// https://syzkaller.appspot.com/bug?id=cfcd564d1a32fcb10bc54f1dcbd9b2bd0afa0948 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif static unsigned long long procid; static __thread int clone_ongoing; static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { if (__atomic_load_n(&clone_ongoing, __ATOMIC_RELAXED) != 0) { exit(sig); } uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ ({ \ int ok = 1; \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } else \ ok = 0; \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ ok; \ }) static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static int runcmdline(char* cmdline) { int ret = system(cmdline); if (ret) { } return ret; } #define MAX_FDS 30 //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } else if (strncmp(fs, "gfs2", 4) == 0 && (strstr(opts, "errors=panic") || strstr(opts, "debug"))) { strcat(opts, ",errors=withdraw"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } static void setup_gadgetfs(); static void setup_binderfs(); static void setup_fusectl(); static void sandbox_common_mount_tmpfs(void) { write_file("/proc/sys/fs/mount-max", "100000"); if (mkdir("./syz-tmp", 0777)) exit(1); if (mount("", "./syz-tmp", "tmpfs", 0, NULL)) exit(1); if (mkdir("./syz-tmp/newroot", 0777)) exit(1); if (mkdir("./syz-tmp/newroot/dev", 0700)) exit(1); unsigned bind_mount_flags = MS_BIND | MS_REC | MS_PRIVATE; if (mount("/dev", "./syz-tmp/newroot/dev", NULL, bind_mount_flags, NULL)) exit(1); if (mkdir("./syz-tmp/newroot/proc", 0700)) exit(1); if (mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL)) exit(1); if (mkdir("./syz-tmp/newroot/selinux", 0700)) exit(1); const char* selinux_path = "./syz-tmp/newroot/selinux"; if (mount("/selinux", selinux_path, NULL, bind_mount_flags, NULL)) { if (errno != ENOENT) exit(1); if (mount("/sys/fs/selinux", selinux_path, NULL, bind_mount_flags, NULL) && errno != ENOENT) exit(1); } if (mkdir("./syz-tmp/newroot/sys", 0700)) exit(1); if (mount("/sys", "./syz-tmp/newroot/sys", 0, bind_mount_flags, NULL)) exit(1); if (mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, bind_mount_flags, NULL) && errno != ENOENT) exit(1); if (mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, bind_mount_flags, NULL) && errno != ENOENT) exit(1); if (mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, bind_mount_flags, NULL) && errno != ENOENT) exit(1); if (mkdir("./syz-tmp/newroot/syz-inputs", 0700)) exit(1); if (mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, bind_mount_flags | MS_RDONLY, NULL) && errno != ENOENT) exit(1); if (mkdir("./syz-tmp/pivot", 0777)) exit(1); if (syscall(SYS_pivot_root, "./syz-tmp", "./syz-tmp/pivot")) { if (chdir("./syz-tmp")) exit(1); } else { if (chdir("/")) exit(1); if (umount2("./pivot", MNT_DETACH)) exit(1); } if (chroot("./newroot")) exit(1); if (chdir("/")) exit(1); setup_gadgetfs(); setup_binderfs(); setup_fusectl(); } static void setup_gadgetfs() { if (mkdir("/dev/gadgetfs", 0777)) { } if (mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL)) { } } static void setup_fusectl() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void setup_binderfs() { if (mkdir("/dev/binderfs", 0777)) { } if (mount("binder", "/dev/binderfs", "binder", 0, NULL)) { } if (symlink("/dev/binderfs", "./binderfs")) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); if (getppid() == 1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } write_file("/proc/sys/net/ipv4/ping_group_range", "0 65535"); sandbox_common_mount_tmpfs(); loop(); exit(1); } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void close_fds() { for (int fd = 3; fd < MAX_FDS; fd++) close(fd); } static void setup_sysctl() { int cad_pid = fork(); if (cad_pid < 0) exit(1); if (cad_pid == 0) { for (;;) sleep(100); } char tmppid[32]; snprintf(tmppid, sizeof(tmppid), "%d", cad_pid); struct { const char* name; const char* data; } files[] = { {"/sys/kernel/debug/x86/nmi_longest_ns", "10000000000"}, {"/proc/sys/kernel/hung_task_check_interval_secs", "20"}, {"/proc/sys/net/core/bpf_jit_kallsyms", "1"}, {"/proc/sys/net/core/bpf_jit_harden", "0"}, {"/proc/sys/kernel/kptr_restrict", "0"}, {"/proc/sys/kernel/softlockup_all_cpu_backtrace", "1"}, {"/proc/sys/fs/mount-max", "100"}, {"/proc/sys/vm/oom_dump_tasks", "0"}, {"/proc/sys/debug/exception-trace", "0"}, {"/proc/sys/kernel/printk", "7 4 1 3"}, {"/proc/sys/kernel/keys/gc_delay", "1"}, {"/proc/sys/vm/oom_kill_allocating_task", "1"}, {"/proc/sys/kernel/ctrl-alt-del", "0"}, {"/proc/sys/kernel/cad_pid", tmppid}, }; for (size_t i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].name, files[i].data)) { } } kill(cad_pid, SIGKILL); while (waitpid(cad_pid, NULL, 0) != cad_pid) ; } #define SWAP_FILE "./swap-file" #define SWAP_FILE_SIZE (128 * 1000 * 1000) static const char* setup_swap() { swapoff(SWAP_FILE); unlink(SWAP_FILE); int fd = open(SWAP_FILE, O_CREAT | O_WRONLY | O_CLOEXEC, 0600); if (fd == -1) return "swap file open failed"; fallocate(fd, FALLOC_FL_ZERO_RANGE, 0, SWAP_FILE_SIZE); close(fd); char cmdline[64]; sprintf(cmdline, "mkswap %s", SWAP_FILE); if (runcmdline(cmdline)) return "mkswap failed"; if (swapon(SWAP_FILE, SWAP_FLAG_PREFER) == 1) return "swapon failed"; return NULL; } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); close_fds(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // syz_mount_image$ext4 arguments: [ // fs: ptr[in, buffer] { // buffer: {65 78 74 34 00} (length 0x5) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: mount_flags = 0x446 (8 bytes) // opts: ptr[in, fs_options[ext4_options]] { // fs_options[ext4_options] { // elems: array[fs_opt_elem[ext4_options]] { // fs_opt_elem[ext4_options] { // elem: union ext4_options { // stripe: fs_opt["stripe", fmt[hex, int32]] { // name: buffer: {73 74 72 69 70 65} (length 0x6) // eq: const = 0x3d (1 bytes) // val: int32 = 0x2 (18 bytes) // } // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // journal_dev: fs_opt["journal_dev", fmt[hex, int32]] { // name: buffer: {6a 6f 75 72 6e 61 6c 5f 64 65 76} (length // 0xb) eq: const = 0x3d (1 bytes) val: int32 = 0x1045 (18 // bytes) // } // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // oldalloc: buffer: {6f 6c 64 61 6c 6c 6f 63} (length 0x8) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // noquota: buffer: {6e 6f 71 75 6f 74 61} (length 0x7) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // minixdf: buffer: {6d 69 6e 69 78 64 66} (length 0x7) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // barrier_val: fs_opt["barrier", fmt[hex, int32]] { // name: buffer: {62 61 72 72 69 65 72} (length 0x7) // eq: const = 0x3d (1 bytes) // val: int32 = 0x2 (18 bytes) // } // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // delalloc: buffer: {64 65 6c 61 6c 6c 6f 63} (length 0x8) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // nojournal_checksum: buffer: {6e 6f 6a 6f 75 72 6e 61 6c 5f 63 // 68 65 63 6b 73 75 6d} (length 0x12) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // orlov: buffer: {6f 72 6c 6f 76} (length 0x5) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // user_xattr: buffer: {75 73 65 72 5f 78 61 74 74 72} (length // 0xa) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // quota: buffer: {71 75 6f 74 61} (length 0x5) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // delalloc: buffer: {64 65 6c 61 6c 6c 6f 63} (length 0x8) // } // comma: const = 0x2c (1 bytes) // } // } // common: array[fs_opt_elem[fs_options_common]] { // } // null: const = 0x0 (1 bytes) // } // } // chdir: int8 = 0x1 (1 bytes) // size: len = 0x553 (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x553) // } // ] // returns fd_dir NONFAILING(memcpy((void*)0x200000000040, "ext4\000", 5)); NONFAILING(memcpy((void*)0x200000000000, "./file1\000", 8)); NONFAILING(memcpy((void*)0x200000000080, "stripe", 6)); NONFAILING(*(uint8_t*)0x200000000086 = 0x3d); NONFAILING(sprintf((char*)0x200000000087, "0x%016llx", (long long)2)); NONFAILING(*(uint8_t*)0x200000000099 = 0x2c); NONFAILING(memcpy((void*)0x20000000009a, "journal_dev", 11)); NONFAILING(*(uint8_t*)0x2000000000a5 = 0x3d); NONFAILING(sprintf((char*)0x2000000000a6, "0x%016llx", (long long)0x1045)); NONFAILING(*(uint8_t*)0x2000000000b8 = 0x2c); NONFAILING(memcpy((void*)0x2000000000b9, "oldalloc", 8)); NONFAILING(*(uint8_t*)0x2000000000c1 = 0x2c); NONFAILING(memcpy((void*)0x2000000000c2, "noquota", 7)); NONFAILING(*(uint8_t*)0x2000000000c9 = 0x2c); NONFAILING(memcpy((void*)0x2000000000ca, "minixdf", 7)); NONFAILING(*(uint8_t*)0x2000000000d1 = 0x2c); NONFAILING(memcpy((void*)0x2000000000d2, "barrier", 7)); NONFAILING(*(uint8_t*)0x2000000000d9 = 0x3d); NONFAILING(sprintf((char*)0x2000000000da, "0x%016llx", (long long)2)); NONFAILING(*(uint8_t*)0x2000000000ec = 0x2c); NONFAILING(memcpy((void*)0x2000000000ed, "delalloc", 8)); NONFAILING(*(uint8_t*)0x2000000000f5 = 0x2c); NONFAILING(memcpy((void*)0x2000000000f6, "nojournal_checksum", 18)); NONFAILING(*(uint8_t*)0x200000000108 = 0x2c); NONFAILING(memcpy((void*)0x200000000109, "orlov", 5)); NONFAILING(*(uint8_t*)0x20000000010e = 0x2c); NONFAILING(memcpy((void*)0x20000000010f, "user_xattr", 10)); NONFAILING(*(uint8_t*)0x200000000119 = 0x2c); NONFAILING(memcpy((void*)0x20000000011a, "quota", 5)); NONFAILING(*(uint8_t*)0x20000000011f = 0x2c); NONFAILING(memcpy((void*)0x200000000120, "delalloc", 8)); NONFAILING(*(uint8_t*)0x200000000128 = 0x2c); NONFAILING(*(uint8_t*)0x200000000129 = 0); NONFAILING(memcpy( (void*)0x200000001080, "\x78\x9c\xec\xdd\xdf\x6b\x5b\x55\x1c\x00\xf0\xef\x4d\xdb\xfd\xd6\x75\x30" "\x86\x8a\x48\x61\x0f\x4e\xe6\xd2\xb5\xf5\xc7\x04\x1f\xe6\xa3\xe8\x70\xa0" "\xef\x33\xb4\x77\x65\x34\x59\x46\x93\x8e\xb5\x0e\xdc\x1e\xdc\x8b\x2f\x32" "\x04\x11\x07\xe2\xbb\xbe\xfb\x38\xfc\x07\xfc\x2b\x06\x3a\x18\x32\x8a\x3e" "\xf8\x12\xb9\xe9\x4d\x97\xad\x49\x9b\x75\xd9\xd2\x99\xcf\x07\x6e\x39\x27" "\xf7\x26\xe7\x7e\x73\xef\xf7\xf4\xdc\x9c\x1b\x12\xc0\xd0\x9a\xc8\xfe\x14" "\x22\x5e\x8e\x88\x6f\x92\x88\x83\x11\x91\xe4\xeb\x46\x23\x5f\x39\xb1\xb6" "\xdd\xea\xfd\xab\xb3\xd9\x92\x44\xa3\xf1\xe9\x5f\x49\x73\xbb\xac\xde\x7a" "\xad\xd6\xf3\xf6\xe7\x95\x97\x22\xe2\xb7\xaf\x22\x8e\x17\x36\xb6\x5b\x5b" "\x5e\x59\x28\x95\xcb\xe9\x62\x5e\x9f\xac\x57\x2e\x4d\xd6\x96\x57\x4e\x5c" "\xa8\x94\xe6\xd3\xf9\xf4\xe2\xf4\xcc\xcc\xa9\xb7\x67\xa6\xdf\x7b\xf7\x9d" "\xbe\xc5\xfa\xc6\xd9\x7f\xbe\xff\xe4\xf6\x87\xa7\xbe\x3e\xba\xfa\xdd\x2f" "\x77\x0f\xdd\x4c\xe2\x74\x1c\xc8\xd7\xb5\xc7\xf1\x04\xae\xb5\x57\x26\x62" "\x22\x7f\x4f\xc6\xe2\xf4\x23\x1b\x4e\xf5\xa1\xb1\x9d\x24\x19\xf4\x0e\xb0" "\x2d\x23\x79\x9e\x8f\x45\xd6\x07\x1c\x8c\x91\x3c\xeb\x81\xff\xbf\x2f\x23" "\xa2\x01\x0c\xa9\x44\xfe\xc3\x90\x6a\x8d\x03\x5a\xd7\xf6\x7d\xba\x0e\x7e" "\x6e\xdc\xfb\x60\xed\x02\x68\x63\xfc\xa3\x6b\x9f\x8d\xc4\x9e\xe6\xb5\xd1" "\xbe\xd5\xe4\xa1\x2b\xa3\xec\x7a\x77\xbc\x0f\xed\x67\x6d\xfc\xfa\xe7\xad" "\x9b\xd9\x12\xfd\xfb\x1c\x02\x60\x4b\xd7\xae\x47\xc4\xc9\xd1\xd1\x8d\xfd" "\x5f\x92\xf7\x7f\xdb\x77\xb2\x87\x6d\x1e\x6d\x43\xff\x07\xcf\xce\xed\x6c" "\xfc\xf3\x66\xa7\xf1\x4f\x61\x7d\xfc\x13\x1d\xc6\x3f\xfb\x3b\xe4\xee\x76" "\x6c\x9d\xff\x85\xbb\x7d\x68\xa6\xab\x6c\xfc\xf7\x7e\xc7\xf1\xef\xfa\xa4" "\xd5\xf8\x48\x5e\x7b\xa1\x39\xe6\x1b\x4b\xce\x5f\x28\xa7\x59\xdf\xf6\x62" "\x44\x1c\x8b\xb1\xdd\x59\x7d\xb3\xf9\x9c\x53\xab\x77\x1a\xdd\xd6\xb5\x8f" "\xff\xb2\x25\x6b\xbf\x35\x16\xcc\xf7\xe3\xee\xe8\xee\x87\x9f\x33\x57\xaa" "\x97\x9e\x24\xe6\x76\xf7\xae\x47\xbc\xd2\x71\xfc\x9b\xac\x1f\xff\xa4\xc3" "\xf1\xcf\xde\x8f\xb3\x3d\xb6\x71\x24\xbd\xf5\x5a\xb7\x75\x5b\xc7\xff\x74" "\x35\x7e\x8a\x78\xbd\xe3\xf1\x7f\x30\xa3\x95\x6c\x3e\x3f\x39\xd9\x3c\x1f" "\x26\x5b\x67\xc5\x46\x7f\xdf\x38\xf2\x7b\xb7\xf6\x07\x1d\x7f\x76\xfc\xf7" "\x6d\x1e\xff\x78\xd2\x3e\x5f\x5b\x7b\xfc\x36\x7e\xdc\xf3\x6f\xda\x6d\xdd" "\x43\xf1\x47\xef\xe7\xff\xae\xe4\xb3\x66\x79\x57\xfe\xd8\x95\x52\xbd\xbe" "\x38\x15\xb1\x2b\xf9\x78\xe3\xe3\xd3\x0f\x9e\xdb\xaa\xb7\xb6\xcf\xe2\x3f" "\x76\x74\xf3\xfe\xaf\xd3\xf9\xbf\x37\x22\x3e\xef\x31\xfe\x1b\x87\x7f\x7e" "\xb5\xa7\xf8\x07\x74\xfc\xe7\x1e\xeb\xf8\x3f\x7e\xe1\xce\x47\x5f\xfc\xd0" "\xad\xfd\xde\xfa\xbf\xb7\x9a\xa5\x63\xf9\x23\xbd\xf4\x7f\xbd\xee\xe0\x93" "\xbc\x77\x00\x00\x00\x00\x00\x00\xb0\xd3\x14\x22\xe2\x40\x24\x85\xe2\x7a" "\xb9\x50\x28\x16\xd7\xee\xef\x38\x1c\xfb\x0a\xe5\x6a\xad\x7e\xfc\x7c\x75" "\xe9\xe2\x5c\x34\xbf\x2b\x3b\x1e\x63\x85\xd6\x4c\xf7\xc1\xb6\xfb\x21\xa6" "\xf2\xfb\x61\x5b\xf5\xe9\x47\xea\x33\x11\x71\x28\x22\xbe\x1d\xd9\xdb\xac" "\x17\x67\xab\xe5\xb9\x41\x07\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x3b\xc4\xfe\x2e\xdf\xff\xcf\xfc\x31\x32\xe8\xbd\x03" "\x9e\x3a\x3f\xf9\x0d\xc3\x6b\xcb\xfc\xef\xc7\x2f\x3d\x01\x3b\x92\xff\xff" "\x30\xbc\xe4\x3f\x0c\x2f\xf9\x0f\xc3\x4b\xfe\xc3\xf0\x92\xff\x30\xbc\xe4" "\x3f\x0c\x2f\xf9\x0f\xc3\x4b\xfe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x5f\x9d\x3d\x73\x26\x5b" "\x1a\xab\xf7\xaf\xce\x66\xf5\xb9\xcb\xcb\x4b\x0b\xd5\xcb\x27\xe6\xd2\xda" "\x42\xb1\xb2\x34\x5b\x9c\xad\x2e\x5e\x2a\xce\x57\xab\xf3\xe5\xb4\x38\x5b" "\xad\x6c\xf5\x7a\xe5\x6a\xf5\xd2\xd4\x74\x2c\x5d\x99\xac\xa7\xb5\xfa\x64" "\x6d\x79\xe5\x5c\xa5\xba\x74\xb1\x7e\xee\x42\xa5\x34\x9f\x9e\x4b\xc7\x9e" "\x49\x54\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0" "\x7c\xa9\x2d\xaf\x2c\x94\xca\xe5\x74\x51\x41\x61\x5b\x85\xd1\x9d\xb1\x1b" "\x0a\x7d\x2e\x0c\xba\x67\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x80\x07\xfe\x0b\x00\x00\xff\xff\xe8\x06\x37\xb1", 1363)); NONFAILING( syz_mount_image(/*fs=*/0x200000000040, /*dir=*/0x200000000000, /*flags=MS_NOSUID|MS_NODEV|MS_NOATIME|MS_MANDLOCK*/ 0x446, /*opts=*/0x200000000080, /*chdir=*/1, /*size=*/0x553, /*img=*/0x200000001080)); // openat arguments: [ // fd: fd_dir (resource) // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: open_flags = 0x42 (4 bytes) // mode: open_mode = 0x0 (2 bytes) // ] // returns fd NONFAILING(memcpy((void*)0x200000000040, "./file1\000", 8)); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000040ul, /*flags=O_CREAT|O_RDWR*/ 0x42, /*mode=*/0); if (res != -1) r[0] = res; // pwrite64 arguments: [ // fd: fd (resource) // buf: ptr[in, buffer] { // buffer: {32} (length 0x1) // } // count: len = 0x1 (8 bytes) // pos: intptr = 0x8000c61 (8 bytes) // ] NONFAILING(memset((void*)0x200000000140, 50, 1)); syscall(__NR_pwrite64, /*fd=*/r[0], /*buf=*/0x200000000140ul, /*count=*/1ul, /*pos=*/0x8000c61ul); // openat arguments: [ // fd: fd_dir (resource) // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: open_flags = 0x101042 (4 bytes) // mode: open_mode = 0x35 (2 bytes) // ] // returns fd NONFAILING(memcpy((void*)0x200000000040, "./file1\000", 8)); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000040ul, /*flags=O_SYNC|O_CREAT|O_RDWR*/ 0x101042, /*mode=S_IXOTH|S_IROTH|S_IWGRP|S_IRGRP*/ 0x35); if (res != -1) r[1] = res; // pwrite64 arguments: [ // fd: fd (resource) // buf: ptr[in, buffer] { // buffer: {32} (length 0x1) // } // count: len = 0xfdef (8 bytes) // pos: intptr = 0xfecc (8 bytes) // ] NONFAILING(memset((void*)0x200000000140, 50, 1)); syscall(__NR_pwrite64, /*fd=*/r[1], /*buf=*/0x200000000140ul, /*count=*/0xfdeful, /*pos=*/0xfeccul); // setxattr$trusted_overlay_upper arguments: [ // path: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // name: ptr[in, buffer] { // buffer: {74 72 75 73 74 65 64 2e 6f 76 65 72 6c 61 79 2e 75 70 70 65 // 72 00} (length 0x16) // } // val: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {d0 a2 d8 32 7e f1 38 c6 2c 89 12 4c ac 49 a8 c3 // 28 ee e8 e5 1f df 5d 37 d7 16 84 e3 cf e9 ea a8 66 71 5c 02 34 22 // e2 28 a5 58 c5 bf 63 11 7a 1a 0b 20 b9 8a f8 45 e8 75 47 fa 54 f6 // 03 6d 88 1c f7 bb ed cc c8 a2 b7 60 bd c5 33 c9 02 ac dd cd ce dc // 3b 4c 0e 22 26 02 49 6b a6 e1 3f 1c e9 89 98 07 53 70 9e 81 c9 3c // 81 4f 5c f3 87 fc fa 6f 8f d7 b3 1c b3 af a0 9c 06 42 19 8e f1 12 // e1 f7 66 7b ab 57 b0 6a 4d 24 ea 2d 1e a6 c2 ac 9a ce 6f 21 5d 55 // ff f2 a6 c4 be da 32 76 ea f4 a7 a9 49 01 c9 33 ba 5e dd 25 db 98 // 6c 16 77 fe 90 11 e7 f3 b6 9c 3f eb 0f 95 0b 58 f6 09 e2 00 d2 f8 // c0 15 fa db a4 22 89 d3 1a f5 4e 98 19 2f c6 21 b3 b7 45 07 1d bb // 96 7b 87 d3 fa d4 dc 64 a1 fb 5f 63 e9 ec f9 d3 59 bf 3c 42 ce e7 // b4 bd 5b aa 28 d4 a7 04 ef 4f 4a d1 29 ce 99 f8 66 f7 0c 64 b8 f4 // 79 6c a9 7d 40 6e f2 53 15 0d 58 fd fd a3 25 72 8a 18 fe fb fd e5 // 42 5c 5e e1 e0 ad ec 89 a5 a2 61 54 c4 02 41 5f b5 b2 23 cb c4 fd // 2e 66 7f c9 c2 fd 84 6a 57 56 af fa c0 fa c4 84 f5 be 8d 86 b7 06 // 4b 53 1b ff 94 83 11 02 e6 57 6b 8b 4c 38 af 4a 8b 76 28 e0 a1 b2 // 53 c2 48 69 b6 11 ec 36 8b e2 78 aa d0 1e 0d 66 a7 2c 69 3c f9 ea // cb 3d c1 d7 64 d9 81 e5 43 d1 92 f9 9c 85 76 2c d8 9c 8e 1b 8d 3d // 5f 1f b1 ba 3d dd 42 d1 6a c5 38 76 26 51 c3 67 16 20 be b8 4d 95 // 66 15 27 1b 86 0a 26 9c ec 68 d6 6d be e8 c5 31 47 4c 35 66 03 b9 // 81 3b 39 96 66 ed a4 57 c3 62 f0 d4 40 5c af 30 80 c5 82 58 24 d9 // 63 45 d6 d1 71 eb 79 8e b8 85 1a a2 c0 d2 c9 9f a0 e5 e5 96 71 51 // 8f 6d 95 10 90 a5 1a f0 ea b6 74 de 9e 95 c6 66 2f d7 53 c2 e2 6e // 52 47 3c 35 2d 70 39 c2 fa cb 51 62 06 fd 1f 65 ec b2 60 d4 87 ff // a7 dd 53 68 4b 08 ca 18 c2 5c 2c 73 1d 16 73 68 65 73 be c1 88 a1 // 9c a1 7e ff de 88 23 96 75 48 ac e4 6f 7b e0 22 e2 e1 a9 c4 4b f0 // b7 aa 09 8b c3 2c 84 74 d0 48 85 70 28 8b 55 18 78 ed 88 ac cb b4 // 27 ca d3 71 40 19 ee 53 96 22 3a 4d 62 e6 e1 c6 73 ad c5 3c 2d 24 // 6b 2d 3b c4 3c 54 69 b3 fe 00 0c f1 2d de ff d5 1b aa c2 d6 e1 a7 // 34 92 49 77 16 54 e4 60 5c 27 3f f5 f9 46 01 27 3e 08 91 f6 0a 17 // 9f 81 4c 91 27 87 60 76 b3 a6 1a 06 b1 41 4b ca ed 62 81 25 42 ee // f4 7b c8 d3 e6 f1 82 50 41 44 e3 f5 f7 c1 56 35 bf 12 6a 1f d9 65 // c9 04 4e 30 d5 cd 6d 56 29 20 bc 02 d3 e8 3d 00 4a 4a 5f eb 43 d0 // 34 62 4d 34 75 23 f5 2a 1b 7c d3 c8 e3 52 e3 df 09 64 dc cb 0c 0e // f7 b3 cc bf 8b a8 43 0b 20 ff 8f f3 65 90 97 c0 b5 a8 90 a6 54 89 // 8a 6e 0f 78 d9 1d f6 9d cd 30 6d 18 cd 9a 86 b0 c1 8a dc 39 56 bc // 99 5e 51 fc 48 6c 2c 7d 08 89 dd 25 60 0b 1d c5 f4 67 7e b6 47 38 // 0b c1 00 7e a2 85 e2 3c 59 e2 a9 9c bb 75 03 ab 6a 70 1c 88 48 10 // 76 40 85 cb cd a3 97 a4 b0 f3 ed d8 72 78 ea e0 1f f8 1c 2c 74 18 // da a0 e9 a1 bc 21 a5 32 ac 34 2e 8c 66 ba 85 98 d0 d6 91 2c a1 78 // f3 39 c4 71 51 eb ae b8 3d 69 29 38 a9 7f b0 c8 95 de ad f8 7a d3 // 80 61 2a e0 ad 03 36 96 5a 58 5e 0e 75 45 bb 64 2a 1e 24 c4 60 50 // 9c b1 22 fe 03 55 7a 00 d5 2d 08 04 97 72 db 7c 75 47 29 2b 09 98 // 98 b7 56 3a 9b 30 70 cd 65 1c 5b 69 86 3a b4 cb ba f7 55 d0 2c 82 // a4 cf df 8f 31 78 86 81 91 33 41 48 1b a1 0a 2e 2d 8e f9 3e e8 16 // b9 d0 f9 e7 cf d5 18 1c 6c c2 7d db 72 d4 42 a6 e5 58 5a 15 99 4e // 18 1c 55 2f b5 a0 33 23 2f b6 6c 1a 54 f2 be 6a 27 a6 09 b6 90 52 // f8 6d 2e 73 91 56 d8 9c d5 bf d4 13 31 5a 58 2f 34 33 1e 11 6f 91 // fc 77 84 02 e7 8b 6a d7 82 1c b7 75 d5 ab b1 02 4e 7a 75 57 b4 18 // 90 37 67 b5 3a 47 56 e7 1d f0 57 72 d0 32 f3 78 4c e9 87 c3 8d a5 // 2b 78 89 08 06 e2 ef 78 e8 c9 02 68 3a 20 ea d4 d9 dd 63 26 9b 6d // 44 3b 42 26 f6 3c 92 60 ca 3b 74 71 a1 63 ff f8 9a f7 3c f9 a5 29 // 16 b2 0c ed ed 04 95 07 eb b2 fa 4c 12 ed 8c 2d b8 1c f2 4c cf 1e // c7 5c ac 04 5a 8e 1a 5c b4 2a 25 75 d0 64 ae 40 22 1e 85 e3 83 45 // 8d 40 d4 52 aa 7a dd d8 3e 25 5d ee b3 2b 1f 4e 72 16 46 f6 57 2e // 95 15 ca d7 2d 0a f2 7c 46 5d f3 83 5f 06 5e ac 91 a2 70 c5 1d 85 // 3a c0 bc e8 d6 54 a6 47 2c 67 a6 c1 37 66 0b cf f9 a8 88 26 a9 77 // c9 4a 24 27 d5 fb 66 26 1f 4a c6 04 fe 6f 57 65 ad 94 49 de 51 25 // 7b 5d ad 96 99 a6 e0 87 b0 99 41 98 1e aa 1b fb f7 15 a7 ee 6b 96 // 36 a2 60 1e 68 60 eb 4f 65 63 8d 08 d8 5b 5b 27 cc ab 8d 42 69 5b // 7a 15 32 07 1c 5b 12 ba db 5b 62 c8 d3 1b ee b7 0c f7 3f ac a0 f0 // 28 85 cb 32 cd 59 37 be 7c 6d 03 74 c3 31 fb 23 a6 a9 99 9a 7e f0 // 31 82 6c b1 7a 1f 84 43 4e bc 1f de 92 90 50 ff f0 c1 e6 f8 05 07 // 51 57 ec a7 77 ea d7 5d f8 21 75 99 e2 8f 9a e3 5c 12 a7 a0 ee aa // ec dc 1d fb 03 59 be 9a 90 95 68 53 26 f8 c5 96 85 8e 38 dd 88 6c // d0 36 c9 73 91 f6 f8 39 8e e3 e5 f5 14 d0 ce a0 28 82 ce bd 19 81 // 58 9b 18 95 97 6f c3 a2 3e aa 6d 48 6a 84 1a c7 7a fa 46 02 20 5f // 5f 4e db d8 d1 cc 8f 28 05 26 42 6b 4f 20 44 b6 ed 97 49 a1 3c 9c // 70 87 e4 3a 21 21 8d b3 64 e8 b8 37 bb 56 b5 d0 27 da 6b dd 57 92 // be 69 de 6e ed 43 8a d3 96 ee 0f 84 78 72 ac 88 25 22 a0 41 05 d4 // 9c 5f 6a 45 06 24 5b c6 6c a5 88 b6 2f 32 5d 36 c2 4c ca b2 66 83 // c6 76 65 7d 50 5c b9 26 8d 8b 72 8c a0 0c 30 cb de 96 dc 13 8a 6a // 8f 9c 6f e8 4c 98 71 97 e9 74 54 1a 1d d5 2c 0c a1 ab 30 7b e5 40 // de 6c 92 7e cc 82 53 86 49 83 9a 64 80 e5 75 8d ee 32 0d 36 97 f2 // e8 67 3d fb 9b 57 05 a5 97 3b 39 fc 03 72 8d b2 b7 e0 12 f8 7a 67 // 50 25 12 22 1b 3f 28 39 3b 70 69 5c 38 74 62 5c 60 df ad df 71 65 // ab 51 59 31 be 59 a3 3d 25 62 33 d2 13 94 91 25 4f cb dc bf 3b 43 // e9 1c 08 55 c0 2b 55 d5 55 57 f9 57 19 bd 6e 81 42 94 c6 d4 6d fd // 9a d1 08 63 a2 b9 91 f2 5f bc c2 b4 02 db ab 06 c8 34 e6 00 a9 35 // c0 8f 38 1b 5d 46 fa bb 57 9b 48 81 02 e7 7e 9c 16 f2 2b d7 73 3b // d3 3f 03 00 85 d5 ce f5 b9 63 d4 b4 59 e8 7d 3a b8 be 76 d3 94 70 // 81 da 45 f8 3f 19 1d 79 b0 44 4c 61 b4 7b 84 5f 26 40 69 ec 5d b6 // 97 09 76 d8 4e c0 90 78 ea e3 56 c1 74 9c 3a 25 9d 9a b0 7b 33 75 // 90 50 ba 21 52 28 5e f7 25 36 3c 82 02 8a 1c 76 0e 64 e0 18 d3 cd // 73 d7 8c 15 fc e7 e3 83 12 17 c2 19 60 16 e3 95 bf bf 6f ba 41 3d // 20 f2 11 9f 1b 88 e0 93 d4 27 4b e3 a4 47 df 00 1d e3 29 7b eb 30 // 7f b7 25 0c dc 29 31 8e 08 8f 55 a9 91 d1 f9 65 c3 ff 9c 24 4b 68 // d5 1a bb 90 3b 6d 1f 47 12 de 68 7b 7d 96 54 5b 41 57 cc 7c 16 14 // cf c4 25 33 fb 9b 97 7d 5c eb fe fa 22 e6 de 6e 6f f2 bb 6b 90 90 // 01 94 99 13 fd d8 e2 e2 ed 82 b7 87 46 f1 ae c2 87 d0 77 7d 9a 68 // 79 8d 60 d4 25 17 d4 5e be 81 c9 0e 6a f4 11 7e 9a d6 a6 99 11 fa // fd 20 9f ab c4 80 e3 06 48 67 30 27 c6 4a 22 18 b6 5a f5 06 1b 92 // 7c e7 ef 3c ea f0 6e f8 c9 0b 1d 8c 6c 55 0c 98 69 4a 5a cc ed e8 // cc 63 2f cd 8f 45 73 bc f3 50 98 5e 79 97 b5 36 0e 48 b3 0f 04 f3 // 25 f2 a7 90 c5 84 b3 d7 b0 de 0c 97 37 ae 0f 6b 51 bb b0 e6 ea 79 // c3 7c 91 ed ba f5 31 21 0d d9 f1 f7 be c3 b0 43 32 47 57 ca 36 66 // 72 d5 ad ca ba 95 e9 fb a8 de b4 e4 a7 bb 50 c1 f2 00 5b 4d ec f6 // 04 f2 1a 37 31 1b 43 66 60 c1 34 17 73 b8 e7 4a d8 db 4c a6 a9 10 // ec 68 b7 4c 15 86 b1 ad 7d 4a 69 8b 90 a3 a0 96 0c 58 ec 0f cf 1f // 5d 6c f1 64 0b cd f0 29 ff b1 2e 45 fa ca 0a 8f 30 5f 77 d9 13 67 // 0a a8 75 5f 2d f8 88 b7 c0 00 40 0a 73 d9 08 29 fc 28 6d 51 80 6b // 69 79 d3 ef d8 30 f8 7e c3 0f ca 30 05 e5 3f 20 dd 88 da bc 2c dd // 2c e7 be 8b 42 04 30 52 48 8b 86 da 3c 76 3d e6 80 da c0 f2 48 a6 // 64 7a da d3 4b 08 f5 71 da aa 00 10 11 70 d2 3c 38 06 c0 d3 64 eb // ad 56 ea c9 ee 86 2b 6a 5e 59 a6 2b 80 d4 0d 77 4e 8a 36 73 61 c2 // ac 05 f0 82 07 c8 4e 30 7d 93 38 9d ca 2a 16 7c 20 96 09 29 51 d8 // 54 77 ea 11 24 5e 15 cd 27 0c f2 51 c6 85 13 eb f3 0e 24 06 52 8e // 49 57 ec 53 a3 2f 82 00 6b ee 54 04 28 8d 34 35 21 92 af c0 ec 77 // 26 84 f7 8c 30 d5 04 ee 25 e9 a8 42 3b 3c 70 2e f4 e7 f8 d1 5e 58 // ff 9d 23 a6 7b df ac 12 37 6d de 77 ed c8 25 ba 3e ae 81 c4 8f 5e // 9c 3d 0c 4d 77 87 cb 47 aa 9d e3 ea c2 a5 d6 6c cf d0 73 c7 83 b6 // da dc 19 0e e3 08 86 de 83 3d 85 c5 32 7f a4 7c 3e fc 99 12 c9 0d // e1 cc a8 90 75 5a 6f d2 26 7a 63 b6 9c 4e eb 9a 57 dc 88 20 9d 47 // 01 53 0d a0 70 4c 51 9d 4f 93 f4 bf 20 57 e7 1e 8b 9f 39 fc bf 0e // 75 95 c9 6f 5a d3 22 f0 dc c9 0c 0a f4 18 1f eb e2 83 f9 a5 22 4e // 54 a5 62 fe 70 15 4d 89 fe 30 f7 f0 e7 1a cd 1b a4 d5 46 97 8e 6d // 5b d0 37 5a ed 9f 42 d3 dd 68 c1 7b 5a f0 1b c5 7d 5b 31 89 0d 6d // 57 c5 fe 94 7b e5 35 e8 92 23 83 8b eb 81 56 ae 04 a3 aa 0c fb 88 // ab e0 8a 8b 8a 1a a8 ec af fb 11 fb 0b 21 7f b5 79 ec 8d d5 57 0e // ec 43 12 b9 59 47 1f 09 e9 3f 5d 07 e6 20 16 71 3d 56 df c3 fc f2 // 98 52 c1 8e e7 bb 59 55 c2 81 51 e5 75 fc 39 34 bc b4 2e 1c ff 2e // 8d 08 8d 6d 7f ad 07 6d a0 b3 ac 27 99 a1 d2 54 a3 fc f1 92 4f 9e // a7 31 51 76 5c 90 30 e0 1a 4c 24 f6 c6 3b 03 5c 34 65 92 15 0b cf // 7f c8 63 8e 93 23 0a b6 fd 32 a7 50 75 56 de 33 a8 3e d3 6e c1 da // 5e 59 61 e5 b8 e9 d4 bb 0d 3d 1a 94 86 79 4c 89 09 58 96 a6 1d fc // 0f 1f b1 cb 94 70 6a 76 22 4d f9 b7 b0 5d b4 09 ea 64 19 a6 6d 9d // a2 51 a9 1c 43 d9 93 cc 67 61 a4 99 8f b7 40 13 55 e8 96 fc 33 f3 // c9 4e 30 dc 4e 03 35 52 ae cb 7e 75 65 7b bd c3 e8 2c 28 80 a8 a8 // 1b 0d 25 18 ae 4e c0 8a 96 c8 21 b7 c6 57 18 16 c3 b6 99 ba fa 1d // 00 e5 f6 83 40 71 a9 eb f6 31 81 2b 71 a8 cd f4 74 d4 28 b3 dd 33 // 0c dd 89 40 19 e8 f2 7c 62 6c d2 d3 31 ee 95 82 bf fa 03 07 6d e5 // cc 7f c5 8a 5c 5f 12 8f 15 ad 17 77 a5 06 9d 0a d3 d7 c6 89 72 44 // 7a bd 9c bd 2a ed 3a 4a 7c cf c5 23 50 94 c0 4a d8 ca 4a 9f 15 f2 // 90 72 d2 86 de 44 99 1f c5 96 32 df 46 d3 25 f2 7e c4 12 c2 f5 c1 // ad c4 a5 69 81 05 7e 42 ad cb 38 a4 05 a6 e7 1c 33 be 7b a6 f7 32 // 2a 58 60 5d f3 c7 4a 2d 61 2e 89 50 06 ba a8 02 43 2d 08 ab 3e 9a // 3f 86 75 e4 7b 43 9d b5 c2 56 2a bf 3d b7 87 f7 61 89 1d c7 a7 bd // e7 2b 01 f7 20 bb 60 5b ab 90 e4 40 29 30 ae 76 c3 9a d5 c5 fe 5b // fa 98 f3 ac 0a ef 13 3c 6d 15 18 2d d2 1d b6 ad db 4a 6a 2a 77 12 // f4 c5 d9 87 67 3a 79 72 ef 62 60 f9 e9 30 d0 dd e2 23 25 ed 47 8c // f6 20 7a 84 7a 13 1a 00 84 a3 2e c2 5f af a2 ce 2a 07 14 73 55 15 // ea 0d d5 e4 0d 81 d8 86 bd 39 e2 b6 92 b6 06 72 5a 50 05 a3 1c 4e // 72 d9 fe 68 ed 47 9e bf b7 06 82 ab 8f 6d 8d 54 7a d3 81 20 5c 2f // 1f 8d 73 a7 15 d1 22 12 bb 12 17 54 f8 b7 30 49 e9 02 4d 5a 4b 83 // 6e 5f 85 2d c7 e1 4e f0 9f ac 46 aa 2b 81 b2 39 df f8 b5 fa 0c e3 // b8 44 d5 c3 4b a1 4d 19 96 3b 7e cd 0e 8a 24 24 aa 4f b1 da cb f6 // ce 37 ee 8a e6 92 77 6e ad 3a 9a fc 77 6e 48 91 fc 06 12 58 ad ee // e6 45 24 19 de 92 18 34 88 09 1b 5d 4f 8c 19 0c bb 49 e9 e3 a5 c8 // 3b f9 e7 b8 2a 41 e0 fa 4f 6d a3 74 13 08 4c 2b 23 41 04 32 2c de // 6b 33 1f fb 2a ef 1b 4a ba d8 bd 50 96 c8 ed b2 d1 08 21 14 20 43 // 7d d2 6d 89 d5 d9 22 33 c1 8c ad ff 7b 89 b8 76 ca 01 39 23 e4 cf // 4f 5d fd 50 a0 48 5e 20 51 c7 33 9b 62 c5 93 da 58 a8 4c 34 b5 f7 // 6d ea 72 69 9d 72 77 51 e4 8c c6 97 81 89 32 cb cb 18 14 98 38 82 // fd 9c 85 db 64 c9 7c 3f 7a 03 b4 42 81 b0 d2 82 a2 00 12 75 82 f9 // 17 ab 0c e9 07 45 b7 71 37 08 d6 31 5b b6 95 cf 9c 06 09 b7 fe 3d // 39 0c ca e0 4f 3e e4 45 5b 47 0d 1c 4f 30 df 47 2a 69 61 d8 de 8f // 7f 52 01 b0 59 65 70 0e 39 08 19 80 4a c7 c6 44 73 e0 1d ef 95 21 // b3 34 65 50 a1 82 ee 80 b8 e0 f7 b3 f7 58 7e d7 5a af 23 71 49 71 // f6 f7 f7 db 3e 47 5d 8b f1 d2 3e 5b 6f b2 12 3d f9 0a 9a ad 8c 8c // 1c 60 08 a1 0c b0 62 80 c6 ac ce 97 5d 59 4f b4 f2 b3 f6 56 a8 cb // 5b de 30 0b de aa 2d 7e 92 85 99 fc ab ba b3 b2 81 2d b2 3d 94 d8 // 9f 7f 0a 6a 15 2a 24 aa a3 7d f6 15 bc d8 b4 c1 b4 3b de 3b 93 43 // 93 25 56 d7 ae 09 31 54 02 f8 78 64 bc ff 31 82 90 b4 53 f8 2c dd // b8 41 c7 d0 bb e2 25 27 fd 57 08 3c eb e0 cf d4 05 cd 0b d1 50 24 // 1c be 99 95 5f d3 2c 17 80 8a b1 1a 27 84 9d 79 49 05 47 27 f2 2c // 1a 17 0c f5 49 c2 0f fc 1d d2 61 83 37 5f 61 70 ec 85 f3 c7 7f ef // c5 eb af 74 1d c8 22 5d 44 81 d6 83 fc fc 0a 91 f9 9e 42 4f a3 4b // 19 f5 c9 85 36 d9 95 e1 61 5f f9 12 6d 45 5f 5e ca d6 5b 27 1c d3 // d4 0d 0a 8a 19 03 a6 08 96 94 c5 56 c5 44 73 45 f3 47 89 f2 06 08 // 01 a9 fa 06 96 24 62 f0 71 b8 d7 81 9f 13 5b ed e8 a5 28 96 72 ae // 5e 00 82 e9 1d b1 c6 c4 45 78 18 54 0b 5d d4 d0 32 07 a4 61 6e 2b // c4 29 91 f1 c1 cb f7 75 8f 69 ba 54 24 7b 10 e8 ae 8d 8d 1d 87 fd // 05 96 5f 1d 34 a9 8f 87 c3 11 d9 3c ef 96 ee 03 41 de 26 e6 16 41 // f6 32 80 90 b7 d7 61 3e 27 50 5a d6 61 e4 61 12 34 89 0f 6e 83 6a // 13 4f bd 2c a9 26 cc 8f 4a a6 7e 04 c5 95 4e 56 6d e0 8a 90 98 44 // 09 4d e0 e0 40 6d 05 e8 26 a1 24 6d 99 f7 db 0c df 27 99 e9 37 3a // 4e 73 49 18 d5 58 fc 73 66 20 f1 c5 74 cb 07 4c 12 ab 79 cd 64 e1 // 5d 5b ca df cd 34 da c4 34 3c 2b 2d 39 c6 94 7c 85 f3 ab 83 b7 f8 // eb 0f 6f 68 0e ac 3e 4a f0 ff 0e 93 44 6d 25 20 ad e4 ca 35 a4 4e // c4 3e 2c 5b 64 d6 29 fc f3 66 2a 7e 7d a3 c4 08 4a fe d1 71 63 52 // d1 26 f5 4b 60 8e f2 e8 ec e9 a6 42 0d 16 9f 2b e4 fa 5e 42 96 40 // 47 27 88 74 f7 5b 74 a9 08 13 1e 7c ff ae d0 6e d9 79 fd 8f f3 d6 // 1b 31 1f 44 5c bd 65 0f b4 67 b8 81 27 56 bd 90 a4 94 b7 fc 99 67 // a5 e1 ec 81 38 83 a9 98 94 25 01 70 80 41 1d f8 26 e8 cf 2b 62 5e // 83 2a 68 f9 55 54 61 fb de 23 86 f4 3e e8 dd f4 d8 65 93 c8 bd a7 // 77 e6 b6 38 36 a4 bd 70 f0 19 a4 ca 01 ae cf 58 1a 66 97 b7 61 52 // b7 a0 6e a4 3b 21 ac 7d 74 ae} (length 0x1000) // } // } // } // size: len = 0x841 (8 bytes) // flags: setxattr_flags = 0x1 (8 bytes) // ] NONFAILING(memcpy((void*)0x200000000000, "./file1\000", 8)); NONFAILING(memcpy((void*)0x200000000500, "trusted.overlay.upper\000", 22)); NONFAILING(memcpy( (void*)0x200000001600, "\xd0\xa2\xd8\x32\x7e\xf1\x38\xc6\x2c\x89\x12\x4c\xac\x49\xa8\xc3\x28\xee" "\xe8\xe5\x1f\xdf\x5d\x37\xd7\x16\x84\xe3\xcf\xe9\xea\xa8\x66\x71\x5c\x02" "\x34\x22\xe2\x28\xa5\x58\xc5\xbf\x63\x11\x7a\x1a\x0b\x20\xb9\x8a\xf8\x45" "\xe8\x75\x47\xfa\x54\xf6\x03\x6d\x88\x1c\xf7\xbb\xed\xcc\xc8\xa2\xb7\x60" "\xbd\xc5\x33\xc9\x02\xac\xdd\xcd\xce\xdc\x3b\x4c\x0e\x22\x26\x02\x49\x6b" "\xa6\xe1\x3f\x1c\xe9\x89\x98\x07\x53\x70\x9e\x81\xc9\x3c\x81\x4f\x5c\xf3" "\x87\xfc\xfa\x6f\x8f\xd7\xb3\x1c\xb3\xaf\xa0\x9c\x06\x42\x19\x8e\xf1\x12" "\xe1\xf7\x66\x7b\xab\x57\xb0\x6a\x4d\x24\xea\x2d\x1e\xa6\xc2\xac\x9a\xce" "\x6f\x21\x5d\x55\xff\xf2\xa6\xc4\xbe\xda\x32\x76\xea\xf4\xa7\xa9\x49\x01" "\xc9\x33\xba\x5e\xdd\x25\xdb\x98\x6c\x16\x77\xfe\x90\x11\xe7\xf3\xb6\x9c" "\x3f\xeb\x0f\x95\x0b\x58\xf6\x09\xe2\x00\xd2\xf8\xc0\x15\xfa\xdb\xa4\x22" "\x89\xd3\x1a\xf5\x4e\x98\x19\x2f\xc6\x21\xb3\xb7\x45\x07\x1d\xbb\x96\x7b" "\x87\xd3\xfa\xd4\xdc\x64\xa1\xfb\x5f\x63\xe9\xec\xf9\xd3\x59\xbf\x3c\x42" "\xce\xe7\xb4\xbd\x5b\xaa\x28\xd4\xa7\x04\xef\x4f\x4a\xd1\x29\xce\x99\xf8" "\x66\xf7\x0c\x64\xb8\xf4\x79\x6c\xa9\x7d\x40\x6e\xf2\x53\x15\x0d\x58\xfd" "\xfd\xa3\x25\x72\x8a\x18\xfe\xfb\xfd\xe5\x42\x5c\x5e\xe1\xe0\xad\xec\x89" "\xa5\xa2\x61\x54\xc4\x02\x41\x5f\xb5\xb2\x23\xcb\xc4\xfd\x2e\x66\x7f\xc9" "\xc2\xfd\x84\x6a\x57\x56\xaf\xfa\xc0\xfa\xc4\x84\xf5\xbe\x8d\x86\xb7\x06" "\x4b\x53\x1b\xff\x94\x83\x11\x02\xe6\x57\x6b\x8b\x4c\x38\xaf\x4a\x8b\x76" "\x28\xe0\xa1\xb2\x53\xc2\x48\x69\xb6\x11\xec\x36\x8b\xe2\x78\xaa\xd0\x1e" "\x0d\x66\xa7\x2c\x69\x3c\xf9\xea\xcb\x3d\xc1\xd7\x64\xd9\x81\xe5\x43\xd1" "\x92\xf9\x9c\x85\x76\x2c\xd8\x9c\x8e\x1b\x8d\x3d\x5f\x1f\xb1\xba\x3d\xdd" "\x42\xd1\x6a\xc5\x38\x76\x26\x51\xc3\x67\x16\x20\xbe\xb8\x4d\x95\x66\x15" "\x27\x1b\x86\x0a\x26\x9c\xec\x68\xd6\x6d\xbe\xe8\xc5\x31\x47\x4c\x35\x66" "\x03\xb9\x81\x3b\x39\x96\x66\xed\xa4\x57\xc3\x62\xf0\xd4\x40\x5c\xaf\x30" "\x80\xc5\x82\x58\x24\xd9\x63\x45\xd6\xd1\x71\xeb\x79\x8e\xb8\x85\x1a\xa2" "\xc0\xd2\xc9\x9f\xa0\xe5\xe5\x96\x71\x51\x8f\x6d\x95\x10\x90\xa5\x1a\xf0" "\xea\xb6\x74\xde\x9e\x95\xc6\x66\x2f\xd7\x53\xc2\xe2\x6e\x52\x47\x3c\x35" "\x2d\x70\x39\xc2\xfa\xcb\x51\x62\x06\xfd\x1f\x65\xec\xb2\x60\xd4\x87\xff" "\xa7\xdd\x53\x68\x4b\x08\xca\x18\xc2\x5c\x2c\x73\x1d\x16\x73\x68\x65\x73" "\xbe\xc1\x88\xa1\x9c\xa1\x7e\xff\xde\x88\x23\x96\x75\x48\xac\xe4\x6f\x7b" "\xe0\x22\xe2\xe1\xa9\xc4\x4b\xf0\xb7\xaa\x09\x8b\xc3\x2c\x84\x74\xd0\x48" "\x85\x70\x28\x8b\x55\x18\x78\xed\x88\xac\xcb\xb4\x27\xca\xd3\x71\x40\x19" "\xee\x53\x96\x22\x3a\x4d\x62\xe6\xe1\xc6\x73\xad\xc5\x3c\x2d\x24\x6b\x2d" "\x3b\xc4\x3c\x54\x69\xb3\xfe\x00\x0c\xf1\x2d\xde\xff\xd5\x1b\xaa\xc2\xd6" "\xe1\xa7\x34\x92\x49\x77\x16\x54\xe4\x60\x5c\x27\x3f\xf5\xf9\x46\x01\x27" "\x3e\x08\x91\xf6\x0a\x17\x9f\x81\x4c\x91\x27\x87\x60\x76\xb3\xa6\x1a\x06" "\xb1\x41\x4b\xca\xed\x62\x81\x25\x42\xee\xf4\x7b\xc8\xd3\xe6\xf1\x82\x50" "\x41\x44\xe3\xf5\xf7\xc1\x56\x35\xbf\x12\x6a\x1f\xd9\x65\xc9\x04\x4e\x30" "\xd5\xcd\x6d\x56\x29\x20\xbc\x02\xd3\xe8\x3d\x00\x4a\x4a\x5f\xeb\x43\xd0" "\x34\x62\x4d\x34\x75\x23\xf5\x2a\x1b\x7c\xd3\xc8\xe3\x52\xe3\xdf\x09\x64" "\xdc\xcb\x0c\x0e\xf7\xb3\xcc\xbf\x8b\xa8\x43\x0b\x20\xff\x8f\xf3\x65\x90" "\x97\xc0\xb5\xa8\x90\xa6\x54\x89\x8a\x6e\x0f\x78\xd9\x1d\xf6\x9d\xcd\x30" "\x6d\x18\xcd\x9a\x86\xb0\xc1\x8a\xdc\x39\x56\xbc\x99\x5e\x51\xfc\x48\x6c" "\x2c\x7d\x08\x89\xdd\x25\x60\x0b\x1d\xc5\xf4\x67\x7e\xb6\x47\x38\x0b\xc1" "\x00\x7e\xa2\x85\xe2\x3c\x59\xe2\xa9\x9c\xbb\x75\x03\xab\x6a\x70\x1c\x88" "\x48\x10\x76\x40\x85\xcb\xcd\xa3\x97\xa4\xb0\xf3\xed\xd8\x72\x78\xea\xe0" "\x1f\xf8\x1c\x2c\x74\x18\xda\xa0\xe9\xa1\xbc\x21\xa5\x32\xac\x34\x2e\x8c" "\x66\xba\x85\x98\xd0\xd6\x91\x2c\xa1\x78\xf3\x39\xc4\x71\x51\xeb\xae\xb8" "\x3d\x69\x29\x38\xa9\x7f\xb0\xc8\x95\xde\xad\xf8\x7a\xd3\x80\x61\x2a\xe0" "\xad\x03\x36\x96\x5a\x58\x5e\x0e\x75\x45\xbb\x64\x2a\x1e\x24\xc4\x60\x50" "\x9c\xb1\x22\xfe\x03\x55\x7a\x00\xd5\x2d\x08\x04\x97\x72\xdb\x7c\x75\x47" "\x29\x2b\x09\x98\x98\xb7\x56\x3a\x9b\x30\x70\xcd\x65\x1c\x5b\x69\x86\x3a" "\xb4\xcb\xba\xf7\x55\xd0\x2c\x82\xa4\xcf\xdf\x8f\x31\x78\x86\x81\x91\x33" "\x41\x48\x1b\xa1\x0a\x2e\x2d\x8e\xf9\x3e\xe8\x16\xb9\xd0\xf9\xe7\xcf\xd5" "\x18\x1c\x6c\xc2\x7d\xdb\x72\xd4\x42\xa6\xe5\x58\x5a\x15\x99\x4e\x18\x1c" "\x55\x2f\xb5\xa0\x33\x23\x2f\xb6\x6c\x1a\x54\xf2\xbe\x6a\x27\xa6\x09\xb6" "\x90\x52\xf8\x6d\x2e\x73\x91\x56\xd8\x9c\xd5\xbf\xd4\x13\x31\x5a\x58\x2f" "\x34\x33\x1e\x11\x6f\x91\xfc\x77\x84\x02\xe7\x8b\x6a\xd7\x82\x1c\xb7\x75" "\xd5\xab\xb1\x02\x4e\x7a\x75\x57\xb4\x18\x90\x37\x67\xb5\x3a\x47\x56\xe7" "\x1d\xf0\x57\x72\xd0\x32\xf3\x78\x4c\xe9\x87\xc3\x8d\xa5\x2b\x78\x89\x08" "\x06\xe2\xef\x78\xe8\xc9\x02\x68\x3a\x20\xea\xd4\xd9\xdd\x63\x26\x9b\x6d" "\x44\x3b\x42\x26\xf6\x3c\x92\x60\xca\x3b\x74\x71\xa1\x63\xff\xf8\x9a\xf7" "\x3c\xf9\xa5\x29\x16\xb2\x0c\xed\xed\x04\x95\x07\xeb\xb2\xfa\x4c\x12\xed" "\x8c\x2d\xb8\x1c\xf2\x4c\xcf\x1e\xc7\x5c\xac\x04\x5a\x8e\x1a\x5c\xb4\x2a" "\x25\x75\xd0\x64\xae\x40\x22\x1e\x85\xe3\x83\x45\x8d\x40\xd4\x52\xaa\x7a" "\xdd\xd8\x3e\x25\x5d\xee\xb3\x2b\x1f\x4e\x72\x16\x46\xf6\x57\x2e\x95\x15" "\xca\xd7\x2d\x0a\xf2\x7c\x46\x5d\xf3\x83\x5f\x06\x5e\xac\x91\xa2\x70\xc5" "\x1d\x85\x3a\xc0\xbc\xe8\xd6\x54\xa6\x47\x2c\x67\xa6\xc1\x37\x66\x0b\xcf" "\xf9\xa8\x88\x26\xa9\x77\xc9\x4a\x24\x27\xd5\xfb\x66\x26\x1f\x4a\xc6\x04" "\xfe\x6f\x57\x65\xad\x94\x49\xde\x51\x25\x7b\x5d\xad\x96\x99\xa6\xe0\x87" "\xb0\x99\x41\x98\x1e\xaa\x1b\xfb\xf7\x15\xa7\xee\x6b\x96\x36\xa2\x60\x1e" "\x68\x60\xeb\x4f\x65\x63\x8d\x08\xd8\x5b\x5b\x27\xcc\xab\x8d\x42\x69\x5b" "\x7a\x15\x32\x07\x1c\x5b\x12\xba\xdb\x5b\x62\xc8\xd3\x1b\xee\xb7\x0c\xf7" "\x3f\xac\xa0\xf0\x28\x85\xcb\x32\xcd\x59\x37\xbe\x7c\x6d\x03\x74\xc3\x31" "\xfb\x23\xa6\xa9\x99\x9a\x7e\xf0\x31\x82\x6c\xb1\x7a\x1f\x84\x43\x4e\xbc" "\x1f\xde\x92\x90\x50\xff\xf0\xc1\xe6\xf8\x05\x07\x51\x57\xec\xa7\x77\xea" "\xd7\x5d\xf8\x21\x75\x99\xe2\x8f\x9a\xe3\x5c\x12\xa7\xa0\xee\xaa\xec\xdc" "\x1d\xfb\x03\x59\xbe\x9a\x90\x95\x68\x53\x26\xf8\xc5\x96\x85\x8e\x38\xdd" "\x88\x6c\xd0\x36\xc9\x73\x91\xf6\xf8\x39\x8e\xe3\xe5\xf5\x14\xd0\xce\xa0" "\x28\x82\xce\xbd\x19\x81\x58\x9b\x18\x95\x97\x6f\xc3\xa2\x3e\xaa\x6d\x48" "\x6a\x84\x1a\xc7\x7a\xfa\x46\x02\x20\x5f\x5f\x4e\xdb\xd8\xd1\xcc\x8f\x28" "\x05\x26\x42\x6b\x4f\x20\x44\xb6\xed\x97\x49\xa1\x3c\x9c\x70\x87\xe4\x3a" "\x21\x21\x8d\xb3\x64\xe8\xb8\x37\xbb\x56\xb5\xd0\x27\xda\x6b\xdd\x57\x92" "\xbe\x69\xde\x6e\xed\x43\x8a\xd3\x96\xee\x0f\x84\x78\x72\xac\x88\x25\x22" "\xa0\x41\x05\xd4\x9c\x5f\x6a\x45\x06\x24\x5b\xc6\x6c\xa5\x88\xb6\x2f\x32" "\x5d\x36\xc2\x4c\xca\xb2\x66\x83\xc6\x76\x65\x7d\x50\x5c\xb9\x26\x8d\x8b" "\x72\x8c\xa0\x0c\x30\xcb\xde\x96\xdc\x13\x8a\x6a\x8f\x9c\x6f\xe8\x4c\x98" "\x71\x97\xe9\x74\x54\x1a\x1d\xd5\x2c\x0c\xa1\xab\x30\x7b\xe5\x40\xde\x6c" "\x92\x7e\xcc\x82\x53\x86\x49\x83\x9a\x64\x80\xe5\x75\x8d\xee\x32\x0d\x36" "\x97\xf2\xe8\x67\x3d\xfb\x9b\x57\x05\xa5\x97\x3b\x39\xfc\x03\x72\x8d\xb2" "\xb7\xe0\x12\xf8\x7a\x67\x50\x25\x12\x22\x1b\x3f\x28\x39\x3b\x70\x69\x5c" "\x38\x74\x62\x5c\x60\xdf\xad\xdf\x71\x65\xab\x51\x59\x31\xbe\x59\xa3\x3d" "\x25\x62\x33\xd2\x13\x94\x91\x25\x4f\xcb\xdc\xbf\x3b\x43\xe9\x1c\x08\x55" "\xc0\x2b\x55\xd5\x55\x57\xf9\x57\x19\xbd\x6e\x81\x42\x94\xc6\xd4\x6d\xfd" "\x9a\xd1\x08\x63\xa2\xb9\x91\xf2\x5f\xbc\xc2\xb4\x02\xdb\xab\x06\xc8\x34" "\xe6\x00\xa9\x35\xc0\x8f\x38\x1b\x5d\x46\xfa\xbb\x57\x9b\x48\x81\x02\xe7" "\x7e\x9c\x16\xf2\x2b\xd7\x73\x3b\xd3\x3f\x03\x00\x85\xd5\xce\xf5\xb9\x63" "\xd4\xb4\x59\xe8\x7d\x3a\xb8\xbe\x76\xd3\x94\x70\x81\xda\x45\xf8\x3f\x19" "\x1d\x79\xb0\x44\x4c\x61\xb4\x7b\x84\x5f\x26\x40\x69\xec\x5d\xb6\x97\x09" "\x76\xd8\x4e\xc0\x90\x78\xea\xe3\x56\xc1\x74\x9c\x3a\x25\x9d\x9a\xb0\x7b" "\x33\x75\x90\x50\xba\x21\x52\x28\x5e\xf7\x25\x36\x3c\x82\x02\x8a\x1c\x76" "\x0e\x64\xe0\x18\xd3\xcd\x73\xd7\x8c\x15\xfc\xe7\xe3\x83\x12\x17\xc2\x19" "\x60\x16\xe3\x95\xbf\xbf\x6f\xba\x41\x3d\x20\xf2\x11\x9f\x1b\x88\xe0\x93" "\xd4\x27\x4b\xe3\xa4\x47\xdf\x00\x1d\xe3\x29\x7b\xeb\x30\x7f\xb7\x25\x0c" "\xdc\x29\x31\x8e\x08\x8f\x55\xa9\x91\xd1\xf9\x65\xc3\xff\x9c\x24\x4b\x68" "\xd5\x1a\xbb\x90\x3b\x6d\x1f\x47\x12\xde\x68\x7b\x7d\x96\x54\x5b\x41\x57" "\xcc\x7c\x16\x14\xcf\xc4\x25\x33\xfb\x9b\x97\x7d\x5c\xeb\xfe\xfa\x22\xe6" "\xde\x6e\x6f\xf2\xbb\x6b\x90\x90\x01\x94\x99\x13\xfd\xd8\xe2\xe2\xed\x82" "\xb7\x87\x46\xf1\xae\xc2\x87\xd0\x77\x7d\x9a\x68\x79\x8d\x60\xd4\x25\x17" "\xd4\x5e\xbe\x81\xc9\x0e\x6a\xf4\x11\x7e\x9a\xd6\xa6\x99\x11\xfa\xfd\x20" "\x9f\xab\xc4\x80\xe3\x06\x48\x67\x30\x27\xc6\x4a\x22\x18\xb6\x5a\xf5\x06" "\x1b\x92\x7c\xe7\xef\x3c\xea\xf0\x6e\xf8\xc9\x0b\x1d\x8c\x6c\x55\x0c\x98" "\x69\x4a\x5a\xcc\xed\xe8\xcc\x63\x2f\xcd\x8f\x45\x73\xbc\xf3\x50\x98\x5e" "\x79\x97\xb5\x36\x0e\x48\xb3\x0f\x04\xf3\x25\xf2\xa7\x90\xc5\x84\xb3\xd7" "\xb0\xde\x0c\x97\x37\xae\x0f\x6b\x51\xbb\xb0\xe6\xea\x79\xc3\x7c\x91\xed" "\xba\xf5\x31\x21\x0d\xd9\xf1\xf7\xbe\xc3\xb0\x43\x32\x47\x57\xca\x36\x66" "\x72\xd5\xad\xca\xba\x95\xe9\xfb\xa8\xde\xb4\xe4\xa7\xbb\x50\xc1\xf2\x00" "\x5b\x4d\xec\xf6\x04\xf2\x1a\x37\x31\x1b\x43\x66\x60\xc1\x34\x17\x73\xb8" "\xe7\x4a\xd8\xdb\x4c\xa6\xa9\x10\xec\x68\xb7\x4c\x15\x86\xb1\xad\x7d\x4a" "\x69\x8b\x90\xa3\xa0\x96\x0c\x58\xec\x0f\xcf\x1f\x5d\x6c\xf1\x64\x0b\xcd" "\xf0\x29\xff\xb1\x2e\x45\xfa\xca\x0a\x8f\x30\x5f\x77\xd9\x13\x67\x0a\xa8" "\x75\x5f\x2d\xf8\x88\xb7\xc0\x00\x40\x0a\x73\xd9\x08\x29\xfc\x28\x6d\x51" "\x80\x6b\x69\x79\xd3\xef\xd8\x30\xf8\x7e\xc3\x0f\xca\x30\x05\xe5\x3f\x20" "\xdd\x88\xda\xbc\x2c\xdd\x2c\xe7\xbe\x8b\x42\x04\x30\x52\x48\x8b\x86\xda" "\x3c\x76\x3d\xe6\x80\xda\xc0\xf2\x48\xa6\x64\x7a\xda\xd3\x4b\x08\xf5\x71" "\xda\xaa\x00\x10\x11\x70\xd2\x3c\x38\x06\xc0\xd3\x64\xeb\xad\x56\xea\xc9" "\xee\x86\x2b\x6a\x5e\x59\xa6\x2b\x80\xd4\x0d\x77\x4e\x8a\x36\x73\x61\xc2" "\xac\x05\xf0\x82\x07\xc8\x4e\x30\x7d\x93\x38\x9d\xca\x2a\x16\x7c\x20\x96" "\x09\x29\x51\xd8\x54\x77\xea\x11\x24\x5e\x15\xcd\x27\x0c\xf2\x51\xc6\x85" "\x13\xeb\xf3\x0e\x24\x06\x52\x8e\x49\x57\xec\x53\xa3\x2f\x82\x00\x6b\xee" "\x54\x04\x28\x8d\x34\x35\x21\x92\xaf\xc0\xec\x77\x26\x84\xf7\x8c\x30\xd5" "\x04\xee\x25\xe9\xa8\x42\x3b\x3c\x70\x2e\xf4\xe7\xf8\xd1\x5e\x58\xff\x9d" "\x23\xa6\x7b\xdf\xac\x12\x37\x6d\xde\x77\xed\xc8\x25\xba\x3e\xae\x81\xc4" "\x8f\x5e\x9c\x3d\x0c\x4d\x77\x87\xcb\x47\xaa\x9d\xe3\xea\xc2\xa5\xd6\x6c" "\xcf\xd0\x73\xc7\x83\xb6\xda\xdc\x19\x0e\xe3\x08\x86\xde\x83\x3d\x85\xc5" "\x32\x7f\xa4\x7c\x3e\xfc\x99\x12\xc9\x0d\xe1\xcc\xa8\x90\x75\x5a\x6f\xd2" "\x26\x7a\x63\xb6\x9c\x4e\xeb\x9a\x57\xdc\x88\x20\x9d\x47\x01\x53\x0d\xa0" "\x70\x4c\x51\x9d\x4f\x93\xf4\xbf\x20\x57\xe7\x1e\x8b\x9f\x39\xfc\xbf\x0e" "\x75\x95\xc9\x6f\x5a\xd3\x22\xf0\xdc\xc9\x0c\x0a\xf4\x18\x1f\xeb\xe2\x83" "\xf9\xa5\x22\x4e\x54\xa5\x62\xfe\x70\x15\x4d\x89\xfe\x30\xf7\xf0\xe7\x1a" "\xcd\x1b\xa4\xd5\x46\x97\x8e\x6d\x5b\xd0\x37\x5a\xed\x9f\x42\xd3\xdd\x68" "\xc1\x7b\x5a\xf0\x1b\xc5\x7d\x5b\x31\x89\x0d\x6d\x57\xc5\xfe\x94\x7b\xe5" "\x35\xe8\x92\x23\x83\x8b\xeb\x81\x56\xae\x04\xa3\xaa\x0c\xfb\x88\xab\xe0" "\x8a\x8b\x8a\x1a\xa8\xec\xaf\xfb\x11\xfb\x0b\x21\x7f\xb5\x79\xec\x8d\xd5" "\x57\x0e\xec\x43\x12\xb9\x59\x47\x1f\x09\xe9\x3f\x5d\x07\xe6\x20\x16\x71" "\x3d\x56\xdf\xc3\xfc\xf2\x98\x52\xc1\x8e\xe7\xbb\x59\x55\xc2\x81\x51\xe5" "\x75\xfc\x39\x34\xbc\xb4\x2e\x1c\xff\x2e\x8d\x08\x8d\x6d\x7f\xad\x07\x6d" "\xa0\xb3\xac\x27\x99\xa1\xd2\x54\xa3\xfc\xf1\x92\x4f\x9e\xa7\x31\x51\x76" "\x5c\x90\x30\xe0\x1a\x4c\x24\xf6\xc6\x3b\x03\x5c\x34\x65\x92\x15\x0b\xcf" "\x7f\xc8\x63\x8e\x93\x23\x0a\xb6\xfd\x32\xa7\x50\x75\x56\xde\x33\xa8\x3e" "\xd3\x6e\xc1\xda\x5e\x59\x61\xe5\xb8\xe9\xd4\xbb\x0d\x3d\x1a\x94\x86\x79" "\x4c\x89\x09\x58\x96\xa6\x1d\xfc\x0f\x1f\xb1\xcb\x94\x70\x6a\x76\x22\x4d" "\xf9\xb7\xb0\x5d\xb4\x09\xea\x64\x19\xa6\x6d\x9d\xa2\x51\xa9\x1c\x43\xd9" "\x93\xcc\x67\x61\xa4\x99\x8f\xb7\x40\x13\x55\xe8\x96\xfc\x33\xf3\xc9\x4e" "\x30\xdc\x4e\x03\x35\x52\xae\xcb\x7e\x75\x65\x7b\xbd\xc3\xe8\x2c\x28\x80" "\xa8\xa8\x1b\x0d\x25\x18\xae\x4e\xc0\x8a\x96\xc8\x21\xb7\xc6\x57\x18\x16" "\xc3\xb6\x99\xba\xfa\x1d\x00\xe5\xf6\x83\x40\x71\xa9\xeb\xf6\x31\x81\x2b" "\x71\xa8\xcd\xf4\x74\xd4\x28\xb3\xdd\x33\x0c\xdd\x89\x40\x19\xe8\xf2\x7c" "\x62\x6c\xd2\xd3\x31\xee\x95\x82\xbf\xfa\x03\x07\x6d\xe5\xcc\x7f\xc5\x8a" "\x5c\x5f\x12\x8f\x15\xad\x17\x77\xa5\x06\x9d\x0a\xd3\xd7\xc6\x89\x72\x44" "\x7a\xbd\x9c\xbd\x2a\xed\x3a\x4a\x7c\xcf\xc5\x23\x50\x94\xc0\x4a\xd8\xca" "\x4a\x9f\x15\xf2\x90\x72\xd2\x86\xde\x44\x99\x1f\xc5\x96\x32\xdf\x46\xd3" "\x25\xf2\x7e\xc4\x12\xc2\xf5\xc1\xad\xc4\xa5\x69\x81\x05\x7e\x42\xad\xcb" "\x38\xa4\x05\xa6\xe7\x1c\x33\xbe\x7b\xa6\xf7\x32\x2a\x58\x60\x5d\xf3\xc7" "\x4a\x2d\x61\x2e\x89\x50\x06\xba\xa8\x02\x43\x2d\x08\xab\x3e\x9a\x3f\x86" "\x75\xe4\x7b\x43\x9d\xb5\xc2\x56\x2a\xbf\x3d\xb7\x87\xf7\x61\x89\x1d\xc7" "\xa7\xbd\xe7\x2b\x01\xf7\x20\xbb\x60\x5b\xab\x90\xe4\x40\x29\x30\xae\x76" "\xc3\x9a\xd5\xc5\xfe\x5b\xfa\x98\xf3\xac\x0a\xef\x13\x3c\x6d\x15\x18\x2d" "\xd2\x1d\xb6\xad\xdb\x4a\x6a\x2a\x77\x12\xf4\xc5\xd9\x87\x67\x3a\x79\x72" "\xef\x62\x60\xf9\xe9\x30\xd0\xdd\xe2\x23\x25\xed\x47\x8c\xf6\x20\x7a\x84" "\x7a\x13\x1a\x00\x84\xa3\x2e\xc2\x5f\xaf\xa2\xce\x2a\x07\x14\x73\x55\x15" "\xea\x0d\xd5\xe4\x0d\x81\xd8\x86\xbd\x39\xe2\xb6\x92\xb6\x06\x72\x5a\x50" "\x05\xa3\x1c\x4e\x72\xd9\xfe\x68\xed\x47\x9e\xbf\xb7\x06\x82\xab\x8f\x6d" "\x8d\x54\x7a\xd3\x81\x20\x5c\x2f\x1f\x8d\x73\xa7\x15\xd1\x22\x12\xbb\x12" "\x17\x54\xf8\xb7\x30\x49\xe9\x02\x4d\x5a\x4b\x83\x6e\x5f\x85\x2d\xc7\xe1" "\x4e\xf0\x9f\xac\x46\xaa\x2b\x81\xb2\x39\xdf\xf8\xb5\xfa\x0c\xe3\xb8\x44" "\xd5\xc3\x4b\xa1\x4d\x19\x96\x3b\x7e\xcd\x0e\x8a\x24\x24\xaa\x4f\xb1\xda" "\xcb\xf6\xce\x37\xee\x8a\xe6\x92\x77\x6e\xad\x3a\x9a\xfc\x77\x6e\x48\x91" "\xfc\x06\x12\x58\xad\xee\xe6\x45\x24\x19\xde\x92\x18\x34\x88\x09\x1b\x5d" "\x4f\x8c\x19\x0c\xbb\x49\xe9\xe3\xa5\xc8\x3b\xf9\xe7\xb8\x2a\x41\xe0\xfa" "\x4f\x6d\xa3\x74\x13\x08\x4c\x2b\x23\x41\x04\x32\x2c\xde\x6b\x33\x1f\xfb" "\x2a\xef\x1b\x4a\xba\xd8\xbd\x50\x96\xc8\xed\xb2\xd1\x08\x21\x14\x20\x43" "\x7d\xd2\x6d\x89\xd5\xd9\x22\x33\xc1\x8c\xad\xff\x7b\x89\xb8\x76\xca\x01" "\x39\x23\xe4\xcf\x4f\x5d\xfd\x50\xa0\x48\x5e\x20\x51\xc7\x33\x9b\x62\xc5" "\x93\xda\x58\xa8\x4c\x34\xb5\xf7\x6d\xea\x72\x69\x9d\x72\x77\x51\xe4\x8c" "\xc6\x97\x81\x89\x32\xcb\xcb\x18\x14\x98\x38\x82\xfd\x9c\x85\xdb\x64\xc9" "\x7c\x3f\x7a\x03\xb4\x42\x81\xb0\xd2\x82\xa2\x00\x12\x75\x82\xf9\x17\xab" "\x0c\xe9\x07\x45\xb7\x71\x37\x08\xd6\x31\x5b\xb6\x95\xcf\x9c\x06\x09\xb7" "\xfe\x3d\x39\x0c\xca\xe0\x4f\x3e\xe4\x45\x5b\x47\x0d\x1c\x4f\x30\xdf\x47" "\x2a\x69\x61\xd8\xde\x8f\x7f\x52\x01\xb0\x59\x65\x70\x0e\x39\x08\x19\x80" "\x4a\xc7\xc6\x44\x73\xe0\x1d\xef\x95\x21\xb3\x34\x65\x50\xa1\x82\xee\x80" "\xb8\xe0\xf7\xb3\xf7\x58\x7e\xd7\x5a\xaf\x23\x71\x49\x71\xf6\xf7\xf7\xdb" "\x3e\x47\x5d\x8b\xf1\xd2\x3e\x5b\x6f\xb2\x12\x3d\xf9\x0a\x9a\xad\x8c\x8c" "\x1c\x60\x08\xa1\x0c\xb0\x62\x80\xc6\xac\xce\x97\x5d\x59\x4f\xb4\xf2\xb3" "\xf6\x56\xa8\xcb\x5b\xde\x30\x0b\xde\xaa\x2d\x7e\x92\x85\x99\xfc\xab\xba" "\xb3\xb2\x81\x2d\xb2\x3d\x94\xd8\x9f\x7f\x0a\x6a\x15\x2a\x24\xaa\xa3\x7d" "\xf6\x15\xbc\xd8\xb4\xc1\xb4\x3b\xde\x3b\x93\x43\x93\x25\x56\xd7\xae\x09" "\x31\x54\x02\xf8\x78\x64\xbc\xff\x31\x82\x90\xb4\x53\xf8\x2c\xdd\xb8\x41" "\xc7\xd0\xbb\xe2\x25\x27\xfd\x57\x08\x3c\xeb\xe0\xcf\xd4\x05\xcd\x0b\xd1" "\x50\x24\x1c\xbe\x99\x95\x5f\xd3\x2c\x17\x80\x8a\xb1\x1a\x27\x84\x9d\x79" "\x49\x05\x47\x27\xf2\x2c\x1a\x17\x0c\xf5\x49\xc2\x0f\xfc\x1d\xd2\x61\x83" "\x37\x5f\x61\x70\xec\x85\xf3\xc7\x7f\xef\xc5\xeb\xaf\x74\x1d\xc8\x22\x5d" "\x44\x81\xd6\x83\xfc\xfc\x0a\x91\xf9\x9e\x42\x4f\xa3\x4b\x19\xf5\xc9\x85" "\x36\xd9\x95\xe1\x61\x5f\xf9\x12\x6d\x45\x5f\x5e\xca\xd6\x5b\x27\x1c\xd3" "\xd4\x0d\x0a\x8a\x19\x03\xa6\x08\x96\x94\xc5\x56\xc5\x44\x73\x45\xf3\x47" "\x89\xf2\x06\x08\x01\xa9\xfa\x06\x96\x24\x62\xf0\x71\xb8\xd7\x81\x9f\x13" "\x5b\xed\xe8\xa5\x28\x96\x72\xae\x5e\x00\x82\xe9\x1d\xb1\xc6\xc4\x45\x78" "\x18\x54\x0b\x5d\xd4\xd0\x32\x07\xa4\x61\x6e\x2b\xc4\x29\x91\xf1\xc1\xcb" "\xf7\x75\x8f\x69\xba\x54\x24\x7b\x10\xe8\xae\x8d\x8d\x1d\x87\xfd\x05\x96" "\x5f\x1d\x34\xa9\x8f\x87\xc3\x11\xd9\x3c\xef\x96\xee\x03\x41\xde\x26\xe6" "\x16\x41\xf6\x32\x80\x90\xb7\xd7\x61\x3e\x27\x50\x5a\xd6\x61\xe4\x61\x12" "\x34\x89\x0f\x6e\x83\x6a\x13\x4f\xbd\x2c\xa9\x26\xcc\x8f\x4a\xa6\x7e\x04" "\xc5\x95\x4e\x56\x6d\xe0\x8a\x90\x98\x44\x09\x4d\xe0\xe0\x40\x6d\x05\xe8" "\x26\xa1\x24\x6d\x99\xf7\xdb\x0c\xdf\x27\x99\xe9\x37\x3a\x4e\x73\x49\x18" "\xd5\x58\xfc\x73\x66\x20\xf1\xc5\x74\xcb\x07\x4c\x12\xab\x79\xcd\x64\xe1" "\x5d\x5b\xca\xdf\xcd\x34\xda\xc4\x34\x3c\x2b\x2d\x39\xc6\x94\x7c\x85\xf3" "\xab\x83\xb7\xf8\xeb\x0f\x6f\x68\x0e\xac\x3e\x4a\xf0\xff\x0e\x93\x44\x6d" "\x25\x20\xad\xe4\xca\x35\xa4\x4e\xc4\x3e\x2c\x5b\x64\xd6\x29\xfc\xf3\x66" "\x2a\x7e\x7d\xa3\xc4\x08\x4a\xfe\xd1\x71\x63\x52\xd1\x26\xf5\x4b\x60\x8e" "\xf2\xe8\xec\xe9\xa6\x42\x0d\x16\x9f\x2b\xe4\xfa\x5e\x42\x96\x40\x47\x27" "\x88\x74\xf7\x5b\x74\xa9\x08\x13\x1e\x7c\xff\xae\xd0\x6e\xd9\x79\xfd\x8f" "\xf3\xd6\x1b\x31\x1f\x44\x5c\xbd\x65\x0f\xb4\x67\xb8\x81\x27\x56\xbd\x90" "\xa4\x94\xb7\xfc\x99\x67\xa5\xe1\xec\x81\x38\x83\xa9\x98\x94\x25\x01\x70" "\x80\x41\x1d\xf8\x26\xe8\xcf\x2b\x62\x5e\x83\x2a\x68\xf9\x55\x54\x61\xfb" "\xde\x23\x86\xf4\x3e\xe8\xdd\xf4\xd8\x65\x93\xc8\xbd\xa7\x77\xe6\xb6\x38" "\x36\xa4\xbd\x70\xf0\x19\xa4\xca\x01\xae\xcf\x58\x1a\x66\x97\xb7\x61\x52" "\xb7\xa0\x6e\xa4\x3b\x21\xac\x7d\x74\xae", 4096)); syscall(__NR_setxattr, /*path=*/0x200000000000ul, /*name=*/0x200000000500ul, /*val=*/0x200000001600ul, /*size=*/0x841ul, /*flags=XATTR_CREATE*/ 1ul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); setup_sysctl(); const char* reason; (void)reason; if ((reason = setup_swap())) printf("the reproducer may not work as expected: swap setup failed: %s\n", reason); install_segv_handler(); do_sandbox_none(); return 0; }