// https://syzkaller.appspot.com/bug?id=5e2eb3114a6c1ba5eb89103af506250846736b85 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif static unsigned long long procid; static __thread int clone_ongoing; static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { if (__atomic_load_n(&clone_ongoing, __ATOMIC_RELAXED) != 0) { exit(sig); } uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ ({ \ int ok = 1; \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } else \ ok = 0; \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ ok; \ }) //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } else if (strncmp(fs, "gfs2", 4) == 0 && (strstr(opts, "errors=panic") || strstr(opts, "debug"))) { strcat(opts, ",errors=withdraw"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; install_segv_handler(); intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // syz_mount_image$vfat arguments: [ // fs: ptr[in, buffer] { // buffer: {76 66 61 74 00} (length 0x5) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 30 00} (length 0x8) // } // flags: mount_flags = 0x18000 (8 bytes) // opts: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYRESDEC: ANYRES64 (resource) // } // union ANYUNION { // ANYRES16: ANYRES16 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {b0 22 fd 84 09 92 90 ab 8e be 39 cf c1 7f 80 bc // 29 26 13 1e 94 37 a1 de a9 ca 17 56 90 05 31 c1 4b 67 f7 a9 ed d0 // d8 0c 7c 73 64 90 53 15 3a 8d 8d b6 d3 c0 d3 b3 fa 95 1f 57 d1 40 // 71 b6 1a 27 d9 68 a0 ae 7b d5 80 d2 d9 fd 90 34 45 1c 3e cf fa e8 // 0b 23 4e 72 fb 11 e3 a6 0c 12 08 bd 52 62 c5 00 9e 3e 45 58 2e d4 // 20 38 50 29 2e d6 82 fc 5e 26 f5 c2 af 47 71 8e e5 b4 f2 ed 68 f0 // b2 1b 81 3e c2 2c 4c 61 d3 f2 2f 5a 01 eb ea 6c 48 4d 8e f4 ca 90 // 18 0b 45 87 e0 be e2 f7 82 fe f5 74 aa 1e 0e bc 5d 9e 42 45 29 10 // d0 3c 12 fe ff 78 48 f7 2a c5 43 04 76 b9 dc 24 57 a0 9e fd c6 f1 // 81 c4 08 ab e7 b3 0c cc d2 c8 fb 85 38 9e 1c ac d4 f4 b2 9a 3d 4a // 55 94 1b f1 bb 41 62 03 73 2d 67 12 d5 a8 94 70 87 6a e6 da ec 66 // f3 fe 1b 39 98 2c 27 81 b1 15 e2 0a f7 ce 0a 0c 7c 77 db 10 73 ad // c6 e1 15 97 bd 9f 54 0f 90 f6 0b 92 dc 84 a5 c7 64 37 9c 0b 94 26 // ff 4f 54 71 82 50 26 33 aa 75 4d cf c6 3e 46 c7 ce f8 e3 a0 c2 9b // f5 18 4a c1 50 e9 0d 88 4c 59 cb a3 da e7 c5 31 fb 11 45 34 29 26 // 29 d8 53 2c 0f 67 ee 37 f2 c3 49 ea 8f 28 19 9a ff 2a a3 35 df 5d // b4 11 28 7a 73 ad fb ff f2 12 cf 7b 6d 27 7a 36 1c 55 af 16 0d 98 // b5 c3 db 84 da 37 d8 0e 07 26 9c 33 f6 0f 11 1e c3 c0 9d 88 43 e1 // f5 49 9e 71 de 9b 48 88 2b 94 15 d4 5b 20 39 38 88 ec 49 f3 07 d5 // 35 58 09 47 b5 a5 b4 0b 46 53 82 aa 4a 57 9f 31 7d 91 79 2f 8e d7 // 0e 94 01 86 3b c0 a2 1d 7e 15 f8 28 ae 8f 13 c6 73 a3 0c ba 6f 10 // f8 9c 8a 01 8c c8 bb e7 07 2f fe 1c 5d 4e f1 1f 0f 82 cf 96 7f ae // f8 60 8f 8b 28 92 45 f8 76 07 91 7b 0c 25 78 db be 51 86 ac 78 b8 // cd 9a 5a ff 56 7a eb e8 a7 3d d5 47 fd c5 03 88 5a 2d f4 95 3f 34 // 97 68 8b 7b 1e de 6a 2e 52 9b 25 ec c2 46 a7 bc b0 00 77 05 9d 7e // 01 00 aa 20 cb 4d 1d ba c6 ee c0 a9 f8 03 60 1c 79 9e dd b9 b2 71 // f0 53 08 42 29 11 67 ab ff b9 82 fe 47 a4 96 e8 84 ee 3c 17 85 0f // 97 0c b3 ac 33 42 b8 32 b8 b9 84 e2 eb 48 36 af b7 72 7f 73 10 a3 // 47 ad d2 a1 09 4c ff f7 b4 45 16 59 3b bf 15 f3 a9 e0 e2 a7 88 e9 // 9b de c6 70 6a e9 a3 9b 4f 89 83 ae 38 d4 cd f8 66 d9 67 0d e9 10 // 36 ea 86 64 6f 19 5e c4 b4 ce 46 2e a6 24 b8 87 58 25 26 2a 30 1f // 92 35 49 6b 93 55 06 10 92 87 bb cf 47 54 e3 fa 63 74 28 a2 e3 9a // 80 cd 07 ff af d7 56 83 9a bd dc 72 14 21 75 4f ca e7 05 ab 43 2f // cd d6 f3 c0 04 df ad 9e 6b fa 87 74 6d d4 16 49 dc d2 bf 17 28 a3 // d6 d2 dd f2 7a 52 95 74 22 a2 7f 9e 47 85 30 87 3d 9f 18 61 b7 1f // 23 78 54 06 48 b1 71 bc bd 44 53 37 23 ae 1a 89 e5 6e 2f 57 0c 05 // 71 eb 3c 66 fa c6 5e 3a ba d0 03 a8 28 f2 d2 1c c9 90 e5 7b 80 dd // 37 62 fe 12 04 eb 32 05 91 d6 a9 3f 90 52 b8 04 94 b2 f5 2a d8 9d // 63 74 cf 33 04 0e 24 84 c3 38 49 46 45 0b b6 58 35 d6 5b eb b4 a9 // 1c 0f 82 e5 98 e5 aa 7f f9 ba 79 f2 7b bd 46 24 02 87 72 1d 27 59 // fa 24 ce c9 76 58 d8 f1 7b 3f 42 42 93 f7 25 3b 74 da e4 b9 66 c8 // 08 9c 54 69 36 95 3d 8c e6 34 63 c2 6f 1e 29 6f 56 e1 7e 7f 89 0b // 60 01 ed 5d 9f 73 90 36 84 2e 98 9b 40 c0 2d 3f e5 22 7b 1f b0 8a // 98 f1 b1 f0 c3 36 34 66 98 e7 01 71 e7 4e 40 c5 30 4a 35 6b 29 c9 // 47 67 2f 8a 05 35 b7 ce 3a 66 b2 76 d0 9c a3 d9 ff f0 30 e4 15 98 // 64 9a 31 08 75 f5 b5 80 1c 47 11 82 c1 f6 17 c9 07 f0 6b 5f 36 a1 // f9 29 4b 0f 4a 95 d0 fc 98 68 2b 1e 38 f2 f9 4f b0 8f 20 c5 e5 c7 // af aa 9f bb d8 47 34 a9 8d d9 b3 31 88 f6 b7 93 34 b0 9c a8 e2 de // 56 45 72 42 f9 04 b1 14 a2 c3 13 b1 93 fe 42 1d 7f a9 7d a5 ab 77 // f3 63 e8 3b 46 98 bf 90 30 22 d1 38 26 de d7 9a 90 5f 07 f9 7d c0 // fc 4c c2 90 b9 69 ee 37 07 5a 4a 80 a0 d8 6d 06 96 ee ea 20 48 eb // d1 a9 7f 83 19 b3 34 2e 51 5a e5 c9 e2 5e e9 33 d9 26 ae 0f 31 af // 55 ae b0 7d a6 50 87 56 ac 95 49 ba 8b bc 00 95 a1 7c b6 47 df 12 // f9 26 e5 95 a5 31 d7 20 8e f7 5c fd 62 39 f6 5a 05 84 12 1c 75 e0 // 0f 7c 77 99 0b 90 e6 35 0b 1a 84 eb a4 43 09 79 bb 72 6a b0 20 50 // 57 3a f2 91 56 be d8 e2 43 52 75 93 dc 0c 6d e4 1d 0b 67 75 81 8a // 96 ee 97 d1 53 82 6a 21 7e 8d 7e 88 c6 c4 4b aa 78 1a 49 5a fe ba // 38 82 a0 6f 5b 1a 87 b1 e8 ee 1e df 40 4a c3 ad e6 f5 af 1f 6c d2 // 2c 01 50 6b 5f 84 be fb 55 c8 6f 79 b5 6e 4d 57 54 be 8f 56 4f 57 // 85 2f 99 1c 22 75 cb f5 59 37 66 6e 02 2c 2b 2f 0d 02 01 56 15 23 // 77 85 9b 34 5f 74 fe 66 79 14 21 e5 57 1a 79 00 df 89 c9 be f5 c3 // cb 19 11 3f ae 5d 52 4a e2 ed ea 5c a9 1b af 09 6c 02 e1 e8 60 c9 // b5 a9 78 82 da 59 8e f1 e3 9f cb 61 d8 3f 99 76 75 a7 72 ac 37 c0 // fb e6 5a 9d 37 9b 92 04 a9 15 fd b6 a7 c7 cd bd 14 c0 89 3c d5 e8 // cf d5 6f 40 21 75 6d 6c 6a 25 b2 58 a6 99 22 a4 1f 3c 7b c4 3b 69 // f4 62 93 b3 81 a2 7a e5 a3 cf cf 25 26 f8 ea dc b5 40 ec 87 d6 00 // 9d 6a 29 39 88 21 40 f9 a4 47 c5 be 43 28 a0 68 1a a3 00 2f 6a 9d // fd 83 6b 36 2f b1 d4 23 d7 c9 57 1a eb 50 e2 a6 ac b9 ab 4e 85 57 // 4b af 27 b1 02 8d b0 f6 64 7a a7 fe 99 5c 1f bf 8a b4 22 bb 15 ac // f9 ae 6d e7 39 72 c9 54 9c b6 01 29 7b bb 1c 74 0e 87 61 af 16 c4 // 78 5c 48 27 b5 dc 5e 52 f4 a8 20 00 f6 f8 76 70 ec 19 fe a4 e0 4e // 56 4f c8 3c 0c cf 1b 7f a2 bb 9a c3 e5 6a dd fa 7f 5f 6d 1d 3d 3c // 92 de a5 de 9f a4 2f 14 14 a7 69 b0 cd c4 0e 30 6f ee 0a d6 65 73 // 62 8b 83 a0 7f e0 87 fc b3 37 78 48 e1 a7 86 9e 59 2c 83 bb 59 42 // 84 da 28 a4 f5 db 38 10 59 d5 6e 5d 49 89 04 2d ad bb e6 00 0b 66 // 18 4c a8 fe 9d 29 3f 6c 70 98 8f 3d 7b 8e e0 05 46 a2 1a ae ca 49 // 8a e0 6f a7 be cc 5a 55 91 4c 7a 1a b7 14 d9 55 a8 b0 bd 72 e8 d6 // bb f4 dd 45 1b 52 5f cb c9 fb 5c 10 74 7d ee 3c 75 5d 39 be 5c 2d // 52 34 5c 56 18 5a 8d 6c ee 87 8b 72 25 5a ca bf 7d be fa fa ed 94 // 83 85 32 fd 01 ea 62 44 c4 ac 92 9d e6 84 60 84 a0 7d 19 de 70 98 // e6 2b 61 37 75 ab e3 26 d4 02 f7 07 c4 fb b3 96 8b 0a ac 7f 1f 27 // 53 7c bd ec ee 19 15 1b 31 0b cb e2 c8 48 ef 41 ee a7 47 e8 5f 87 // d5 a1 60 b2 cb 6b 28 d1 37 e3 0c 69 77 0c 16 51 e4 4a 66 f8 e3 39 // 4b ec 03 c8 25 6b 89 fd 59 be c4 49 c6 a2 bd b3 51 f5 3d 05 e4 63 // f7 5b 83 46 24 b8 c7 b5 57 dc 38 a3 98 d7 26 d0 84 6f c2 f0 62 b5 // b3 2d 10 af 38 ce 84 4c 68 11 aa ef 73 ac e1 d8 68 13 bc 37 43 36 // 70 f6 18 0f 9b d1 12 ae 00 13 30 77 fc 7a 0b d1 2d 7b 4b 3a 53 a3 // c1 6a 9c b0 e8 11 2f 18 69 1a a3 bd 22 15 af da a1 d0 0c 8e a4 f4 // a3 02 ea 9e bc 94 af aa d2 54 9f 64 6a 8a e6 6b 95 3f a9 cd 64 9a // 02 c4 b1 52 cc 6c 7b 55 d9 9d dc 3d 0f d1 fc d8 4d a3 55 eb 02 58 // 1d ba 9e 4d 9d d2 35 d2 d4 c4 e0 94 16 14 40 e7 09 26 22 1d 76 ce // 70 c8 76 24 85 c8 b8 01 55 0c c2 08 e5 d1 bf d1 84 e6 22 ff 09 50 // a9 12 dd 47 16 3c 83 8f d5 62 f0 9c a1 69 0e 76 da 55 a4 71 ec 67 // cb 83 bb b1 03 97 5b d4 68 3f 03 93 ec 8b 84 3f 55 ba 2c 0b dc 6c // 90 b5 00 31 cf e7 51 79 2b d5 d0 cb 50 c8 ee 93 08 67 94 e1 8c 4e // d6 6d 6b d0 9b 49 9f 8f f2 f6 3a 89 20 70 1a b0 af 5b 4b 75 40 2b // 1d 65 b1 eb 51 5d c4 6e 18 1a 16 99 f2 1e 67 34 9c 90 4f 02 f8 35 // 8e 28 fa ff 2a de 65 70 3d 14 dc 27 74 b0 2a cc 73 1e ee 09 41 67 // 55 02 d9 5e 0c 32 a7 30 4f 6e 9a f8 5e f2 20 da ea 0d e2 4c f7 9e // 35 a5 94 12 e6 28 35 d3 03 2f 88 d9 ed 7b ef d4 f7 08 bf d2 d2 36 // bd 18 8b 6f 95 1b be 13 e3 ad d8 4f 11 1e 20 32 4a 52 34 26 61 1e // c1 5f b3 76 e7 30 6c be c6 86 7f 0b 94 50 47 a4 fa cf 78 15 4e 68 // a6 6a 36 97 2d 5a 18 af 14 03 ba a9 b4 b5 1f dd d0 72 ee 1f 00 87 // ad d0 24 85 b4 03 23 bd 70 8b 76 40 6e 10 a9 27 a9 13 d9 1c 5d 77 // 1d 3a eb 3c fa fb 54 b1 01 67 85 c6 1e d1 30 60 d5 f1 b5 50 67 6a // 65 6b 87 4f d3 92 ae 61 c5 04 42 18 df 55 cb b7 2b 81 99 90 ff db // 13 0f b1 7a 14 f7 cb 5a 2a 8a af ed c6 52 6d 83 76 2d bf 32 0f 15 // 75 80 30 ee ec f5 65 2d cc f0 4c dc 68 82 74 00 c7 68 a2 1d af f4 // 72 12 b8 73 57 ff 0b cb 36 ca e4 d1 13 a5 d9 81 5b 07 33 2c b4 23 // 29 32 16 64 d9 3e 43 e6 dc d6 11 59 87 00 7f c6 23 08 80 04 f8 ac // 94 37 36 eb 2a 04 5a 25 b1 bb fb bc 97 57 1e ab f8 75 d9 24 f6 b7 // b0 e5 24 b1 af a0 ff 49 94 73 aa 79 76 de 83 b9 19 28 e8 4f 8e 44 // 57 28 77 8f e0 e5 a3 56 a5 7f 09 ed 25 48 48 ce c3 1b 7c 5c 9c 7a // 2f ca 21 be fe 15 ff c9 31 7e 96 f7 ad 58 26 84 ce 62 57 91 b9 95 // 63 78 1b f6 49 83 e7 7b e4 f1 a5 89 3b ee c4 b5 60 fc 15 e9 c2 1d // d0 c2 9b f2 87 9d fa a2 57 ba 5e c9 79 57 05 0d 5b 2c 1f 25 eb 40 // 64 48 8c 13 9d bf 88 f3 b7 c7 08 50 d6 fd bf 06 03 cd d4 01 1b f7 // 6e 0d 9e e5 c2 b1 28 b5 0d ba 56 89 a8 f0 4d 4c af 62 d7 77 ea b3 // 1a ab 4b 41 95 da 78 09 01 35 2d 28 48 85 bf 41 7e b0 53 67 ee 1b // 5f 2f 8c 5c fe 7f 03 94 fb 97 7f 3a 3f 96 08 43 75 e2 2c cf 6c 3e // e4 65 9d 68 d2 b1 94 8a 4a 17 83 a4 db 22 82 c6 7d 39 61 3f a6 7b // e4 dd 14 47 93 b7 6c 09 dd 56 3e f3 d1 69 f3 43 18 ac bd 62 d3 b2 // d6 4f 91 73 d1 6e 98 01 13 29 18 c3 39 01 72 c6 f6 4d 04 9b 4c 89 // 4d 59 34 19 e5 f4 d5 a5 13 fc 5a 64 dd cd 05 b0 34 e6 d1 6f e8 8f // f8 9a 52 0c 46 4f 84 2a d5 a6 2a 6f c4 6f 0e 9d 56 d0 5d 6f 5e 62 // 5d 25 f5 37 cc a6 29 10 98 1d d4 63 25 53 18 d8 27 3d b1 3d 27 fd // c6 c1 7c 2c 54 77 6b a3 a2 46 c4 13 95 7f 29 7b 8e cb 1a db 5c 3f // 1d 4d 8e 4d 77 05 bd b9 26 8f 95 6d 28 45 b6 85 11 ed d5 1c dc 5d // 05 de 5d 6d 4b 3f 57 35 92 98 6f ed 32 5f 1f 3c 6a 9e f7 74 0f 9d // 84 3e 11 98 1d 1c a5 15 c7 e7 22 ec 4d 69 1c 5e 4d 3a 14 6e 39 bc // f4 07 f6 64 18 f7 54 bb 25 08 cb 4c c8 43 aa 9d 8e b6 38 50 e5 b9 // 10 36 82 ec c1 fc 8f 97 2f 39 4b e9 d3 1c b9 ef d0 f6 93 d4 ec 41 // fe 8d 09 93 b4 5d 2f 42 2f 9a b6 04 d3 37 1c 1b da 1d aa 32 06 a0 // 27 c4 de 5c 8f 2c f6 d1 fc 7e 6d 14 23 a6 c7 1e 84 f2 4e 0a 4d fb // f4 a3 31 de ff 2a e6 49 df 96 81 a0 88 46 ef c9 f0 00 1e 7e f1 06 // f1 bf a2 5e e2 79 9b 13 f1 f0 76 e3 0e 58 07 8d 18 6a fb 65 30 14 // 97 e9 82 47 8b ab f1 43 97 2c c7 07 2f 70 82 9b 8f ae e4 6e 56 a1 // 45 1f f7 dd d0 dd 35 81 6b fa 29 ee e3 61 de 60 fb c3 22 2e 89 d7 // 0f 14 95 be 94 d0 e8 20 72 a0 e5 72 e3 05 5c 90 55 52 e6 c4 5d 2a // f3 d4 f5 05 a9 9d 94 76 67 05 9c 1c 92 ce 2d 35 49 07 75 39 c4 ce // c4 c0 73 37 36 1e eb 9f 78 81 3b f9 e7 7b 0a 79 f3 91 ae 6e b6 63 // de b5 33 17 f6 1e f8 dd ff db d0 ca 2d 80 95 c1 0c 10 6b 09 68 32 // 5b c1 e8 88 29 d9 23 99 b8 09 f1 b8 81 e9 b9 f0 ae ad a5 c5 ee 20 // fd 08 66 07 0e 3d 5d 41 e6 2f 5b 6d 2d 25 44 1b ab cd f9 d3 dc 8a // e3 c1 40 a6 f3 52 da f0 0e d3 8e 24 8b 23 6a cd 27 f2 4b de ba e0 // f2 72 a5 82 0e f7 7f b6 03 fe 3c c9 10 a9 d8 42 12 92 59 e6 1d 25 // dc f5 46 cd 77 0e 4c cc ab 47 0b 20 fa 5f 59 72 a6 dd 15 85 34 83 // de 6e 03 2f 97 26 c1 66 e8 1e 8e 0f 9d b4 df 39 7c c4 a1 0b 6e 58 // 70 8a 31 f4 8d 7d 2b ae 4e f9 28 28 c3 70 88 06 8b 2a e4 33 11 0d // c7 c0 8e 60 17 d8 b2 6e 4e 03 82 ca 8f a6 2d c6 f5 3c 4c c2 f0 f7 // 8a f7 23 35 c4 94 f5 7f 24 14 af e2 47 e2 29 1c 39 58 95 bb 18 f7 // 01 b6 f4 33 1f eb 75 91 10 c5 43 dd 94 a2 38 e7 82 ad 55 20 47 67 // 75 58 a5 0e 76 83 d7 1a 9e 22 2f d1 9a 93 43 e1 d6 45 28 64 0a 80 // 99 de dd 19 e4 c7 47 dd a1 8f f2 5b 15 bd df 75 0a 54 53 3b 6e cf // c7 5a d4 a2 90 94 85 f7 fd 75 9d 45 c7 47 27 b2 e7 30 0e ae 71 a8 // 78 4f 5d d7 f2 5b 4b 00 0e d3 25 42 64 13 1c bb ae 31 6f b3 a3 bf // be b3 09 dd 2d 18 10 46 29 db 35 4f 44 77 91 eb 88 2b f0 33 3a 52 // 0b 8d ba 74 5b 67 3d 07 1b 07 e1 de 3e 02 fe 75 1a 1c f5 90 84 35 // b1 a3 8e db d6 04 83 ab db 15 45 2c 86 88 44 ce b9 6c 44 9a b7 29 // 99 a5 5c 79 f9 ce 74 05 79 71 42 ef 70 95 b4 ca f9 9d 7b be 51 cd // 4e 96 3e 4f fb bd 26 48 76 1a bd 38 94 b5 42 0a 0a dd 26 1f f9 c0 // ef f6 1a af d1 ac 51 95 ff 15 ca db 5b 0c 7c e3 4d 4d 2d 68 14 6f // 3d ae 67 7e 83 3b 8b e0 f8 a8 76 15 3b b6 53 98 de f3 8e 4b f5 39 // d3 a0 00 47 b1 9c 48 30 62 fc 1c 25 47 b7 d4 f7 d9 9b 70 35 21 2c // cf ff ee b2 1e d7 bb d6 16 5a c7 fb af bc a3 ce f8 6f ff 65 53 05 // 70 6d d0 ba a6 07 c5 05 43 bb 0d 66 f0 f4 db dd 9c 36 5f db 7b 87 // 5d c5 e7 ee 59 af cc c3 21 ad 1e 31 cc 84 68 7a fd a7 12 31 bb 2e // 4d c3 ce 79 ff 3c e4 bb af ed 88 21 a5 b7 1b bf 38 44 f1 10 e2 dd // 95 57 b5 96 ac 79 2d 97 50 6d 22 c0 41 0b ce 43 5e 20 fa 2e 2d 43 // 53 61 b5 b6 ac 85 f4 47 63 76 97 23 a7 b6 29 25 8f 45 e1 05 78 f7 // 0b ef 2e 9c 05 af 80 32 e3 57 69 7d fc d3 0d e9 b3 e9 53 a3 6d 6c // b7 a0 3c e6 92 88 b6 63 f6 92 79 39 04 dd 8f b4 ab 6d c3 1d df 7f // 69 42 ef 84 c1 e6 8c 78 bf 99 74 f8 30 ee 2f cc ca 84 11 3c ee 98 // b4 7e d4 1a 87 fe 61 0c 53 48 dc 38 d4 ad a1 98 62 77 23 17 a7 07 // 54 87 03 47 ad 87 db bb 4c 52 34 9b 02 61 aa 8e 10 8f cf 38 7b 24 // d4 e2 a7 7b a7 6e 84 72 fd 74 ab 6f a0 21 27 7a 24 ef 7a 48 d3 95 // b0 fd 1f 9c 0c f8 3b ac 56 b4 33 ff bf e5 98 4a 36 2e 33 79 69 fe // bf 25 99 88 16 2c 2b 48 42 bd 2f c0 b2 30 fe e9 3a 08 50 03 e6 15 // 08 8a bf e4 18 89 f7 b5 e0 f3 80 ff e5 5b 66 c1 f7 41 99 93 c3 dd // 4a ac 58 91 49 4a 18 3d dc a2 e4 15 e1 74 94 89 c9 25 71 5f 3c 44 // d9 4b 90 d2 d7 35 f2 b9 23 bd bb bf 16 46 58 0a b1 35 35 6a 9e e2 // 9b c1 9e 73 de d9 a3 37 98 a6 9d 24 85 74 e0 c9 e9 f4 0a 1c 1b a5 // 2b c6 6a 57 8d 08 b7 5f 27 1a 9e 9f 44 7e fe de 09 d6 b3 b5 7e 0a // a6 32 2c 18 fd 6f 5e 1c 9d 27 53 e0 a6 51 3c c0 41 24 ab 89 80 2e // b9 c5 04 f0 e5 55 08 68 ab 59 76 29 d7 cc 74 47 ed 1b 01 b2 ff 4c // f5 11 aa 09 87 10 b2 08 b5 aa 0f 59 50 39 a2 f0 e7 29 4c 5f e3 b0 // c3 e6 c4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 58 8b // eb 10 11 5f 4b 22 f4 ac 99 7c 86 c4 92 01 ee 9d ce b2 14 2a e6 15 // 55 bb bc 4e f8 cd d4 68 a8 ff be 6c bf c8 87 7d d8 72 92 c7 0e 10 // 66 9b c9 9d 8d 57 10 f7 71 9c c2 cf fc 86 cd 52 9b 6d a2 51 1d 07 // ae f4 a1 d9 53 3a b5 8a 76 f8 0a d7 fe 91 a1 73 97 d3 c8 34 81} // (length 0x1063) // } // union ANYUNION { // ANYBLOB: buffer: {fe 2e cf 20 a9 a1 7b d2 ed 7e 80 3f 83 03 75 c1 // 50 a1 f8 48 f6 04 c2 c1 f9 32 d2 b7 16 3b e4 b2 b9 a5 bd 52 1d 18 // 5c fb ee 55 5b 27 60 85 94 be ba 63 25 92 3a af 5d b7 4c ff 01 00 // 00 53 db 92 c6 c5 fc bb a0 ab d9 75 fc 76 be a4 9b 00 51 3a fc 85 // 6e d8 9d 3f ad ed a3 07 ca 58 73 54 32 28 03 b0 98 3c c6 57 25 ae // 7f 45 fb 95 e7 cd b2 8c 6b 88 69 59 b7 dd e2 c8 7c 73 f6 00 8c f6 // ee d7 86 1f 24 b7 42 37 04 b9 5f 3d 05 b9 2d 3d 7f f9 d3 92 83 3e // cd 02 44 33 20 b6 01 31 a3 50 36 0f cc 1d 65 9e 2a 03 cb 46 9c af // 04 98 ba ca e0 73 5a 16 13 45 b3 d7 1a 55 f1 4e f6 36 b6 f8 32 c7 // a6 07 1f ce 83 90 4d fd 87 1b 6d 8e 03 64 8d ba a3 a0 39 eb 56 73 // 79 2c ae 80 33 57 32 03 0f 9a ea ba f3 bb 3c c4 ca 5f e7 52 71 d6 // 9b 2e 78 be b2 b8 1f c3 cf 3a 18 a7 ae 93 a3 cd be 65 99 b9 94 08 // 27 5e 2b 4b 44 77 c6 fc f4 80 61 34 e8 39 e1 35 33 ec 00 00 00 00 // 00 00 00 6a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // 00 00 00 00 00 00 00 00 00 69 c3 28 83 11 b7 41 47 05 e9 75 eb 3f // 1b 77 a1 20} (length 0x148) // } // union ANYUNION { // ANYRES64: ANYRES64 (resource) // } // } // } // chdir: int8 = 0x8 (1 bytes) // size: len = 0x2eb (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x2eb) // } // ] // returns fd_dir NONFAILING(memcpy((void*)0x200000000080, "vfat\000", 5)); NONFAILING(memcpy((void*)0x200000000480, "./file0\000", 8)); NONFAILING(*(uint32_t*)0x200000003b40 = 0); NONFAILING(sprintf((char*)0x200000003b44, "%020llu", (long long)-1)); NONFAILING(*(uint16_t*)0x200000003b58 = 0); NONFAILING(memcpy( (void*)0x200000003b5a, "\xb0\x22\xfd\x84\x09\x92\x90\xab\x8e\xbe\x39\xcf\xc1\x7f\x80\xbc\x29\x26" "\x13\x1e\x94\x37\xa1\xde\xa9\xca\x17\x56\x90\x05\x31\xc1\x4b\x67\xf7\xa9" "\xed\xd0\xd8\x0c\x7c\x73\x64\x90\x53\x15\x3a\x8d\x8d\xb6\xd3\xc0\xd3\xb3" "\xfa\x95\x1f\x57\xd1\x40\x71\xb6\x1a\x27\xd9\x68\xa0\xae\x7b\xd5\x80\xd2" "\xd9\xfd\x90\x34\x45\x1c\x3e\xcf\xfa\xe8\x0b\x23\x4e\x72\xfb\x11\xe3\xa6" "\x0c\x12\x08\xbd\x52\x62\xc5\x00\x9e\x3e\x45\x58\x2e\xd4\x20\x38\x50\x29" "\x2e\xd6\x82\xfc\x5e\x26\xf5\xc2\xaf\x47\x71\x8e\xe5\xb4\xf2\xed\x68\xf0" "\xb2\x1b\x81\x3e\xc2\x2c\x4c\x61\xd3\xf2\x2f\x5a\x01\xeb\xea\x6c\x48\x4d" "\x8e\xf4\xca\x90\x18\x0b\x45\x87\xe0\xbe\xe2\xf7\x82\xfe\xf5\x74\xaa\x1e" "\x0e\xbc\x5d\x9e\x42\x45\x29\x10\xd0\x3c\x12\xfe\xff\x78\x48\xf7\x2a\xc5" "\x43\x04\x76\xb9\xdc\x24\x57\xa0\x9e\xfd\xc6\xf1\x81\xc4\x08\xab\xe7\xb3" "\x0c\xcc\xd2\xc8\xfb\x85\x38\x9e\x1c\xac\xd4\xf4\xb2\x9a\x3d\x4a\x55\x94" "\x1b\xf1\xbb\x41\x62\x03\x73\x2d\x67\x12\xd5\xa8\x94\x70\x87\x6a\xe6\xda" "\xec\x66\xf3\xfe\x1b\x39\x98\x2c\x27\x81\xb1\x15\xe2\x0a\xf7\xce\x0a\x0c" "\x7c\x77\xdb\x10\x73\xad\xc6\xe1\x15\x97\xbd\x9f\x54\x0f\x90\xf6\x0b\x92" "\xdc\x84\xa5\xc7\x64\x37\x9c\x0b\x94\x26\xff\x4f\x54\x71\x82\x50\x26\x33" "\xaa\x75\x4d\xcf\xc6\x3e\x46\xc7\xce\xf8\xe3\xa0\xc2\x9b\xf5\x18\x4a\xc1" "\x50\xe9\x0d\x88\x4c\x59\xcb\xa3\xda\xe7\xc5\x31\xfb\x11\x45\x34\x29\x26" "\x29\xd8\x53\x2c\x0f\x67\xee\x37\xf2\xc3\x49\xea\x8f\x28\x19\x9a\xff\x2a" "\xa3\x35\xdf\x5d\xb4\x11\x28\x7a\x73\xad\xfb\xff\xf2\x12\xcf\x7b\x6d\x27" "\x7a\x36\x1c\x55\xaf\x16\x0d\x98\xb5\xc3\xdb\x84\xda\x37\xd8\x0e\x07\x26" "\x9c\x33\xf6\x0f\x11\x1e\xc3\xc0\x9d\x88\x43\xe1\xf5\x49\x9e\x71\xde\x9b" "\x48\x88\x2b\x94\x15\xd4\x5b\x20\x39\x38\x88\xec\x49\xf3\x07\xd5\x35\x58" "\x09\x47\xb5\xa5\xb4\x0b\x46\x53\x82\xaa\x4a\x57\x9f\x31\x7d\x91\x79\x2f" "\x8e\xd7\x0e\x94\x01\x86\x3b\xc0\xa2\x1d\x7e\x15\xf8\x28\xae\x8f\x13\xc6" "\x73\xa3\x0c\xba\x6f\x10\xf8\x9c\x8a\x01\x8c\xc8\xbb\xe7\x07\x2f\xfe\x1c" "\x5d\x4e\xf1\x1f\x0f\x82\xcf\x96\x7f\xae\xf8\x60\x8f\x8b\x28\x92\x45\xf8" "\x76\x07\x91\x7b\x0c\x25\x78\xdb\xbe\x51\x86\xac\x78\xb8\xcd\x9a\x5a\xff" "\x56\x7a\xeb\xe8\xa7\x3d\xd5\x47\xfd\xc5\x03\x88\x5a\x2d\xf4\x95\x3f\x34" "\x97\x68\x8b\x7b\x1e\xde\x6a\x2e\x52\x9b\x25\xec\xc2\x46\xa7\xbc\xb0\x00" "\x77\x05\x9d\x7e\x01\x00\xaa\x20\xcb\x4d\x1d\xba\xc6\xee\xc0\xa9\xf8\x03" "\x60\x1c\x79\x9e\xdd\xb9\xb2\x71\xf0\x53\x08\x42\x29\x11\x67\xab\xff\xb9" "\x82\xfe\x47\xa4\x96\xe8\x84\xee\x3c\x17\x85\x0f\x97\x0c\xb3\xac\x33\x42" "\xb8\x32\xb8\xb9\x84\xe2\xeb\x48\x36\xaf\xb7\x72\x7f\x73\x10\xa3\x47\xad" "\xd2\xa1\x09\x4c\xff\xf7\xb4\x45\x16\x59\x3b\xbf\x15\xf3\xa9\xe0\xe2\xa7" "\x88\xe9\x9b\xde\xc6\x70\x6a\xe9\xa3\x9b\x4f\x89\x83\xae\x38\xd4\xcd\xf8" "\x66\xd9\x67\x0d\xe9\x10\x36\xea\x86\x64\x6f\x19\x5e\xc4\xb4\xce\x46\x2e" "\xa6\x24\xb8\x87\x58\x25\x26\x2a\x30\x1f\x92\x35\x49\x6b\x93\x55\x06\x10" "\x92\x87\xbb\xcf\x47\x54\xe3\xfa\x63\x74\x28\xa2\xe3\x9a\x80\xcd\x07\xff" "\xaf\xd7\x56\x83\x9a\xbd\xdc\x72\x14\x21\x75\x4f\xca\xe7\x05\xab\x43\x2f" "\xcd\xd6\xf3\xc0\x04\xdf\xad\x9e\x6b\xfa\x87\x74\x6d\xd4\x16\x49\xdc\xd2" "\xbf\x17\x28\xa3\xd6\xd2\xdd\xf2\x7a\x52\x95\x74\x22\xa2\x7f\x9e\x47\x85" "\x30\x87\x3d\x9f\x18\x61\xb7\x1f\x23\x78\x54\x06\x48\xb1\x71\xbc\xbd\x44" "\x53\x37\x23\xae\x1a\x89\xe5\x6e\x2f\x57\x0c\x05\x71\xeb\x3c\x66\xfa\xc6" "\x5e\x3a\xba\xd0\x03\xa8\x28\xf2\xd2\x1c\xc9\x90\xe5\x7b\x80\xdd\x37\x62" "\xfe\x12\x04\xeb\x32\x05\x91\xd6\xa9\x3f\x90\x52\xb8\x04\x94\xb2\xf5\x2a" "\xd8\x9d\x63\x74\xcf\x33\x04\x0e\x24\x84\xc3\x38\x49\x46\x45\x0b\xb6\x58" "\x35\xd6\x5b\xeb\xb4\xa9\x1c\x0f\x82\xe5\x98\xe5\xaa\x7f\xf9\xba\x79\xf2" "\x7b\xbd\x46\x24\x02\x87\x72\x1d\x27\x59\xfa\x24\xce\xc9\x76\x58\xd8\xf1" "\x7b\x3f\x42\x42\x93\xf7\x25\x3b\x74\xda\xe4\xb9\x66\xc8\x08\x9c\x54\x69" "\x36\x95\x3d\x8c\xe6\x34\x63\xc2\x6f\x1e\x29\x6f\x56\xe1\x7e\x7f\x89\x0b" "\x60\x01\xed\x5d\x9f\x73\x90\x36\x84\x2e\x98\x9b\x40\xc0\x2d\x3f\xe5\x22" "\x7b\x1f\xb0\x8a\x98\xf1\xb1\xf0\xc3\x36\x34\x66\x98\xe7\x01\x71\xe7\x4e" "\x40\xc5\x30\x4a\x35\x6b\x29\xc9\x47\x67\x2f\x8a\x05\x35\xb7\xce\x3a\x66" "\xb2\x76\xd0\x9c\xa3\xd9\xff\xf0\x30\xe4\x15\x98\x64\x9a\x31\x08\x75\xf5" "\xb5\x80\x1c\x47\x11\x82\xc1\xf6\x17\xc9\x07\xf0\x6b\x5f\x36\xa1\xf9\x29" "\x4b\x0f\x4a\x95\xd0\xfc\x98\x68\x2b\x1e\x38\xf2\xf9\x4f\xb0\x8f\x20\xc5" "\xe5\xc7\xaf\xaa\x9f\xbb\xd8\x47\x34\xa9\x8d\xd9\xb3\x31\x88\xf6\xb7\x93" "\x34\xb0\x9c\xa8\xe2\xde\x56\x45\x72\x42\xf9\x04\xb1\x14\xa2\xc3\x13\xb1" "\x93\xfe\x42\x1d\x7f\xa9\x7d\xa5\xab\x77\xf3\x63\xe8\x3b\x46\x98\xbf\x90" "\x30\x22\xd1\x38\x26\xde\xd7\x9a\x90\x5f\x07\xf9\x7d\xc0\xfc\x4c\xc2\x90" "\xb9\x69\xee\x37\x07\x5a\x4a\x80\xa0\xd8\x6d\x06\x96\xee\xea\x20\x48\xeb" "\xd1\xa9\x7f\x83\x19\xb3\x34\x2e\x51\x5a\xe5\xc9\xe2\x5e\xe9\x33\xd9\x26" "\xae\x0f\x31\xaf\x55\xae\xb0\x7d\xa6\x50\x87\x56\xac\x95\x49\xba\x8b\xbc" "\x00\x95\xa1\x7c\xb6\x47\xdf\x12\xf9\x26\xe5\x95\xa5\x31\xd7\x20\x8e\xf7" "\x5c\xfd\x62\x39\xf6\x5a\x05\x84\x12\x1c\x75\xe0\x0f\x7c\x77\x99\x0b\x90" "\xe6\x35\x0b\x1a\x84\xeb\xa4\x43\x09\x79\xbb\x72\x6a\xb0\x20\x50\x57\x3a" "\xf2\x91\x56\xbe\xd8\xe2\x43\x52\x75\x93\xdc\x0c\x6d\xe4\x1d\x0b\x67\x75" "\x81\x8a\x96\xee\x97\xd1\x53\x82\x6a\x21\x7e\x8d\x7e\x88\xc6\xc4\x4b\xaa" "\x78\x1a\x49\x5a\xfe\xba\x38\x82\xa0\x6f\x5b\x1a\x87\xb1\xe8\xee\x1e\xdf" "\x40\x4a\xc3\xad\xe6\xf5\xaf\x1f\x6c\xd2\x2c\x01\x50\x6b\x5f\x84\xbe\xfb" "\x55\xc8\x6f\x79\xb5\x6e\x4d\x57\x54\xbe\x8f\x56\x4f\x57\x85\x2f\x99\x1c" "\x22\x75\xcb\xf5\x59\x37\x66\x6e\x02\x2c\x2b\x2f\x0d\x02\x01\x56\x15\x23" "\x77\x85\x9b\x34\x5f\x74\xfe\x66\x79\x14\x21\xe5\x57\x1a\x79\x00\xdf\x89" "\xc9\xbe\xf5\xc3\xcb\x19\x11\x3f\xae\x5d\x52\x4a\xe2\xed\xea\x5c\xa9\x1b" "\xaf\x09\x6c\x02\xe1\xe8\x60\xc9\xb5\xa9\x78\x82\xda\x59\x8e\xf1\xe3\x9f" "\xcb\x61\xd8\x3f\x99\x76\x75\xa7\x72\xac\x37\xc0\xfb\xe6\x5a\x9d\x37\x9b" "\x92\x04\xa9\x15\xfd\xb6\xa7\xc7\xcd\xbd\x14\xc0\x89\x3c\xd5\xe8\xcf\xd5" "\x6f\x40\x21\x75\x6d\x6c\x6a\x25\xb2\x58\xa6\x99\x22\xa4\x1f\x3c\x7b\xc4" "\x3b\x69\xf4\x62\x93\xb3\x81\xa2\x7a\xe5\xa3\xcf\xcf\x25\x26\xf8\xea\xdc" "\xb5\x40\xec\x87\xd6\x00\x9d\x6a\x29\x39\x88\x21\x40\xf9\xa4\x47\xc5\xbe" "\x43\x28\xa0\x68\x1a\xa3\x00\x2f\x6a\x9d\xfd\x83\x6b\x36\x2f\xb1\xd4\x23" "\xd7\xc9\x57\x1a\xeb\x50\xe2\xa6\xac\xb9\xab\x4e\x85\x57\x4b\xaf\x27\xb1" "\x02\x8d\xb0\xf6\x64\x7a\xa7\xfe\x99\x5c\x1f\xbf\x8a\xb4\x22\xbb\x15\xac" "\xf9\xae\x6d\xe7\x39\x72\xc9\x54\x9c\xb6\x01\x29\x7b\xbb\x1c\x74\x0e\x87" "\x61\xaf\x16\xc4\x78\x5c\x48\x27\xb5\xdc\x5e\x52\xf4\xa8\x20\x00\xf6\xf8" "\x76\x70\xec\x19\xfe\xa4\xe0\x4e\x56\x4f\xc8\x3c\x0c\xcf\x1b\x7f\xa2\xbb" "\x9a\xc3\xe5\x6a\xdd\xfa\x7f\x5f\x6d\x1d\x3d\x3c\x92\xde\xa5\xde\x9f\xa4" "\x2f\x14\x14\xa7\x69\xb0\xcd\xc4\x0e\x30\x6f\xee\x0a\xd6\x65\x73\x62\x8b" "\x83\xa0\x7f\xe0\x87\xfc\xb3\x37\x78\x48\xe1\xa7\x86\x9e\x59\x2c\x83\xbb" "\x59\x42\x84\xda\x28\xa4\xf5\xdb\x38\x10\x59\xd5\x6e\x5d\x49\x89\x04\x2d" "\xad\xbb\xe6\x00\x0b\x66\x18\x4c\xa8\xfe\x9d\x29\x3f\x6c\x70\x98\x8f\x3d" "\x7b\x8e\xe0\x05\x46\xa2\x1a\xae\xca\x49\x8a\xe0\x6f\xa7\xbe\xcc\x5a\x55" "\x91\x4c\x7a\x1a\xb7\x14\xd9\x55\xa8\xb0\xbd\x72\xe8\xd6\xbb\xf4\xdd\x45" "\x1b\x52\x5f\xcb\xc9\xfb\x5c\x10\x74\x7d\xee\x3c\x75\x5d\x39\xbe\x5c\x2d" "\x52\x34\x5c\x56\x18\x5a\x8d\x6c\xee\x87\x8b\x72\x25\x5a\xca\xbf\x7d\xbe" "\xfa\xfa\xed\x94\x83\x85\x32\xfd\x01\xea\x62\x44\xc4\xac\x92\x9d\xe6\x84" "\x60\x84\xa0\x7d\x19\xde\x70\x98\xe6\x2b\x61\x37\x75\xab\xe3\x26\xd4\x02" "\xf7\x07\xc4\xfb\xb3\x96\x8b\x0a\xac\x7f\x1f\x27\x53\x7c\xbd\xec\xee\x19" "\x15\x1b\x31\x0b\xcb\xe2\xc8\x48\xef\x41\xee\xa7\x47\xe8\x5f\x87\xd5\xa1" "\x60\xb2\xcb\x6b\x28\xd1\x37\xe3\x0c\x69\x77\x0c\x16\x51\xe4\x4a\x66\xf8" "\xe3\x39\x4b\xec\x03\xc8\x25\x6b\x89\xfd\x59\xbe\xc4\x49\xc6\xa2\xbd\xb3" "\x51\xf5\x3d\x05\xe4\x63\xf7\x5b\x83\x46\x24\xb8\xc7\xb5\x57\xdc\x38\xa3" "\x98\xd7\x26\xd0\x84\x6f\xc2\xf0\x62\xb5\xb3\x2d\x10\xaf\x38\xce\x84\x4c" "\x68\x11\xaa\xef\x73\xac\xe1\xd8\x68\x13\xbc\x37\x43\x36\x70\xf6\x18\x0f" "\x9b\xd1\x12\xae\x00\x13\x30\x77\xfc\x7a\x0b\xd1\x2d\x7b\x4b\x3a\x53\xa3" "\xc1\x6a\x9c\xb0\xe8\x11\x2f\x18\x69\x1a\xa3\xbd\x22\x15\xaf\xda\xa1\xd0" "\x0c\x8e\xa4\xf4\xa3\x02\xea\x9e\xbc\x94\xaf\xaa\xd2\x54\x9f\x64\x6a\x8a" "\xe6\x6b\x95\x3f\xa9\xcd\x64\x9a\x02\xc4\xb1\x52\xcc\x6c\x7b\x55\xd9\x9d" "\xdc\x3d\x0f\xd1\xfc\xd8\x4d\xa3\x55\xeb\x02\x58\x1d\xba\x9e\x4d\x9d\xd2" "\x35\xd2\xd4\xc4\xe0\x94\x16\x14\x40\xe7\x09\x26\x22\x1d\x76\xce\x70\xc8" "\x76\x24\x85\xc8\xb8\x01\x55\x0c\xc2\x08\xe5\xd1\xbf\xd1\x84\xe6\x22\xff" "\x09\x50\xa9\x12\xdd\x47\x16\x3c\x83\x8f\xd5\x62\xf0\x9c\xa1\x69\x0e\x76" "\xda\x55\xa4\x71\xec\x67\xcb\x83\xbb\xb1\x03\x97\x5b\xd4\x68\x3f\x03\x93" "\xec\x8b\x84\x3f\x55\xba\x2c\x0b\xdc\x6c\x90\xb5\x00\x31\xcf\xe7\x51\x79" "\x2b\xd5\xd0\xcb\x50\xc8\xee\x93\x08\x67\x94\xe1\x8c\x4e\xd6\x6d\x6b\xd0" "\x9b\x49\x9f\x8f\xf2\xf6\x3a\x89\x20\x70\x1a\xb0\xaf\x5b\x4b\x75\x40\x2b" "\x1d\x65\xb1\xeb\x51\x5d\xc4\x6e\x18\x1a\x16\x99\xf2\x1e\x67\x34\x9c\x90" "\x4f\x02\xf8\x35\x8e\x28\xfa\xff\x2a\xde\x65\x70\x3d\x14\xdc\x27\x74\xb0" "\x2a\xcc\x73\x1e\xee\x09\x41\x67\x55\x02\xd9\x5e\x0c\x32\xa7\x30\x4f\x6e" "\x9a\xf8\x5e\xf2\x20\xda\xea\x0d\xe2\x4c\xf7\x9e\x35\xa5\x94\x12\xe6\x28" "\x35\xd3\x03\x2f\x88\xd9\xed\x7b\xef\xd4\xf7\x08\xbf\xd2\xd2\x36\xbd\x18" "\x8b\x6f\x95\x1b\xbe\x13\xe3\xad\xd8\x4f\x11\x1e\x20\x32\x4a\x52\x34\x26" "\x61\x1e\xc1\x5f\xb3\x76\xe7\x30\x6c\xbe\xc6\x86\x7f\x0b\x94\x50\x47\xa4" "\xfa\xcf\x78\x15\x4e\x68\xa6\x6a\x36\x97\x2d\x5a\x18\xaf\x14\x03\xba\xa9" "\xb4\xb5\x1f\xdd\xd0\x72\xee\x1f\x00\x87\xad\xd0\x24\x85\xb4\x03\x23\xbd" "\x70\x8b\x76\x40\x6e\x10\xa9\x27\xa9\x13\xd9\x1c\x5d\x77\x1d\x3a\xeb\x3c" "\xfa\xfb\x54\xb1\x01\x67\x85\xc6\x1e\xd1\x30\x60\xd5\xf1\xb5\x50\x67\x6a" "\x65\x6b\x87\x4f\xd3\x92\xae\x61\xc5\x04\x42\x18\xdf\x55\xcb\xb7\x2b\x81" "\x99\x90\xff\xdb\x13\x0f\xb1\x7a\x14\xf7\xcb\x5a\x2a\x8a\xaf\xed\xc6\x52" "\x6d\x83\x76\x2d\xbf\x32\x0f\x15\x75\x80\x30\xee\xec\xf5\x65\x2d\xcc\xf0" "\x4c\xdc\x68\x82\x74\x00\xc7\x68\xa2\x1d\xaf\xf4\x72\x12\xb8\x73\x57\xff" "\x0b\xcb\x36\xca\xe4\xd1\x13\xa5\xd9\x81\x5b\x07\x33\x2c\xb4\x23\x29\x32" "\x16\x64\xd9\x3e\x43\xe6\xdc\xd6\x11\x59\x87\x00\x7f\xc6\x23\x08\x80\x04" "\xf8\xac\x94\x37\x36\xeb\x2a\x04\x5a\x25\xb1\xbb\xfb\xbc\x97\x57\x1e\xab" "\xf8\x75\xd9\x24\xf6\xb7\xb0\xe5\x24\xb1\xaf\xa0\xff\x49\x94\x73\xaa\x79" "\x76\xde\x83\xb9\x19\x28\xe8\x4f\x8e\x44\x57\x28\x77\x8f\xe0\xe5\xa3\x56" "\xa5\x7f\x09\xed\x25\x48\x48\xce\xc3\x1b\x7c\x5c\x9c\x7a\x2f\xca\x21\xbe" "\xfe\x15\xff\xc9\x31\x7e\x96\xf7\xad\x58\x26\x84\xce\x62\x57\x91\xb9\x95" "\x63\x78\x1b\xf6\x49\x83\xe7\x7b\xe4\xf1\xa5\x89\x3b\xee\xc4\xb5\x60\xfc" "\x15\xe9\xc2\x1d\xd0\xc2\x9b\xf2\x87\x9d\xfa\xa2\x57\xba\x5e\xc9\x79\x57" "\x05\x0d\x5b\x2c\x1f\x25\xeb\x40\x64\x48\x8c\x13\x9d\xbf\x88\xf3\xb7\xc7" "\x08\x50\xd6\xfd\xbf\x06\x03\xcd\xd4\x01\x1b\xf7\x6e\x0d\x9e\xe5\xc2\xb1" "\x28\xb5\x0d\xba\x56\x89\xa8\xf0\x4d\x4c\xaf\x62\xd7\x77\xea\xb3\x1a\xab" "\x4b\x41\x95\xda\x78\x09\x01\x35\x2d\x28\x48\x85\xbf\x41\x7e\xb0\x53\x67" "\xee\x1b\x5f\x2f\x8c\x5c\xfe\x7f\x03\x94\xfb\x97\x7f\x3a\x3f\x96\x08\x43" "\x75\xe2\x2c\xcf\x6c\x3e\xe4\x65\x9d\x68\xd2\xb1\x94\x8a\x4a\x17\x83\xa4" "\xdb\x22\x82\xc6\x7d\x39\x61\x3f\xa6\x7b\xe4\xdd\x14\x47\x93\xb7\x6c\x09" "\xdd\x56\x3e\xf3\xd1\x69\xf3\x43\x18\xac\xbd\x62\xd3\xb2\xd6\x4f\x91\x73" "\xd1\x6e\x98\x01\x13\x29\x18\xc3\x39\x01\x72\xc6\xf6\x4d\x04\x9b\x4c\x89" "\x4d\x59\x34\x19\xe5\xf4\xd5\xa5\x13\xfc\x5a\x64\xdd\xcd\x05\xb0\x34\xe6" "\xd1\x6f\xe8\x8f\xf8\x9a\x52\x0c\x46\x4f\x84\x2a\xd5\xa6\x2a\x6f\xc4\x6f" "\x0e\x9d\x56\xd0\x5d\x6f\x5e\x62\x5d\x25\xf5\x37\xcc\xa6\x29\x10\x98\x1d" "\xd4\x63\x25\x53\x18\xd8\x27\x3d\xb1\x3d\x27\xfd\xc6\xc1\x7c\x2c\x54\x77" "\x6b\xa3\xa2\x46\xc4\x13\x95\x7f\x29\x7b\x8e\xcb\x1a\xdb\x5c\x3f\x1d\x4d" "\x8e\x4d\x77\x05\xbd\xb9\x26\x8f\x95\x6d\x28\x45\xb6\x85\x11\xed\xd5\x1c" "\xdc\x5d\x05\xde\x5d\x6d\x4b\x3f\x57\x35\x92\x98\x6f\xed\x32\x5f\x1f\x3c" "\x6a\x9e\xf7\x74\x0f\x9d\x84\x3e\x11\x98\x1d\x1c\xa5\x15\xc7\xe7\x22\xec" "\x4d\x69\x1c\x5e\x4d\x3a\x14\x6e\x39\xbc\xf4\x07\xf6\x64\x18\xf7\x54\xbb" "\x25\x08\xcb\x4c\xc8\x43\xaa\x9d\x8e\xb6\x38\x50\xe5\xb9\x10\x36\x82\xec" "\xc1\xfc\x8f\x97\x2f\x39\x4b\xe9\xd3\x1c\xb9\xef\xd0\xf6\x93\xd4\xec\x41" "\xfe\x8d\x09\x93\xb4\x5d\x2f\x42\x2f\x9a\xb6\x04\xd3\x37\x1c\x1b\xda\x1d" "\xaa\x32\x06\xa0\x27\xc4\xde\x5c\x8f\x2c\xf6\xd1\xfc\x7e\x6d\x14\x23\xa6" "\xc7\x1e\x84\xf2\x4e\x0a\x4d\xfb\xf4\xa3\x31\xde\xff\x2a\xe6\x49\xdf\x96" "\x81\xa0\x88\x46\xef\xc9\xf0\x00\x1e\x7e\xf1\x06\xf1\xbf\xa2\x5e\xe2\x79" "\x9b\x13\xf1\xf0\x76\xe3\x0e\x58\x07\x8d\x18\x6a\xfb\x65\x30\x14\x97\xe9" "\x82\x47\x8b\xab\xf1\x43\x97\x2c\xc7\x07\x2f\x70\x82\x9b\x8f\xae\xe4\x6e" "\x56\xa1\x45\x1f\xf7\xdd\xd0\xdd\x35\x81\x6b\xfa\x29\xee\xe3\x61\xde\x60" "\xfb\xc3\x22\x2e\x89\xd7\x0f\x14\x95\xbe\x94\xd0\xe8\x20\x72\xa0\xe5\x72" "\xe3\x05\x5c\x90\x55\x52\xe6\xc4\x5d\x2a\xf3\xd4\xf5\x05\xa9\x9d\x94\x76" "\x67\x05\x9c\x1c\x92\xce\x2d\x35\x49\x07\x75\x39\xc4\xce\xc4\xc0\x73\x37" "\x36\x1e\xeb\x9f\x78\x81\x3b\xf9\xe7\x7b\x0a\x79\xf3\x91\xae\x6e\xb6\x63" "\xde\xb5\x33\x17\xf6\x1e\xf8\xdd\xff\xdb\xd0\xca\x2d\x80\x95\xc1\x0c\x10" "\x6b\x09\x68\x32\x5b\xc1\xe8\x88\x29\xd9\x23\x99\xb8\x09\xf1\xb8\x81\xe9" "\xb9\xf0\xae\xad\xa5\xc5\xee\x20\xfd\x08\x66\x07\x0e\x3d\x5d\x41\xe6\x2f" "\x5b\x6d\x2d\x25\x44\x1b\xab\xcd\xf9\xd3\xdc\x8a\xe3\xc1\x40\xa6\xf3\x52" "\xda\xf0\x0e\xd3\x8e\x24\x8b\x23\x6a\xcd\x27\xf2\x4b\xde\xba\xe0\xf2\x72" "\xa5\x82\x0e\xf7\x7f\xb6\x03\xfe\x3c\xc9\x10\xa9\xd8\x42\x12\x92\x59\xe6" "\x1d\x25\xdc\xf5\x46\xcd\x77\x0e\x4c\xcc\xab\x47\x0b\x20\xfa\x5f\x59\x72" "\xa6\xdd\x15\x85\x34\x83\xde\x6e\x03\x2f\x97\x26\xc1\x66\xe8\x1e\x8e\x0f" "\x9d\xb4\xdf\x39\x7c\xc4\xa1\x0b\x6e\x58\x70\x8a\x31\xf4\x8d\x7d\x2b\xae" "\x4e\xf9\x28\x28\xc3\x70\x88\x06\x8b\x2a\xe4\x33\x11\x0d\xc7\xc0\x8e\x60" "\x17\xd8\xb2\x6e\x4e\x03\x82\xca\x8f\xa6\x2d\xc6\xf5\x3c\x4c\xc2\xf0\xf7" "\x8a\xf7\x23\x35\xc4\x94\xf5\x7f\x24\x14\xaf\xe2\x47\xe2\x29\x1c\x39\x58" "\x95\xbb\x18\xf7\x01\xb6\xf4\x33\x1f\xeb\x75\x91\x10\xc5\x43\xdd\x94\xa2" "\x38\xe7\x82\xad\x55\x20\x47\x67\x75\x58\xa5\x0e\x76\x83\xd7\x1a\x9e\x22" "\x2f\xd1\x9a\x93\x43\xe1\xd6\x45\x28\x64\x0a\x80\x99\xde\xdd\x19\xe4\xc7" "\x47\xdd\xa1\x8f\xf2\x5b\x15\xbd\xdf\x75\x0a\x54\x53\x3b\x6e\xcf\xc7\x5a" "\xd4\xa2\x90\x94\x85\xf7\xfd\x75\x9d\x45\xc7\x47\x27\xb2\xe7\x30\x0e\xae" "\x71\xa8\x78\x4f\x5d\xd7\xf2\x5b\x4b\x00\x0e\xd3\x25\x42\x64\x13\x1c\xbb" "\xae\x31\x6f\xb3\xa3\xbf\xbe\xb3\x09\xdd\x2d\x18\x10\x46\x29\xdb\x35\x4f" "\x44\x77\x91\xeb\x88\x2b\xf0\x33\x3a\x52\x0b\x8d\xba\x74\x5b\x67\x3d\x07" "\x1b\x07\xe1\xde\x3e\x02\xfe\x75\x1a\x1c\xf5\x90\x84\x35\xb1\xa3\x8e\xdb" "\xd6\x04\x83\xab\xdb\x15\x45\x2c\x86\x88\x44\xce\xb9\x6c\x44\x9a\xb7\x29" "\x99\xa5\x5c\x79\xf9\xce\x74\x05\x79\x71\x42\xef\x70\x95\xb4\xca\xf9\x9d" "\x7b\xbe\x51\xcd\x4e\x96\x3e\x4f\xfb\xbd\x26\x48\x76\x1a\xbd\x38\x94\xb5" "\x42\x0a\x0a\xdd\x26\x1f\xf9\xc0\xef\xf6\x1a\xaf\xd1\xac\x51\x95\xff\x15" "\xca\xdb\x5b\x0c\x7c\xe3\x4d\x4d\x2d\x68\x14\x6f\x3d\xae\x67\x7e\x83\x3b" "\x8b\xe0\xf8\xa8\x76\x15\x3b\xb6\x53\x98\xde\xf3\x8e\x4b\xf5\x39\xd3\xa0" "\x00\x47\xb1\x9c\x48\x30\x62\xfc\x1c\x25\x47\xb7\xd4\xf7\xd9\x9b\x70\x35" "\x21\x2c\xcf\xff\xee\xb2\x1e\xd7\xbb\xd6\x16\x5a\xc7\xfb\xaf\xbc\xa3\xce" "\xf8\x6f\xff\x65\x53\x05\x70\x6d\xd0\xba\xa6\x07\xc5\x05\x43\xbb\x0d\x66" "\xf0\xf4\xdb\xdd\x9c\x36\x5f\xdb\x7b\x87\x5d\xc5\xe7\xee\x59\xaf\xcc\xc3" "\x21\xad\x1e\x31\xcc\x84\x68\x7a\xfd\xa7\x12\x31\xbb\x2e\x4d\xc3\xce\x79" "\xff\x3c\xe4\xbb\xaf\xed\x88\x21\xa5\xb7\x1b\xbf\x38\x44\xf1\x10\xe2\xdd" "\x95\x57\xb5\x96\xac\x79\x2d\x97\x50\x6d\x22\xc0\x41\x0b\xce\x43\x5e\x20" "\xfa\x2e\x2d\x43\x53\x61\xb5\xb6\xac\x85\xf4\x47\x63\x76\x97\x23\xa7\xb6" "\x29\x25\x8f\x45\xe1\x05\x78\xf7\x0b\xef\x2e\x9c\x05\xaf\x80\x32\xe3\x57" "\x69\x7d\xfc\xd3\x0d\xe9\xb3\xe9\x53\xa3\x6d\x6c\xb7\xa0\x3c\xe6\x92\x88" "\xb6\x63\xf6\x92\x79\x39\x04\xdd\x8f\xb4\xab\x6d\xc3\x1d\xdf\x7f\x69\x42" "\xef\x84\xc1\xe6\x8c\x78\xbf\x99\x74\xf8\x30\xee\x2f\xcc\xca\x84\x11\x3c" "\xee\x98\xb4\x7e\xd4\x1a\x87\xfe\x61\x0c\x53\x48\xdc\x38\xd4\xad\xa1\x98" "\x62\x77\x23\x17\xa7\x07\x54\x87\x03\x47\xad\x87\xdb\xbb\x4c\x52\x34\x9b" "\x02\x61\xaa\x8e\x10\x8f\xcf\x38\x7b\x24\xd4\xe2\xa7\x7b\xa7\x6e\x84\x72" "\xfd\x74\xab\x6f\xa0\x21\x27\x7a\x24\xef\x7a\x48\xd3\x95\xb0\xfd\x1f\x9c" "\x0c\xf8\x3b\xac\x56\xb4\x33\xff\xbf\xe5\x98\x4a\x36\x2e\x33\x79\x69\xfe" "\xbf\x25\x99\x88\x16\x2c\x2b\x48\x42\xbd\x2f\xc0\xb2\x30\xfe\xe9\x3a\x08" "\x50\x03\xe6\x15\x08\x8a\xbf\xe4\x18\x89\xf7\xb5\xe0\xf3\x80\xff\xe5\x5b" "\x66\xc1\xf7\x41\x99\x93\xc3\xdd\x4a\xac\x58\x91\x49\x4a\x18\x3d\xdc\xa2" "\xe4\x15\xe1\x74\x94\x89\xc9\x25\x71\x5f\x3c\x44\xd9\x4b\x90\xd2\xd7\x35" "\xf2\xb9\x23\xbd\xbb\xbf\x16\x46\x58\x0a\xb1\x35\x35\x6a\x9e\xe2\x9b\xc1" "\x9e\x73\xde\xd9\xa3\x37\x98\xa6\x9d\x24\x85\x74\xe0\xc9\xe9\xf4\x0a\x1c" "\x1b\xa5\x2b\xc6\x6a\x57\x8d\x08\xb7\x5f\x27\x1a\x9e\x9f\x44\x7e\xfe\xde" "\x09\xd6\xb3\xb5\x7e\x0a\xa6\x32\x2c\x18\xfd\x6f\x5e\x1c\x9d\x27\x53\xe0" "\xa6\x51\x3c\xc0\x41\x24\xab\x89\x80\x2e\xb9\xc5\x04\xf0\xe5\x55\x08\x68" "\xab\x59\x76\x29\xd7\xcc\x74\x47\xed\x1b\x01\xb2\xff\x4c\xf5\x11\xaa\x09" "\x87\x10\xb2\x08\xb5\xaa\x0f\x59\x50\x39\xa2\xf0\xe7\x29\x4c\x5f\xe3\xb0" "\xc3\xe6\xc4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x02\x58\x8b\xeb\x10\x11\x5f\x4b\x22\xf4\xac\x99\x7c\x86\xc4\x92\x01" "\xee\x9d\xce\xb2\x14\x2a\xe6\x15\x55\xbb\xbc\x4e\xf8\xcd\xd4\x68\xa8\xff" "\xbe\x6c\xbf\xc8\x87\x7d\xd8\x72\x92\xc7\x0e\x10\x66\x9b\xc9\x9d\x8d\x57" "\x10\xf7\x71\x9c\xc2\xcf\xfc\x86\xcd\x52\x9b\x6d\xa2\x51\x1d\x07\xae\xf4" "\xa1\xd9\x53\x3a\xb5\x8a\x76\xf8\x0a\xd7\xfe\x91\xa1\x73\x97\xd3\xc8\x34" "\x81", 4195)); NONFAILING(memcpy( (void*)0x200000004bbd, "\xfe\x2e\xcf\x20\xa9\xa1\x7b\xd2\xed\x7e\x80\x3f\x83\x03\x75\xc1\x50\xa1" "\xf8\x48\xf6\x04\xc2\xc1\xf9\x32\xd2\xb7\x16\x3b\xe4\xb2\xb9\xa5\xbd\x52" "\x1d\x18\x5c\xfb\xee\x55\x5b\x27\x60\x85\x94\xbe\xba\x63\x25\x92\x3a\xaf" "\x5d\xb7\x4c\xff\x01\x00\x00\x53\xdb\x92\xc6\xc5\xfc\xbb\xa0\xab\xd9\x75" "\xfc\x76\xbe\xa4\x9b\x00\x51\x3a\xfc\x85\x6e\xd8\x9d\x3f\xad\xed\xa3\x07" "\xca\x58\x73\x54\x32\x28\x03\xb0\x98\x3c\xc6\x57\x25\xae\x7f\x45\xfb\x95" "\xe7\xcd\xb2\x8c\x6b\x88\x69\x59\xb7\xdd\xe2\xc8\x7c\x73\xf6\x00\x8c\xf6" "\xee\xd7\x86\x1f\x24\xb7\x42\x37\x04\xb9\x5f\x3d\x05\xb9\x2d\x3d\x7f\xf9" "\xd3\x92\x83\x3e\xcd\x02\x44\x33\x20\xb6\x01\x31\xa3\x50\x36\x0f\xcc\x1d" "\x65\x9e\x2a\x03\xcb\x46\x9c\xaf\x04\x98\xba\xca\xe0\x73\x5a\x16\x13\x45" "\xb3\xd7\x1a\x55\xf1\x4e\xf6\x36\xb6\xf8\x32\xc7\xa6\x07\x1f\xce\x83\x90" "\x4d\xfd\x87\x1b\x6d\x8e\x03\x64\x8d\xba\xa3\xa0\x39\xeb\x56\x73\x79\x2c" "\xae\x80\x33\x57\x32\x03\x0f\x9a\xea\xba\xf3\xbb\x3c\xc4\xca\x5f\xe7\x52" "\x71\xd6\x9b\x2e\x78\xbe\xb2\xb8\x1f\xc3\xcf\x3a\x18\xa7\xae\x93\xa3\xcd" "\xbe\x65\x99\xb9\x94\x08\x27\x5e\x2b\x4b\x44\x77\xc6\xfc\xf4\x80\x61\x34" "\xe8\x39\xe1\x35\x33\xec\x00\x00\x00\x00\x00\x00\x00\x6a\x1c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x69\xc3\x28\x83\x11\xb7\x41\x47\x05\xe9\x75\xeb\x3f" "\x1b\x77\xa1\x20", 328)); NONFAILING(*(uint64_t*)0x200000004d05 = -1); NONFAILING(memcpy( (void*)0x2000000004c0, "\x78\x9c\xec\xdc\x4d\x4f\x13\x5d\x14\xc0\xf1\xd3\x17\x4a\x5b\x02\x65\xf1" "\xe4\x31\x9a\x18\x6e\x74\xa3\x9b\x09\x54\xd7\x4a\x63\x20\x31\x36\x91\x20" "\x35\xbe\x24\x26\x03\x4c\xb5\xe9\xd8\x92\x99\x06\x53\x63\x44\x57\x6e\x8d" "\x1f\xc2\x05\x61\xc9\x8e\x44\xf9\x02\x6c\xdc\xe9\xc6\x8d\x3b\x36\x26\x2e" "\x64\x61\x1c\xd3\xe9\x0c\x85\x32\x80\x94\xd2\x22\xfc\x7f\x09\x99\xc3\xdc" "\x7b\xa6\xf7\xce\x0c\xe4\xdc\x09\xc3\xfa\xbd\xb7\x4f\x8b\x79\x5b\xcb\xeb" "\x15\x09\xc7\x95\x84\x44\x44\x36\x44\x06\x25\x2c\xbe\x90\xb7\x0d\xbb\x71" "\x4c\xb6\x7a\x25\x97\xfb\x7e\x7c\x3e\x7f\xe7\xfe\x83\x5b\x99\x6c\x76\x6c" "\x52\xa9\xf1\xcc\xd4\x95\xb4\x52\x6a\x60\xe8\xc3\xb3\x17\x09\xaf\xdb\x4a" "\xaf\xac\x0d\x3e\x5a\xff\x9e\xfe\xb6\xf6\xff\xda\xd9\xf5\xdf\x53\x4f\x0a" "\xb6\x2a\xd8\xaa\x54\xae\x28\x5d\x4d\x97\xbf\x56\xf4\x69\xd3\x50\xb3\x05" "\xbb\xa8\x29\x35\x61\x1a\xba\x6d\xa8\x42\xc9\x36\xac\x7a\x7b\xb9\xde\x9e" "\x37\xcb\x73\x73\x55\xa5\x97\x66\xfb\x93\x73\x96\x61\xdb\x4a\x2f\x55\x55" "\xd1\xa8\xaa\x4a\x59\x55\xac\xaa\x8a\x3c\xd6\x0b\x25\xa5\x69\x9a\xea\x4f" "\x0a\xf6\x93\x5b\x9c\x9c\xd4\x33\x2d\x26\xcf\xb4\x79\x30\x38\x22\x96\x95" "\xd1\x23\x22\x92\xd8\xd1\x92\x5b\xec\xca\x80\x00\x00\x40\x57\x35\xd7\xff" "\x61\x51\xed\xac\xff\x97\x2e\xac\x56\xfa\xee\x2e\x0f\x78\xf5\xff\x4a\x2c" "\xa8\xfe\xbf\xfa\xa5\x7e\xac\x6d\xf5\x7f\x5c\x44\x02\xeb\x7f\xff\xf3\x03" "\xeb\x7f\xfd\x60\xf5\xff\xce\x8a\xe8\x74\x39\x54\xfd\x8f\xe3\x61\x28\xb6" "\x63\x57\xa8\x11\xd6\x1a\xad\x8c\x9e\xf4\x7e\x7e\x5d\xaf\x1f\x2e\x0d\xbb" "\x01\xf5\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xff\x82\x0d\xc7\x49\x39\x8e\x93\xf2\xb7\xfe\x57\xaf\x88\xc4\x45" "\xc4\xff\x3e\x20\x35\x22\x22\xd7\xbb\x30\x64\xb4\xd1\x21\xae\x3f\x4e\x80" "\xc6\x8b\x7b\xd1\x01\x11\xf3\xcd\x7c\x6e\x3e\x57\xdf\x7a\x1d\x56\x45\xc4" "\x14\x43\x86\x25\x25\xbf\xdc\xfb\xc1\x53\x8b\xfd\x37\x8f\x54\xcd\xa0\x7c" "\x34\x17\xbc\xfc\x85\xf9\x5c\xc4\x6d\xc9\xe4\xa5\xe0\xe6\x8f\x48\xaa\x47" "\x9a\xf3\x1d\x67\xfc\x66\x76\x6c\x44\xd5\x6d\xcf\xef\x91\xe4\xd6\xfc\xb4" "\xa4\xe4\xbf\xe0\xfc\x74\x60\x7e\x4c\x2e\x5d\xdc\x92\xaf\x49\x4a\x3e\xcd" "\x48\x59\x4c\x99\x75\xc7\xd1\xc8\x7f\x39\xa2\xd4\x8d\xdb\xd9\xa6\xfc\x84" "\xdb\x0f\x00\x00\x00\x00\x80\x93\x40\x53\x9b\x02\xd7\xef\x9a\xb6\x5b\x7b" "\x3d\x7f\x73\x7d\xdd\xfc\x7c\x20\xd2\x58\x5f\x0f\x07\xae\xcf\xa3\x72\x2e" "\xda\xdd\xb9\x03\x00\x00\x00\x00\x70\x5a\xd8\xd5\xe7\x45\xdd\x34\x0d\x6b" "\x8f\x20\x21\xfb\xf7\x69\x3d\x88\x1e\xd1\x91\xfd\x19\xfe\x6d\x96\xff\xb7" "\x0c\x47\x37\xd3\x3d\x02\xff\xc3\xb7\x35\xc5\xbd\x9d\x6d\x3f\x2d\xa1\x03" "\x9c\x96\x5d\x82\xb0\xb4\x92\x35\x54\x9b\x8d\x3a\xec\x2c\xfc\xc7\x46\xbb" "\xf5\x91\x89\xd1\xce\x5f\x41\x37\x38\xf3\xee\xfd\xcf\xf6\x1d\xf0\xda\x72" "\x7c\x9f\x99\xb6\x1e\x44\xf6\xbe\x01\x7a\x3a\xf6\x0b\x08\x00\x00\x00\x40" "\xc7\x34\x8a\x7e\x7f\xcf\x68\x77\x07\x04\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x29\xd4\x89" "\xff\x8e\xd6\xed\x39\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\xc5\x9f" "\x00\x00\x00\xff\xff\x92\x59\x05\x4d", 747)); NONFAILING(syz_mount_image(/*fs=*/0x200000000080, /*dir=*/0x200000000480, /*flags=MS_POSIXACL|MS_SILENT*/ 0x18000, /*opts=*/0x200000003b40, /*chdir=*/8, /*size=*/0x2eb, /*img=*/0x2000000004c0)); // mount arguments: [ // src: ptr[in, blockdev_filename] { // union blockdev_filename { // loop: loop_filename { // prefix: buffer: {2f 64 65 76 2f 6c 6f 6f 70} (length 0x9) // id: proc = 0x0 (1 bytes) // z: const = 0x0 (1 bytes) // } // } // } // dst: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // type: nil // flags: mount_flags = 0x81808 (8 bytes) // data: nil // ] NONFAILING(memcpy((void*)0x200000000ac0, "/dev/loop", 9)); NONFAILING(*(uint8_t*)0x200000000ac9 = 0x30); NONFAILING(*(uint8_t*)0x200000000aca = 0); NONFAILING(memcpy((void*)0x200000000b00, "./file1\000", 8)); syscall(__NR_mount, /*src=*/0x200000000ac0ul, /*dst=*/0x200000000b00ul, /*type=*/0ul, /*flags=MS_SLAVE|MS_NOEXEC|MS_NODIRATIME|MS_BIND*/ 0x81808ul, /*data=*/0ul); // openat arguments: [ // fd: fd_dir (resource) // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: open_flags = 0x441 (4 bytes) // mode: open_mode = 0x104 (2 bytes) // ] // returns fd NONFAILING(memcpy((void*)0x200000000080, "./file1\000", 8)); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000080ul, /*flags=O_CREAT|O_APPEND|O_WRONLY*/ 0x441, /*mode=S_IROTH|S_IRUSR*/ 0x104); if (res != -1) r[0] = res; // quotactl$Q_QUOTAON arguments: [ // cmd: quota_cmd_quota_on = 0xffffffff80000201 (8 bytes) // special: ptr[in, blockdev_filename] { // union blockdev_filename { // loop: loop_filename { // prefix: buffer: {2f 64 65 76 2f 6c 6f 6f 70} (length 0x9) // id: proc = 0x0 (1 bytes) // z: const = 0x0 (1 bytes) // } // } // } // id: uid (resource) // addr: nil // ] NONFAILING(memcpy((void*)0x200000000180, "/dev/loop", 9)); NONFAILING(*(uint8_t*)0x200000000189 = 0x30); NONFAILING(*(uint8_t*)0x20000000018a = 0); syscall(__NR_quotactl, /*cmd=Q_QUOTAON_GRP*/ 0xffffffff80000201ul, /*special=*/0x200000000180ul, /*id=*/(intptr_t)-1, /*addr=*/0ul); // mprotect arguments: [ // addr: VMA[0x3000] // len: len = 0x3000 (8 bytes) // prot: mmap_prot = 0x9 (8 bytes) // ] syscall(__NR_mprotect, /*addr=*/0x200000000000ul, /*len=*/0x3000ul, /*prot=PROT_SEM|PROT_READ*/ 9ul); // openat$cgroup_ro arguments: [ // fd: fd_cgroup (resource) // file: ptr[in, buffer] { // buffer: {68 75 67 65 74 6c 62 2e 31 47 42 2e 75 73 61 67 65 5f 69 6e // 5f 62 79 74 65 73 00} (length 0x1b) // } // flags: const = 0x275a (4 bytes) // mode: const = 0x0 (2 bytes) // ] // returns fd NONFAILING( memcpy((void*)0x200000000180, "hugetlb.1GB.usage_in_bytes\000", 27)); res = syscall(__NR_openat, /*fd=*/(intptr_t)-1, /*file=*/0x200000000180ul, /*flags=*/0x275a, /*mode=*/0); if (res != -1) r[1] = res; // ioctl$BLKFLSBUF arguments: [ // fd: fd_block (resource) // cmd: const = 0x1261 (4 bytes) // arg: nil // ] syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x1261, /*arg=*/0ul); // fallocate arguments: [ // fd: fd (resource) // mode: fallocate_mode = 0x10 (8 bytes) // off: intptr = 0x4000 (8 bytes) // len: intptr = 0x4000 (8 bytes) // ] syscall(__NR_fallocate, /*fd=*/r[0], /*mode=FALLOC_FL_ZERO_RANGE*/ 0x10ul, /*off=*/0x4000ul, /*len=*/0x4000ul); return 0; }