypes[] = {"ip6gretap", "bridge", "vcan", "bond", "team"};
const char* devnames[] = {"lo",
"sit0",
"bridge0",
"vcan0",
"tunl0",
"gre0",
"gretap0",
"ip_vti0",
"ip6_vti0",
"ip6tnl0",
"ip6gre0",
"ip6gretap0",
"erspan0",
"bond0",
"veth0",
"veth1",
"team0",
"veth0_to_bridge",
"veth1_to_bridge",
"veth0_to_bond",
"veth1_to_bond",
"veth0_to_team",
"veth1_to_team"};
const char* devmasters[] = {"bridge", "bond", "team"};
for (i = 0; i < sizeof(devtypes) / (sizeof(devtypes[0])); i++)
execute_command(0, "ip link add dev %s0 type %s", devtypes[i], devtypes[i]);
execute_command(0, "ip link add type veth");
for (i = 0; i < sizeof(devmasters) / (sizeof(devmasters[0])); i++) {
execute_command(
0, "ip link add name %s_slave_0 type veth peer name veth0_to_%s",
devmasters[i], devmasters[i]);
execute_command(
0, "ip link add name %s_slave_1 type veth peer name veth1_to_%s",
devmasters[i], devmasters[i]);
execute_command(0, "ip link set %s_slave_0 master %s0", devmasters[i],
devmasters[i]);
execute_command(0, "ip link set %s_slave_1 master %s0", devmasters[i],
devmasters[i]);
execute_command(0, "ip link set veth0_to_%s up", devmasters[i]);
execute_command(0, "ip link set veth1_to_%s up", devmasters[i]);
}
execute_command(0, "ip link set bridge_slave_0 up");
execute_command(0, "ip link set bridge_slave_1 up");
for (i = 0; i < sizeof(devnames) / (sizeof(devnames[0])); i++) {
char addr[32];
snprintf_check(addr, sizeof(addr), DEV_IPV4, i + 10);
execute_command(0, "ip -4 addr add %s/24 dev %s", addr, devnames[i]);
snprintf_check(addr, sizeof(addr), DEV_IPV6, i + 10);
execute_command(0, "ip -6 addr add %s/120 dev %s", addr, devnames[i]);
snprintf_check(addr, sizeof(addr), DEV_MAC, i + 10);
execute_command(0, "ip link set dev %s address %s", devnames[i], addr);
execute_command(0, "ip link set dev %s up", devnames[i]);
}
}
static int read_tun(char* data, int size)
{
if (tunfd < 0)
return -1;
int rv = read(tunfd, data, size);
if (rv < 0) {
if (errno == EAGAIN)
return -1;
if (errno == EBADFD)
return -1;
fail("tun: read failed with %d", rv);
}
return rv;
}
#define MAX_FRAGS 4
struct vnet_fragmentation {
uint32_t full;
uint32_t count;
uint32_t frags[MAX_FRAGS];
};
static uintptr_t syz_emit_ethernet(uintptr_t a0, uintptr_t a1, uintptr_t a2)
{
if (tunfd < 0)
return (uintptr_t)-1;
uint32_t length = a0;
char* data = (char*)a1;
struct vnet_fragmentation* frags = (struct vnet_fragmentation*)a2;
struct iovec vecs[MAX_FRAGS + 1];
uint32_t nfrags = 0;
if (!tun_frags_enabled || frags == NULL) {
vecs[nfrags].iov_base = data;
vecs[nfrags].iov_len = length;
nfrags++;
} else {
bool full = true;
uint32_t i, count = 0;
NONFAILING(full = frags->full);
NONFAILING(count = frags->count);
if (count > MAX_FRAGS)
count = MAX_FRAGS;
for (i = 0; i < count && length != 0; i++) {
uint32_t size = 0;
NONFAILING(size = frags->frags[i]);
if (size > length)
size = length;
vecs[nfrags].iov_base = data;
vecs[nfrags].iov_len = size;
nfrags++;
data += size;
length -= size;
}
if (length != 0 && (full || nfrags == 0)) {
vecs[nfrags].iov_base = data;
vecs[nfrags].iov_len = length;
nfrags++;
}
}
return writev(tunfd, vecs, nfrags);
}
static void flush_tun()
{
char data[SYZ_TUN_MAX_PACKET_SIZE];
while (read_tun(&data[0], sizeof(data)) != -1)
;
}
struct ipv6hdr {
__u8 priority : 4, version : 4;
__u8 flow_lbl[3];
__be16 payload_len;
__u8 nexthdr;
__u8 hop_limit;
struct in6_addr saddr;
struct in6_addr daddr;
};
struct tcp_resources {
uint32_t seq;
uint32_t ack;
};
static uintptr_t syz_extract_tcp_res(uintptr_t a0, uintptr_t a1, uintptr_t a2)
{
if (tunfd < 0)
return (uintptr_t)-1;
char data[SYZ_TUN_MAX_PACKET_SIZE];
int rv = read_tun(&data[0], sizeof(data));
if (rv == -1)
return (uintptr_t)-1;
size_t length = rv;
struct tcphdr* tcphdr;
if (length < sizeof(struct ethhdr))
return (uintptr_t)-1;
struct ethhdr* ethhdr = (struct ethhdr*)&data[0];
if (ethhdr->h_proto == htons(ETH_P_IP)) {
if (length < sizeof(struct ethhdr) + sizeof(struct iphdr))
return (uintptr_t)-1;
struct iphdr* iphdr = (struct iphdr*)&data[sizeof(struct ethhdr)];
if (iphdr->protocol != IPPROTO_TCP)
return (uintptr_t)-1;
if (length < sizeof(struct ethhdr) + iphdr->ihl * 4 + sizeof(struct tcphdr))
return (uintptr_t)-1;
tcphdr = (struct tcphdr*)&data[sizeof(struct ethhdr) + iphdr->ihl * 4];
} else {
if (length < sizeof(struct ethhdr) + sizeof(struct ipv6hdr))
return (uintptr_t)-1;
struct ipv6hdr* ipv6hdr = (struct ipv6hdr*)&data[sizeof(struct ethhdr)];
if (ipv6hdr->nexthdr != IPPROTO_TCP)
return (uintptr_t)-1;
if (length <
sizeof(struct ethhdr) + sizeof(struct ipv6hdr) + sizeof(struct tcphdr))
return (uintptr_t)-1;
tcphdr =
(struct tcphdr*)&data[sizeof(struct ethhdr) + sizeof(struct ipv6hdr)];
}
struct tcp_resources* res = (struct tcp_resources*)a0;
NONFAILING(res->seq = htonl((ntohl(tcphdr->seq) + (uint32_t)a1)));
NONFAILING(res->ack = htonl((ntohl(tcphdr->ack_seq) + (uint32_t)a2)));
return 0;
}
static bool write_file(const char* file, const char* what, ...)
{
char buf[1024];
va_list args;
va_start(args, what);
vsnprintf(buf, sizeof(buf), what, args);
va_end(args);
buf[sizeof(buf) - 1] = 0;
int len = strlen(buf);
int fd = open(file, O_WRONLY | O_CLOEXEC);
if (fd == -1)
return false;
if (write(fd, buf, len) != len) {
int err = errno;
close(fd);
errno = err;
return false;
}
close(fd);
return true;
}
static void setup_cgroups()
{
if (mkdir("/syzcgroup", 0777)) {
}
if (mkdir("/syzcgroup/unified", 0777)) {
}
if (mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL)) {
}
if (chmod("/syzcgroup/unified", 0777)) {
}
if (!write_file("/syzcgroup/unified/cgroup.subtree_control",
"+cpu +memory +io +pids +rdma")) {
}
if (mkdir("/syzcgroup/cpu", 0777)) {
}
if (mount("none", "/syzcgroup/cpu", "cgroup", 0,
"cpuset,cpuacct,perf_event,hugetlb")) {
}
if (!write_file("/syzcgroup/cpu/cgroup.clone_children", "1")) {
}
if (chmod("/syzcgroup/cpu", 0777)) {
}
if (mkdir("/syzcgroup/net", 0777)) {
}
if (mount("none", "/syzcgroup/net", "cgroup", 0,
"net_cls,net_prio,devices,freezer")) {
}
if (chmod("/syzcgroup/net", 0777)) {
}
}
static void setup_binfmt_misc()
{
if (!write_file("/proc/sys/fs/binfmt_misc/register",
":syz0:M:0:syz0::./file0:")) {
}
if (!write_file("/proc/sys/fs/binfmt_misc/register",
":syz1:M:1:yz1::./file0:POC")) {
}
}
static void loop();
static void sandbox_common()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
setsid();
struct rlimit rlim;
rlim.rlim_cur = rlim.rlim_max = 160 << 20;
setrlimit(RLIMIT_AS, &rlim);
rlim.rlim_cur = rlim.rlim_max = 8 << 20;
setrlimit(RLIMIT_MEMLOCK, &rlim);
rlim.rlim_cur = rlim.rlim_max = 136 << 20;
setrlimit(RLIMIT_FSIZE, &rlim);
rlim.rlim_cur = rlim.rlim_max = 1 << 20;
setrlimit(RLIMIT_STACK, &rlim);
rlim.rlim_cur = rlim.rlim_max = 0;
setrlimit(RLIMIT_CORE, &rlim);
if (unshare(CLONE_NEWNS)) {
}
if (unshare(CLONE_NEWIPC)) {
}
if (unshare(0x02000000)) {
}
if (unshare(CLONE_NEWUTS)) {
}
if (unshare(CLONE_SYSVSEM)) {
}
}
static int do_sandbox_none(void)
{
if (unshare(CLONE_NEWPID)) {
}
int pid = fork();
if (pid < 0)
fail("sandbox fork failed");
if (pid)
return pid;
setup_cgroups();
setup_binfmt_misc();
sandbox_common();
if (unshare(CLONE_NEWNET)) {
}
initialize_tun();
initialize_netdevices();
loop();
doexit(1);
}
#define XT_TABLE_SIZE 1536
#define XT_MAX_ENTRIES 10
struct xt_counters {
uint64_t pcnt, bcnt;
};
struct ipt_getinfo {
char name[32];
unsigned int valid_hooks;
unsigned int hook_entry[5];
unsigned int underflow[5];
unsigned int num_entries;
unsigned int size;
};
struct ipt_get_entries {
char name[32];
unsigned int size;
void* entrytable[XT_TABLE_SIZE / sizeof(void*)];
};
struct ipt_replace {
char name[32];
unsigned int valid_hooks;
unsigned int num_entries;
unsigned int size;
unsigned int hook_entry[5];
unsigned int underflow[5];
unsigned int num_counters;
struct xt_counters* counters;
char entrytable[XT_TABLE_SIZE];
};
struct ipt_table_desc {
const char* name;
struct ipt_getinfo info;
struct ipt_replace replace;
};
static struct ipt_table_desc ipv4_tables[] = {
{.name = "filter"}, {.name = "nat"}, {.name = "mangle"},
{.name = "raw"}, {.name = "security"},
};
static struct ipt_table_desc ipv6_tables[] = {
{.name = "filter"}, {.name = "nat"}, {.name = "mangle"},
{.name = "raw"}, {.name = "security"},
};
#define IPT_BASE_CTL 64
#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
#define IPT_SO_GET_INFO (IPT_BASE_CTL)
#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
struct arpt_getinfo {
char name[32];
unsigned int valid_hooks;
unsigned int hook_entry[3];
unsigned int underflow[3];
unsigned int num_entries;
unsigned int size;
};
struct arpt_get_entries {
char name[32];
unsigned int size;
void* entrytable[XT_TABLE_SIZE / sizeof(void*)];
};
struct arpt_replace {
char name[32];
unsigned int valid_hooks;
unsigned int num_entries;
unsigned int size;
unsigned int hook_entry[3];
unsigned int underflow[3];
unsigned int num_counters;
struct xt_counters* counters;
char entrytable[XT_TABLE_SIZE];
};
struct arpt_table_desc {
const char* name;
struct arpt_getinfo info;
struct arpt_replace replace;
};
static struct arpt_table_desc arpt_tables[] = {
{.name = "filter"},
};
#define ARPT_BASE_CTL 96
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables,
int family, int level)
{
struct ipt_get_entries entries;
socklen_t optlen;
int fd, i;
fd = socket(family, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family);
}
for (i = 0; i < num_tables; i++) {
struct ipt_table_desc* table = &tables[i];
strcpy(table->info.name, table->name);
strcpy(table->replace.name, table->name);
optlen = sizeof(table->info);
if (getsockopt(fd, level, IPT_SO_GET_INFO, &table->info, &optlen)) {
switch (errno) {
case EPERM:
case ENOENT:
case ENOPROTOOPT:
continue;
}
fail("getsockopt(IPT_SO_GET_INFO)");
}
if (table->info.size > sizeof(table->replace.entrytable))
fail("table size is too large: %u", table->info.size);
if (table->info.num_entries > XT_MAX_ENTRIES)
fail("too many counters: %u", table->info.num_entries);
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size;
if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen))
fail("getsockopt(IPT_SO_GET_ENTRIES)");
table->replace.valid_hooks = table->info.valid_hooks;
table->replace.num_entries = table->info.num_entries;
table->replace.size = table->info.size;
memcpy(table->replace.hook_entry, table->info.hook_entry,
sizeof(table->replace.hook_entry));
memcpy(table->replace.underflow, table->info.underflow,
sizeof(table->replace.underflow));
memcpy(table->replace.entrytable, entries.entrytable, table->info.size);
}
close(fd);
}
static void reset_iptables(struct ipt_table_desc* tables, int num_tables,
int family, int level)
{
struct xt_counters counters[XT_MAX_ENTRIES];
struct ipt_get_entries entries;
struct ipt_getinfo info;
socklen_t optlen;
int fd, i;
fd = socket(family, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family);
}
for (i = 0; i < num_tables; i++) {
struct ipt_table_desc* table = &tables[i];
if (table->info.valid_hooks == 0)
continue;
memset(&info, 0, sizeof(info));
strcpy(info.name, table->name);
optlen = sizeof(info);
if (getsockopt(fd, level, IPT_SO_GET_INFO, &info, &optlen))
fail("getsockopt(IPT_SO_GET_INFO)");
if (memcmp(&table->info, &info, sizeof(table->info)) == 0) {
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size;
if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen))
fail("getsockopt(IPT_SO_GET_ENTRIES)");
if (memcmp(table->replace.entrytable, entries.entrytable,
table->info.size) == 0)
continue;
}
table->replace.num_counters = info.num_entries;
table->replace.counters = counters;
optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) +
table->replace.size;
if (setsockopt(fd, level, IPT_SO_SET_REPLACE, &table->replace, optlen))
fail("setsockopt(IPT_SO_SET_REPLACE)");
}
close(fd);
}
static void checkpoint_arptables(void)
{
struct arpt_get_entries entries;
socklen_t optlen;
unsigned i;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1)
fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) {
struct arpt_table_desc* table = &arpt_tables[i];
strcpy(table->info.name, table->name);
strcpy(table->replace.name, table->name);
optlen = sizeof(table->info);
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &table->info, &optlen)) {
switch (errno) {
case EPERM:
case ENOENT:
case ENOPROTOOPT:
continue;
}
fail("getsockopt(ARPT_SO_GET_INFO)");
}
if (table->info.size > sizeof(table->replace.entrytable))
fail("table size is too large: %u", table->info.size);
if (table->info.num_entries > XT_MAX_ENTRIES)
fail("too many counters: %u", table->info.num_entries);
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size;
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen))
fail("getsockopt(ARPT_SO_GET_ENTRIES)");
table->replace.valid_hooks = table->info.valid_hooks;
table->replace.num_entries = table->info.num_entries;
table->replace.size = table->info.size;
memcpy(table->replace.hook_entry, table->info.hook_entry,
sizeof(table->replace.hook_entry));
memcpy(table->replace.underflow, table->info.underflow,
sizeof(table->replace.underflow));
memcpy(table->replace.entrytable, entries.entrytable, table->info.size);
}
close(fd);
}
static void reset_arptables()
{
struct xt_counters counters[XT_MAX_ENTRIES];
struct arpt_get_entries entries;
struct arpt_getinfo info;
socklen_t optlen;
unsigned i;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1)
fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) {
struct arpt_table_desc* table = &arpt_tables[i];
if (table->info.valid_hooks == 0)
continue;
memset(&info, 0, sizeof(info));
strcpy(info.name, table->name);
optlen = sizeof(info);
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &info, &optlen))
fail("getsockopt(ARPT_SO_GET_INFO)");
if (memcmp(&table->info, &info, sizeof(table->info)) == 0) {
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size;
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen))
fail("getsockopt(ARPT_SO_GET_ENTRIES)");
if (memcmp(table->replace.entrytable, entries.entrytable,
table->info.size) == 0)
continue;
}
table->replace.num_counters = info.num_entries;
table->replace.counters = counters;
optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) +
table->replace.size;
if (setsockopt(fd, SOL_IP, ARPT_SO_SET_REPLACE, &table->replace, optlen))
fail("setsockopt(ARPT_SO_SET_REPLACE)");
}
close(fd);
}
#include <linux/if.h>
#include <linux/netfilter_bridge/ebtables.h>
struct ebt_table_desc {
const char* name;
struct ebt_replace replace;
char entrytable[XT_TABLE_SIZE];
};
static struct ebt_table_desc ebt_tables[] = {
{.name = "filter"}, {.name = "nat"}, {.name = "broute"},
};
static void checkpoint_ebtables(void)
{
socklen_t optlen;
unsigned i;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1)
fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
for (i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) {
struct ebt_table_desc* table = &ebt_tables[i];
strcpy(table->replace.name, table->name);
optlen = sizeof(table->replace);
if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_INFO, &table->replace,
&optlen)) {
switch (errno) {
case EPERM:
case ENOENT:
case ENOPROTOOPT:
continue;
}
fail("getsockopt(EBT_SO_GET_INIT_INFO)");
}
if (table->replace.entries_size > sizeof(table->entrytable))
fail("table size is too large: %u", table->replace.entries_size);
table->replace.num_counters = 0;
table->replace.entries = table->entrytable;
optlen = sizeof(table->replace) + table->replace.entries_size;
if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_ENTRIES, &table->replace,
&optlen))
fail("getsockopt(EBT_SO_GET_INIT_ENTRIES)");
}
close(fd);
}
static void reset_ebtables()
{
struct ebt_replace replace;
char entrytable[XT_TABLE_SIZE];
socklen_t optlen;
unsigned i, j, h;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1)
fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
for (i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) {
struct ebt_table_desc* table = &ebt_tables[i];
if (table->replace.valid_hooks == 0)
continue;
memset(&replace, 0, sizeof(replace));
strcpy(replace.name, table->name);
optlen = sizeof(replace);
if (getsockopt(fd, SOL_IP, EBT_SO_GET_INFO, &replace, &optlen))
fail("getsockopt(EBT_SO_GET_INFO)");
replace.num_counters = 0;
table->replace.entries = 0;
for (h = 0; h < NF_BR_NUMHOOKS; h++)
table->replace.hook_entry[h] = 0;
if (memcmp(&table->replace, &replace, sizeof(table->replace)) == 0) {
memset(&entrytable, 0, sizeof(entrytable));
replace.entries = entrytable;
optlen = sizeof(replace) + replace.entries_size;
if (getsockopt(fd, SOL_IP, EBT_SO_GET_ENTRIES, &replace, &optlen))
fail("getsockopt(EBT_SO_GET_ENTRIES)");
if (memcmp(table->entrytable, entrytable, replace.entries_size) == 0)
continue;
}
for (j = 0, h = 0; h < NF_BR_NUMHOOKS; h++) {
if (table->replace.valid_hooks & (1 << h)) {
table->replace.hook_entry[h] =
(struct ebt_entries*)table->entrytable + j;
j++;
}
}
table->replace.entries = table->entrytable;
optlen = sizeof(table->replace) + table->replace.entries_size;
if (setsockopt(fd, SOL_IP, EBT_SO_SET_ENTRIES, &table->replace, optlen))
fail("setsockopt(EBT_SO_SET_ENTRIES)");
}
close(fd);
}
static void checkpoint_net_namespace(void)
{
checkpoint_ebtables();
checkpoint_arptables();
checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]),
AF_INET, SOL_IP);
checkpoint_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]),
AF_INET6, SOL_IPV6);
}
static void reset_net_namespace(void)
{
reset_ebtables();
reset_arptables();
reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]),
AF_INET, SOL_IP);
reset_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]),
AF_INET6, SOL_IPV6);
}
static void remove_dir(const char* dir)
{
DIR* dp;
struct dirent* ep;
int iter = 0;
retry:
while (umount2(dir, MNT_DETACH) == 0) {
}
dp = opendir(dir);
if (dp == NULL) {
if (errno == EMFILE) {
exitf("opendir(%s) failed due to NOFILE, exiting", dir);
}
exitf("opendir(%s) failed", dir);
}
while ((ep = readdir(dp))) {
if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0)
continue;
char filename[FILENAME_MAX];
snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name);
struct stat st;
if (lstat(filename, &st))
exitf("lstat(%s) failed", filename);
if (S_ISDIR(st.st_mode)) {
remove_dir(filename);
continue;
}
int i;
for (i = 0;; i++) {
if (unlink(filename) == 0)
break;
if (errno == EROFS) {
break;
}
if (errno != EBUSY || i > 100)
exitf("unlink(%s) failed", filename);
if (umount2(filename, MNT_DETACH))
exitf("umount(%s) failed", filename);
}
}
closedir(dp);
int i;
for (i = 0;; i++) {
if (rmdir(dir) == 0)
break;
if (i < 100) {
if (errno == EROFS) {
break;
}
if (errno == EBUSY) {
if (umount2(dir, MNT_DETACH))
exitf("umount(%s) failed", dir);
continue;
}
if (errno == ENOTEMPTY) {
if (iter < 100) {
iter++;
goto retry;
}
}
}
exitf("rmdir(%s) failed", dir);
}
}
static void execute_one();
extern unsigned long long procid;
static void loop()
{
checkpoint_net_namespace();
char cgroupdir[64];
snprintf(cgroupdir, sizeof(cgroupdir), "/syzcgroup/unified/syz%llu", procid);
char cgroupdir_cpu[64];
snprintf(cgroupdir_cpu, sizeof(cgroupdir_cpu), "/syzcgroup/cpu/syz%llu",
procid);
char cgroupdir_net[64];
snprintf(cgroupdir_net, sizeof(cgroupdir_net), "/syzcgroup/net/syz%llu",
procid);
if (mkdir(cgroupdir, 0777)) {
}
if (mkdir(cgroupdir_cpu, 0777)) {
}
if (mkdir(cgroupdir_net, 0777)) {
}
int pid = getpid();
char procs_file[128];
snprintf(procs_file, sizeof(procs_file), "%s/cgroup.procs", cgroupdir);
if (!write_file(procs_file, "%d", pid)) {
}
snprintf(procs_file, sizeof(procs_file), "%s/cgroup.procs", cgroupdir_cpu);
if (!write_file(procs_file, "%d", pid)) {
}
snprintf(procs_file, sizeof(procs_file), "%s/cgroup.procs", cgroupdir_net);
if (!write_file(procs_file, "%d", pid)) {
}
int iter;
for (iter = 0;; iter++) {
char cwdbuf[32];
sprintf(cwdbuf, "./%d", iter);
if (mkdir(cwdbuf, 0777))
fail("failed to mkdir");
int pid = fork();
if (pid < 0)
fail("clone failed");
if (pid == 0) {
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
if (chdir(cwdbuf))
fail("failed to chdir");
if (symlink(cgroupdir, "./cgroup")) {
}
if (symlink(cgroupdir_cpu, "./cgroup.cpu")) {
}
if (symlink(cgroupdir_net, "./cgroup.net")) {
}
flush_tun();
execute_one();
doexit(0);
}
int status = 0;
uint64_t start = current_time_ms();
for (;;) {
int res = waitpid(-1, &status, __WALL | WNOHANG);
if (res == pid) {
break;
}
usleep(1000);
if (current_time_ms() - start < 3 * 1000)
continue;
kill(-pid, SIGKILL);
kill(pid, SIGKILL);
while (waitpid(-1, &status, __WALL) != pid) {
}
break;
}
remove_dir(cwdbuf);
reset_net_namespace();
}
}
struct thread_t {
int created, running, call;
pthread_t th;
};
static struct thread_t threads[16];
static void execute_call(int call);
static int running;
static int collide;
static void* thr(void* arg)
{
struct thread_t* th = (struct thread_t*)arg;
for (;;) {
while (!__atomic_load_n(&th->running, __ATOMIC_ACQUIRE))
syscall(SYS_futex, &th->running, FUTEX_WAIT, 0, 0);
execute_call(th->call);
__atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
__atomic_store_n(&th->running, 0, __ATOMIC_RELEASE);
syscall(SYS_futex, &th->running, FUTEX_WAKE);
}
return 0;
}
static void execute(int num_calls)
{
int call, thread;
running = 0;
for (call = 0; call < num_calls; call++) {
for (thread = 0; thread < sizeof(threads) / sizeof(threads[0]); thread++) {
struct thread_t* th = &threads[thread];
if (!th->created) {
th->created = 1;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setstacksize(&attr, 128 << 10);
pthread_create(&th->th, &attr, thr, th);
}
if (!__atomic_load_n(&th->running, __ATOMIC_ACQUIRE)) {
th->call = call;
__atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
__atomic_store_n(&th->running, 1, __ATOMIC_RELEASE);
syscall(SYS_futex, &th->running, FUTEX_WAKE);
if (collide && call % 2)
break;
struct timespec ts;
ts.tv_sec = 0;
ts.tv_nsec = 20 * 1000 * 1000;
syscall(SYS_futex, &th->running, FUTEX_WAIT, 1, &ts);
if (running)
usleep((call == num_calls - 1) ? 10000 : 1000);
break;
}
}
}
}
uint64_t r[26] = {0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0};
unsigned long long procid;
void execute_call(int call)
{
long res;
switch (call) {
case 0:
res = syscall(__NR_socket, 0x40000000015, 5, 0);
if (res != -1)
r[0] = res;
break;
case 1:
NONFAILING(*(uint32_t*)0x206dbffc = 0);
syscall(__NR_setsockopt, r[0], 1, 8, 0x206dbffc, 4);
break;
case 2:
NONFAILING(*(uint16_t*)0x208a5ff0 = 2);
NONFAILING(*(uint16_t*)0x208a5ff2 = htobe16(0x4e20));
NONFAILING(*(uint32_t*)0x208a5ff4 = htobe32(0x7f000001));
NONFAILING(*(uint8_t*)0x208a5ff8 = 0);
NONFAILING(*(uint8_t*)0x208a5ff9 = 0);
NONFAILING(*(uint8_t*)0x208a5ffa = 0);
NONFAILING(*(uint8_t*)0x208a5ffb = 0);
NONFAILING(*(uint8_t*)0x208a5ffc = 0);
NONFAILING(*(uint8_t*)0x208a5ffd = 0);
NONFAILING(*(uint8_t*)0x208a5ffe = 0);
NONFAILING(*(uint8_t*)0x208a5fff = 0);
syscall(__NR_bind, r[0], 0x208a5ff0, 0x10);
break;
case 3:
NONFAILING(memcpy(
(void*)0x20f7db7f,
"\xba\x67\x13\x68\xd1\x01\x00\x00\x00\x49\x00\x00\x00\x01\x00\x00\x00"
"\x01\x8b\xe4\x9e\x93\x01\x44\x28\x65\x31\x99\x97\xd0\xef\xdb\x2f\x54"
"\xb6\xa1\x0c\x73\x27\x75\x74\x82\xbf\xce\x94\x5c\x2a\x91\xfb\x8d\xfa"
"\xfc\x1d\x3f\x56\xbc\x54\x3a\xb8\x73\x21\xe1\x2c\xca\x08\xa7\x44\xa2"
"\xd1\x28\xb0\x06\x34\xbc\x88\x21\x51\xd3\x68\x09\x22\x9a\x96\xbc\x34"
"\x37\xef\x15\x94\x89\x38\x4a\xde\x07\x7b\xa2\x95\xea\xc2\x88\x2d\xbf"
"\xd3\x78\x1d\xd4\xd4\xe6\x09\xc4\x26\x28\xdb\xb7\x09\xb3\xeb\x1f\xa0"
"\x30\x00\x90\x45\xdd\x98\xb9\xe6\xd7\x7b\x6c\xec\x9c\xeb\x68\x55\x95"
"\xd4\x39\x95\xe0\xf0\x4c\x32\x26\x09\x43\xad\xd7\x98\x31\xe6\x61\xc6"
"\xa3\x51\xde\xdc\x8b\x9d\x22\x0f\xbf\x9f\xb6\xe4\x4f\xb6\xa6\x29\xce"
"\x9a\x82\x02\x51\x24\xfe\xc9\xf3\xee\x75\x1f\x7d\xa0\xcd\x7e\x79\x9b"
"\xe8\x8d\xdb\xda\xc2\x0b\x48\xe8\x90\xff\x81\xd7\xfa\x28\xc2\xd0\x17"
"\xd7\x93\x2f\x25\x69\x03\x87\x40\x46\x1a\xcc\xd4\x58\x2f\x57\x6e\x4f"
"\xdb\x61\x50\xa3\x39\x9f\x82\x66\xbc\x19\xeb\x94\x36\x48\xad\x1a\xd8"
"\x14\x20\xed\x6c\x38\x24\x36\xe4\x74\x39\x0c\x89\x95\xe8\x29\xe4\xf9"
"\xdf\x43",
257));
NONFAILING(*(uint16_t*)0x20000200 = 2);
NONFAILING(*(uint16_t*)0x20000202 = htobe16(0x4e20));
NONFAILING(*(uint32_t*)0x20000204 = htobe32(0x7f000001));
NONFAILING(*(uint8_t*)0x20000208 = 0);
NONFAILING(*(uint8_t*)0x20000209 = 0);
NONFAILING(*(uint8_t*)0x2000020a = 0);
NONFAILING(*(uint8_t*)0x2000020b = 0);
NONFAILING(*(uint8_t*)0x2000020c = 0);
NONFAILING(*(uint8_t*)0x2000020d = 0);
NONFAILING(*(uint8_t*)0x2000020e = 0);
NONFAILING(*(uint8_t*)0x2000020f = 0);
syscall(__NR_sendto, r[0], 0x20f7db7f, 0x101, 0, 0x20000200, 0x10);
break;
case 4:
NONFAILING(*(uint16_t*)0x202b4000 = 2);
NONFAILING(*(uint16_t*)0x202b4002 = htobe16(0x4e20));
NONFAILING(*(uint32_t*)0x202b4004 = htobe32(0x7f000001));
NONFAILING(*(uint8_t*)0x202b4008 = 0);
NONFAILING(*(uint8_t*)0x202b4009 = 0);
NONFAILING(*(uint8_t*)0x202b400a = 0);
NONFAILING(*(uint8_t*)0x202b400b = 0);
NONFAILING(*(uint8_t*)0x202b400c = 0);
NONFAILING(*(uint8_t*)0x202b400d = 0);
NONFAILING(*(uint8_t*)0x202b400e = 0);
NONFAILING(*(uint8_t*)0x202b400f = 0);
syscall(__NR_sendto, r[0], 0x204b3fff, 0x380, 0, 0x202b4000, 0x10);
break;
case 5:
NONFAILING(*(uint16_t*)0x20000000 = 0x1d);
NONFAILING(*(uint32_t*)0x20000004 = 0);
NONFAILING(*(uint32_t*)0x20000008 = 0);
NONFAILING(*(uint32_t*)0x2000000c = 0);
syscall(__NR_connect, r[0], 0x20000000, 0x10);
break;
case 6:
res = syscall(__NR_socket, 0xa, 1, 0);
if (res != -1)
r[1] = res;
break;
case 7:
NONFAILING(*(uint32_t*)0x20002080 = 0x60);
res = syscall(__NR_accept, -1, 0x20002000, 0x20002080);
if (res != -1)
r[2] = res;
break;
case 8:
NONFAILING(*(uint16_t*)0x200020c0 = 0x27);
NONFAILING(*(uint32_t*)0x200020c4 = 1);
NONFAILING(*(uint32_t*)0x200020c8 = 2);
NONFAILING(*(uint32_t*)0x200020cc = 0);
NONFAILING(*(uint8_t*)0x200020d0 = -1);
NONFAILING(*(uint8_t*)0x200020d1 = 5);
NONFAILING(memcpy((void*)0x200020d2,
"\x76\x5f\xd1\x6b\x79\x03\x9a\x5b\xf2\x0b\x75\x08\xc8\x2d"
"\x6a\xfb\x5f\x90\x59\x63\x6c\x46\x41\x94\x50\x72\x0a\x96"
"\x9b\xf1\xdb\x60\x08\xa0\x65\x67\xa6\x0b\x3b\xa3\xbb\xdc"
"\x94\x92\xf9\xe6\xf1\x5b\xf6\xab\x8b\x9c\x00\x9d\x19\x4c"
"\x07\x04\x73\x6f\x63\x95\x90",
63));
NONFAILING(*(uint64_t*)0x20002118 = 0x36);
syscall(__NR_connect, r[2], 0x200020c0, 0x60);
break;
case 9:
syz_extract_tcp_res(0x20000040, 0, 0);
break;
case 10:
res = syscall(__NR_socket, 0xa, 0x1000000000002, 0);
if (res != -1)
r[3] = res;
break;
case 11:
syscall(__NR_ioctl, r[3], 0x8912, 0x20000280);
break;
case 12:
syscall(__NR_unshare, 0x40000000);
break;
case 13:
NONFAILING(memcpy((void*)0x20000040, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00",
32));
NONFAILING(*(uint32_t*)0x20000060 = 4);
NONFAILING(*(uint64_t*)0x20000068 = 0);
NONFAILING(*(uint64_t*)0x20000070 = 0);
NONFAILING(*(uint64_t*)0x20000078 = 0);
NONFAILING(*(uint64_t*)0x20000080 = 0);
NONFAILING(*(uint64_t*)0x20000088 = 0);
NONFAILING(*(uint64_t*)0x20000090 = 0);
NONFAILING(*(uint64_t*)0x20000098 = 0);
NONFAILING(*(uint64_t*)0x200000a0 = 0);
syscall(__NR_setsockopt, -1, 0, 0x41, 0x20000040, 0x68);
break;
case 14:
NONFAILING(memcpy((void*)0x20000080,
"\x29\x5e\xd2\x77\xa4\x20\x01\x00\x36\x00\x70", 11));
syscall(__NR_ioctl, r[1], 0x8912, 0x20000080);
break;
case 15:
NONFAILING(*(uint16_t*)0x200004c0 = 0xa);
NONFAILING(*(uint16_t*)0x200004c2 = htobe16(0));
NONFAILING(*(uint32_t*)0x200004c4 = 0);
NONFAILING(*(uint8_t*)0x200004c8 = 0xfe);
NONFAILING(*(uint8_t*)0x200004c9 = 0x80);
NONFAILING(*(uint8_t*)0x200004ca = 0);
NONFAILING(*(uint8_t*)0x200004cb = 0);
NONFAILING(*(uint8_t*)0x200004cc = 0);
NONFAILING(*(uint8_t*)0x200004cd = 0);
NONFAILING(*(uint8_t*)0x200004ce = 0);
NONFAILING(*(uint8_t*)0x200004cf = 0);
NONFAILING(*(uint8_t*)0x200004d0 = 0);
NONFAILING(*(uint8_t*)0x200004d1 = 0);
NONFAILING(*(uint8_t*)0x200004d2 = 0);
NONFAILING(*(uint8_t*)0x200004d3 = 0);
NONFAILING(*(uint8_t*)0x200004d4 = 0);
NONFAILING(*(uint8_t*)0x200004d5 = 0);
NONFAILING(*(uint8_t*)0x200004d6 = 0);
NONFAILING(*(uint8_t*)0x200004d7 = 0xbb);
NONFAILING(*(uint32_t*)0x200004d8 = 0x400);
NONFAILING(*(uint16_t*)0x200004dc = 0xa);
NONFAILING(*(uint16_t*)0x200004de = htobe16(0x4e23));
NONFAILING(*(uint32_t*)0x200004e0 = 4);
NONFAILING(*(uint8_t*)0x200004e4 = 0);
NONFAILING(*(uint8_t*)0x200004e5 = 0);
NONFAILING(*(uint8_t*)0x200004e6 = 0);
NONFAILING(*(uint8_t*)0x200004e7 = 0);
NONFAILING(*(uint8_t*)0x200004e8 = 0);
NONFAILING(*(uint8_t*)0x200004e9 = 0);
NONFAILING(*(uint8_t*)0x200004ea = 0);
NONFAILING(*(uint8_t*)0x200004eb = 0);
NONFAILING(*(uint8_t*)0x200004ec = 0);
NONFAILING(*(uint8_t*)0x200004ed = 0);
NONFAILING(*(uint8_t*)0x200004ee = -1);
NONFAILING(*(uint8_t*)0x200004ef = -1);
NONFAILING(*(uint32_t*)0x200004f0 = htobe32(0x7f000001));
NONFAILING(*(uint32_t*)0x200004f4 = 0xfffffa2a);
NONFAILING(*(uint16_t*)0x200004f8 = 0);
NONFAILING(*(uint32_t*)0x200004fc = 0);
NONFAILING(*(uint32_t*)0x20000500 = 0xfffffff8);
NONFAILING(*(uint32_t*)0x20000504 = 0);
NONFAILING(*(uint32_t*)0x20000508 = 2);
NONFAILING(*(uint32_t*)0x2000050c = 0x80000000);
NONFAILING(*(uint32_t*)0x20000510 = 0);
NONFAILING(*(uint32_t*)0x20000514 = 0);
NONFAILING(*(uint32_t*)0x20000518 = 0);
syscall(__NR_setsockopt, -1, 0x29, 0xd3, 0x200004c0, 0x5c);
break;
case 16:
res = syscall(__NR_socket, 0x40000000015, 5, 0);
if (res != -1)
r[4] = res;
break;
case 17:
syscall(__NR_socket, 2, 2, 0);
break;
case 18:
NONFAILING(*(uint16_t*)0x208a5ff0 = 2);
NONFAILING(*(uint16_t*)0x208a5ff2 = htobe16(0));
NONFAILING(*(uint32_t*)0x208a5ff4 = htobe32(0x7f000001));
NONFAILING(*(uint8_t*)0x208a5ff8 = 0);
NONFAILING(*(uint8_t*)0x208a5ff9 = 0);
NONFAILING(*(uint8_t*)0x208a5ffa = 0);
NONFAILING(*(uint8_t*)0x208a5ffb = 0);
NONFAILING(*(uint8_t*)0x208a5ffc = 0);
NONFAILING(*(uint8_t*)0x208a5ffd = 0);
NONFAILING(*(uint8_t*)0x208a5ffe = 0);
NONFAILING(*(uint8_t*)0x208a5fff = 0);
syscall(__NR_bind, r[4], 0x208a5ff0, 0x10);
break;
case 19:
NONFAILING(*(uint32_t*)0x20000580 = 0x14);
syscall(__NR_getsockopt, -1, 6, 0x1d, 0x20000540, 0x20000580);
break;
case 20:
syscall(__NR_socket, 0x29, 0, 0);
break;
case 21:
NONFAILING(*(uint16_t*)0x2069affb = 2);
NONFAILING(*(uint16_t*)0x2069affd = htobe16(0x4e1c));
NONFAILING(*(uint32_t*)0x2069afff = htobe32(0x7f000001));
NONFAILING(*(uint8_t*)0x2069b003 = 0);
NONFAILING(*(uint8_t*)0x2069b004 = 0);
NONFAILING(*(uint8_t*)0x2069b005 = 0);
NONFAILING(*(uint8_t*)0x2069b006 = 0);
NONFAILING(*(uint8_t*)0x2069b007 = 0);
NONFAILING(*(uint8_t*)0x2069b008 = 0);
NONFAILING(*(uint8_t*)0x2069b009 = 0);
NONFAILING(*(uint8_t*)0x2069b00a = 0);
syscall(__NR_sendto, r[4], 0x200006c0, 0, 0, 0x2069affb, 0x10);
break;
case 22:
NONFAILING(*(uint16_t*)0x202b4000 = 2);
NONFAILING(*(uint16_t*)0x202b4002 = htobe16(0));
NONFAILING(*(uint32_t*)0x202b4004 = htobe32(0x7f000001));
NONFAILING(*(uint8_t*)0x202b4008 = 0);
NONFAILING(*(uint8_t*)0x202b4009 = 0);
NONFAILING(*(uint8_t*)0x202b400a = 0);
NONFAILING(*(uint8_t*)0x202b400b = 0);
NONFAILING(*(uint8_t*)0x202b400c = 0);
NONFAILING(*(uint8_t*)0x202b400d = 0);
NONFAILING(*(uint8_t*)0x202b400e = 0);
NONFAILING(*(uint8_t*)0x202b400f = 0);
syscall(__NR_sendto, r[4], 0x204b3fff, 0x2f00, 0, 0x202b4000, 0x10);
break;
case 23:
NONFAILING(*(uint32_t*)0x20000600 = 0);
NONFAILING(*(uint32_t*)0x20000604 = 0);
NONFAILING(*(uint32_t*)0x20000640 = 8);
syscall(__NR_getsockopt, r[1], 0x84, 0x7b, 0x20000600, 0x20000640);
break;
case 24:
NONFAILING(*(uint32_t*)0x200000c0 = 0x20);
syscall(__NR_setsockopt, -1, 0x84, 0x1e, 0x200000c0, 4);
break;
case 25:
NONFAILING(*(uint32_t*)0x20000180 = 0x14);
syscall(__NR_accept4, -1, 0x20000140, 0x20000180, 0x80000);
break;
case 26:
res = syscall(__NR_pipe, 0x20000240);
if (res != -1) {
NONFAILING(r[5] = *(uint32_t*)0x20000240);
NONFAILING(r[6] = *(uint32_t*)0x20000244);
}
break;
case 27:
syscall(__NR_ioctl, r[6], 0x80f86406, 0x20000080);
break;
case 28:
syscall(__NR_ioctl, r[5], 0xc0189436, 0x20000000);
break;
case 29:
res = syscall(__NR_socket, 0x18, 1, 2);
if (res != -1)
r[7] = res;
break;
case 30:
NONFAILING(*(uint16_t*)0x20000440 = 0x18);
NONFAILING(*(uint32_t*)0x20000442 = 2);
NONFAILING(*(uint16_t*)0x20000446 = htobe16(3));
NONFAILING(*(uint32_t*)0x2000044a = htobe32(0x8001));
syscall(__NR_connect, r[7], 0x20000440, 0x1e);
break;
case 31:
NONFAILING(*(uint16_t*)0x20000040 = 0xa);
NONFAILING(*(uint16_t*)0x20000042 = htobe16(0));
NONFAILING(*(uint32_t*)0x20000044 = 0);
NONFAILING(*(uint8_t*)0x20000048 = 0xfe);
NONFAILING(*(uint8_t*)0x20000049 = 0x80);
NONFAILING(*(uint8_t*)0x2000004a = 0);
NONFAILING(*(uint8_t*)0x2000004b = 0);
NONFAILING(*(uint8_t*)0x2000004c = 0);
NONFAILING(*(uint8_t*)0x2000004d = 0);
NONFAILING(*(uint8_t*)0x2000004e = 0);
NONFAILING(*(uint8_t*)0x2000004f = 0);
NONFAILING(*(uint8_t*)0x20000050 = 0);
NONFAILING(*(uint8_t*)0x20000051 = 0);
NONFAILING(*(uint8_t*)0x20000052 = 0);
NONFAILING(*(uint8_t*)0x20000053 = 0);
NONFAILING(*(uint8_t*)0x20000054 = 0);
NONFAILING(*(uint8_t*)0x20000055 = 0);
NONFAILING(*(uint8_t*)0x20000056 = 0);
NONFAILING(*(uint8_t*)0x20000057 = 0xaa);
NONFAILING(*(uint32_t*)0x20000058 = 3);
syscall(__NR_connect, -1, 0x20000040, 0x1c);
break;
case 32:
NONFAILING(*(uint32_t*)0x20000080 = 0);
NONFAILING(*(uint32_t*)0x20000084 = 0);
syscall(__NR_setsockopt, -1, 1, 6, 0x20000080, 8);
break;
case 33:
syscall(__NR_socket, 0x1d, 2, 2);
break;
case 34:
NONFAILING(*(uint16_t*)0x20000240 = 2);
NONFAILING(*(uint16_t*)0x20000242 = htobe16(0x4e23));
NONFAILING(*(uint32_t*)0x20000244 = htobe32(-1));
NONFAILING(*(uint8_t*)0x20000248 = 0);
NONFAILING(*(uint8_t*)0x20000249 = 0);
NONFAILING(*(uint8_t*)0x2000024a = 0);
NONFAILING(*(uint8_t*)0x2000024b = 0);
NONFAILING(*(uint8_t*)0x2000024c = 0);
NONFAILING(*(uint8_t*)0x2000024d = 0);
NONFAILING(*(uint8_t*)0x2000024e = 0);
NONFAILING(*(uint8_t*)0x2000024f = 0);
syscall(__NR_bind, -1, 0x20000240, 0x10);
break;
case 35:
NONFAILING(*(uint64_t*)0x20000b80 = 0x20000380);
NONFAILING(*(uint32_t*)0x20000b88 = 0x80);
NONFAILING(*(uint64_t*)0x20000b90 = 0x20000b00);
NONFAILING(*(uint64_t*)0x20000b00 = 0x20000a80);
NONFAILING(*(uint64_t*)0x20000b08 = 0x77);
NONFAILING(*(uint64_t*)0x20000b98 = 1);
NONFAILING(*(uint64_t*)0x20000ba0 = 0);
NONFAILING(*(uint64_t*)0x20000ba8 = 0);
NONFAILING(*(uint32_t*)0x20000bb0 = 0);
syscall(__NR_recvmsg, -1, 0x20000b80, 0);
break;
case 36:
res = syscall(__NR_socket, 0xa, 1, 0);
if (res != -1)
r[8] = res;
break;
case 37:
syscall(__NR_ioctl, r[8], 0x4000008912, 0x20000100);
break;
case 38:
NONFAILING(*(uint32_t*)0x20000000 = -1);
NONFAILING(*(uint16_t*)0x20000004 = 0x100);
NONFAILING(*(uint16_t*)0x20000006 = 0);
NONFAILING(*(uint32_t*)0x20000008 = -1);
NONFAILING(*(uint16_t*)0x2000000c = 0);
NONFAILING(*(uint16_t*)0x2000000e = 0);
syscall(__NR_poll, 0x20000000, 2, 0);
break;
case 39:
NONFAILING(*(uint32_t*)0x200012c0 = 0x10);
res = syscall(__NR_accept4, 0xffffff9c, 0x20001280, 0x200012c0, 0x80800);
if (res != -1)
r[9] = res;
break;
case 40:
NONFAILING(*(uint32_t*)0x20001400 = 0);
NONFAILING(*(uint16_t*)0x20001404 = 2);
NONFAILING(*(uint16_t*)0x20001406 = htobe16(0x4e22));
NONFAILING(*(uint32_t*)0x20001408 = htobe32(0xe0000001));
NONFAILING(*(uint8_t*)0x2000140c = 0);
NONFAILING(*(uint8_t*)0x2000140d = 0);
NONFAILING(*(uint8_t*)0x2000140e = 0);
NONFAILING(*(uint8_t*)0x2000140f = 0);
NONFAILING(*(uint8_t*)0x20001410 = 0);
NONFAILING(*(uint8_t*)0x20001411 = 0);
NONFAILING(*(uint8_t*)0x20001412 = 0);
NONFAILING(*(uint8_t*)0x20001413 = 0);
NONFAILING(*(uint32_t*)0x20001484 = 0);
NONFAILING(*(uint32_t*)0x20001488 = 0x9a6);
NONFAILING(*(uint32_t*)0x2000148c = 9);
NONFAILING(*(uint32_t*)0x20001490 = 2);
NONFAILING(*(uint32_t*)0x20001494 = 5);
NONFAILING(*(uint32_t*)0x200014c0 = 0x98);
syscall(__NR_getsockopt, r[9], 0x84, 0xf, 0x20001400, 0x200014c0);
break;
case 41:
syscall(__NR_socket, 0x10, 3, 0x10);
break;
case 42:
NONFAILING(*(uint32_t*)0x20000340 = 8);
syscall(__NR_setsockopt, r[9], 0x84, 0x14, 0x20000340, 4);
break;
case 43:
NONFAILING(*(uint32_t*)0x20000280 = 0);
NONFAILING(*(uint32_t*)0x20000284 = 0x80000);
NONFAILING(*(uint32_t*)0x20000288 = 0xffffff9c);
res = syscall(__NR_ioctl, -1, 0xc00c642e, 0x20000280);
if (res != -1)
NONFAILING(r[10] = *(uint32_t*)0x20000288);
break;
case 44:
NONFAILING(*(uint64_t*)0x200002c0 = 9);
NONFAILING(*(uint64_t*)0x200002c8 = 0);
NONFAILING(*(uint64_t*)0x200002d0 = 0x10003);
NONFAILING(*(uint64_t*)0x200002d8 = 0);
res = syscall(__NR_ioctl, 0xffffff9c, 0xc0206434, 0x200002c0);
if (res != -1)
NONFAILING(r[11] = *(uint64_t*)0x200002c8);
break;
case 45:
NONFAILING(*(uint64_t*)0x20000300 = 0xffffffffffffffd4);
NONFAILING(*(uint64_t*)0x20000308 = r[11]);
syscall(__NR_ioctl, r[10], 0xc0106438, 0x20000300);
break;
case 46:
syscall(__NR_socket, 0x2b, 1, 0);
break;
case 47:
NONFAILING(*(uint32_t*)0x206dbffc = 1);
syscall(__NR_setsockopt, -1, 1, 0x3c, 0x206dbffc, 4);
break;
case 48:
NONFAILING(*(uint32_t*)0x20000140 = 0);
res = syscall(__NR_accept, -1, 0, 0x20000140);
if (res != -1)
r[12] = res;
break;
case 49:
NONFAILING(*(uint32_t*)0x20001c80 = 0xc);
res = syscall(__NR_getsockopt, -1, 1, 0x11, 0x20001c40, 0x20001c80);
if (res != -1)
NONFAILING(r[13] = *(uint32_t*)0x20001c44);
break;
case 50:
NONFAILING(*(uint32_t*)0x20002080 = 0xe8);
res = syscall(__NR_getsockopt, -1, 0x29, 0x23, 0x20001f80, 0x20002080);
if (res != -1)
NONFAILING(r[14] = *(uint32_t*)0x20001fb4);
break;
case 51:
NONFAILING(*(uint64_t*)0x20002180 = 0x20000180);
NONFAILING(*(uint16_t*)0x20000180 = 1);
NONFAILING(*(uint8_t*)0x20000182 = 0);
NONFAILING(*(uint32_t*)0x20000184 = 0x4e24);
NONFAILING(*(uint32_t*)0x20002188 = 0x6e);
NONFAILING(*(uint64_t*)0x20002190 = 0x20001580);
NONFAILING(*(uint64_t*)0x20001580 = 0x20000240);
NONFAILING(memcpy(
(void*)0x20000240,
"\x34\xd0\x59\x28\x28\x92\xbb\x53\xa4\x7e\x67\xe8\xda\x7d\xd6\xfd\x9a"
"\xd0\xa1\xd8\x2f\x9a\xd7\xf5\x86\x12\xcf\x2e\x19\xde\xce\xfd\xb4\x78"
"\x9a\x1e\xdb\xba\x84\xd4\x98\x2c\x03\xa0\x7e\x02\x6d\xb5\xf9\x55\x5f"
"\x06\xcb\xe5\xc1\xd4\xee\xb0\xbe\xe8\x79\x94\xaa\x83\x35\xf0\x34\xe4"
"\xdc\xc5\x72\x54\x52\x92\x07\x13\x8e\x39\xd0\xe3\xde\xf7\x7d\x8e\x4a"
"\x97\x0f\xe8\x9e\x06\x5d\x75\x2b\x7b\xd0\x9d\x61\x5e\x28\x5f\xce\x7a"
"\x79\xb4\x39\x00\x0d\x2c\x8f\x50\x0f\xbc\x5f\xf5\x1e\x8d\xee\x51\x9a"
"\x25\x29\xa9\x8f\xb1\xec\x22\x27\x21\x79\x94\x19\xf8\xd4\xa7\xd3\x6c"
"\x31\x77\x3f\x83\x5d\xc3\x47\xf4\x11\x50\xbc\x6b\x45\x0e\x45\x3e\x33"
"\x84\x4f\xd0\x6f\xcb\x50\xff\x6c\x1d\x61\xec\x8f\xba\x20\x67\xc4\xa8"
"\xb7\xe6\xb7\xde\x90\xd0\x05\x84\x75\x49\x17\x61\x53\xdc\xc0\xd2\xff"
"\xe6\xdf\xf4\xbf\x37\x2a\xc6\x0a\x6e\x9d\xe5\x70\xf5\x90\xc9\x42\xdf"
"\x71\x82\xc5\xf0\x9f\x30\xa8\x26\x62\xc7\xd7\x94\xe4\x42\x18\xd7\x49"
"\x6f\x4c\xed\xd5\xaa\xe5\xaf\x4f\xa7\x2a\x70\x18\xc0\x16\x88\x01\xd4"
"\x62\xc4\x9c\xac\x21\x30\xe5\x42\xcc\x4d\x0e\x2c\x53\x58\x24\x85\xe7"
"\x96\x0d\x78\x04\x65\x45\xe7\x28\x19\x9e\x8d\x36\xc9\x61\x5c\xa6\x0e"
"\x42\x4e\xb5\x4c\xf3\x01\x1d\x4b\x14\xf7\x7c\x21\x19\x8f\x19\x3e\x9c"
"\x00\xb2\xa3\x09\x11\xb4\xf7\xb2\x28\xf0\x9a\x64\xa4\x97\x90\x1e\xda"
"\x2f\x0f\x7c\x55\xfa\x1a\x53\xcf\x6b\x70\x91\x6f\xa0\xe9\xac\x9c\x7f"
"\x16\xe1\x5b\x01\x46\x17\xac\x7b\xd3\xf7\x0f\x96\x80\xef\xe4\x88\xa7"
"\x91\x29\xcb\xd0\x1f\x1a\xec\x2f\xa6\x02\x70\x30\xc8\xab\x48\x8f\xe9"
"\x5c\x88\xeb\xbe\x38\xa8\xaa\xff\xfe\x55\x8a\xd6\x8a\x96\xd4\xe4\xc5"
"\x80\x43\x4a\xe9\x73\xdd\x50\xc8\x80\xa4\xe8\xec\x4c\x86\x13\x8b\x3b"
"\x37\xd7\x82\x6a\x1f\xc6\x1b\x10\xd0\x98\xdb\x58\xf0\xa1\x06\x51\x9f"
"\x17\x74\xed\x49\x42\xfe\x57\x9b\xa4\xa0\xd3\xe0\x93\x59\xe0\xcd\x4d"
"\x57\x44\x31\x4b\xa1\xc0\xf5\x4d\xf2\x2e\x3b\xce\x0f\x36\x5e\x59\xe8"
"\x68\xab\x06\xf6\x7b\x71\x5a\xa0\x0a\x56\xe9\x11\xd3\xdc\x65\x55\x0d"
"\xe5\x96\x76\x5f\x27\x0d\x97\x4b\x65\xff\xcc\x00\x8f\xa6\x66\x68\xa1"
"\xbc\x86\x9a\xa9\x9e\x40\xc9\xda\x03\xad\x69\xd8\xd0\x90\xbf\x18\x5f"
"\x3d\x52\x7d\x56\xf2\x2d\xd6\x00\x79\x9e\xdf\xec\x2c\xca\x59\x60\xcd"
"\x9b\x58\xf3\xb3\xbe\xea\x5d\x6c\x95\xfe\x7f\x7a\xa5\x01\x8a\x2c\x71"
"\x67\x6e\xb8\xb4\x98\x08\x4a\xbe\xb3\x3f\x97\xf0\x4b\x3a\x3b\xed\x10"
"\x0e\x5d\xe5\xb0\x00\x95\x93\x89\xa4\xf9\xd1\x73\x79\x94\x08\xc9\xf4"
"\x38\x7b\xa8\xc9\x88\x29\x91\x94\xa3\x28\xbc\xe0\x49\xdf\x7b\x04\x10"
"\x58\x61\x05\x12\x61\xdc\x8e\xf9\x97\x7d\xc0\x05\xc2\x8b\xee\x69\xbf"
"\xe5\xe8\xe6\x25\x50\x74\x2c\xe4\x98\xaf\xdd\xd4\xca\x50\x49\x0c\xb0"
"\x39\x4c\x7c\x6f\x4f\x87\x02\xc7\xac\x7c\x00\x0a\x01\x69\x84\x78\x29"
"\xc0\x51\x0f\xfd\x8d\x67\xc2\x89\xcd\xfb\x0a\x02\x70\xa8\x71\x8f\x69"
"\x9a\x18\x70\x4e\x89\xf1\xe0\xbe\x7e\x7a\xf9\x48\xf3\x18\x6c\xd5\x5f"
"\x2a\xe7\x95\x6a\xe3\xb3\x70\x9e\x45\xc1\xcc\xc0\x35\xb6\x13\x5b\xa3"
"\x31\x1e\x88\x7b\x82\x12\xe2\x35\x92\x21\x2f\x1d\x77\xa2\x42\x7e\xd4"
"\xab\xcd\x6f\xac\x1c\x3e\x22\x53\x76\x52\xfc\xb5\x48\xc4\x6f\x5e\x67"
"\x15\xf7\xfc\x15\xb3\xda\x67\x79\x2e\xf9\xa8\x83\x37\xfc\x86\xf4\x06"
"\xfa\x08\xbe\x98\xd8\xbc\x27\x8f\x20\x0c\xd2\x39\x31\x06\xe6\xea\xc5"
"\x64\x03\x7b\xab\xfa\x5a\xac\x0f\xe8\x49\xec\x9d\x5c\x1f\x61\x2f\xe4"
"\xb0\x3d\xbf\x9b\xb8\xde\xbd\x90\x20\xe1\x63\x87\xa4\x12\x82\x38\xf0"
"\x9d\xa1\xdc\x69\xfc\xd5\x4b\xb1\x48\x56\xd1\x7e\x61\x84\xf5\x4a\x63"
"\x9b\x2d\x78\x26\x51\x7d\x79\x40\x4e\x7c\x82\x77\x61\xcd\xff\x2b\x8c"
"\x40\xb6\x83\x48\x77\xd7\x2a\x77\xcb\xbc\xd0\x1a\xe2\xc6\x81\xdd\x73"
"\xd9\xe7\xcb\x50\xf3\xf8\x42\x51\xaa\x2b\x29\x90\x42\x0e\x7c\x27\x25"
"\x41\x3e\xa3\xd2\x5f\x6f\x08\xe2\x51\xbb\x02\xa8\x9b\xd0\x04\xf3\xcf"
"\x05\xcd\x11\x00\xc4\xdd\xaa\xf5\x45\xf5\x56\xec\x16\x19\x05\x95\xff"
"\xb2\x57\x98\x91\x67\xcc\xa8\x1b\x57\xc6\xbb\x9c\x0b\xb4\x0d\x8d\x89"
"\xde\xb7\x04\x37\xee\x28\xcb\x67\x21\x5e\x1a\xe4\x31\x80\x24\xc6\x8a"
"\x83\xed\xe8\xdc\xbe\x1b\x61\x80\xa7\x2b\x17\x79\x5f\xd4\x73\x6d\x1c"
"\x77\xd6\x63\x68\x62\xf3\x4a\xf0\x8d\x29\x49\x73\x51\x5f\x81\xe4\x7b"
"\xbd\x1e\x4e\x2e\x7e\xf2\x43\xaa\xe1\xdb\xb0\x18\x7a\x00\x8e\x00\xb7"
"\x7d\x56\xcc\x6e\x02\xa6\x15\xad\xe9\x4b\x36\xc2\x35\x8b\x0e\x58\xd2"
"\x44\x65\xc0\x7d\xb9\x9b\xc7\xb3\xff\x41\x84\xe3\xbb\x0e\x7f\xf0\x13"
"\xcc\x15\x18\x8e\x30\xb4\x15\x17\x31\x26\x5d\x72\x50\xa6\xf3\x2f\x2c"
"\xc4\xbc\x9e\x1f\x4b\xcd\x3b\x3f\x69\xc8\x17\x3a\xf4\xa1\x50\xad\xd0"
"\xa5\xa5\x8a\xb1\xc9\xf3\xad\xcd\xc6\x7f\x3b\x4c\xef\x50\x18\x78\xb3"
"\x62\xf7\x41\xe7\xbf\xe5\xe7\x1e\x8d\xad\xab\xde\x63\xf7\xfb\x55\x72"
"\x71\x32\x78\xde\x25\x1e\x7d\x08\xe7\xb4\xe4\x23\x33\xe8\x67\xa8\xca"
"\xcc\x0a\x90\x87\xf5\xe1\xb0\xfa\x07\x8a\xd5\x30\x58\x35\x44\xd8\xcf"
"\xa1\xaf\xe8\x44\xef\xd3\xe5\x6e\x1b\x03\x8b\xf6\x2c\x9a\x01\x2f\xe5"
"\x0f\x9f\xab\x39\xd1\xdf\xea\xad\xe3\xdc\xe8\x74\x0f\x0a\x88\xb8\x8b"
"\xd8\x50\x8b\xc4\x40\x5b\xce\xf5\x30\x81\xe2\x66\xfa\x74\xfe\xb5\x95"
"\x95\x45\xe0\x3c\x8b\x38\x3f\x22\xaf\x5f\x8f\xaf\xd4\x87\x5c\xd7\x15"
"\xb3\x6f\x4b\xa7\x5f\xaa\x09\x15\x47\x9c\x62\x2b\x3d\x93\x86\x37\x27"
"\x66\x12\xe6\x7f\x59\x7f\x20\x24\x0c\x95\x94\xd7\x5f\x47\xbb\x99\xbd"
"\x90\xa3\xbb\xfc\x18\x40\xc7\x14\x41\xd7\x36\xfa\xad\x9e\xdc\xf1\x34"
"\x03\xc0\xe5\xfb\xab\x7e\xfc\x44\x14\x65\x53\xda\xd9\xcc\x10\x8c\x8e"
"\x1e\x40\xe0\x9a\x6a\x0c\xa8\x85\x55\x5b\xda\x9f\x5c\x4e\xfc\x5c\xe2"
"\xc4\x24\x23\x3e\xf7\xb3\xe3\xba\xcb\x6c\x17\xe4\x0e\xa2\xa4\xea\xd4"
"\xc7\x3d\xb3\x5e\x4f\xfd\x74\x4a\xcd\x45\x82\x01\xa4\x6f\x2e\x6f\xb1"
"\x3f\xa6\xf1\x31\x40\x7b\xeb\xb3\xe2\xab\x46\xeb\xe5\xc2\x10\xfd\xc9"
"\x0e\xc8\xf9\x01\x03\xc6\xa9\xf5\x91\x35\xdd\xa2\x61\xe7\x4c\x2e\x2c"
"\x8e\xc9\x70\x70\xe0\x67\x69\x1e\x1b\x13\xa2\xb2\xd8\x6c\xb5\x94\x2e"
"\x2e\x98\xc2\x98\xea\xf8\x57\xaf\x0f\xcd\x9f\xaa\x88\x36\x63\x13\xa2"
"\x25\x78\x19\x79\xd0\xe2\x7e\x0d\x1a\x69\xb9\xb9\xe1\x95\xf4\xdf\x90"
"\xae\x5f\x3f\x09\x25\x52\x5a\x89\x80\x9e\x3c\x7c\x93\xcd\x77\x6b\x2b"
"\xbb\x5b\x50\xf4\x8f\xa2\x5d\x4b\x32\xd9\x26\x4c\x0f\x3d\x83\xaf\x0a"
"\x08\x52\x90\xda\x41\xc2\xd3\x2f\xc3\x2f\xac\x6e\xa7\xb1\xf7\x47\x2c"
"\x6d\xc0\xbc\xab\xf8\x5b\x53\x21\xe8\x30\x3d\x03\x88\xbc\x52\xac\xcb"
"\x0e\xf5\xc1\xf6\xd2\x89\x3a\x4b\x23\xc3\xc4\x88\x6d\x7c\x36\x58\x97"
"\x97\x6e\xf5\x38\x3a\x5b\x28\xbb\xf5\x11\x88\x64\xdc\x2c\x59\xbc\x5d"
"\x9b\x3a\x99\x00\xf1\x6e\x2c\xde\x2e\x46\x6c\x36\xac\x04\x36\x6d\x59"
"\x00\xab\xdb\x3c\xc2\x67\x1b\x08\xf8\x21\xf3\xdd\xb8\x90\xd0\x48\x7a"
"\xb7\xea\xa7\x01\xf9\x85\xf1\xda\x06\x7a\x22\x65\x23\x49\x37\xd8\x1b"
"\xfd\x25\xa5\xcb\x6a\x0f\x2c\x42\x8f\x3f\xd9\x33\x5c\xe5\x06\x0d\x4d"
"\xc7\x12\x2e\x41\x88\x99\x70\xc6\xaa\x4f\x29\xfe\xbf\xc2\xbe\x5d\xed"
"\xa3\x83\x51\xd2\x0c\xf1\x93\x66\xb4\x70\xac\xfd\x69\x3b\x8e\x7f\xff"
"\x70\x24\x75\xe3\x4c\x3a\x88\xdf\x81\xa0\x8e\xaf\xe6\xc7\xa7\xc9\xe7"
"\xc7\x55\x7d\x70\xb1\x64\x4b\x24\x2d\x9a\x04\xb6\x7f\xee\x84\x43\xc4"
"\xe2\x43\xb0\xf4\xbf\x48\x6b\xa8\x55\x02\xfc\xcc\x6f\x44\xd5\x82\x5e"
"\x70\x60\xb8\x82\x41\xe7\x1c\x73\xaf\x6a\x16\x89\x5e\x86\x20\xa5\xa9"
"\x84\x5c\x2c\x05\x88\x61\x9e\x4a\xda\x99\x17\xef\xde\x8b\x0f\x5e\x2b"
"\x11\xa2\x7a\xdd\xa1\x3b\x81\xc1\x43\x2e\x2e\x98\xbd\x42\xb5\x61\xd5"
"\x28\x85\x5b\x77\x8f\x26\xe6\x06\x18\x2b\xd8\x77\x3b\xb1\x42\x7f\x3d"
"\x0e\x1e\xbb\xc4\x36\xcd\x8c\xab\x56\x2d\x08\x0d\xa5\x37\xa5\x97\x9b"
"\x9e\xf3\x64\xdd\xf9\x5d\x80\x66\xe6\x25\xf3\xa9\x98\x0c\x27\x6f\x29"
"\x76\x81\x1c\xd8\x14\x23\xcf\x37\xc6\x7e\xc9\x13\x3c\x2c\xb8\x1e\xfc"
"\xb9\x69\x30\xc9\x81\xd4\xd5\x26\x53\x2d\xfc\x02\xcc\xf2\xe4\x73\xf8"
"\x91\x3f\xce\x8a\x9c\x52\x16\xf0\x8f\x54\xf9\x08\x91\x28\xdc\x77\xa8"
"\x24\xc0\x00\xee\x9e\x5c\xb0\x2e\x6d\x8c\xb1\x49\xcb\x36\x30\xb6\x31"
"\x9b\x1d\x4a\xb1\x60\xfe\xe6\x8b\x8a\x4b\xd8\x97\xc3\xff\xa0\x02\x26"
"\x8d\x8f\x27\x6f\x18\xbe\x93\x1e\x64\x86\x41\x5e\x01\x7f\xa8\xba\x09"
"\x6c\xa0\xc7\x65\x38\x60\xcb\x6d\x32\xc4\xfc\x3a\x1c\xa9\x1b\x29\xe9"
"\x0c\x18\xaa\xca\x3e\x27\xda\xe4\x2e\x7d\xfc\x70\x73\x0b\xeb\xe6\xc1"
"\x9a\xab\x0f\x48\xdd\xc8\x49\x5a\xc7\xd2\x85\xd8\x7e\xbc\xa1\xe2\x93"
"\xc1\x57\x8e\x7d\x39\x42\x4a\x0f\x18\x84\x71\xae\x0c\x15\x36\x06\xc3"
"\xda\x5c\x14\x9a\x2e\x87\xd3\x01\x35\xbf\x67\xdf\x98\x27\x80\x21\xa9"
"\x70\x2e\x52\xbd\x3b\x65\x03\x00\x31\x26\xc7\x43\x7e\xa7\xfc\x7f\x3e"
"\x93\x7a\xc1\x95\xf1\x44\xed\x5a\x2d\xf8\xc2\x5c\xc6\x56\x05\x4e\x4b"
"\xce\x80\x35\x6a\x45\x2e\xd1\x6e\x3d\x7b\x3e\x7b\x9c\xb4\xca\xbb\x50"
"\x1f\x8d\x2c\xd5\x2d\xef\x87\x6d\x40\x4b\x0d\x99\xbc\x04\x76\xae\xbc"
"\xee\xf8\x7d\xe4\x7b\x36\xd9\x14\x34\x5e\x91\x1e\x65\xf4\x5d\x1b\xff"
"\xcb\xd3\xcd\x4f\xb1\x3a\x6f\xdf\x74\x49\x2d\xd4\x1c\x8f\xbd\x92\x60"
"\xbf\x8c\x99\xf3\xf9\x2e\x42\x7c\xd7\x4a\x74\x29\x6f\x8c\xae\x8f\x6c"
"\x54\xe5\x61\xb7\xbb\xda\x55\x9e\xad\xe1\x01\xc4\x16\x87\xe9\xd2\x49"
"\x31\x5e\x0c\x23\xb2\x62\xe4\x1e\xaa\xa4\xe4\x48\xe1\x3a\x2b\x68\xf1"
"\x8d\xc3\xd9\x3f\xc2\xe9\x63\xc3\xb8\xe4\x07\x35\x33\xfe\x98\xa0\xf4"
"\x94\xba\x6e\x55\xb6\x85\xf4\x3f\x22\x9b\xf3\x9a\x5e\xad\x5b\xe5\x7c"
"\x70\x87\xa8\xc0\x87\x2b\x3d\x84\xfd\x02\x0d\x76\xf1\x06\x51\x1d\x22"
"\x6e\xfd\xf3\xb0\x44\x60\x8c\xfd\x2e\x65\x55\x18\x6e\x99\xb0\xb6\x50"
"\xd0\xc7\xee\x9f\x88\xb6\xfc\xa5\x3f\xcd\xdf\xd2\xa0\x90\xeb\xe2\x6a"
"\x2c\x32\x1e\x38\xcd\x63\x40\x09\xd2\xd6\xe1\x5f\x52\x8f\x67\x08\x12"
"\xb4\x6e\xc2\xc8\x0b\xda\x85\x3d\x3d\xc4\x3f\x67\x50\xbc\x9c\x63\x6e"
"\xe3\xf8\x0d\xd3\x5d\xca\x15\xea\xc7\xd9\xf0\xaf\x0a\xd3\x25\x6d\x31"
"\xa3\xdf\x9e\xee\x30\xf5\xfb\x6c\x48\xb2\x3c\x87\x3f\x0a\x06\xf9\x0d"
"\x94\x3a\x28\x8a\x6c\x42\xfa\x40\xb3\x12\xfe\x9d\xec\xfd\x6c\x4d\xfc"
"\x37\x3b\x00\xdb\x40\x44\x79\xe6\xf4\x61\xf0\xb7\x1e\x18\x31\x7c\x36"
"\x1e\x8c\x43\x57\x7d\x92\x25\xb8\xa0\x44\xbc\xbc\x2f\x08\x6e\x3b\xbd"
"\x3a\x4d\x95\x10\x7e\xdf\xd3\x2c\x22\x2a\xaa\x03\xfc\xa2\xea\x34\x21"
"\x86\xa5\x92\xb1\x1e\xd2\xa5\x7e\x2d\x19\xca\xb1\x37\x8e\x47\x73\xc5"
"\x3a\xe1\x90\xb8\xe4\xc4\xe7\xfa\xd5\x52\x78\x9c\x63\x0a\xeb\xc6\xcb"
"\xa7\xb1\xc5\xf2\x49\xa5\x0b\x7d\x2b\xd2\x13\x0d\xbe\x62\x57\x04\x7d"
"\x14\x5c\xfb\x9f\xbd\x8c\xfd\xa0\xf0\x70\x02\x04\xee\x9c\x2e\x62\x22"
"\xc8\x6a\xe1\xc1\x82\xb2\x87\xc0\x31\x06\x0f\xec\x2c\x9e\x7b\xe5\x82"
"\xce\x86\x78\x37\x15\x81\x34\xce\xac\xd9\x7a\xb5\x9b\xb1\x06\x40\xbb"
"\x7f\x1f\x2c\x61\x3c\xf6\xaa\x58\x34\x5e\x1b\x86\xb4\x8c\xe4\x61\x17"
"\x4f\xb7\x52\x79\xea\x60\x4e\xbf\xa5\xe0\xd0\x05\x60\x2f\xb7\x5b\xfb"
"\x29\xbf\x50\x83\xbe\x0e\xc1\x41\x89\x7b\x91\xea\xcb\xf3\x57\xcc\x41"
"\x72\x80\xdb\xf5\x8d\x08\x14\xa1\xe7\x59\xee\x28\x73\x68\x66\x67\xa2"
"\x95\xbd\xdd\x3b\x51\x5a\x3b\x89\xf6\xb2\xc0\xb1\x49\xb5\xe3\x6e\x4a"
"\xfa\xec\x39\x65\xc1\xb5\xcd\x79\x29\xe9\x95\xcf\x49\x96\x99\x84\x33"
"\x50\xde\x49\x40\x0e\xde\xf0\x06\x56\xe9\x18\xc2\x77\x48\x11\x07\x7b"
"\x84\x0b\x3d\x36\x9b\xa8\x24\x11\x0d\x75\x82\x99\x27\x4c\x6b\xef\xb7"
"\x9c\x21\x8c\x74\x7e\x45\xd5\xa4\x60\x9c\xc4\xfa\x4f\xa9\xc9\x04\x2c"
"\x01\x28\xa7\xc3\x08\x40\x3c\x9a\x82\x27\x78\xf5\xd2\x7c\xd7\x54\x7a"
"\x4f\x57\x14\xd0\x2d\x5c\x4e\x41\x32\xf8\xd5\x1a\xd1\xc4\xba\x1c\xa1"
"\xb5\xc1\x4f\xd1\x03\xf2\x5e\xa3\xff\x4c\x00\x35\x8a\x5b\x88\xd0\x42"
"\x01\x81\xc6\xf9\x50\xdb\xc4\x71\x71\x89\xee\x12\xd9\x92\x2f\xa6\xb5"
"\xb7\x83\x3c\x70\xe9\xeb\x60\x19\x2f\xad\x02\x62\xc3\x7b\x36\x21\x5b"
"\x50\x0b\xe6\xb8\x0c\xf6\xdb\xf7\x4d\xe0\x96\x7b\x40\x11\x00\x32\xa1"
"\x5c\x24\x25\x25\x19\x17\x45\x4b\x55\x96\xab\xc4\xe7\xfa\xbe\x2a\xf3"
"\x1d\x64\x3e\xd7\x05\x21\x3e\x8b\x92\x60\xc7\x0c\x13\x78\x66\x23\x24"
"\x00\xb2\x7b\x0b\x5d\xf1\x96\x81\xbe\x3d\x81\xc5\x9a\x1a\x9e\x0d\x11"
"\x80\x1e\xff\x73\x1f\xb2\xa9\x20\xee\xe4\x60\x0d\x5b\x53\x9b\x18\x54"
"\x6c\xb0\x04\xd8\xf8\x9a\x7f\x06\xa8\x39\x76\x11\x97\x71\x5c\x17\xac"
"\x02\x22\xbb\x0b\xa0\xa7\x73\xa9\x23\xa6\x68\x10\x81\x11\xa4\x82\xf6"
"\x01\xf6\x92\x79\x33\xa0\x88\x6d\x0a\x15\xcc\x00\xfc\x7b\xb5\xd1\x51"
"\x96\x90\xe8\x1c\x17\xf0\x3e\x42\x96\xbd\xf2\x2b\x76\xe5\x0b\xd9\x12"
"\x56\x0a\x49\x7a\xfb\xda\x0f\x74\xce\xaa\xd8\xf1\x7d\x20\x59\x3e\x4d"
"\x82\xb1\x0b\x54\x4e\x6e\xf4\xe0\x77\x85\x0a\xf5\x9d\x2f\x48\xb8\x35"
"\x21\xfd\x95\xef\x75\x45\xc8\x7b\xa4\x89\x21\x86\x89\x0c\xa5\x62\xc1"
"\xbc\x4a\x98\xc8\xe2\x2c\xf9\x3a\x3e\x9e\x46\xd1\x52\x0c\xc5\x96\x5d"
"\xe5\x2e\xa7\x43\x32\xf4\xa9\x7c\xbc\x30\xc8\x37\x53\x17\x9f\xe0\x4d"
"\xd4\x27\x39\x66\x3d\x0d\x97\xf3\x79\xe0\xc4\xab\x4d\x26\x27\x3f\x24"
"\x95\x8b\xb0\x5e\x9b\x93\xef\x5d\xbb\x19\xe2\x23\xe9\x68\x0d\xe8\x40"
"\x2e\xf6\x89\x14\xd2\xd6\xa8\x12\x85\x95\x53\x5c\xb5\x22\xa2\xb9\x17"
"\x66\x43\x1f\xfa\x77\x91\xb3\xa8\x55\x41\x5c\x77\x6b\x99\xbf\xb0\x74"
"\x98\x29\xe1\x69\xa9\x18\x2f\xfc\xed\xe9\x64\x44\x20\x70\x73\x06\xe1"
"\xb0\xfe\x52\x6b\x7b\x60\xf6\x84\x1e\xec\xa0\xa3\x8d\x04\xfb\x60\x8f"
"\xc4\x07\xdf\x31\x7a\x2e\x9e\xd5\xbe\x6a\xca\xe2\xdc\xe2\xcb\xd3\x2d"
"\xd5\xa1\x7f\xb0\xb2\x72\x50\x1a\xb8\xaf\x79\x32\x90\xb7\x9d\xbd\x54"
"\xa2\xad\x7a\xf0\x6a\xbc\x2d\x27\x36\x07\x08\x7f\x60\x39\x64\x1d\x6c"
"\x56\x50\xb6\x37\x59\x04\xa6\xe8\x9d\xc2\x70\xc8\x29\xbb\xcc\x38\x90"
"\x60\x58\xd2\x71\x97\xa8\xdb\x09\x36\xed\x8a\x34\x9e\xf7\xc0\x00\x67"
"\x1b\x6a\xab\x30\xd3\xe9\x03\x83\xdc\x35\x11\x7b\x86\x3b\xfd\x95\x90"
"\xa7\xbd\x3a\x01\x06\x0e\x1f\x3e\x96\x5b\xf3\x55\xf0\x8a\x68\xae\x79"
"\xea\xef\x76\xbe\xd9\x0a\x14\x11\x12\x3d\x0d\x54\xd7\x68\x56\xe6\x71"
"\xa0\xac\x50\xee\xb1\xfb\xef\x71\x83\x50\xa6\xc2\x56\x5e\x49\xfb\x31"
"\x05\x09\x40\xb5\xb9\xb5\x8e\xd0\xc8\x27\x1f\x80\xd3\x74\xa4\x14\x5e"
"\x92\xaa\xcb\x99\x02\x01\x07\xe7\x9d\x43\xe4\xf0\xad\x75\xce\xea\x48"
"\x65\xd2\x25\x33\x85\x14\x88\xc1\xda\x93\x6e\x5c\x73\x41\x7d\xde\x16"
"\x9d\x7c\x37\xbb\x0d\xa7\xf0\x79\xd7\x40\xb2\xf5\x12\x76\x71\x74\xbd"
"\x09\xc4\xe7\x1e\x47\x78\xc7\x3e\x04\xde\x11\x9f\x79\xec\x5f\xb9\x01"
"\x4f\x5d\x9a\x53\xf2\x97\x2b\x09\x8e\x1d\x90\x1a\xfc\xa4\xac\xe4\xef"
"\xcc\x10\x17\x82\x18\x7d\xc2\xb9\x00\x54\x0e\xfc\xf4\x99\xeb\xb4\x6c"
"\x85\x9f\xfe\x2c\x11\x10\xa9\xdf\xe6\xbf\x9d\x6b\x3f\x00\x07\xf0\xed"
"\x44\x1b\xec\xd4\x46\x5d\x36\x37\x14\x76\xd9\x6d\x4f\xf4\xf6\x74\xc2"
"\x75\xe0\x38\x0d\x50\x31\xc8\x41\xa0\x9c\x2a\x2c\x80\x12\xb4\x6f\x7a"
"\x5e\xec\xd2\x74\x75\xda\xc9\x40\x02\x3b\xcf\x82\x48\x47\xbb\x3f\x57"
"\x43\x09\x78\xc1\x56\xf8\xb6\x36\x5c\xd2\x05\xde\xa1\x4e\xfb\x98\xf8"
"\x02\x9a\x71\x54\x69\x4a\xfa\x9b\xf4\x38\x4c\xbe\x7e\xa9\xf7\x09\x36"
"\x37\x1b\x67\x5d\xa8\x6f\x1f\xa1\x4f\x3a\xdd\xe9\x56\xe6\x1c\xe2\xe2"
"\x1a\x72\x5c\x81\xd4\xa6\x0a\x11\x8d\xc7\x0f\x5f\xeb\x67\x50\x72\xfd"
"\x61\xde\xef\xe7\xab\xa4\x27\x66\x56\x8f\x2a\xb9\x18\x60\xa7\xc4\xf7"
"\x0b\x14\x7d\x0e\x5f\x92\xa6\x0c\xf0\x22\x66\x6c\x02\x84\x80\xf8\x62"
"\xcd\x87\x8a\x43\x1f\x0d\xf7\xa5\x16\xe6\xfc\x19\x12\xaa\x0a\xbe\x60"
"\x8d\x2d\x4d\xca\xbc\xa7\x9a\x12\xce\x7f\xf5\x30\x18\xbd\xd9\x45\xc0"
"\x43\x97\xb6\x76\x5a\x53\x79\x43\x86\x9c\xd6\x0f\xda\x41\x1e\xb5\xa7"
"\xb2\xb2\x40\xa3\x4f\x0f\xaf\x1a\x56\xa3\xbe\x5f\x74\xa1\x26\xc5\xf7"
"\x0e\xe7\x50\x14\x33\xb7\x43\x78\x2f\xb6\x5d\xb5\xb0\x87\x54\x0b\x7f"
"\x82\xbb\x6e\xd3\x9c\xfa\xa1\xac\x22\x0d\x3d\x4e\x2a\xea\x23\x00\x87"
"\x43\x2e\xb2\x84\xc1\x65\x6d\x5e\x01\x89\x79\xb4\xd2\x82\x1f\x02\x68"
"\x7e\xf8\xc4\x42\x16\xa3\xd5\xa2\xd0\xd4\x27\x4e\x05\x79\xd5\x60\x1e"
"\xda\xa4\xdd\x26\xf6\xb4\x76\xe9\xb2\x13\xa2\x0b\xdd\x7e\x65\x1f\xea"
"\xda\x54\x71\xf0\x61\x15\x7e\x57\x45\xfe\x9c\x5f\x46\x50\x26\xec\xb9"
"\x86\xe2\xde\x37\x2b\x20\xdb\x92\x19\x28\xa5\x33\xb4\x42\xcd\xab\x4b"
"\x6b\x52\xb5\x2a\x03\xe3\x7c\x8b\x53\x91\xf5\xa0\x60\x2b\x23\xe7\x73"
"\xf2\x65\x43\x9d\x65\xb1\xee\x7f\xdb\xb3\x57\x4a\x3f\xa6\x9d\x53\x3b"
"\xe6\xc0\x5a\xfa\x44\x44\x6e\x34\xcc\x59\x00\xa0\xbf\x43\x3a\xc2\x0a"
"\xa6\x3c\xe8\x25\xd4\x35\xd8\xc5\x5d\x16\x8f\x91\xd4\x83\x0c\xd8\x97"
"\xe0\x0f\x97\x5a\x44\x71\x0d\x2d\x47\xee\xb8\xf6\x14\xc0\xbf\x82\xff"
"\x71\xed\xc5\x20\x9e\x12\x62\xe7\x30\x7f\x94\x76\x04\x01\x21\xc9\x98"
"\x6a\xa1\x3e\x5f\x08\xca\xfc\x71\x7a\x24\x65\x66\xd0\xc4\x0e\xc7\xf7"
"\xbc\x32\x08\x3a\xc6\x00\x15\xcf\xa1\xd0\x97\x07\x14\xe3\x81\xd4\x6e"
"\x5c\x40\x83\x09\xca\x6f\x90\x82\x8f\xfa\xb8\x1d\xf2\x1f\x6d\xc0\xc8"
"\xf8\x16\xce\xee\x58\x17\xa8\xf0\xed\xfe\xa0\xa5\x1a\x82\xad\x87\x91"
"\x93\x0b\x7d\x48\x66\x0a\x56\x15\xed\xa0\xeb\x53\xec\xa6\x22\xde\x0e"
"\x2f\x34\xa8\x89\xc4\x73\x5a\x80\xd5\x73\xfd\x36\xbe\x96\x69\x3e\x49"
"\xe0\x45\x37\xc8\x20\x27\x43\x4f\x8f\x2f\x8d\x28\x9d\x63\x14\x28\x53"
"\xb5\x06\xad\x6c\x44\x87\xce\x72\x8e\x5f\xf8\x92\xd8\xee\x96\xe8\x38"
"\x68\x9d\x0e\x71\x45\x6f\x11\x72\xf0\x31\xb2\x08\xe4\xe6\x4f\x53\xfe"
"\xca\x2f\xc1\xc5\xf7\xc9\x8c\x1a\x93\x20\x19\x93\x77\xcf\x2e\xa2\xf2"
"\xa9\xa1\x89\xc9\xa0\xdd\x50\xcc\x7f\x49\x05\xb8\x16\x41\x64\x30\x37"
"\xa5\xbb\xa7\xe3\x39\x8f\xde\x6e\x92\x8f\x22\xd2\xa8\x2c\x78\x12\xc8"
"\x16\xb0\x01\x5d\x36\x14\xc7\xb7\x7c\x87\x99\x58\xe3\xc9\xbc\xfc\x18"
"\x02\x5c\x73\x45\xf7\xd9\x14\x79\x13\x58\xaf\x88\x93\x6e\xf4\x60\x42"
"\xe2\xdb\xab\x8b\x93\x90\x2f\x8b\xd7\x3f\xf7\xee\x2e\x30\x27\x1d\x2b"
"\x6e\x90\x8e\x14\x5b\x7c\xfb\xb9\xce\x4d\x61\x76\x91\x77\x5e\xa3\x9d"
"\x3e\x75\xb3\xcc\x27\x17\x29\xe7\xd9\xcb\x97\x63\xc8\xaf\xb4\xf5\x73"
"\x9b\xe3\x98\x5e\xc9\xf0\xba\x2e\x2f\x48\x94\x8e\x13\x28\x61\x90\x33"
"\x00\x03\x4d\x74\x2c\x30\xdc\x93\x07\x0f\xf3\x1a\xea\x79\xa9\xb1\xdf"
"\xd5\xf0\xbc\xe5\xd5\x54\x31\xba\x9b\xf8\xbc\x00\x32\x48\xcf\x77\x44"
"\x38\x2e\x1d\x4c\xc7\x5c\x3b\x6f\xd2\xc6\xe5\xac\x96\x83\x5d\x99\x39"
"\x62\xa8\x77\x2e\x25\x9b\x82\x35\xc1\xf3\x28\xa4\xe8\x71\xd7\x0c\x8e"
"\x59\x8f\x60\x8d\x6c\xde\x86\xb7\xf0\xb5\xf5\x84\x37\x85\xb3\x28",
4096));
NONFAILING(*(uint64_t*)0x20001588 = 0x1000);
NONFAILING(*(uint64_t*)0x20001590 = 0x20001240);
NONFAILING(memcpy((void*)0x20001240,
"\xf8\x7f\xdd\x22\xa1\x3c\x7e\xfa\xe2\x6a", 10));
NONFAILING(*(uint64_t*)0x20001598 = 0xa);
NONFAILING(*(uint64_t*)0x200015a0 = 0x20001280);
NONFAILING(*(uint64_t*)0x200015a8 = 0);
NONFAILING(*(uint64_t*)0x200015b0 = 0x200012c0);
NONFAILING(memcpy(
(void*)0x200012c0,
"\x38\x8e\xc3\x4f\x70\x7d\x5e\x9c\xb3\x22\x82\x11\x70\x93\x70\xb8\x96"
"\x7e\x44\x5a\x9d\xc8\x2b\x56\x45\x55\xa9\x24\x93\xbb\x1e\x8b\x27\xec"
"\x1b\xa5\x59\xf7\xdc\x9b\xbb\xed\xf8\xaf\x0d\xac\xfd\x9e\x69\x73\xde"
"\x94\x07\x47\x5b\xd2\x73\x0e\x07\xa2\x74\x52\xde\xc5\xa8\xf4\x28\x38"
"\xdd\xef\x8c\x6d\x9d\x0c\xc9\xbb\xe1\x04\xfb\xf4\xe5\x23\x1f\x64\x25"
"\x5e\x67\xfe\x1d\x89\x31\x8f\xb6\xfa\x26\x6a\xe1\x93\x74",
99));
NONFAILING(*(uint64_t*)0x200015b8 = 0x63);
NONFAILING(*(uint64_t*)0x200015c0 = 0x20001340);
NONFAILING(memcpy(
(void*)0x20001340,
"\xdc\x5d\x0f\x69\xc7\xb2\xc6\x3b\x5f\x6c\xa1\x9d\x5d\x51\xd1\x58\xe7"
"\xe2\xad\xa9\x7f\x25\x27\xb7\xe9\x2b\x14\x8d\xa1\x0a\x04\x97\xd9\xc9"
"\xa9\x74\xa8\xf5\x75\x59\x82\x8e\xb1\x3b\x21\x2c\x6f\x23\xc0\xbc\xd4"
"\xa5\x0d\x31\x94\x62\xe4\x27\xf1\x53\xc6\x92\xf2\x8b\xd7\x3e\xca\x4f"
"\xf1\x38\xd8\xec\x64\x69\xcb\x35\xbc\xbc\xc1\x54\x6b\xd4\x87\x2f\x80"
"\x0e\x34\xa0\x98\x70\x2d\xc2\x0c\x34\xe1\x8e\xdc\x69\xc9\x8b\x98\x5f"
"\x3a\x77\x78\x18\xff\xbd\xa2\x97\x19\x42\xc7\x96\x01\x29\xf4\xe1\xd7"
"\xfe\xe9\x12\xef\x88\x24\xfc\x78\xd6\x5e\x75",
130));
NONFAILING(*(uint64_t*)0x200015c8 = 0x82);
NONFAILING(*(uint64_t*)0x200015d0 = 0x20001400);
NONFAILING(*(uint64_t*)0x200015d8 = 0);
NONFAILING(*(uint64_t*)0x200015e0 = 0x20001480);
NONFAILING(*(uint64_t*)0x200015e8 = 0);
NONFAILING(*(uint64_t*)0x20002198 = 7);
NONFAILING(*(uint64_t*)0x200021a0 = 0);
NONFAILING(*(uint64_t*)0x200021a8 = 0);
NONFAILING(*(uint32_t*)0x200021b0 = 0x20000800);
NONFAILING(*(uint64_t*)0x200021b8 = 0x20001600);
NONFAILING(*(uint16_t*)0x20001600 = 0);
NONFAILING(*(uint8_t*)0x20001602 = 0);
NONFAILING(*(uint32_t*)0x20001604 = 0x4e24);
NONFAILING(*(uint32_t*)0x200021c0 = 0x6e);
NONFAILING(*(uint64_t*)0x200021c8 = 0x20001b80);
NONFAILING(*(uint64_t*)0x20001b80 = 0x20001680);
NONFAILING(*(uint64_t*)0x20001b88 = 0);
NONFAILING(*(uint64_t*)0x20001b90 = 0x20001700);
NONFAILING(memcpy(
(void*)0x20001700,
"\x96\x3f\x66\x99\xbe\x2b\xd0\x1a\xd8\x92\x29\x51\x13\xda\x63\x3d\xae"
"\x7e\x73\x47\x40\x41\x8a\x07\x78\x7e\x4f\x22\x48\x8d\xf1\xa8\x9b\x8f"
"\x53\xc1\xa0\xac\xec\xf5\x57\x60\xbb\xd3\x82\x57\xe3\x82\xc0\xbc\xd9"
"\x80\x36\xa7\xa0\xa4\x36\x0b\xcb\xf2\x2f\xcc\xd0\xdf\x91\x6e\xcb\xbd"
"\x2f\x4a\x5f\x46\xcc\x46\xf6\x9e\xe1\xa1\xdb\x29\x41\x26\xee\x2f\x4d"
"\x26\x01\x9f\xbd\x69\xda\xd6\xcf\x99\xef\xd6\x2c\xd3\x8c\x93\x81\x36"
"\xb9\xd8\x79\x66\x1a\x8a\x10\xe9\x05\xd6\xa2\x0d\xbc\x1e\xf5\xf2\xb9"
"\xa2\xad\xea\x7f\xb0\x04\xa7\xbd\xee\x6b\xde\x66\x1d\xff\x3d\x2c\x76"
"\xa2\x10\x03\x4e\xb9\xbc\x85\x23\x70\xb6\x42\x3b\x2f\x80\x1f\x73\xa3"
"\x1b\xa9\xbe\xf3\xa3\x9f\xca\x0d\xfa\x08\x4b\x0e\xe5\xff\xeb\xb2\xa6"
"\x26\xb0\xc2\x95\x94\x0e\xff\x81\x09\x02\xab\x19\x9b\x28\x3c\x6b\x9a"
"\x9d\x89\xeb\x1c\x65\xf1\xae\x53\xb6\x79\x37\x87\xca\xba\xed\x21\x6e"
"\x6c\x7a\x75\x01\x05\xb8\x76\x4e\x3e\x4a\x22\x1f\x3c\x7a\x8f\x6d\x7b"
"\x77\x16\xf1\xd4\x38\x50\x0c\x13\x99\x3b\xc6\xac",
233));
NONFAILING(*(uint64_t*)0x20001b98 = 0xe9);
NONFAILING(*(uint64_t*)0x20001ba0 = 0x20001800);
NONFAILING(*(uint64_t*)0x20001ba8 = 0);
NONFAILING(*(uint64_t*)0x20001bb0 = 0x200018c0);
NONFAILING(memcpy((void*)0x200018c0, "\xeb\xbe\x9c\x91\xc8\xc4\x13\x75\x78"
"\x4f\xfe\x2b\x8d\xc5\x9e\x10\xf8\xf6"
"\xa0\x88\x87",
21));
NONFAILING(*(uint64_t*)0x20001bb8 = 0x15);
NONFAILING(*(uint64_t*)0x20001bc0 = 0x20001900);
NONFAILING(memcpy(
(void*)0x20001900,
"\xfb\x92\x59\xe6\xae\xa9\x02\x5e\x52\xd3\x52\x5a\x82\xf6\xb0\x37\xd2"
"\x65\xa2\x85\xf5\x4d\x95\xf4\xf4\x86\xb4\x27\xe5\xed\x3f\x40\x8c\x72"
"\xa6\xce\x2b\x24\x2a\xde\xa9\xee\x0e\xb4\xa6\x23\x74\x63\xb5\x19\xbe"
"\xe2\x61\x32\x3a\xec\xcb\xc4\x84\x07\x32\x86\x23\x98\xc8\x0e\x10\x82"
"\xda\xe1\x2b\x4c\xee\x5f\xd6\xe8\x46\x35\x99\x0d\xaf\xcd\x09\xd6\x05"
"\xd4\xef\xe3\x25\x10\x82\xa4\xfe\x95\xb8\x3c\x19\x27\xca\x43\x67\x72"
"\xfd\x8e\x6d\x98\x6c\x83\x8d\x5f\x5f\x9c\x39\x62\xb1\xa1\x11\x78\x8a"
"\x49\x5b\x4b\x31\x0d\xd6\x75\xcd\x59\x0d\x7a\x01\xf5\xf1\x84\x50\xf9"
"\xa7\x74\xe5\xa1\xc2\x80\x6f\x3d\xba\x74\x36\x5f\xa4\xd9\x8d\x43\xda"
"\xe8\x7b\x6e\x84\x8a\x2a\xe8\x8d\x12\xf4\x9c\x48\xbe\x5d\x0e\x00\x0b"
"\xc8\xff\xab\x06\xb6\xe9\xc6\xc2\x9b\xdb\xf2\xd6\x87\x18\xce\xe2\x2b"
"\x7f\xc6\x0a\xe5\xd6\x4a\x3b\xf8\xc3\xef\x04\xf5\x9d\xde\x17\x16\xf5"
"\x3e\x0e\x66\xe3\xbf\x37\xba\x31\x2e\x3b\xd6\xad\x23\x26\xfd\xfe\x38"
"\xa7\xf8\x10",
224));
NONFAILING(*(uint64_t*)0x20001bc8 = 0xe0);
NONFAILING(*(uint64_t*)0x20001bd0 = 0x20001a00);
NONFAILING(*(uint64_t*)0x20001bd8 = 0);
NONFAILING(*(uint64_t*)0x20001be0 = 0x20001a40);
NONFAILING(*(uint64_t*)0x20001be8 = 0);
NONFAILING(*(uint64_t*)0x20001bf0 = 0x20001b00);
NONFAILING(*(uint64_t*)0x20001bf8 = 0);
NONFAILING(*(uint64_t*)0x20001c00 = 0x20001b40);
NONFAILING(*(uint64_t*)0x20001c08 = 0);
NONFAILING(*(uint64_t*)0x200021d0 = 9);
NONFAILING(*(uint64_t*)0x200021d8 = 0x20001d40);
NONFAILING(*(uint32_t*)0x20001d40 = -1);
NONFAILING(*(uint32_t*)0x20001d44 = -1);
NONFAILING(*(uint32_t*)0x20001d48 = -1);
NONFAILING(*(uint32_t*)0x20001d4c = r[12]);
NONFAILING(*(uint32_t*)0x20001d50 = -1);
NONFAILING(*(uint32_t*)0x20001d54 = -1);
NONFAILING(*(uint32_t*)0x20001d58 = r[13]);
NONFAILING(*(uint32_t*)0x20001d5c = -1);
NONFAILING(memcpy((void*)0x20001d60, "\x00\x00\x00\x00\x20\x00\x00\x00\x00"
"\x00\x00\x00\x01\x00\x00\x00\x01\x00"
"\x00\x00",
20));
NONFAILING(*(uint32_t*)0x20001d74 = r[12]);
NONFAILING(*(uint32_t*)0x20001d78 = r[12]);
NONFAILING(*(uint32_t*)0x20001d7c = -1);
NONFAILING(memcpy((void*)0x20001d80, "\x00\x00\x00\x00", 4));
NONFAILING(*(uint64_t*)0x200021e0 = 0x44);
NONFAILING(*(uint32_t*)0x200021e8 = 0x4000000);
NONFAILING(*(uint64_t*)0x200021f0 = 0x20001dc0);
NONFAILING(*(uint16_t*)0x20001dc0 = 0x89b8);
NONFAILING(*(uint8_t*)0x20001dc2 = 0);
NONFAILING(*(uint32_t*)0x20001dc4 = 0x4e24);
NONFAILING(*(uint32_t*)0x200021f8 = 0x6e);
NONFAILING(*(uint64_t*)0x20002200 = 0x20001ec0);
NONFAILING(*(uint64_t*)0x20001ec0 = 0x20001e40);
NONFAILING(*(uint64_t*)0x20001ec8 = 0);
NONFAILING(*(uint64_t*)0x20002208 = 1);
NONFAILING(*(uint64_t*)0x20002210 = 0x20002140);
NONFAILING(*(uint64_t*)0x20002140 = 0x20);
NONFAILING(*(uint32_t*)0x20002148 = 1);
NONFAILING(*(uint32_t*)0x2000214c = 2);
NONFAILING(*(uint32_t*)0x20002150 = 0);
NONFAILING(*(uint32_t*)0x20002154 = r[14]);
NONFAILING(*(uint32_t*)0x20002158 = 0);
NONFAILING(*(uint64_t*)0x20002218 = 0x20);
NONFAILING(*(uint32_t*)0x20002220 = 0x24000800);
syscall(__NR_sendmmsg, r[12], 0x20002180, 3, 4);
break;
case 52:
NONFAILING(*(uint32_t*)0x200001c0 = 0);
syscall(__NR_setsockopt, -1, 0x84, 0x78, 0x200001c0, 4);
break;
case 53:
NONFAILING(*(uint32_t*)0x200016c0 = 0);
NONFAILING(*(uint32_t*)0x200016c4 = 0);
NONFAILING(*(uint32_t*)0x200016c8 = 0);
NONFAILING(*(uint32_t*)0x200016cc = 0);
NONFAILING(*(uint32_t*)0x200016d0 = 0);
NONFAILING(*(uint32_t*)0x200016d4 = 0);
syz_emit_ethernet(1, 0x20000040, 0x200016c0);
break;
case 54:
NONFAILING(*(uint32_t*)0x200000c0 = 0xe);
res = syscall(__NR_accept4, -1, 0x20000080, 0x200000c0, 0x80000);
if (res != -1)
r[15] = res;
break;
case 55:
NONFAILING(*(uint32_t*)0x20000100 = 0x8f0);
syscall(__NR_setsockopt, r[15], 0x112, 0xa, 0x20000100, 4);
break;
case 56:
NONFAILING(memcpy((void*)0x20000300,
"\x29\x5e\xe1\x01\x04\x12\xd4\x77\x67\x10\x70", 11));
syscall(__NR_ioctl, -1, 0x4000008912, 0x20000300);
break;
case 57:
syscall(__NR_socket, 0x26, 5, 0);
break;
case 58:
NONFAILING(*(uint64_t*)0x20000180 = 0x20000080);
NONFAILING(*(uint16_t*)0x20000080 = 0x10);
NONFAILING(*(uint16_t*)0x20000082 = 0);
NONFAILING(*(uint32_t*)0x20000084 = 0);
NONFAILING(*(uint32_t*)0x20000088 = 0);
NONFAILING(*(uint32_t*)0x20000188 = 0xc);
NONFAILING(*(uint64_t*)0x20000190 = 0x20000140);
NONFAILING(*(uint64_t*)0x20000140 = 0x20000240);
NONFAILING(*(uint64_t*)0x20000148 = 0);
NONFAILING(*(uint64_t*)0x20000198 = 1);
NONFAILING(*(uint64_t*)0x200001a0 = 0);
NONFAILING(*(uint64_t*)0x200001a8 = 0);
NONFAILING(*(uint32_t*)0x200001b0 = 0);
syscall(__NR_sendmsg, -1, 0x20000180, 0xc000);
break;
case 59:
res = syscall(__NR_socket, 0x29, 2, 0);
if (res != -1)
r[16] = res;
break;
case 60:
syscall(__NR_ioctl, r[16], 0x8912, 0x20000000);
break;
case 61:
res = syscall(__NR_socket, 0x10, 3, 0);
if (res != -1)
r[17] = res;
break;
case 62:
NONFAILING(memcpy(
(void*)0x20000080,
"\x67\x72\x65\x74\x61\x70\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16));
syscall(__NR_ioctl, r[17], 0x89a0, 0x20000080);
break;
case 63:
syscall(__NR_socket, 0xd, 0x803, 1);
break;
case 64:
syscall(__NR_socket, 0x2018, 0, 0);
break;
case 65:
NONFAILING(*(uint32_t*)0x20000000 = 0x80);
syscall(__NR_accept, -1, 0x20000080, 0x20000000);
break;
case 66:
syscall(__NR_socket, 0xa, 1, 0);
break;
case 67:
syscall(__NR_socket, 2, 6, 0);
break;
case 68:
res = syscall(__NR_socket, 0x10, 3, 0x8000000004);
if (res != -1)
r[18] = res;
break;
case 69:
syscall(__NR_ioctl, r[18], 0x100, 0x20000000);
break;
case 70:
NONFAILING(*(uint64_t*)0x20e11ff0 = 0x20000140);
NONFAILING(*(uint64_t*)0x20e11ff8 = 0);
syscall(__NR_writev, r[18], 0x20e11ff0, 1);
break;
case 71:
NONFAILING(*(uint32_t*)0x200000c0 = r[18]);
NONFAILING(*(uint32_t*)0x200000c4 = 0);
NONFAILING(*(uint64_t*)0x200000c8 = 1);
NONFAILING(*(uint64_t*)0x200000d0 = 3);
NONFAILING(*(uint64_t*)0x200000d8 = 5);
syscall(__NR_ioctl, r[18], 0x4020940d, 0x200000c0);
break;
case 72:
res = syscall(__NR_socket, 0xa, 1, 0);
if (res != -1)
r[19] = res;
break;
case 73:
syscall(__NR_ioctl, r[19], 0x4000008912, 0x20000100);
break;
case 74:
NONFAILING(*(uint32_t*)0x20000000 = 2);
syscall(__NR_setsockopt, r[19], 0x29, 1, 0x20000000, 4);
break;
case 75:
syscall(__NR_socket, 2, 2, 0);
break;
case 76:
res = syscall(__NR_socket, 0xa, 0x1000000000002, 0);
if (res != -1)
r[20] = res;
break;
case 77:
NONFAILING(memcpy((void*)0x20000280,
"\x02\x5c\xc8\x3d\x6d\x34\x5f\x8f\x76\x00\x70", 11));
syscall(__NR_ioctl, r[20], 0x8912, 0x20000280);
break;
case 78:
syscall(__NR_socketpair, 2, 6, 0, 0x20000000);
break;
case 79:
syscall(__NR_socket, 0x26, 5, 0);
break;
case 80:
res = syscall(__NR_socket, 0xa, 1, 0xab);
if (res != -1)
r[21] = res;
break;
case 81:
NONFAILING(memcpy((void*)0x20000100,
"\x29\x5e\xe1\x31\x1f\x16\xf4\x77\x67\x10\x70", 11));
syscall(__NR_ioctl, r[21], 0x4000008912, 0x20000100);
break;
case 82:
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[22] = res;
break;
case 83:
NONFAILING(*(uint32_t*)0x20000080 = 5);
NONFAILING(*(uint32_t*)0x20000084 = 5);
NONFAILING(*(uint32_t*)0x20000088 = 0x3f);
NONFAILING(*(uint32_t*)0x2000008c = 0xbd4);
NONFAILING(*(uint32_t*)0x20000090 = 4);
NONFAILING(*(uint64_t*)0x20000098 = 0x7f);
syscall(__NR_ioctl, -1, 0xc0206416, 0x20000080);
break;
case 84:
NONFAILING(*(uint32_t*)0x20000100 = 1);
NONFAILING(memcpy(
(void*)0x20000104,
"\x69\x72\x6c\x61\x6e\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16));
NONFAILING(*(uint32_t*)0x20000114 = 1);
syscall(__NR_setsockopt, r[22], 0, 0x48c, 0x20000100, 0x18);
break;
case 85:
NONFAILING(*(uint32_t*)0x20000100 = 0);
syscall(__NR_setsockopt, -1, 0x10e, 2, 0x20000100, 4);
break;
case 86:
res = syscall(__NR_socket, 0x2b, 1, 0);
if (res != -1)
r[23] = res;
break;
case 87:
NONFAILING(*(uint32_t*)0x20001800 = 4);
NONFAILING(*(uint64_t*)0x20001808 = 0x200017c0);
NONFAILING(*(uint32_t*)0x200017c0 = 0x3e6);
NONFAILING(*(uint32_t*)0x200017c4 = 5);
NONFAILING(*(uint32_t*)0x200017c8 = 2);
NONFAILING(*(uint32_t*)0x200017cc = 8);
syscall(__NR_ioctl, -1, 0x4010641a, 0x20001800);
break;
case 88:
syscall(__NR_listen, r[23], 0);
break;
case 89:
NONFAILING(*(uint32_t*)0x200005c0 = 0);
NONFAILING(*(uint32_t*)0x200005c4 = 0);
NONFAILING(*(uint64_t*)0x200005c8 = 3);
res = syscall(__NR_ioctl, -1, 0xc010640b, 0x200005c0);
if (res != -1)
NONFAILING(r[24] = *(uint32_t*)0x200005c4);
break;
case 90:
NONFAILING(*(uint32_t*)0x20001740 = 0);
NONFAILING(*(uint32_t*)0x20001744 = r[24]);
NONFAILING(*(uint64_t*)0x20001748 = 3);
res = syscall(__NR_ioctl, -1, 0xc010640b, 0x20001740);
if (res != -1)
NONFAILING(r[25] = *(uint32_t*)0x20001740);
break;
case 91:
NONFAILING(*(uint32_t*)0x200000c0 = 0);
NONFAILING(*(uint32_t*)0x200000c4 = r[25]);
syscall(__NR_ioctl, 0xffffff9c, 0xc008640a, 0x200000c0);
break;
case 92:
NONFAILING(*(uint32_t*)0x20002840 = 0x1000);
syscall(__NR_getsockopt, -1, 1, 0x37, 0x20001840, 0x20002840);
break;
case 93:
NONFAILING(*(uint32_t*)0x200002c0 = 8);
syscall(__NR_getsockopt, r[23], 1, 0x39, 0x20000280, 0x200002c0);
break;
case 94:
NONFAILING(*(uint32_t*)0x20000200 = 4);
NONFAILING(*(uint64_t*)0x20000208 = 0x200001c0);
syscall(__NR_ioctl, -1, 0xc0106426, 0x20000200);
break;
case 95:
NONFAILING(*(uint32_t*)0x20000080 = 0x68);
syscall(__NR_getsockopt, r[23], 0, 0x483, 0x20000000, 0x20000080);
break;
case 96:
syscall(__NR_socket, 0x18, 1, 0);
break;
}
}
void execute_one()
{
execute(97);
collide = 1;
execute(97);
}
int main()
{
syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
install_segv_handler();
char* cwd = get_current_dir_name();
for (;;) {
if (chdir(cwd))
fail("failed to chdir");
use_temporary_dir();
int pid = do_sandbox_none();
int status = 0;
while (waitpid(pid, &status, __WALL) != pid) {
}
}
}