// https://syzkaller.appspot.com/bug?id=4fc9d2ddc73973ad187070a489f58d30e82148b8 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } else if (strncmp(fs, "gfs2", 4) == 0 && (strstr(opts, "errors=panic") || strstr(opts, "debug"))) { strcat(opts, ",errors=withdraw"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, FUSE_SYNCFS = 50, FUSE_TMPFILE = 51, FUSE_STATX = 52, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; struct fuse_out_header* statx; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; case FUSE_STATX: out_hdr = req_out->statx; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 8; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 0 ? 4000 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[3] = {0xffffffffffffffff, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: // syz_mount_image$ext4 arguments: [ // fs: ptr[in, buffer] { // buffer: {65 78 74 34 00} (length 0x5) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 30 00} (length 0x8) // } // flags: mount_flags = 0x800700 (8 bytes) // opts: ptr[in, fs_options[ext4_options]] { // fs_options[ext4_options] { // elems: array[fs_opt_elem[ext4_options]] { // fs_opt_elem[ext4_options] { // elem: union ext4_options { // nodioread_nolock: buffer: {6e 6f 64 69 6f 72 65 61 64 5f 6e // 6f 6c 6f 63 6b} (length 0x10) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // journal_dev: fs_opt["journal_dev", fmt[hex, int32]] { // name: buffer: {6a 6f 75 72 6e 61 6c 5f 64 65 76} (length // 0xb) eq: const = 0x3d (1 bytes) val: int32 = 0xff (18 // bytes) // } // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // debug_want_extra_isize: fs_opt["debug_want_extra_isize", // fmt[hex, int32]] { // name: buffer: {64 65 62 75 67 5f 77 61 6e 74 5f 65 78 74 // 72 61 5f 69 73 69 7a 65} (length 0x16) eq: const = 0x3d (1 // bytes) val: int32 = 0x4c (18 bytes) // } // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // nouid32: buffer: {6e 6f 75 69 64 33 32} (length 0x7) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // resgid: fs_opt["resgid", fmt[hex, gid]] { // name: buffer: {72 65 73 67 69 64} (length 0x6) // eq: const = 0x3d (1 bytes) // val: gid (resource) // } // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // acl: buffer: {61 63 6c} (length 0x3) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // init_itable_val: fs_opt["init_itable", fmt[hex, int32]] { // name: buffer: {69 6e 69 74 5f 69 74 61 62 6c 65} (length // 0xb) eq: const = 0x3d (1 bytes) val: int32 = 0x8d55 (18 // bytes) // } // } // comma: const = 0x2c (1 bytes) // } // } // common: array[fs_opt_elem[fs_options_common]] { // } // null: const = 0x0 (1 bytes) // } // } // chdir: int8 = 0x0 (1 bytes) // size: len = 0x481 (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x481) // } // ] // returns fd_dir memcpy((void*)0x200000000180, "ext4\000", 5); memcpy((void*)0x2000000001c0, "./file0\000", 8); memcpy((void*)0x200000000680, "nodioread_nolock", 16); *(uint8_t*)0x200000000690 = 0x2c; memcpy((void*)0x200000000691, "journal_dev", 11); *(uint8_t*)0x20000000069c = 0x3d; sprintf((char*)0x20000000069d, "0x%016llx", (long long)0xff); *(uint8_t*)0x2000000006af = 0x2c; memcpy((void*)0x2000000006b0, "debug_want_extra_isize", 22); *(uint8_t*)0x2000000006c6 = 0x3d; sprintf((char*)0x2000000006c7, "0x%016llx", (long long)0x4c); *(uint8_t*)0x2000000006d9 = 0x2c; memcpy((void*)0x2000000006da, "nouid32", 7); *(uint8_t*)0x2000000006e1 = 0x2c; memcpy((void*)0x2000000006e2, "resgid", 6); *(uint8_t*)0x2000000006e8 = 0x3d; sprintf((char*)0x2000000006e9, "0x%016llx", (long long)0); *(uint8_t*)0x2000000006fb = 0x2c; memcpy((void*)0x2000000006fc, "acl", 3); *(uint8_t*)0x2000000006ff = 0x2c; memcpy((void*)0x200000000700, "init_itable", 11); *(uint8_t*)0x20000000070b = 0x3d; sprintf((char*)0x20000000070c, "0x%016llx", (long long)0x8d55); *(uint8_t*)0x20000000071e = 0x2c; *(uint8_t*)0x20000000071f = 0; memcpy( (void*)0x200000001040, "\x78\x9c\xec\xdc\xcb\x6f\x54\x55\x18\x00\xf0\xef\xde\x3e\x00\x79\xb4" "\x22\x3e\x40\xd4\x2a\x31\x69\x7c\xb4\xb4\xa0\xb2\x70\xa3\xd1\xc4\x05" "\x46\x13\x5d\xe0\xb2\xb6\x03\x69\x18\xa8\xa1\xd5\x08\x21\x32\x18\x83" "\x1b\x13\x43\xa2\x6b\xe3\xd2\xc4\xbf\xc0\x9d\x31\x31\xea\xca\xc4\xad" "\x6e\x5c\x19\x12\xa2\x6c\x40\x57\x35\xf7\xce\xbd\x30\x33\xcc\x00\x95" "\x69\xa7\x32\xbf\x5f\x32\x9d\x73\xe6\x9e\xdb\x73\xbe\xfb\x3c\xf7\x9c" "\x69\x03\xe8\x5b\x63\xd9\x8f\x24\x62\x4b\x44\xfc\x1a\x11\x23\xf5\x6c" "\x73\x81\xb1\xfa\xdb\x95\x4b\xa7\x67\xff\xbe\x74\x7a\x36\x89\xe5\xe5" "\x37\xfe\x4c\xf2\x72\x97\x2f\x9d\x9e\x2d\x8b\x96\xeb\x6d\x2e\x32\xe3" "\x69\x44\xfa\x51\x52\x54\xd2\x6c\xf1\xe4\xa9\xa3\x33\xd5\x6a\xe5\x44" "\x91\x9f\x5c\x3a\xf6\xce\xe4\xe2\xc9\x53\x4f\xbf\x77\x6c\xe6\x48\xe5" "\x48\xe5\xf8\xf4\x81\x03\xfb\xf7\x4d\x3d\xf7\xec\xf4\x33\x5d\x89\x33" "\x8b\xeb\xf2\xae\x0f\x16\x76\xef\x7c\xe5\xad\xf3\xaf\xce\x1e\x3a\xff" "\xf6\x8f\x5f\x67\xed\xdd\x52\x2c\x6f\x8c\xa3\x5b\xc6\xb2\xc0\xff\x5a" "\xce\xb5\x2e\x7b\xbc\xdb\x95\xf5\xd8\xd6\x86\x74\x32\xd8\xc3\x86\xb0" "\x22\x03\x11\x91\xed\xae\xa1\xfc\xfc\x1f\x89\x81\xb8\xb6\xf3\x46\xe2" "\xe5\x0f\x7b\xda\x38\x60\x55\x65\xf7\xa6\x0d\x9d\x17\xd7\x96\x81\x3b" "\x58\x12\xbd\x6e\x01\xd0\x1b\xe5\x8d\x3e\x7b\xfe\x2d\x5f\x6b\xd4\xf5" "\x58\x17\x2e\xbe\x50\x7f\x00\xca\xe2\xbe\x52\xbc\xea\x4b\x06\x23\x2d" "\xca\x0c\xb5\x3c\xdf\x76\xd3\x58\x44\x1c\xaa\xfd\xf3\x45\xf6\x8a\x55" "\x1a\x87\x00\x00\x68\xf4\xc9\xec\xe7\x07\xe3\xa9\x76\xfd\xbf\x34\xee" "\xcb\xdf\x7f\xcf\x7f\x6e\x2b\xe6\x50\x46\x23\xe2\xee\x88\xd8\x1e\x11" "\xf7\x44\xc4\x8e\x88\xb8\x37\x22\x2f\x7b\x7f\x44\x3c\xb0\xc2\xfa\x5b" "\xa7\x86\xae\xef\xff\xa4\x17\xfe\x73\x70\xb7\x20\xeb\xff\x3d\x5f\xcc" "\x6d\x35\xf7\xff\xca\xde\x5f\x8c\x0e\x14\xb9\xad\x79\xfc\x43\xc9\xe1" "\xf9\x6a\x65\x6f\xb1\x4d\xc6\x63\x68\x43\x96\x9f\xba\x41\x1d\xdf\xbe" "\xf4\xcb\xa7\x9d\x96\x35\xf6\xff\xb2\x57\x56\x7f\xd9\x17\x2c\xda\x71" "\x61\xb0\x65\x80\x6e\x6e\x66\x69\x26\xef\x94\x76\xc1\xc5\xb3\x11\xbb" "\x06\xdb\xc5\x9f\x5c\x9d\x09\x48\x22\x62\x67\x44\xec\x5a\xd9\xaf\xde" "\x56\x26\xe6\x9f\xf8\x6a\x77\xa7\x42\x37\x8f\xff\x06\xba\x30\xcf\xb4" "\xfc\x65\x16\x5e\x2d\x8b\xbf\x16\x2d\xf1\x97\x92\xc6\xf9\xc9\xf9\xeb" "\xe6\x27\x27\x37\x46\xb5\xb2\x77\xb2\x3c\x2a\xae\xf7\xd3\xcf\xe7\x5e" "\xef\x54\xff\x6d\xc5\xdf\x05\x17\x2b\xf5\xf7\x86\xfd\xdf\x5a\x64\x34" "\x69\x9c\xaf\x5d\x5c\x79\x1d\xe7\x7e\xfb\xb8\xe3\x33\xcd\xb5\xf8\x37" "\x75\x3e\xfe\x93\xe6\x75\xe6\x66\x96\xd2\xe1\xe4\xcd\x7c\x9e\x79\xb8" "\xf8\xec\xfd\x99\xa5\xa5\x13\x53\x11\xc3\xc9\xc1\x3c\xdf\xf4\xf9\xf4" "\xb5\x75\xcb\x7c\x59\x3e\x3b\xfe\xc7\xf7\xb4\x3f\xff\xb7\x17\xeb\x64" "\xd5\x3f\x18\x11\xd9\x41\xfc\x50\x44\x3c\x1c\x11\x8f\x14\x6d\x7f\x34" "\x22\x1e\x8b\x88\x3d\x37\x88\xff\x87\x17\x3b\x2f\x2b\xe3\x8f\xb4\x47" "\xfb\xff\x6c\xc4\x5c\xdb\xeb\xdf\xd5\x8d\xde\xb2\xff\x57\x9e\x18\x38" "\xfa\xfd\x37\x9d\xea\xbf\xb5\xeb\xdf\xfe\x3c\x35\x5e\x7c\x92\x5f\xff" "\x6e\xa2\x5d\x73\xb2\xcb\x45\x6b\x03\x6f\x67\xdb\x01\x00\x00\xc0\xff" "\x45\x9a\x7f\x07\x3e\x49\x27\xae\xa6\xd3\x74\x62\xa2\xfe\x1d\xfe\x1d" "\x71\x57\x5a\x5d\x58\x5c\x7a\xf2\xf0\xc2\xbb\xc7\xe7\xea\xdf\x95\x1f" "\x8d\xa1\xb4\x1c\xe9\x1a\x29\xc6\x43\xab\xf3\xd5\xca\x54\x52\x2b\x7e" "\x63\x7d\x7c\x74\xba\x18\x2b\x2e\xc7\x4b\xf7\x15\xe3\xc6\x9f\x0d\x6c" "\xca\xf3\x13\xb3\x0b\xd5\xb9\x1e\xc7\x0e\xfd\x6e\x73\x87\xf3\x3f\xf3" "\xc7\x40\xaf\x5b\x07\xac\xb2\x4d\x6d\x3f\x9d\x1e\x5e\xf3\x86\x00\x3d" "\xd0\x3a\x8f\x9e\x36\x67\xcf\xbc\x16\x2e\x06\x70\xa7\xf2\xf7\xda\xd0" "\xbf\x6e\x72\xfe\xa7\x6b\xd5\x0e\x60\xed\xb9\xff\x43\xff\x6a\x77\xfe" "\x9f\x69\xc9\x9b\x0b\x80\x3b\x93\xfb\x3f\xf4\x2f\xe7\x3f\xf4\xa9\xf4" "\xbb\x5e\xb7\x00\xe8\x21\xf7\x7f\xe8\x4b\xb7\xf3\x77\xfd\xab\x98\xd8" "\xb8\x3e\x9a\xd1\xf4\x9f\x02\x6a\x6b\xb5\xc5\xd6\xeb\x4e\xc9\x13\x11" "\x65\x22\x5d\x17\xed\x91\x58\xa5\x44\xaf\xaf\x4c\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xdd\xf1\x6f\x00\x00\x00\xff\xff\x29\x57\xe8\x45", 1153); syz_mount_image(/*fs=*/0x200000000180, /*dir=*/0x2000000001c0, /*flags=MS_I_VERSION|MS_NOATIME|0x300*/ 0x800700, /*opts=*/0x200000000680, /*chdir=*/0, /*size=*/0x481, /*img=*/0x200000001040); break; case 1: // openat$fuse arguments: [ // fd: const = 0xffffffffffffff9c (8 bytes) // file: ptr[in, buffer] { // buffer: {2f 64 65 76 2f 66 75 73 65 00} (length 0xa) // } // flags: const = 0x42 (4 bytes) // mode: const = 0x0 (2 bytes) // ] // returns fd_fuse memcpy((void*)0x200000000180, "/dev/fuse\000", 10); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000180ul, /*flags=*/0x42, /*mode=*/0); if (res != -1) r[0] = res; break; case 2: // mount$fuse arguments: [ // src: const = 0x0 (8 bytes) // dst: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 30 00} (length 0x8) // } // type: ptr[in, buffer] { // buffer: {66 75 73 65 00} (length 0x5) // } // flags: mount_flags = 0x0 (8 bytes) // opts: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {66 64 3d} (length 0x3) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {2c 72 6f 6f 74 6d 6f 64 65 3d 30 30 30 30 30 // 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 2c 75 73 // 65 72 5f 69 64 3d} (length 0x2a) // } // union ANYUNION { // ANYRESDEC: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {2c 67 72 6f 75 70 5f 69 64 3d} (length 0xa) // } // union ANYUNION { // ANYRESDEC: ANYRES64 (resource) // } // } // } // ] memcpy((void*)0x2000000020c0, "./file0\000", 8); memcpy((void*)0x200000002100, "fuse\000", 5); memcpy((void*)0x2000000003c0, "fd=", 3); sprintf((char*)0x2000000003c3, "0x%016llx", (long long)r[0]); memcpy((void*)0x2000000003d5, ",rootmode=00000000000000000040000,user_id=", 42); sprintf((char*)0x2000000003ff, "%020llu", (long long)0); memcpy((void*)0x200000000413, ",group_id=", 10); sprintf((char*)0x20000000041d, "%020llu", (long long)0); syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x2000000020c0ul, /*type=*/0x200000002100ul, /*flags=*/0ul, /*opts=*/0x2000000003c0ul); break; case 3: // read$FUSE arguments: [ // fd: fd_fuse (resource) // buf: ptr[out, fuse_in[read_buffer]] { // fuse_in[read_buffer] { // len: len = 0x2020 (4 bytes) // opcode: int32 = 0x0 (4 bytes) // unique: fuse_unique (resource) // uid: uid (resource) // gid: gid (resource) // pid: pid (resource) // padding: int32 = 0x0 (4 bytes) // payload: buffer: (DirOut) // } // } // len: bytesize = 0x2020 (8 bytes) // ] res = syscall(__NR_read, /*fd=*/r[0], /*buf=*/0x2000000021c0ul, /*len=*/0x2020ul); if (res != -1) { r[1] = *(uint64_t*)0x2000000021c8; r[2] = *(uint32_t*)0x2000000021d0; } break; case 4: // write$FUSE_INIT arguments: [ // fd: fd_fuse (resource) // arg: ptr[in, fuse_out_t[fuse_unique, fuse_init_out]] { // fuse_out_t[fuse_unique, fuse_init_out] { // len: len = 0x50 (4 bytes) // err: fuse_errors = 0x0 (4 bytes) // unique: fuse_unique (resource) // payload: fuse_init_out { // major: const = 0x7 (4 bytes) // minor: const = 0x2b (4 bytes) // max_readahead: int32 = 0x0 (4 bytes) // flags: fuse_init_flags = 0x40488102 (4 bytes) // max_background: int16 = 0x0 (2 bytes) // congestion_threshold: int16 = 0x0 (2 bytes) // max_write: int32 = 0x7 (4 bytes) // time_gran: int32 = 0xa15 (4 bytes) // max_pages: const = 0x0 (2 bytes) // map_alignment: const = 0x0 (2 bytes) // flags2: fuse_init_flags2 = 0x1 (4 bytes) // max_stack_depth: int32 = 0x6 (4 bytes) // unused: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // 00 00 00 00 00 00 00 00} (length 0x18) // } // } // } // len: bytesize = 0x50 (8 bytes) // ] *(uint32_t*)0x200000000100 = 0x50; *(uint32_t*)0x200000000104 = 0; *(uint64_t*)0x200000000108 = r[1]; *(uint32_t*)0x200000000110 = 7; *(uint32_t*)0x200000000114 = 0x2b; *(uint32_t*)0x200000000118 = 0; *(uint32_t*)0x20000000011c = 0x40488102; *(uint16_t*)0x200000000120 = 0; *(uint16_t*)0x200000000122 = 0; *(uint32_t*)0x200000000124 = 7; *(uint32_t*)0x200000000128 = 0xa15; *(uint16_t*)0x20000000012c = 0; *(uint16_t*)0x20000000012e = 0; *(uint32_t*)0x200000000130 = 1; *(uint32_t*)0x200000000134 = 6; memset((void*)0x200000000138, 0, 24); syscall(__NR_write, /*fd=*/r[0], /*arg=*/0x200000000100ul, /*len=*/0x50ul); break; case 5: // syz_fuse_handle_req arguments: [ // fd: fd_fuse (resource) // buf: ptr[in, buffer] { // buffer: {c1 fd 43 b6 01 66 27 01 27 2a f3 7a 7d ed a0 72 ca a0 9f aa // 11 b0 a4 ef 28 25 e8 7f 09 fb 6b c3 df d8 4d dd 85 3b 18 20 3b bf 08 // b1 af 60 66 c7 8b 47 14 a7 89 a8 f3 60 5f 59 20 e7 af c5 b0 a0 42 71 // ce bc e7 2a 79 7a bd 5b 9e 4a 44 fd cc 15 0e 6e f0 e8 c3 d4 36 0e 74 // 27 58 18 df 26 24 3f 28 ca c3 d8 4e 26 4f d0 c7 7d 4b cc bc 46 6e 72 // 44 b2 47 d9 dc ee 02 6d f8 9a ef c9 58 d8 4a 55 d4 d6 92 2d 96 ce 03 // 49 fe 28 ef d6 b8 3d 15 b7 b0 81 43 a7 21 c4 a6 77 b7 23 62 a4 9e eb // 15 ec 5b 5f 85 69 ba d5 85 e3 0a 62 ab 14 9e 7e 4c 7f 49 af 95 60 fd // 52 ea 57 30 13 5d c3 ea 3f 6a 9a 3a e6 28 6e 99 e1 52 0a 43 b8 81 3c // a6 aa d1 ad bb 30 b2 45 9f 90 69 9e 2b a3 a6 33 5d dc ac e3 73 7e d8 // f5 f2 1e 02 7a c2 b2 24 38 9b f0 c8 c0 05 ac 8d 8c 3a e1 88 67 9d 34 // da 0a 2c 20 a9 10 48 7d 3c 91 b1 87 70 fa 5e e4 83 a3 f0 9b 88 29 60 // f1 2e 7d 2e b9 01 58 95 ce 80 b3 7f 74 a3 05 a5 0d eb 14 6b 1c 34 30 // f3 1d 28 e6 f8 27 b9 c7 07 0b c8 80 d2 51 dd b0 9e 0e 70 a0 51 2e d2 // 60 02 56 33 2c 43 a5 de ae cb 01 f0 89 33 3f c3 b6 72 1f 6e d5 b4 1f // 99 71 b7 c6 3f 57 b5 af a8 04 2f 5b eb 1a c1 27 46 76 dc 54 06 b5 82 // 82 47 12 3b b7 be 79 5b ae e5 9d 77 9b bd e2 27 c9 0d 0a 5d 86 39 36 // d4 34 f2 ce 7a 45 f9 b6 50 60 0f 32 82 7b 92 e2 d8 28 91 5f 04 11 f7 // 65 ed 82 dd 01 25 61 ed 29 b0 99 50 b9 6f 8e 49 0f 14 48 db d5 e4 5b // dc 92 a2 a3 6a a6 7e 5e 93 96 b6 37 6f 82 aa 69 15 ea c4 14 4a 10 2d // e7 86 56 3e 44 82 f0 91 76 98 bc 70 77 6f 8c 7a ad 33 46 e1 8e e2 95 // af 54 f3 c1 65 8f 9b 12 41 16 a2 fd ac 79 35 3b 09 5c f6 67 dd 94 1c // 3c ba 14 1b 3a c8 98 2e ed 42 e7 db 64 9c 9d 49 a5 93 78 21 6b f4 32 // 3f f4 c2 f2 99 29 94 d4 14 4b 74 86 6a 24 26 e1 9a 2d c8 db f4 64 3f // 97 a2 14 fc 9c 44 85 12 31 6d 76 c4 11 6c 3a e6 00 df b9 8c f8 54 72 // da 66 17 45 b6 38 43 8d bf 15 d8 dd 87 a8 ba 35 20 5a 65 ba 5b f7 9c // f9 41 45 4f 8c 78 8d c2 ee cc ea 41 2a dd 73 47 98 c8 2e 9c 86 12 2a // 91 df f7 78 ed cd 30 9c 05 fd ca 66 17 6e 9b c4 d4 10 b0 ee 46 27 eb // 88 94 43 b5 74 ce 20 5c 7f 4d 6d 42 8e 90 99 52 71 2e c3 df c8 95 52 // 27 9b 2d a8 7b 01 00 51 a4 51 37 7a 0c 51 a3 4e bb a2 5c 3b 62 ba 98 // eb 6f 15 49 b0 fe e6 a7 c5 e0 c7 a7 28 35 38 88 03 a0 a8 34 2b b9 f2 // 73 32 24 c9 2a 50 dd 25 a9 b3 35 f2 43 f2 d8 c6 81 42 aa 1d b1 de 2f // 89 9a 56 c6 23 a3 2f 8a 74 c1 6d b5 69 83 eb 83 f6 46 93 16 f2 fc 14 // 86 0c 07 52 36 a3 ba 40 e8 c2 65 90 9b 8f c6 b0 3c 63 78 26 9f 66 29 // ba b8 14 18 78 9c d7 48 d8 b7 86 f4 7a b8 f1 3b 0c aa 5e cd 79 db ea // 61 33 0b e6 de 58 04 f5 c2 11 ce f7 8f 55 5e 7b 20 93 f4 a8 36 cd b8 // a2 cf a2 61 be 14 e0 f5 9d 07 5f 58 e9 7b a1 6c b1 30 f0 62 a2 26 1d // f2 44 c5 7d 6f 47 7d 76 12 62 b2 e7 55 c9 6b ad 38 98 89 4e 80 b2 3f // ae 71 fc 31 b2 89 55 13 a1 1b 0c f0 75 51 ca 87 32 55 92 dd 10 54 9b // 7d 92 da 1c b0 71 19 fe 97 0b 8c c3 aa cc 38 6a b6 4d 32 b3 08 67 95 // 93 25 6d 2f cd 1f 9e 9b 15 ee 93 ef 85 9e 72 68 be 77 60 53 18 24 60 // e8 3f b8 73 71 12 26 ec 9a a5 c3 5b 15 fb fa 12 ea 0a bf c7 46 5b 30 // 0b d8 44 5c 83 1a e7 7d 2a ab 7d 4b c3 ba 5f 21 8f da 9e 90 ea cd e1 // ac 51 19 eb 30 07 3a 6f 29 17 27 cb 94 fc 87 a3 d3 01 3f 3e bb 1c d2 // 59 06 7c 57 1b d3 c5 7e ac ce 71 6e 61 f8 6b f4 04 1b ac ad d6 c6 76 // e1 7f b3 cf 89 c4 98 4a ec 78 21 68 54 a6 0a f6 85 33 fc df f1 28 97 // c3 e1 b2 c1 0c ec 01 97 22 62 3f 47 7a 51 2c 4e 5e ef 74 a6 d1 ab 7a // 73 59 05 37 3c a3 a0 b1 8c 3e aa 52 3c 86 23 8f ba 77 e4 5a a0 7c 1b // 96 fa 1e 3c eb 04 e5 f4 74 25 36 b6 87 eb f9 89 91 8f 68 05 cd a9 61 // 1a b9 ed 10 ee 33 cd a7 1a 95 be 2d a0 d2 c2 1d 22 95 fd b3 34 dc 20 // 57 94 23 82 dc 7d 0f 70 30 0d f3 df 84 cf 9a 18 f0 42 c1 12 42 a3 47 // 56 97 71 f9 b8 24 04 e1 36 84 32 4f b0 6d 86 76 41 c8 7d 6d 70 ad 15 // e9 02 40 f9 01 d0 4a 8b 8c 7f df b8 b8 4a ef ee 16 06 f1 4a 2a 69 95 // e6 b8 aa ee 1b 37 2c d5 86 a6 da f2 8a d7 d8 ef 64 4c 58 fa 72 f0 b2 // f8 47 ee f7 2e 18 f1 a4 37 4c 4f a3 d6 04 a9 bf ec 6a 1a 4f ef df aa // 84 82 79 69 32 08 df bc 1d bb 97 b4 4c 4f 03 40 90 60 6e 0a d3 12 cd // fb 6a 8f 68 da e7 31 2b 06 4c 68 81 3e b4 19 92 55 9c a6 3d 88 a8 e9 // 07 11 c8 38 f2 20 a4 da 5b c7 d8 2e c0 af 83 da 05 9b dc cd b5 24 a5 // 9a d2 6e 43 41 3f 13 1e 77 03 eb 82 15 82 93 a3 31 45 6c e7 28 c2 89 // 23 bf 9a e6 44 a3 31 a6 67 c2 93 2a e1 f1 1a 9f 9b 89 3f 80 27 96 ad // 02 9c 40 49 6c 9b c4 9c df 41 a4 0d a1 09 2b 40 4d a6 60 e8 0f 33 a6 // 01 2a 40 78 05 e7 0f 9a 18 01 05 cd 04 01 ed 01 a9 f6 ed ef 4e 24 79 // e1 57 9e a3 65 d8 43 c1 97 27 9e 3c 79 ae 56 a1 07 df ab a6 af 80 ed // 9a 24 d5 35 d1 98 27 59 6c a2 b1 4b f4 b1 10 fa e4 82 0f c8 d0 57 0a // 64 ae 08 e3 15 da 00 91 f7 66 bc eb 1f c9 90 46 5e cb 84 a2 d7 2e fc // b9 a2 69 81 68 63 b7 2f 8d 08 69 b2 0c 14 bd 72 f9 09 fc 3e bb f2 ba // 2f 98 ce 3f d7 eb 54 b7 38 69 29 16 ee b9 8a b9 ea 04 ce 3e 74 08 17 // dc 9a c6 56 1c 71 d3 bc 15 35 8e bb b3 02 72 94 f6 6e b8 90 57 7f 8a // 63 ec d2 3b ea cd 93 c3 b1 49 8d 5e ef d8 b6 8e ba b3 53 66 53 d5 83 // 97 13 b0 7f 79 eb b2 a6 10 6c 00 9c c5 35 a2 17 3c de 3c cc 65 67 6b // ca e5 13 14 5d b5 bf 08 54 6e 88 10 fb 4d 19 32 66 d4 91 fb 91 21 93 // 51 38 a7 4c 52 14 99 59 a0 c2 70 cd 6e 24 4d d7 cb 14 0f cf 6b f0 e7 // 53 62 20 f7 98 bf 32 cd a5 64 eb de 02 5a 92 61 7f 31 95 e5 49 a4 91 // a4 54 46 ff 0e bf d3 b0 47 77 5a f3 39 e5 9a 8d a0 db 62 23 33 93 25 // c6 f4 93 ba a5 f2 c7 1b 57 10 a9 75 de f3 e3 91 9a 24 a5 23 51 ac c1 // 2e 5a 2a b6 c1 71 70 5b ad 0e 6a fd 0a d2 b6 dd 6f ea ed c9 92 4f db // a5 33 fc 95 8f ab 9a 98 0b 77 5e b4 c9 3a 49 94 13 07 3c f0 98 26 38 // 1b 80 54 f9 f0 9f 4a 0d fa 63 ac 2f 6c b2 2d 00 1f f2 77 ec 7f 49 3b // c5 4d 2d 1d 34 a6 da d6 2c d7 bc ca b2 ec d4 19 c9 00 87 f6 94 53 11 // 46 0b 87 da ad 60 5f f8 51 9a ba 1d 83 11 a5 e5 65 dd 26 65 55 77 aa // 13 da 31 e0 1c ac bb 7e 10 e7 20 a4 86 e9 cc 45 0b 8a 21 d2 3a ea b4 // 28 38 d8 1d c0 5f 5b e0 47 4a b8 1b 80 6f e7 1b 88 83 23 03 7f 32 62 // 17 9e 45 1f 76 5e 41 9b dd f7 b7 a9 9b 40 bc c2 26 98 6e fb d3 76 5b // 66 e5 6a 35 00 de 4b 18 b6 76 36 15 10 bd 35 b3 a9 c6 b8 c0 82 22 cf // 7a 73 c4 cd a9 72 19 0f 83 9c 2d 01 a4 c1 71 a8 03 c0 a7 7d 27 69 c8 // 92 b2 f0 19 1d 2f a0 1d 7d 5c a5 35 73 e4 7e 93 ca 9b 56 b8 f0 d6 84 // d5 45 8d 50 5a d8 38 3f 22 e1 90 24 da 06 bf 6a bf 30 ed 66 3c fb 33 // e2 02 be 17 bb 95 1e 9e a3 0c fc f6 56 75 d2 fc 64 aa 51 e0 72 37 fe // 83 91 54 91 85 fa c5 82 2d aa 92 e7 37 78 e0 80 b1 30 4d d7 57 f9 03 // 50 92 a7 29 b9 a0 12 2d 1c 07 d6 03 36 f1 8a 9e 46 eb ec ed 10 41 de // 2e 2e 8a 5d e6 f4 a8 14 d5 17 9b dd fc de da 88 88 8c b9 ce 32 2a 51 // 6a f3 be 2b 7c f3 71 e9 19 3c b4 0e 66 cd 41 dd 94 e3 7f 14 c6 e6 46 // 9e 8f a6 c5 7a 4f a3 12 5f b6 81 9b 84 e2 76 76 8a 73 54 dd 3e 26 92 // a7 7a 4a 60 af 85 be c0 32 5d 0a ae 72 a5 f4 f7 bf 94 68 f1 d3 51 47 // 91 0a 55 af 54 6e 4e 36 34 fe 2d 8e fe 11 66 01 bf 84 c0 e9 c4 d4 42 // ec 8f 99 fe 6c 1c c9 0b 99 a8 d1 e5 33 22 b2 6b 66 92 8f d0 17 38 fa // 70 c0 af f8 4b 4f 02 94 6c 6f a6 84 bd 61 76 67 85 7c d7 51 a3 ad 3d // 32 4f 95 74 af 78 ee c6 c8 c5 1c 25 e0 1c b0 ef 12 91 99 f5 a3 b3 b2 // 9e 32 a3 4c 4e f1 4c 81 0c 2e 69 e0 61 58 f0 20 33 e1 5f 1e c0 04 19 // a9 1c 14 50 33 89 56 a1 88 fa c9 18 fb 73 69 24 91 ba af 59 76 ca 39 // 2c 13 9b a0 e5 51 de 26 0d fd 6c 73 3b 57 22 15 f2 af 0a ac c5 70 9b // 0d 4a 3b 36 d2 3f 58 82 c5 64 4b b4 55 07 5c 5c 48 bd 50 49 2b 39 5d // 14 c3 63 93 01 9f a9 ea b8 a2 11 d7 1d 17 37 54 66 3e a2 af 1e bd f9 // 75 10 06 79 26 09 d4 db 47 82 4d 95 d6 85 83 c9 22 c0 4a f3 cd fb 58 // f3 7b 6f 95 8a 4b 35 cb d7 4a 30 a3 93 be 19 2f b4 6b fe 4e 72 2c 36 // 34 c9 4f bf 48 29 f2 5d c0 b8 b0 7c d1 6c f4 c7 e9 24 eb 02 ae 8d 67 // 55 39 d3 2b 5d 9a 54 a4 38 11 eb 98 e2 db 31 7c 67 d5 bc 62 90 15 82 // cb b1 28 54 2d 6b e3 bc 9a 5b 5b 8a 88 27 f2 ea b1 5e 82 b2 8b 41 1e // df 67 d7 86 b7 6f ee d9 e7 d5 ff bc 86 fb db 19 ed 80 a4 f5 dc eb d6 // 31 71 9f 87 34 c3 98 93 80 47 01 1a 25 13 70 e4 0d 59 29 e9 b4 42 60 // 81 02 9b 13 39 cc b0 8b b0 db cb b4 ee dd 53 79 2e 43 a0 46 ab c1 d5 // c1 dc 8c 17 49 05 22 33 e1 8e 25 59 3d ae e9 4f 77 f3 27 de 61 86 7f // 1e 79 1b 79 7c c5 ee 43 f8 10 9c b0 65 4d 87 42 ec e8 51 2c 32 24 42 // f6 3d ff 88 70 2b a0 47 e8 37 0a 1b 73 04 53 6e e7 cf 46 5a 0a 19 d9 // 65 fd 03 54 3b 99 14 49 d6 a1 a9 8b e5 ec 38 67 31 4c 68 8c 5c 48 7e // 59 a6 bb 05 29 1f da 47 98 27 17 2b f3 db 61 5c 20 ea 02 2f f7 b1 60 // 20 29 92 20 b7 c4 5a 71 81 c1 ed a4 8c 9a 5f a7 62 48 43 d1 12 c5 2d // 99 d0 b2 7e 16 8e ea db cd 3c 60 b3 f3 66 17 5d ec c8 c9 1c 64 a0 a1 // 6d 3a 2e 38 24 4d d8 d2 de 80 6a d7 41 e2 25 60 75 ef cb 04 66 36 0a // ca a3 f6 56 11 78 9a 82 1c 30 a1 3d 4b 60 e4 41 73 be 9e 28 8d da 7d // 7a ae 2f 83 41 d9 a8 51 04 17 06 31 c9 42 ee f2 2c 10 e9 03 bf 70 b0 // ed 36 83 1d 53 6a 0c d6 5c 11 a2 09 e3 7a 76 f3 f5 4d eb 32 67 35 be // c5 a5 32 43 1a 81 f3 03 af 5e 9d 03 71 7a 93 a3 da 18 31 7c 45 9a ee // 8d b0 8b 9f 0b 33 31 d2 97 70 fe 7f c4 26 6c 15 a4 29 4c 9c 43 5a 38 // 29 6c d8 80 dc ed b3 4f 63 03 7f 2a 8e 3a da 9e ad 3e 52 ab d6 9e 57 // 79 90 5f 82 a6 07 f7 0e 35 1d 21 67 bf 1b 59 9c fb 93 14 a3 7d f8 76 // bd 5f 2a cf f8 2f 17 73 c5 12 ff d3 08 17 9e 47 b2 69 46 eb cc e1 12 // 27 3e 12 89 51 45 ec 88 c7 01 26 9c 93 f3 2a 5a b2 bc 16 ac d5 7e 99 // 7d 14 0d 18 c2 cb ed 26 01 a0 5e c3 3a 63 e7 ed bc ca 67 3f 71 ee ca // b6 6a f5 28 7d 7d 5a 1d ad 68 77 1e d6 12 d2 9e f8 ab 23 ef 02 11 b4 // bb ed 6f 98 1c d2 4d 65 2f 35 5d 94 f6 00 3b 01 cf 3d 80 3a 6e 36 b4 // 70 40 2c 05 81 6a a2 cd 74 7f 29 33 00 bb e8 91 85 4d 93 2d f7 80 9c // 78 09 c2 cc 3d 06 c6 93 98 1e 7b c2 1e 89 aa 3e a8 f8 82 9c 85 18 5e // 4e cf d2 e2 93 bf a2 b8 8c ae 2c 9e 47 22 b9 cf ee 01 91 1a 50 2d 59 // 36 05 32 52 86 61 ea df 21 50 e2 6a 29 92 87 1f 56 2d 6f ed 4a 36 86 // 7b 25 21 b1 77 8c 4c e9 55 f5 98 0b 9d d9 ed e4 2f c4 a1 39 44 91 eb // f1 c1 fb 0d 79 4c b8 c2 8b 10 3d 76 b2 e7 0b 03 37 87 7a 22 2d 7f 3c // d6 1f 35 3b af 7b c9 e2 3d 80 f8 e5 b4 45 99 37 d7 5f 86 9c 17 9d d9 // b9 48 a7 0b 9b a3 73 86 53 27 90 ba c1 2f 2f 34 2f c4 f2 af d8 a4 5f // 10 93 31 d5 da f3 34 4a de 89 30 29 e3 22 e8 b7 f3 bd b5 a4 99 87 11 // 6b 31 b2 bd 6d 5b ab 78 9c a0 61 ea 42 f7 64 7c 88 48 8f 73 41 50 e1 // 61 e5 ae a7 86 39 c5 bf 9c 2f b8 8d a3 21 cb fd 37 9b 38 cb e6 e1 4a // f9 79 f2 38 68 5e 2c 0f f5 16 29 cd 22 86 02 db ac ef f8 a2 14 cd c6 // 65 28 cd ea 11 46 91 ef 61 9a 8c 9a 0f 9c db 7e 08 c5 bc fc 2b fd 29 // e3 9a f3 8f 5d b4 82 1c 64 8c c3 d9 76 cc 45 5a 6e 64 98 c9 25 11 b4 // 07 f3 34 92 84 90 15 62 a9 12 c5 af 25 ff 79 2b 9c 6c 5d fb 73 51 93 // 36 c7 d4 a8 7e 49 de bc e7 a4 41 b7 a2 97 06 17 3e 4e 4e 8d ac ee 63 // a0 6a b8 5d d3 59 b5 08 bc 8a 0f 70 02 83 2f ae 10 a0 a3 8e fa a4 75 // 84 6c 42 05 ae be 77 73 34 78 8c 3e 46 52 08 6e 26 dc dd da d9 91 b0 // ce 52 56 e1 13 ba c6 92 d4 42 f5 24 d7 e2 92 b8 6e af 0d d8 38 0c cd // 78 b1 48 9d d2 ef 6b ea f2 eb 9b 08 b5 0b b2 a5 ff 3b a8 df 3b 22 6b // af 79 a0 73 9d 8a 60 cf 81 5c b3 47 39 9a c4 ad b2 ce a5 33 d3 f0 ce // 16 0a 56 3f 8d 40 1e 5a 61 00 57 8e 4c 81 78 a7 e7 06 63 e1 35 ed c6 // 45 cd ec 2f 05 88 fc 99 a0 cb 60 dd 87 88 e0 25 54 ad e3 70 96 0c e5 // 62 c2 10 e8 26 a1 eb a7 67 a0 9b 10 f4 6e bb e6 c9 16 6e 24 28 63 31 // d2 ff 02 5c 57 a1 0c 7b 64 c5 06 d0 a6 86 42 17 1a d9 65 a0 01 70 05 // 61 fc ac 2e 3f 54 8f d5 8d 32 ba b5 f3 8b 36 e6 2f 55 46 12 9c ea 35 // ce 85 60 52 e3 e4 80 fc 63 96 40 a5 30 1d d7 00 c8 e8 d0 bd 6a c7 90 // 91 0f cf 2b 4f 15 9c c1 53 1a a1 c9 e3 7b 54 15 20 45 0d de 63 89 42 // 08 12 01 ae 8a 58 0f 28 cf 50 53 01 90 a4 5f 45 46 87 53 a1 22 b3 64 // be 7d ad 79 04 4e c8 b9 97 7d 58 3b c0 ac 3e c7 b9 fa e1 92 39 7c e8 // 69 33 10 f3 01 c1 8c 2c ab 52 08 b3 69 e6 3c 5a c1 8d 02 66 83 4e 21 // 8b b7 1f 30 8c 2c 2f 2d f4 a6 cc ad b3 78 88 60 a2 c7 33 a9 25 2b 87 // 7e a1 c1 e8 49 a3 8a 32 83 10 ba fa e9 61 4a 6e 16 11 70 c6 fc be 9b // d8 c4 17 7d e1 fd 18 f5 68 05 c9 1f b3 82 aa d7 67 89 15 56 ff 8e 1b // 5f 3a b8 c1 8b 4f a3 05 3c 98 1c 12 fa 2e a0 17 bb 75 96 15 8c a5 33 // d0 dd 95 a9 5d 0b 39 22 22 60 9f 6e a3 36 71 1a 9d c5 03 93 bc 41 fa // c0 d4 29 54 0a d7 07 57 b2 08 6b f1 be a0 13 2a 60 9e a0 bd ee a0 ce // f9 3d 8b 2a 0d 59 18 9b ff ec 05 28 1e 97 b4 72 22 91 00 5e 9c a7 e7 // 55 be 90 70 f4 05 ab 0d 6c 95 46 a5 eb da 2e 62 ad cc 62 1c 2b 1f 6b // 07 cd 1e 61 7d 50 46 9e f2 c7 16 47 a4 7e f9 8f fb c7 15 05 e1 88 ce // f3 e5 c7 74 c0 98 76 64 b6 98 97 94 d7 ca 18 68 04 cc c6 29 6d a3 ad // f2 2f eb 35 17 92 f1 a9 cf f7 74 13 70 37 44 bf 4f 21 21 29 20 d6 a8 // fa 18 00 da 7a 38 fe f7 16 0a 50 f5 b8 95 e7 b7 6f 3f d8 30 fc b9 a2 // 5f 3b 3c cf d0 82 a1 71 22 37 e4 ca 66 50 85 aa 1c 5a a4 13 bc e8 13 // f1 b7 ca 66 10 5d e9 4b ab b7 b4 a0 50 29 cc 37 59 d0 01 91 fd 9b fa // 0f 99 6c c7 03 40 3d d6 ed 2b 33 f2 74 3a 78 80 41 f2 79 b7 67 ef c3 // 73 31 4e df ae 1b d3 3f 7e aa a7 41 8a 59 ff f7 e4 0d 02 e6 18 17 2f // 6e 0a be 08 c8 55 34 8f 3c ba 40 c8 59 2a 05 21 ed 1e 41 52 4f 20 ab // cc b2 bf 0e bb 93 3e 59 b7 03 6e ff 5a 66 27 9d 57 8e 6b 2f d6 c4 14 // 0b 33 ad c6 7f 70 83 11 0d 81 5a c5 5b 48 33 ec 05 04 48 82 65 b3 ff // 2b da ce c1 7c 91 be a9 d6 bd d9 31 bf 05 6d 6e 97 90 e4 72 d8 74 a5 // a3 94 6b 20 04 93 c9 87 4d 05 7a a6 be 3a 1c a4 da 6f bb 88 a9 d8 53 // aa a7 c8 cc ab c8 35 82 ca a6 50 78 bb e7 b0 46 25 d1 39 ed 98 60 08 // 0d 18 5b d9 79 8d 61 3c a3 01 47 13 eb 9e 36 bd eb 73 f1 4a c3 fc 7b // 2f 8f 59 44 04 f5 6d d9 37 c0 a7 e8 65 fa 98 e8 58 cb 0a f6 61 cb e1 // 2f 15 c9 28 c4 c4 5a 98 2e 24 cd 32 23 20 a9 6c cd 54 65 6b 2c 78 76 // a5 d7 17 e4 2d 3d f1 31 89 b9 5d dc 2b 5a 92 8d bd a9 ee 02 c3 03 52 // 04 5d 02 cb d8 54 af 82 13 00 f1 98 b1 ce 1e a8 e4 5c 96 90 20 e5 c7 // 67 0f bd 9b 72 27 cf d3 c8 09 fa c1 df 2e b1 8c 19 9b 27 e9 69 f3 20 // 52 37 6b 45 00 03 b7 ff 63 32 ee 1d 9f ce 1b 59 47 b7 25 75 ec 65 41 // b9 92 fb c7 6f 0e 03 fc 1b b9 a0 df 5e e3 de 0f 34 12 5c 31 1d 2d db // 67 96 2c f9 a8 23 0e ff f8 2c 25 c8 96 62 10 82 a5 87 13 9e 99 7e 05 // 32 96 2e 84 ad 69 7a 1a 2b 80 d9 97 c2 a2 68 ec ca 8b 7d 10 95 53 0b // 33 2e f3 68 27 0b f3 1a 75 b7 77 a7 cf e8 c8 d3 24 a8 c5 58 d3 c6 5f // 80 1d ea c6 82 28 42 f8 5f 10 a6 41 b7 1a d7 e5 fb 05 f6 4e b3 03 35 // 07 dc 3a 2e 9e c0 2d 66 7e f3 6c 55 1f 69 c4 38 e8 b6 c3 92 77 33 d8 // 3e 94 f0 35 ef 3d a2 30 b7 59 df 5f 5d 19 64 81 5b 17 64 78 c4 ed 94 // 40 2d c8 26 5e 58 91 71 df 16 50 94 a2 e4 e7 56 14 fc 6f eb b8 48 4f // 28 ec 8c 12 52 b2 d9 33 85 25 73 92 68 37 e1 ed f9 da 0d a3 f9 16 97 // b2 90 c3 ee 5a 44 fc ab 3b 10 09 5b 78 b5 df 37 01 43 1c ab 31 75 0e // 21 1d 44 2a 77 db c5 e2 d4 d0 e6 7b f3 29 f9 10 34 14 ab d4 f3 87 95 // 11 37 5c 88 00 f5 2f 8a 17 ae 68 87 21 4b f8 63 4b d9 90 75 ab 07 35 // 40 f0 4f f6 75 d3 21 90 a3 d1 15 2c ee e3 2e 30 71 9c d8 83 a8 21 85 // f8 9f 07 1c 02 df 44 3c f7 04 6d ce 8a 6d dc 47 2e d6 39 45 fa ef 58 // 8a cf 57 98 5c 7e cf fa 43 8f 54 27 fb 85 1e bc 6a 4c 57 7a 33 89 5a // 8f c4 62 82 86 a4 8d 3b bc da 1b 76 9a a3 19 48 69 e1 48 ba 45 79 32 // fa 6f 2e 46 40 e2 75 59 40 e2 f5 a6 a6 77 96 b5 f8 8a c1 0f 38 9b 40 // 9c 0c 57 bd 4b f0 cb e0 fa c2 fd 2f 58 ec 49 8d 19 c4 39 52 e4 52 2b // 51 93 17 12 eb 40 02 b7 b2 08 c0 2c 4e 06 df 99 fa 8e 93 e4 b9 e8 b0 // d7 a5 7e 63 aa cd af b1 9d b0 fd 42 2f 8e 89 d1 27 5b 49 96 3b d8 2b // 49 0f 9e 4d 24 cf e9 70 0e 98 c7 3b 31 fd cf 7b 7d 30 d7 3e 9b f6 bd // 86 43 9d c8 b6 31 71 d5 3c a7 ca a8 60 c6 07 77 43 60 99 db 54 41 64 // d4 e4 a8 1a 48 3f fd 5e f2 98 01 10 f4 61 52 9c 05 7c 40 f2 ee 63 b7 // 1a 8e b2 d8 79 19 72 6b da 25 a8 fa 2f 24 2d 3f f7 bf 07 26 d8 a1 1d // 14 1e b8 7d 27 33 f1 fa f4 56 f2 ec cb e4 c3 a8 56 70 2a 80 ba 7e 36 // cd 8e f8 e0 64 e1 6e 61 ee dd a4 47 8d 2e da f0 44 5e 22 47 a7 6e 25 // b4 b5 c6 87 20 b8 7b ba 69 b4 17 19 83 d9 5a 5a 76 4f 42 fa 6f 23 46 // 60 96 d9 a0 97 ed f8 49 52 02 3a 45 41 11 04 56 b9 3e a5 58 c2 05 91 // 56 c2 87 fc 6c de 7c 74 ab d9 0e c5 39 a5 f4 3c 2a 64 1b 1a 34 cf fa // 25 38 ba 56 5d 0b 57 51 3b 8c 1b 3d f5 41 d0 2d 6d 5a 0a a2 f9 62 00 // db bf 64 ab 7c 0a db 86 8c ce 23 ca 60 7d b6 d6 dd 18 f9 56 18 5c 98 // 3a 90 c8 b4 a7 ec 63 01 78 37 6a c4 00 c6 1c 77 fc ba cb 97 9e 2e 07 // 11 5d b8 a0 34 a0 0f fb 13 6f 91 c0 b1 6c 6d 79 6f 52 4f 9c e6 a0 b7 // 2c 37 8c 89 39 b5 6b b8 3c a0 f3 d0 9d a2 b8 2b 4d 34 57 b5 68 87 8d // 01 9f 54 f9 cd dd 51 4a 60 1d 4e df ae 58 2f 1a 26 74 89 2b ac f6 ea // ba 66 12 4c 79 7e 1e bf 91 e1 b5 f1 2e 52 04 04 d2 13 b1 27 70 96 6d // 5c 5f 34 35 16 9f 88 67 fa ed 01 07 d2 cd 4c f0 63 8e 4f 1c 48 81 22 // da 75 16 82 0c c3 d1 2c dc 9f 66 37 78 45 53 52 d2 be 1d 8d 3c d6 11 // 80 83 04 55 4b de 60 1e 4e c4 c9 aa 50 ec 22 64 8b 12 f4 5c 8d 84 bd // cf c8 5f 94 21 d5 aa 5b cb 3a b0 0c 72 bc 1d ea 95 ba 0a fe 25 4d f5 // d8 b4 0d 53 ad f1 d4 fe 1d c3 74 4b d4 86 e3 eb 14 77 5f 4f 4c 33 3f // 75 19 75 a4 a8 b5 bf a4 97 85 06 33 af f3 ff 98 de b5 3d 1b 51 5a 08 // c4 c4 74 bc ce 46 14 9d fd 5b ec e5 1d 1d fb 6e af 59 3f 8e e0 37 40 // 4a 5c e5 ed c2 88 70 06 05 9c d3 74 34 48 ab 97 78 99 f1 05 40 b5 a5 // ea c1 b9 d4 34 66 54 e4 eb 02 00 85 8b 5b 92 52 53 99 a8 78 59 85 92 // 69 d3 b0 fa 4c 21 59 dc 80 75 48 36 8f f7 01 07 66 06 37 8b 44 ce e2 // 83 9f 05 ad 94 f6 59 27 0a f8 68 cd 67 4b 44 72 9b bb 8e b2 f6 97 10 // 1b f4 fb 4f 96 d0 7d ab ae b5 b6 a1 cc 88 44 23 fc ac 3d 38 05 bf fb // 3c 8d e3 e8 01 d6 41 43 6c a6 b1 f5 0a ab ce 4c 7b 3b 1a 24 eb 69 77 // d5 a8 c8 4d 6c ce 8e c9 ee 93 d3 06 2a 4b d7 8f f9 16 fb ba 7a b2 28 // 83 8b d6 1f 25 75 9c 6a c8 65 0a db e2 b3 46 e6 56 81 db af bb 93 43 // 58 ca 2b 1b 85 4b f4 2f 42 40 4a 15 ca f9 9b 78 5f 13 2b 9a 20 41 3b // 2d 9d 35 32 20 65 6a e2 71 88 3c a9 73 34 30 db 09 b5 e8 57 8e 9d 4f // ff 03 2b 0e e7 92 f4 29 79 10 89 d9 38 76 a3 36 65 a3 5c 42 0a 06 86 // c1 25 00 52 42 55 1d f2 76 73 e0 82 6a 1c 38 bc 02 8c 10 4e 0f 95 8a // e1 ff b2 d5 22 1f d1 a3 6e 59 80 65 ee d6 a4 49 56 7b 41 c0 27 b6 fa // a4 61 d3 ae ee 8d fb 62 85 66 1a f7 fd cf a4 84 fe e6 54 b6 33 34 2e // b1 22 fe 72 d5 d6 8e a4 cf c9 88 ca bb 0d f3 9b 8c bd 06 4d 48 9f cb // c9 0b f3 13 f3 a2 97 97 d4 79 a8 fc 12 cf 5b 9e ad 09 07 a2 dc a5 68 // bc 0f 40 d0 fa 4a 9c 37 58 f9 bf d1 ac 36 62 a9 f0 42 60 ef 0d 2b 86 // a0 2d 23 75 9b 21 0f 38 83 0c 4a 22 46 49 18 6b 6e 4b 87 c6 b4 57 21 // 7c 86 f5 02 52 19 40 ca f1 e5 b2 ea db 72 95 1a 79 0c 94 dd 74 b9 29 // 23 29 47 b0 1c ef d5 a1 48 3e 12 7b 1b 6d 21 63 17 b5 81 45 5f 9c f9 // 68 76 af 83 7e 5f 88 cc 38 a4 6e b2 fb 6c d7 fc c6 fc e1 a2 64 16 7b // 86 72 38 29 ff ff c4 13 bb f3 b8 34 31 54 94 48 75 dd 62 19 a9 54 18 // 31 4b 1e 07 1d d5 9d 0e 96 08 3e 02 cb 87 78 06 9e d5 41 37 ce 98 bd // 70 2d ea d8 fc 74 99 2d 77 43 d1 45 0f af 7d e4 4c 2d 59 ff 2d d3 39 // b8 0d 34 49 02 be a5 b3 a5 64 f0 1a ee fe 30 01 65 bf 3b 00 d8 11 c7 // ae 86 6c b1 a0 a1 b8 74 00 c2 94 18 41 cd 2d 69 53 30 8f 1a 96 3f 1c // 6d 44 86 e7 e4 5d aa bf 0b 06 6a d8 88 4f 45 77 53 4d 3c 9f 3d 3f 3b // be 8a 1a 30 88 d9 b9 5d a1 fc 90 15 73 e2 6f 5b 86 c7 a8 68 42 9b 9b // 63 4c 9e 35 df d0 53 45 63 16 09 12 a4 3c 64 ba cc 8e a1 ce d7 bc 1b // 77 a2 87 16 70 0e 50 19 05 c9 e8 1e 19 02 41 e0 ed bf 4f 89 4a ee 40 // 47 c5 b5 fb 58 a3 db 4a fa f7 67 90 69 0f dc 12 89 23 6f bf c5 f6 cf // f5 40 eb 82 de 80 44 d1 76 58 fb 05 4b 19 8c c2 88 cc 43 aa 5d 80 5a // 51 ca da c3 e7 5c 8f d8 2a d0 15 a0 49 32 cb 6f 6b 53 aa 4e 8d 9d 84 // 01 8f f8 db 0f 75 6d 6b 5d b4 e0 6a 68 9b 52 fe 84 71 b9 23 0c 2d d1 // 4d 04 2c 1f ea 45 c3 d2 45 23 51 a4 22 24 21 36 66 10 d8 07 85 f7 e4 // 74 74 d4 ad 58 11 63 13 81 3d 4d b3 17 6d 93 c4 e2 9e 5c 75 62 80 68 // 79 dd c7 5b 9c fc f3 8d 6a ed 01 5c 0f 4d 52 30 2a 51 21 51 87 bf e2 // 54 d6 06 5b d1 42 cc 9b 9e 03 f3 2e bc 96 86 ad 0d 0c b3 fc f0 af a3 // 20 a1 5f 37 cf 59 16 00 63 6a 4e f8 4c 75 6c 0d 42 ab 98 bc 24 79 f0 // d5 d2 30 35 9f 62 24 47 10 18 44 43 0a 75 55 a4 cb c7 02 b5 5a 4a 6e // d9 64 cf 39 9a 1a 49 3e 40 55 5f 62 2d a1 64 30 73 a7 86 a3 42 5d 95 // 09 0b 9b 0e 20 52 11 87 e9 e2 0d 35 f4 e0 61 e6 20 1e 67 e8 44 d8 84 // 57 f7 51 e5 51 9d d3 0d f9 25 1f 1c e2 83 6e 0b f6 1e ef 8f c6 ed 22 // e4 88 71 86 31 65 66 27 8b ec 46 af 38 23 ed 53 e3 e1 8c a5 74 11 24 // dc 53 ca db 5f f0 84 6c c1 c6 b9 c0 72 be 6d ea 18 7e 83 36 eb 6b 6b // 70 29 ef 79 ff 3b 29 99 93 8c c5 9a af a1 61 8f c4 55 6c e3 c8 1f 99 // 41 4d 5d 79 53 8a 83 ee 9d 8a 9a d0 b9 e5 70 60 d4 be 9c 53 26 6f 41 // 84 55 d7 60 f4 23 a1 64 2e 9e df cc ed e2 9d 21 89 1d 74 21 ad 0f 1c // ef e4 72 d0 ef 84 96 55 75 41 98 71 37 47 27 bf 5f 1d c7 20 57 a1 8e // d4 d7 e0 a2 dd d6 d1 8b eb 2c c3 71 86 09 81 4c 29 68 f2 74 65 b0 0f // b4 b4 a6 43 59 62 97 22 32 05 83 a0 56 44 69 3e 6f ca dd e0 ef c1 2e // 66 a0 c8 e4 83 11 f0 55 0a b8 fb c1 55 6b 69 bb 2a 5a 0c 03 f1 a5 9d // 67 04 6d 7a cd 5b eb 9f 7f 9a e6 eb 18 58 04 31 62 4d 63 ff e2 94 ea // 54 97 a6 5e c3 89 1f 4c 70 b2 6b 7b 17 a9 f8 21 45 e5 d5 15 6d 6b 33 // 55 ad 24 9b b6 61 68 bb b7 45 d0 0c 40 d6 ef 42 d5 2a 03 2c f6 2c ae // ea ec 31 f4 c8 5a c4 03 cb b0 c6 75 69 53 f0 dd bf 79 da 0c fa 6c cc // 1c 40 de 43 bc 4a 10 a7 00 b9 83 22 e6 71 22 5e 80 e6 63 d3 01 92 ff // 56 11 c4 4c 09 53 51 bb 69 a4 e1 4c 11 a3 d5 b0 b5 3e 78 95 46 99 76 // 05 16 13 4f 31 48 e7 1a 2b 0b b0 4b 24 bb 1a 2c 2b 50 3f 56 24 9e 0a // 2c 63 8f f4 0e 7c 2c 7d 50 ef 71 96 fc 98 93 e1 8c 0a c3 fc 5a 4c 0d // 23 ee 08 08 0f 98 4d c6 43 85 4b 54 df 4a 63 8a f2 9d c5 df 79 f9 05 // c4 13 3c e2 63 f3 b2 bb 55 fa 7d 56 fa 82 79 56 87 e6 ee 5c 68 cc 13 // d7 1e 44 36 7e a8 67 04 09 cf 22 31 99 0c c6 d0 6e 5a ae 2f c3 af 15 // 37 b3 3b 42 77 5b 40 bb a3 aa 41 70 16 fb 9d d8 9f 90 a8 91 96 c1 04 // 01 7a 68 f7 52 7b 8b 95 8e 38 f9 64 68 32 a7 79 00 45 fe 39 4c e4 1b // cb d1 cb cb e5 2c d7 e5 6c ec 7b 28 56 e4 48 fa 5d 7e 83 77 98 b8 99 // f0 5a 2c 2f be 6d 9f 1a 7b 19 3b bf 7c 70 44 4d 6a 37 81 0d 4d 19 d3 // 59 f9 cd 6b 8a 6e f2 23 0b 73 5f 8b eb e0 cc ec 94 e4 4e d9 52 34 bf // a4 a3 6a 2f 0e e9 fd 5c a7 3d 69 73 44 d2 84 36 e0 fa b8 1e 73 f4 47 // bb 14 4a 70 aa f9 6a cf 6f f5 2c 47 37 e7 a4 de bc d2 85 bd b5 4e 36 // 3d 84 2b c9 a7 d1 80 c1 6f 01 0f e4 07 8b 41 c4 c3 e5 65 c3 ed d6 4e // 61 f9 95 ab 00 86 db dc 02 6d c1 82 5b 8c 45 ed 96 ed d8 d2 bd 9d aa // 69 9e 5d a3 33 27 4d 6b ee 20 97 c0 04 46 28 48 cd 16 84 9f 95 cd 22 // 52 c4 c8 70 58 a8 21 ed 97 7e d7 51 b7 7b 0a 8f c0 96 6b f3 a3 0c 26 // d4 9f 31 85 78 2a 7d 31 4e 89 f0 39 a1 5e de 45 85 38 f1 ad a8 eb 83 // 6a 36 bb 5d 82 c4 02 e3 fe eb d3 7e 7b 7c 66 7a 1c 82 ed c8 72 00 72 // 78 9f a5 f3 88 03 9d aa 73 1c e7 4d bd 5a a8 96 5b 7e e9 9f 6c 27 10 // 35 23 9c a1 c3 4c dc 3c 57 bd 85 10 de e0 8f 74 cd a3 70 95 b1 b0 98 // 99 79 98 fa 26 7e 0b e1 5d e4 74 b2 c7 37 93 6c ac cc b4 ba 44 11 25 // 70 bb d1 3f 87 0b 55 f3 76 3f 77 72 4b 58 6d 6e 26 c3 e7 2b 20 bb 13 // 27 2f 2e e3 31 bc ab d4 a7 99 80 a8 d2 96 5c 20 da 2a 39 18 c8 55 21 // 5f ec ce 95 d2 9b ec 58 f5 22 d3 d6 d2 85 2c 4a c0 80 ff fc b3 ee 7f // b9 85 91 f9 9b 7c fb 7b b1 24 cc 20 07 80 30 75 6a ee 8f d2 84 df 06 // cd 5f 07 c1 3f d5 6e 53 81 b1 9e 0a 3a 9f 41 2a 8d 27 42 8c b6 af 00 // 78 e4 dc 8c e4 83 66 30 36 0a 5c 3b 98 ff 5e 6c ba c1 d9 d2 9d e9 83 // 8a 84 d4 72 2c ee a3 76 5b e3 df 99 84 cf 13 97 70 f3 fb 98 6b 9c c9 // 18 5a b7 87 f5 4b e3 3d 46 c5 4d e7 4d 94 d1 3f 74 ec 70 cf be 16 05 // c0 0d b7 9f a8 de 64 cd 83 40 90 a3 5c 80 75 9f 83 c8 fb ef cf 9a 27 // 6d de 8a 84 98 d0 84 b4 61 95 78 ec cd da 26 51 a4 75 f7 33 67 bd a9 // 68 94 bb 36 eb 86 80 35 25 16 94 cb b7 45 fe b1 50 55 5a da 09 90 94 // 97 ff 1d 9c 8a ee 7a 35 b7 c8 b2 fc 64 ff 48 3f 4f d3 49 1e d5 23 04 // e6 01 0b 9b f2 af 8c 5b 8e 16 2a 38 3a 0b f0 bf 10 8c a7 8f 50 86 13 // 2b 2b 1a 29 58 1f 32 38 41 c2 f1 89 50 98 98 d9 32 43 6e 5c 1e 69 3e // d9 1f 05 24 da 02 6f ec aa 2b 7e fa b5 4a ee f1 20 be 61 de 45 71 71 // c5 88 11 e0 ca 8a 76 00 e0 ac 24 9a a5 79 d7 8d 2e 2b 1d 6f 41 a3 da // 46 76 b6 69 0c a0 24 92 51 f5 b4 8b 9a 38 20 ac 5b 25 a5 2c c0 1b c3 // 31 c2 40 39 b6 f4 bf ab 72 d5 83 8a 35 62 92 59 93 0d ea 93 6f 8c 60 // b4 f1 b1 89 db 1f d1 b5 e7 e6 c8 a8 42 70 7a d6 75 6d 09 8a 9a b5 43 // cd e3 e1 d1 16 19 83 ea 91 b7 32 2e e2 a7 13 be 3b ad 36 9d 81 12 fd // c7 f1 ac 7b 51 22 d5 5d c5 ae 44 3e 10 db 71 1d dd 66 19 ff bf 96 06 // 8e 28 91 1b 1f 54 38 84 13 a1 79 58 d6 1c a0 74 65 b5 46 99 a1 35 19 // 15 30 0c b8 26 d3 bf 7f 4f 21 7b ba 0e d3 19 5c bd 07 7b 67 16 7b 9a // 03 04 0a fc 23 7f 3b b3 6e dd 9f ed 33 d7 d6 e7 c9 49 3f ec 34 be 65 // 43 88 0b 0b 44 2d 83 51 49 6f 2e 8d 60 d4 d9 84 cc a7 43 98 3c 0a fa // b9 cd ed d5 a9 d7 74 a1 21 e9 12 30 d3 59 c2 7a 3d 7b 4d b3 8c e7 3d // b7 47 af 3c a0 64 70 90 1f 26 05 c0 31 a7 c9 b7 d1 bb b1 e8 38 d3 6a // 4d 39 b0 39 e8 0b cd df ae cc a9 06 70 5f e8 c8 44 e9 3d 5a ee 49 4d // c6 2c 7b 4f cb 6a be 09 ac f9 25 ef 42 2d c0 91 85 b5 3e 96 07 95 c5 // 65 00 b4 3f aa 6e 89 72 0a ee e7 24 53 2f 89 e6 0e 20 b1 2c d4 f8 32 // b9 51 89 bf 45 b9 6a a7 af 10 cf 82 98 b4 42 78 de 1c 67 e2 d7 1d 81 // 12 40 a7 aa 2d 1d 6d e2 2e 5b 8c ef 4a 1f 30 9d cd b8 1c 5a 02 8a ab // da bd dc 96 37 97 4c 2d c1 9b 60 45 8f 09 54 bc 75 1b 7a e6 28 ac 60 // 2e b7 c5 2c 7f ac 0c 16 21 ee 77 57 fc 5b 00 2a d7 e8 fb 66 fc 7d a0 // 89 65 47 ab f0 1e e0 91 c0 cf e1 d0 fc 66 e6 e0 35 99 bb 2a a7 60 8a // 72 c3 02 03 af 5e ac 39 15 a0 b6 61 6b 61 19 c4 a0 96 54 de 2f 56 e5 // 32 96 d1 f8 48 7c d7 ec 36 c8 68 94 ba b7 2e c3 ce 61 20 8f 84 84 32 // d4 5a 27 ca fc fb f2 a2 c5 6b 58 e0 17 c7 6a c7 e9 43 af f0 b4 ac af // 84 df b3 43 d9 3e fb 29 c5 18 a9 d5 52 c3 6a 3e 44 c6 ea 94 86 73 bc // 2a a7 1c 5a 87 3d 1d 30 1a 9c 8b 02 f1 9c 08 6f 92 2f 0b 3e 4f 7d 14 // e8 a5 9c 01 78 09 18 8e 2e 1b 4d c6 b5 5f b8 ad 82 b1 c0 44 60 b5 ff // 2e 9b 8f 47 d3 e8 33 59 95 19 b7 9a c6 d9 ab 28 2d b4 a5 56 54 f6 03 // 96 d2 e7 95 c4 1f 52 73 5d de 2b f8 e2 eb bc 8c 74 29 13 35 9e da df // cb da 00 00 00 00 00} (length 0x2000) // } // len: bytesize = 0x2000 (8 bytes) // res: ptr[in, syz_fuse_req_out] { // syz_fuse_req_out { // init: nil // lseek: nil // bmap: nil // poll: nil // getxattr: nil // lk: nil // statfs: nil // write: nil // read: nil // open: nil // attr: nil // entry: ptr[in, fuse_out_t[int64, fuse_entry_out]] { // fuse_out_t[int64, fuse_entry_out] { // len: len = 0x90 (4 bytes) // err: fuse_errors = 0x0 (4 bytes) // unique: int64 = 0x88e (8 bytes) // payload: fuse_entry_out { // nodeid: int64 = 0x3 (8 bytes) // generation: int64 = 0x0 (8 bytes) // entry_valid: int64 = 0xfffffe (8 bytes) // attr_valid: int64 = 0x105 (8 bytes) // entry_valid_nsec: int32 = 0x3fe (4 bytes) // attr_valid_nsec: int32 = 0xffffffff (4 bytes) // attr: fuse_attr { // ino: int64 = 0x5 (8 bytes) // size: int64 = 0x8000000000000000 (8 bytes) // blocks: int64 = 0x0 (8 bytes) // atime: int64 = 0x0 (8 bytes) // mtime: int64 = 0x4362d09f (8 bytes) // ctime: int64 = 0x80000000 (8 bytes) // atimensec: int32 = 0x2 (4 bytes) // mtimensec: int32 = 0x6 (4 bytes) // ctimensec: int32 = 0x0 (4 bytes) // mode: fuse_mode = 0x6000 (4 bytes) // nlink: int32 = 0x1000 (4 bytes) // uid: uid (resource) // gid: gid (resource) // rdev: int32 = 0x8008 (4 bytes) // blksize: int32 = 0xdffffffe (4 bytes) // padding: const = 0x0 (4 bytes) // } // } // } // } // dirent: nil // direntplus: nil // create_open: nil // ioctl: nil // statx: nil // } // } // ] memcpy( (void*)0x20000000a200, "\xc1\xfd\x43\xb6\x01\x66\x27\x01\x27\x2a\xf3\x7a\x7d\xed\xa0\x72\xca" "\xa0\x9f\xaa\x11\xb0\xa4\xef\x28\x25\xe8\x7f\x09\xfb\x6b\xc3\xdf\xd8" "\x4d\xdd\x85\x3b\x18\x20\x3b\xbf\x08\xb1\xaf\x60\x66\xc7\x8b\x47\x14" "\xa7\x89\xa8\xf3\x60\x5f\x59\x20\xe7\xaf\xc5\xb0\xa0\x42\x71\xce\xbc" "\xe7\x2a\x79\x7a\xbd\x5b\x9e\x4a\x44\xfd\xcc\x15\x0e\x6e\xf0\xe8\xc3" "\xd4\x36\x0e\x74\x27\x58\x18\xdf\x26\x24\x3f\x28\xca\xc3\xd8\x4e\x26" "\x4f\xd0\xc7\x7d\x4b\xcc\xbc\x46\x6e\x72\x44\xb2\x47\xd9\xdc\xee\x02" "\x6d\xf8\x9a\xef\xc9\x58\xd8\x4a\x55\xd4\xd6\x92\x2d\x96\xce\x03\x49" "\xfe\x28\xef\xd6\xb8\x3d\x15\xb7\xb0\x81\x43\xa7\x21\xc4\xa6\x77\xb7" "\x23\x62\xa4\x9e\xeb\x15\xec\x5b\x5f\x85\x69\xba\xd5\x85\xe3\x0a\x62" "\xab\x14\x9e\x7e\x4c\x7f\x49\xaf\x95\x60\xfd\x52\xea\x57\x30\x13\x5d" "\xc3\xea\x3f\x6a\x9a\x3a\xe6\x28\x6e\x99\xe1\x52\x0a\x43\xb8\x81\x3c" "\xa6\xaa\xd1\xad\xbb\x30\xb2\x45\x9f\x90\x69\x9e\x2b\xa3\xa6\x33\x5d" "\xdc\xac\xe3\x73\x7e\xd8\xf5\xf2\x1e\x02\x7a\xc2\xb2\x24\x38\x9b\xf0" "\xc8\xc0\x05\xac\x8d\x8c\x3a\xe1\x88\x67\x9d\x34\xda\x0a\x2c\x20\xa9" "\x10\x48\x7d\x3c\x91\xb1\x87\x70\xfa\x5e\xe4\x83\xa3\xf0\x9b\x88\x29" "\x60\xf1\x2e\x7d\x2e\xb9\x01\x58\x95\xce\x80\xb3\x7f\x74\xa3\x05\xa5" "\x0d\xeb\x14\x6b\x1c\x34\x30\xf3\x1d\x28\xe6\xf8\x27\xb9\xc7\x07\x0b" "\xc8\x80\xd2\x51\xdd\xb0\x9e\x0e\x70\xa0\x51\x2e\xd2\x60\x02\x56\x33" "\x2c\x43\xa5\xde\xae\xcb\x01\xf0\x89\x33\x3f\xc3\xb6\x72\x1f\x6e\xd5" "\xb4\x1f\x99\x71\xb7\xc6\x3f\x57\xb5\xaf\xa8\x04\x2f\x5b\xeb\x1a\xc1" "\x27\x46\x76\xdc\x54\x06\xb5\x82\x82\x47\x12\x3b\xb7\xbe\x79\x5b\xae" "\xe5\x9d\x77\x9b\xbd\xe2\x27\xc9\x0d\x0a\x5d\x86\x39\x36\xd4\x34\xf2" "\xce\x7a\x45\xf9\xb6\x50\x60\x0f\x32\x82\x7b\x92\xe2\xd8\x28\x91\x5f" "\x04\x11\xf7\x65\xed\x82\xdd\x01\x25\x61\xed\x29\xb0\x99\x50\xb9\x6f" "\x8e\x49\x0f\x14\x48\xdb\xd5\xe4\x5b\xdc\x92\xa2\xa3\x6a\xa6\x7e\x5e" "\x93\x96\xb6\x37\x6f\x82\xaa\x69\x15\xea\xc4\x14\x4a\x10\x2d\xe7\x86" "\x56\x3e\x44\x82\xf0\x91\x76\x98\xbc\x70\x77\x6f\x8c\x7a\xad\x33\x46" "\xe1\x8e\xe2\x95\xaf\x54\xf3\xc1\x65\x8f\x9b\x12\x41\x16\xa2\xfd\xac" "\x79\x35\x3b\x09\x5c\xf6\x67\xdd\x94\x1c\x3c\xba\x14\x1b\x3a\xc8\x98" "\x2e\xed\x42\xe7\xdb\x64\x9c\x9d\x49\xa5\x93\x78\x21\x6b\xf4\x32\x3f" "\xf4\xc2\xf2\x99\x29\x94\xd4\x14\x4b\x74\x86\x6a\x24\x26\xe1\x9a\x2d" "\xc8\xdb\xf4\x64\x3f\x97\xa2\x14\xfc\x9c\x44\x85\x12\x31\x6d\x76\xc4" "\x11\x6c\x3a\xe6\x00\xdf\xb9\x8c\xf8\x54\x72\xda\x66\x17\x45\xb6\x38" "\x43\x8d\xbf\x15\xd8\xdd\x87\xa8\xba\x35\x20\x5a\x65\xba\x5b\xf7\x9c" "\xf9\x41\x45\x4f\x8c\x78\x8d\xc2\xee\xcc\xea\x41\x2a\xdd\x73\x47\x98" "\xc8\x2e\x9c\x86\x12\x2a\x91\xdf\xf7\x78\xed\xcd\x30\x9c\x05\xfd\xca" "\x66\x17\x6e\x9b\xc4\xd4\x10\xb0\xee\x46\x27\xeb\x88\x94\x43\xb5\x74" "\xce\x20\x5c\x7f\x4d\x6d\x42\x8e\x90\x99\x52\x71\x2e\xc3\xdf\xc8\x95" "\x52\x27\x9b\x2d\xa8\x7b\x01\x00\x51\xa4\x51\x37\x7a\x0c\x51\xa3\x4e" "\xbb\xa2\x5c\x3b\x62\xba\x98\xeb\x6f\x15\x49\xb0\xfe\xe6\xa7\xc5\xe0" "\xc7\xa7\x28\x35\x38\x88\x03\xa0\xa8\x34\x2b\xb9\xf2\x73\x32\x24\xc9" "\x2a\x50\xdd\x25\xa9\xb3\x35\xf2\x43\xf2\xd8\xc6\x81\x42\xaa\x1d\xb1" "\xde\x2f\x89\x9a\x56\xc6\x23\xa3\x2f\x8a\x74\xc1\x6d\xb5\x69\x83\xeb" "\x83\xf6\x46\x93\x16\xf2\xfc\x14\x86\x0c\x07\x52\x36\xa3\xba\x40\xe8" "\xc2\x65\x90\x9b\x8f\xc6\xb0\x3c\x63\x78\x26\x9f\x66\x29\xba\xb8\x14" "\x18\x78\x9c\xd7\x48\xd8\xb7\x86\xf4\x7a\xb8\xf1\x3b\x0c\xaa\x5e\xcd" "\x79\xdb\xea\x61\x33\x0b\xe6\xde\x58\x04\xf5\xc2\x11\xce\xf7\x8f\x55" "\x5e\x7b\x20\x93\xf4\xa8\x36\xcd\xb8\xa2\xcf\xa2\x61\xbe\x14\xe0\xf5" "\x9d\x07\x5f\x58\xe9\x7b\xa1\x6c\xb1\x30\xf0\x62\xa2\x26\x1d\xf2\x44" "\xc5\x7d\x6f\x47\x7d\x76\x12\x62\xb2\xe7\x55\xc9\x6b\xad\x38\x98\x89" "\x4e\x80\xb2\x3f\xae\x71\xfc\x31\xb2\x89\x55\x13\xa1\x1b\x0c\xf0\x75" "\x51\xca\x87\x32\x55\x92\xdd\x10\x54\x9b\x7d\x92\xda\x1c\xb0\x71\x19" "\xfe\x97\x0b\x8c\xc3\xaa\xcc\x38\x6a\xb6\x4d\x32\xb3\x08\x67\x95\x93" "\x25\x6d\x2f\xcd\x1f\x9e\x9b\x15\xee\x93\xef\x85\x9e\x72\x68\xbe\x77" "\x60\x53\x18\x24\x60\xe8\x3f\xb8\x73\x71\x12\x26\xec\x9a\xa5\xc3\x5b" "\x15\xfb\xfa\x12\xea\x0a\xbf\xc7\x46\x5b\x30\x0b\xd8\x44\x5c\x83\x1a" "\xe7\x7d\x2a\xab\x7d\x4b\xc3\xba\x5f\x21\x8f\xda\x9e\x90\xea\xcd\xe1" "\xac\x51\x19\xeb\x30\x07\x3a\x6f\x29\x17\x27\xcb\x94\xfc\x87\xa3\xd3" "\x01\x3f\x3e\xbb\x1c\xd2\x59\x06\x7c\x57\x1b\xd3\xc5\x7e\xac\xce\x71" "\x6e\x61\xf8\x6b\xf4\x04\x1b\xac\xad\xd6\xc6\x76\xe1\x7f\xb3\xcf\x89" "\xc4\x98\x4a\xec\x78\x21\x68\x54\xa6\x0a\xf6\x85\x33\xfc\xdf\xf1\x28" "\x97\xc3\xe1\xb2\xc1\x0c\xec\x01\x97\x22\x62\x3f\x47\x7a\x51\x2c\x4e" "\x5e\xef\x74\xa6\xd1\xab\x7a\x73\x59\x05\x37\x3c\xa3\xa0\xb1\x8c\x3e" "\xaa\x52\x3c\x86\x23\x8f\xba\x77\xe4\x5a\xa0\x7c\x1b\x96\xfa\x1e\x3c" "\xeb\x04\xe5\xf4\x74\x25\x36\xb6\x87\xeb\xf9\x89\x91\x8f\x68\x05\xcd" "\xa9\x61\x1a\xb9\xed\x10\xee\x33\xcd\xa7\x1a\x95\xbe\x2d\xa0\xd2\xc2" "\x1d\x22\x95\xfd\xb3\x34\xdc\x20\x57\x94\x23\x82\xdc\x7d\x0f\x70\x30" "\x0d\xf3\xdf\x84\xcf\x9a\x18\xf0\x42\xc1\x12\x42\xa3\x47\x56\x97\x71" "\xf9\xb8\x24\x04\xe1\x36\x84\x32\x4f\xb0\x6d\x86\x76\x41\xc8\x7d\x6d" "\x70\xad\x15\xe9\x02\x40\xf9\x01\xd0\x4a\x8b\x8c\x7f\xdf\xb8\xb8\x4a" "\xef\xee\x16\x06\xf1\x4a\x2a\x69\x95\xe6\xb8\xaa\xee\x1b\x37\x2c\xd5" "\x86\xa6\xda\xf2\x8a\xd7\xd8\xef\x64\x4c\x58\xfa\x72\xf0\xb2\xf8\x47" "\xee\xf7\x2e\x18\xf1\xa4\x37\x4c\x4f\xa3\xd6\x04\xa9\xbf\xec\x6a\x1a" "\x4f\xef\xdf\xaa\x84\x82\x79\x69\x32\x08\xdf\xbc\x1d\xbb\x97\xb4\x4c" "\x4f\x03\x40\x90\x60\x6e\x0a\xd3\x12\xcd\xfb\x6a\x8f\x68\xda\xe7\x31" "\x2b\x06\x4c\x68\x81\x3e\xb4\x19\x92\x55\x9c\xa6\x3d\x88\xa8\xe9\x07" "\x11\xc8\x38\xf2\x20\xa4\xda\x5b\xc7\xd8\x2e\xc0\xaf\x83\xda\x05\x9b" "\xdc\xcd\xb5\x24\xa5\x9a\xd2\x6e\x43\x41\x3f\x13\x1e\x77\x03\xeb\x82" "\x15\x82\x93\xa3\x31\x45\x6c\xe7\x28\xc2\x89\x23\xbf\x9a\xe6\x44\xa3" "\x31\xa6\x67\xc2\x93\x2a\xe1\xf1\x1a\x9f\x9b\x89\x3f\x80\x27\x96\xad" "\x02\x9c\x40\x49\x6c\x9b\xc4\x9c\xdf\x41\xa4\x0d\xa1\x09\x2b\x40\x4d" "\xa6\x60\xe8\x0f\x33\xa6\x01\x2a\x40\x78\x05\xe7\x0f\x9a\x18\x01\x05" "\xcd\x04\x01\xed\x01\xa9\xf6\xed\xef\x4e\x24\x79\xe1\x57\x9e\xa3\x65" "\xd8\x43\xc1\x97\x27\x9e\x3c\x79\xae\x56\xa1\x07\xdf\xab\xa6\xaf\x80" "\xed\x9a\x24\xd5\x35\xd1\x98\x27\x59\x6c\xa2\xb1\x4b\xf4\xb1\x10\xfa" "\xe4\x82\x0f\xc8\xd0\x57\x0a\x64\xae\x08\xe3\x15\xda\x00\x91\xf7\x66" "\xbc\xeb\x1f\xc9\x90\x46\x5e\xcb\x84\xa2\xd7\x2e\xfc\xb9\xa2\x69\x81" "\x68\x63\xb7\x2f\x8d\x08\x69\xb2\x0c\x14\xbd\x72\xf9\x09\xfc\x3e\xbb" "\xf2\xba\x2f\x98\xce\x3f\xd7\xeb\x54\xb7\x38\x69\x29\x16\xee\xb9\x8a" "\xb9\xea\x04\xce\x3e\x74\x08\x17\xdc\x9a\xc6\x56\x1c\x71\xd3\xbc\x15" "\x35\x8e\xbb\xb3\x02\x72\x94\xf6\x6e\xb8\x90\x57\x7f\x8a\x63\xec\xd2" "\x3b\xea\xcd\x93\xc3\xb1\x49\x8d\x5e\xef\xd8\xb6\x8e\xba\xb3\x53\x66" "\x53\xd5\x83\x97\x13\xb0\x7f\x79\xeb\xb2\xa6\x10\x6c\x00\x9c\xc5\x35" "\xa2\x17\x3c\xde\x3c\xcc\x65\x67\x6b\xca\xe5\x13\x14\x5d\xb5\xbf\x08" "\x54\x6e\x88\x10\xfb\x4d\x19\x32\x66\xd4\x91\xfb\x91\x21\x93\x51\x38" "\xa7\x4c\x52\x14\x99\x59\xa0\xc2\x70\xcd\x6e\x24\x4d\xd7\xcb\x14\x0f" "\xcf\x6b\xf0\xe7\x53\x62\x20\xf7\x98\xbf\x32\xcd\xa5\x64\xeb\xde\x02" "\x5a\x92\x61\x7f\x31\x95\xe5\x49\xa4\x91\xa4\x54\x46\xff\x0e\xbf\xd3" "\xb0\x47\x77\x5a\xf3\x39\xe5\x9a\x8d\xa0\xdb\x62\x23\x33\x93\x25\xc6" "\xf4\x93\xba\xa5\xf2\xc7\x1b\x57\x10\xa9\x75\xde\xf3\xe3\x91\x9a\x24" "\xa5\x23\x51\xac\xc1\x2e\x5a\x2a\xb6\xc1\x71\x70\x5b\xad\x0e\x6a\xfd" "\x0a\xd2\xb6\xdd\x6f\xea\xed\xc9\x92\x4f\xdb\xa5\x33\xfc\x95\x8f\xab" "\x9a\x98\x0b\x77\x5e\xb4\xc9\x3a\x49\x94\x13\x07\x3c\xf0\x98\x26\x38" "\x1b\x80\x54\xf9\xf0\x9f\x4a\x0d\xfa\x63\xac\x2f\x6c\xb2\x2d\x00\x1f" "\xf2\x77\xec\x7f\x49\x3b\xc5\x4d\x2d\x1d\x34\xa6\xda\xd6\x2c\xd7\xbc" "\xca\xb2\xec\xd4\x19\xc9\x00\x87\xf6\x94\x53\x11\x46\x0b\x87\xda\xad" "\x60\x5f\xf8\x51\x9a\xba\x1d\x83\x11\xa5\xe5\x65\xdd\x26\x65\x55\x77" "\xaa\x13\xda\x31\xe0\x1c\xac\xbb\x7e\x10\xe7\x20\xa4\x86\xe9\xcc\x45" "\x0b\x8a\x21\xd2\x3a\xea\xb4\x28\x38\xd8\x1d\xc0\x5f\x5b\xe0\x47\x4a" "\xb8\x1b\x80\x6f\xe7\x1b\x88\x83\x23\x03\x7f\x32\x62\x17\x9e\x45\x1f" "\x76\x5e\x41\x9b\xdd\xf7\xb7\xa9\x9b\x40\xbc\xc2\x26\x98\x6e\xfb\xd3" "\x76\x5b\x66\xe5\x6a\x35\x00\xde\x4b\x18\xb6\x76\x36\x15\x10\xbd\x35" "\xb3\xa9\xc6\xb8\xc0\x82\x22\xcf\x7a\x73\xc4\xcd\xa9\x72\x19\x0f\x83" "\x9c\x2d\x01\xa4\xc1\x71\xa8\x03\xc0\xa7\x7d\x27\x69\xc8\x92\xb2\xf0" "\x19\x1d\x2f\xa0\x1d\x7d\x5c\xa5\x35\x73\xe4\x7e\x93\xca\x9b\x56\xb8" "\xf0\xd6\x84\xd5\x45\x8d\x50\x5a\xd8\x38\x3f\x22\xe1\x90\x24\xda\x06" "\xbf\x6a\xbf\x30\xed\x66\x3c\xfb\x33\xe2\x02\xbe\x17\xbb\x95\x1e\x9e" "\xa3\x0c\xfc\xf6\x56\x75\xd2\xfc\x64\xaa\x51\xe0\x72\x37\xfe\x83\x91" "\x54\x91\x85\xfa\xc5\x82\x2d\xaa\x92\xe7\x37\x78\xe0\x80\xb1\x30\x4d" "\xd7\x57\xf9\x03\x50\x92\xa7\x29\xb9\xa0\x12\x2d\x1c\x07\xd6\x03\x36" "\xf1\x8a\x9e\x46\xeb\xec\xed\x10\x41\xde\x2e\x2e\x8a\x5d\xe6\xf4\xa8" "\x14\xd5\x17\x9b\xdd\xfc\xde\xda\x88\x88\x8c\xb9\xce\x32\x2a\x51\x6a" "\xf3\xbe\x2b\x7c\xf3\x71\xe9\x19\x3c\xb4\x0e\x66\xcd\x41\xdd\x94\xe3" "\x7f\x14\xc6\xe6\x46\x9e\x8f\xa6\xc5\x7a\x4f\xa3\x12\x5f\xb6\x81\x9b" "\x84\xe2\x76\x76\x8a\x73\x54\xdd\x3e\x26\x92\xa7\x7a\x4a\x60\xaf\x85" "\xbe\xc0\x32\x5d\x0a\xae\x72\xa5\xf4\xf7\xbf\x94\x68\xf1\xd3\x51\x47" "\x91\x0a\x55\xaf\x54\x6e\x4e\x36\x34\xfe\x2d\x8e\xfe\x11\x66\x01\xbf" "\x84\xc0\xe9\xc4\xd4\x42\xec\x8f\x99\xfe\x6c\x1c\xc9\x0b\x99\xa8\xd1" "\xe5\x33\x22\xb2\x6b\x66\x92\x8f\xd0\x17\x38\xfa\x70\xc0\xaf\xf8\x4b" "\x4f\x02\x94\x6c\x6f\xa6\x84\xbd\x61\x76\x67\x85\x7c\xd7\x51\xa3\xad" "\x3d\x32\x4f\x95\x74\xaf\x78\xee\xc6\xc8\xc5\x1c\x25\xe0\x1c\xb0\xef" "\x12\x91\x99\xf5\xa3\xb3\xb2\x9e\x32\xa3\x4c\x4e\xf1\x4c\x81\x0c\x2e" "\x69\xe0\x61\x58\xf0\x20\x33\xe1\x5f\x1e\xc0\x04\x19\xa9\x1c\x14\x50" "\x33\x89\x56\xa1\x88\xfa\xc9\x18\xfb\x73\x69\x24\x91\xba\xaf\x59\x76" "\xca\x39\x2c\x13\x9b\xa0\xe5\x51\xde\x26\x0d\xfd\x6c\x73\x3b\x57\x22" "\x15\xf2\xaf\x0a\xac\xc5\x70\x9b\x0d\x4a\x3b\x36\xd2\x3f\x58\x82\xc5" "\x64\x4b\xb4\x55\x07\x5c\x5c\x48\xbd\x50\x49\x2b\x39\x5d\x14\xc3\x63" "\x93\x01\x9f\xa9\xea\xb8\xa2\x11\xd7\x1d\x17\x37\x54\x66\x3e\xa2\xaf" "\x1e\xbd\xf9\x75\x10\x06\x79\x26\x09\xd4\xdb\x47\x82\x4d\x95\xd6\x85" "\x83\xc9\x22\xc0\x4a\xf3\xcd\xfb\x58\xf3\x7b\x6f\x95\x8a\x4b\x35\xcb" "\xd7\x4a\x30\xa3\x93\xbe\x19\x2f\xb4\x6b\xfe\x4e\x72\x2c\x36\x34\xc9" "\x4f\xbf\x48\x29\xf2\x5d\xc0\xb8\xb0\x7c\xd1\x6c\xf4\xc7\xe9\x24\xeb" "\x02\xae\x8d\x67\x55\x39\xd3\x2b\x5d\x9a\x54\xa4\x38\x11\xeb\x98\xe2" "\xdb\x31\x7c\x67\xd5\xbc\x62\x90\x15\x82\xcb\xb1\x28\x54\x2d\x6b\xe3" "\xbc\x9a\x5b\x5b\x8a\x88\x27\xf2\xea\xb1\x5e\x82\xb2\x8b\x41\x1e\xdf" "\x67\xd7\x86\xb7\x6f\xee\xd9\xe7\xd5\xff\xbc\x86\xfb\xdb\x19\xed\x80" "\xa4\xf5\xdc\xeb\xd6\x31\x71\x9f\x87\x34\xc3\x98\x93\x80\x47\x01\x1a" "\x25\x13\x70\xe4\x0d\x59\x29\xe9\xb4\x42\x60\x81\x02\x9b\x13\x39\xcc" "\xb0\x8b\xb0\xdb\xcb\xb4\xee\xdd\x53\x79\x2e\x43\xa0\x46\xab\xc1\xd5" "\xc1\xdc\x8c\x17\x49\x05\x22\x33\xe1\x8e\x25\x59\x3d\xae\xe9\x4f\x77" "\xf3\x27\xde\x61\x86\x7f\x1e\x79\x1b\x79\x7c\xc5\xee\x43\xf8\x10\x9c" "\xb0\x65\x4d\x87\x42\xec\xe8\x51\x2c\x32\x24\x42\xf6\x3d\xff\x88\x70" "\x2b\xa0\x47\xe8\x37\x0a\x1b\x73\x04\x53\x6e\xe7\xcf\x46\x5a\x0a\x19" "\xd9\x65\xfd\x03\x54\x3b\x99\x14\x49\xd6\xa1\xa9\x8b\xe5\xec\x38\x67" "\x31\x4c\x68\x8c\x5c\x48\x7e\x59\xa6\xbb\x05\x29\x1f\xda\x47\x98\x27" "\x17\x2b\xf3\xdb\x61\x5c\x20\xea\x02\x2f\xf7\xb1\x60\x20\x29\x92\x20" "\xb7\xc4\x5a\x71\x81\xc1\xed\xa4\x8c\x9a\x5f\xa7\x62\x48\x43\xd1\x12" "\xc5\x2d\x99\xd0\xb2\x7e\x16\x8e\xea\xdb\xcd\x3c\x60\xb3\xf3\x66\x17" "\x5d\xec\xc8\xc9\x1c\x64\xa0\xa1\x6d\x3a\x2e\x38\x24\x4d\xd8\xd2\xde" "\x80\x6a\xd7\x41\xe2\x25\x60\x75\xef\xcb\x04\x66\x36\x0a\xca\xa3\xf6" "\x56\x11\x78\x9a\x82\x1c\x30\xa1\x3d\x4b\x60\xe4\x41\x73\xbe\x9e\x28" "\x8d\xda\x7d\x7a\xae\x2f\x83\x41\xd9\xa8\x51\x04\x17\x06\x31\xc9\x42" "\xee\xf2\x2c\x10\xe9\x03\xbf\x70\xb0\xed\x36\x83\x1d\x53\x6a\x0c\xd6" "\x5c\x11\xa2\x09\xe3\x7a\x76\xf3\xf5\x4d\xeb\x32\x67\x35\xbe\xc5\xa5" "\x32\x43\x1a\x81\xf3\x03\xaf\x5e\x9d\x03\x71\x7a\x93\xa3\xda\x18\x31" "\x7c\x45\x9a\xee\x8d\xb0\x8b\x9f\x0b\x33\x31\xd2\x97\x70\xfe\x7f\xc4" "\x26\x6c\x15\xa4\x29\x4c\x9c\x43\x5a\x38\x29\x6c\xd8\x80\xdc\xed\xb3" "\x4f\x63\x03\x7f\x2a\x8e\x3a\xda\x9e\xad\x3e\x52\xab\xd6\x9e\x57\x79" "\x90\x5f\x82\xa6\x07\xf7\x0e\x35\x1d\x21\x67\xbf\x1b\x59\x9c\xfb\x93" "\x14\xa3\x7d\xf8\x76\xbd\x5f\x2a\xcf\xf8\x2f\x17\x73\xc5\x12\xff\xd3" "\x08\x17\x9e\x47\xb2\x69\x46\xeb\xcc\xe1\x12\x27\x3e\x12\x89\x51\x45" "\xec\x88\xc7\x01\x26\x9c\x93\xf3\x2a\x5a\xb2\xbc\x16\xac\xd5\x7e\x99" "\x7d\x14\x0d\x18\xc2\xcb\xed\x26\x01\xa0\x5e\xc3\x3a\x63\xe7\xed\xbc" "\xca\x67\x3f\x71\xee\xca\xb6\x6a\xf5\x28\x7d\x7d\x5a\x1d\xad\x68\x77" "\x1e\xd6\x12\xd2\x9e\xf8\xab\x23\xef\x02\x11\xb4\xbb\xed\x6f\x98\x1c" "\xd2\x4d\x65\x2f\x35\x5d\x94\xf6\x00\x3b\x01\xcf\x3d\x80\x3a\x6e\x36" "\xb4\x70\x40\x2c\x05\x81\x6a\xa2\xcd\x74\x7f\x29\x33\x00\xbb\xe8\x91" "\x85\x4d\x93\x2d\xf7\x80\x9c\x78\x09\xc2\xcc\x3d\x06\xc6\x93\x98\x1e" "\x7b\xc2\x1e\x89\xaa\x3e\xa8\xf8\x82\x9c\x85\x18\x5e\x4e\xcf\xd2\xe2" "\x93\xbf\xa2\xb8\x8c\xae\x2c\x9e\x47\x22\xb9\xcf\xee\x01\x91\x1a\x50" "\x2d\x59\x36\x05\x32\x52\x86\x61\xea\xdf\x21\x50\xe2\x6a\x29\x92\x87" "\x1f\x56\x2d\x6f\xed\x4a\x36\x86\x7b\x25\x21\xb1\x77\x8c\x4c\xe9\x55" "\xf5\x98\x0b\x9d\xd9\xed\xe4\x2f\xc4\xa1\x39\x44\x91\xeb\xf1\xc1\xfb" "\x0d\x79\x4c\xb8\xc2\x8b\x10\x3d\x76\xb2\xe7\x0b\x03\x37\x87\x7a\x22" "\x2d\x7f\x3c\xd6\x1f\x35\x3b\xaf\x7b\xc9\xe2\x3d\x80\xf8\xe5\xb4\x45" "\x99\x37\xd7\x5f\x86\x9c\x17\x9d\xd9\xb9\x48\xa7\x0b\x9b\xa3\x73\x86" "\x53\x27\x90\xba\xc1\x2f\x2f\x34\x2f\xc4\xf2\xaf\xd8\xa4\x5f\x10\x93" "\x31\xd5\xda\xf3\x34\x4a\xde\x89\x30\x29\xe3\x22\xe8\xb7\xf3\xbd\xb5" "\xa4\x99\x87\x11\x6b\x31\xb2\xbd\x6d\x5b\xab\x78\x9c\xa0\x61\xea\x42" "\xf7\x64\x7c\x88\x48\x8f\x73\x41\x50\xe1\x61\xe5\xae\xa7\x86\x39\xc5" "\xbf\x9c\x2f\xb8\x8d\xa3\x21\xcb\xfd\x37\x9b\x38\xcb\xe6\xe1\x4a\xf9" "\x79\xf2\x38\x68\x5e\x2c\x0f\xf5\x16\x29\xcd\x22\x86\x02\xdb\xac\xef" "\xf8\xa2\x14\xcd\xc6\x65\x28\xcd\xea\x11\x46\x91\xef\x61\x9a\x8c\x9a" "\x0f\x9c\xdb\x7e\x08\xc5\xbc\xfc\x2b\xfd\x29\xe3\x9a\xf3\x8f\x5d\xb4" "\x82\x1c\x64\x8c\xc3\xd9\x76\xcc\x45\x5a\x6e\x64\x98\xc9\x25\x11\xb4" "\x07\xf3\x34\x92\x84\x90\x15\x62\xa9\x12\xc5\xaf\x25\xff\x79\x2b\x9c" "\x6c\x5d\xfb\x73\x51\x93\x36\xc7\xd4\xa8\x7e\x49\xde\xbc\xe7\xa4\x41" "\xb7\xa2\x97\x06\x17\x3e\x4e\x4e\x8d\xac\xee\x63\xa0\x6a\xb8\x5d\xd3" "\x59\xb5\x08\xbc\x8a\x0f\x70\x02\x83\x2f\xae\x10\xa0\xa3\x8e\xfa\xa4" "\x75\x84\x6c\x42\x05\xae\xbe\x77\x73\x34\x78\x8c\x3e\x46\x52\x08\x6e" "\x26\xdc\xdd\xda\xd9\x91\xb0\xce\x52\x56\xe1\x13\xba\xc6\x92\xd4\x42" "\xf5\x24\xd7\xe2\x92\xb8\x6e\xaf\x0d\xd8\x38\x0c\xcd\x78\xb1\x48\x9d" "\xd2\xef\x6b\xea\xf2\xeb\x9b\x08\xb5\x0b\xb2\xa5\xff\x3b\xa8\xdf\x3b" "\x22\x6b\xaf\x79\xa0\x73\x9d\x8a\x60\xcf\x81\x5c\xb3\x47\x39\x9a\xc4" "\xad\xb2\xce\xa5\x33\xd3\xf0\xce\x16\x0a\x56\x3f\x8d\x40\x1e\x5a\x61" "\x00\x57\x8e\x4c\x81\x78\xa7\xe7\x06\x63\xe1\x35\xed\xc6\x45\xcd\xec" "\x2f\x05\x88\xfc\x99\xa0\xcb\x60\xdd\x87\x88\xe0\x25\x54\xad\xe3\x70" "\x96\x0c\xe5\x62\xc2\x10\xe8\x26\xa1\xeb\xa7\x67\xa0\x9b\x10\xf4\x6e" "\xbb\xe6\xc9\x16\x6e\x24\x28\x63\x31\xd2\xff\x02\x5c\x57\xa1\x0c\x7b" "\x64\xc5\x06\xd0\xa6\x86\x42\x17\x1a\xd9\x65\xa0\x01\x70\x05\x61\xfc" "\xac\x2e\x3f\x54\x8f\xd5\x8d\x32\xba\xb5\xf3\x8b\x36\xe6\x2f\x55\x46" "\x12\x9c\xea\x35\xce\x85\x60\x52\xe3\xe4\x80\xfc\x63\x96\x40\xa5\x30" "\x1d\xd7\x00\xc8\xe8\xd0\xbd\x6a\xc7\x90\x91\x0f\xcf\x2b\x4f\x15\x9c" "\xc1\x53\x1a\xa1\xc9\xe3\x7b\x54\x15\x20\x45\x0d\xde\x63\x89\x42\x08" "\x12\x01\xae\x8a\x58\x0f\x28\xcf\x50\x53\x01\x90\xa4\x5f\x45\x46\x87" "\x53\xa1\x22\xb3\x64\xbe\x7d\xad\x79\x04\x4e\xc8\xb9\x97\x7d\x58\x3b" "\xc0\xac\x3e\xc7\xb9\xfa\xe1\x92\x39\x7c\xe8\x69\x33\x10\xf3\x01\xc1" "\x8c\x2c\xab\x52\x08\xb3\x69\xe6\x3c\x5a\xc1\x8d\x02\x66\x83\x4e\x21" "\x8b\xb7\x1f\x30\x8c\x2c\x2f\x2d\xf4\xa6\xcc\xad\xb3\x78\x88\x60\xa2" "\xc7\x33\xa9\x25\x2b\x87\x7e\xa1\xc1\xe8\x49\xa3\x8a\x32\x83\x10\xba" "\xfa\xe9\x61\x4a\x6e\x16\x11\x70\xc6\xfc\xbe\x9b\xd8\xc4\x17\x7d\xe1" "\xfd\x18\xf5\x68\x05\xc9\x1f\xb3\x82\xaa\xd7\x67\x89\x15\x56\xff\x8e" "\x1b\x5f\x3a\xb8\xc1\x8b\x4f\xa3\x05\x3c\x98\x1c\x12\xfa\x2e\xa0\x17" "\xbb\x75\x96\x15\x8c\xa5\x33\xd0\xdd\x95\xa9\x5d\x0b\x39\x22\x22\x60" "\x9f\x6e\xa3\x36\x71\x1a\x9d\xc5\x03\x93\xbc\x41\xfa\xc0\xd4\x29\x54" "\x0a\xd7\x07\x57\xb2\x08\x6b\xf1\xbe\xa0\x13\x2a\x60\x9e\xa0\xbd\xee" "\xa0\xce\xf9\x3d\x8b\x2a\x0d\x59\x18\x9b\xff\xec\x05\x28\x1e\x97\xb4" "\x72\x22\x91\x00\x5e\x9c\xa7\xe7\x55\xbe\x90\x70\xf4\x05\xab\x0d\x6c" "\x95\x46\xa5\xeb\xda\x2e\x62\xad\xcc\x62\x1c\x2b\x1f\x6b\x07\xcd\x1e" "\x61\x7d\x50\x46\x9e\xf2\xc7\x16\x47\xa4\x7e\xf9\x8f\xfb\xc7\x15\x05" "\xe1\x88\xce\xf3\xe5\xc7\x74\xc0\x98\x76\x64\xb6\x98\x97\x94\xd7\xca" "\x18\x68\x04\xcc\xc6\x29\x6d\xa3\xad\xf2\x2f\xeb\x35\x17\x92\xf1\xa9" "\xcf\xf7\x74\x13\x70\x37\x44\xbf\x4f\x21\x21\x29\x20\xd6\xa8\xfa\x18" "\x00\xda\x7a\x38\xfe\xf7\x16\x0a\x50\xf5\xb8\x95\xe7\xb7\x6f\x3f\xd8" "\x30\xfc\xb9\xa2\x5f\x3b\x3c\xcf\xd0\x82\xa1\x71\x22\x37\xe4\xca\x66" "\x50\x85\xaa\x1c\x5a\xa4\x13\xbc\xe8\x13\xf1\xb7\xca\x66\x10\x5d\xe9" "\x4b\xab\xb7\xb4\xa0\x50\x29\xcc\x37\x59\xd0\x01\x91\xfd\x9b\xfa\x0f" "\x99\x6c\xc7\x03\x40\x3d\xd6\xed\x2b\x33\xf2\x74\x3a\x78\x80\x41\xf2" "\x79\xb7\x67\xef\xc3\x73\x31\x4e\xdf\xae\x1b\xd3\x3f\x7e\xaa\xa7\x41" "\x8a\x59\xff\xf7\xe4\x0d\x02\xe6\x18\x17\x2f\x6e\x0a\xbe\x08\xc8\x55" "\x34\x8f\x3c\xba\x40\xc8\x59\x2a\x05\x21\xed\x1e\x41\x52\x4f\x20\xab" "\xcc\xb2\xbf\x0e\xbb\x93\x3e\x59\xb7\x03\x6e\xff\x5a\x66\x27\x9d\x57" "\x8e\x6b\x2f\xd6\xc4\x14\x0b\x33\xad\xc6\x7f\x70\x83\x11\x0d\x81\x5a" "\xc5\x5b\x48\x33\xec\x05\x04\x48\x82\x65\xb3\xff\x2b\xda\xce\xc1\x7c" "\x91\xbe\xa9\xd6\xbd\xd9\x31\xbf\x05\x6d\x6e\x97\x90\xe4\x72\xd8\x74" "\xa5\xa3\x94\x6b\x20\x04\x93\xc9\x87\x4d\x05\x7a\xa6\xbe\x3a\x1c\xa4" "\xda\x6f\xbb\x88\xa9\xd8\x53\xaa\xa7\xc8\xcc\xab\xc8\x35\x82\xca\xa6" "\x50\x78\xbb\xe7\xb0\x46\x25\xd1\x39\xed\x98\x60\x08\x0d\x18\x5b\xd9" "\x79\x8d\x61\x3c\xa3\x01\x47\x13\xeb\x9e\x36\xbd\xeb\x73\xf1\x4a\xc3" "\xfc\x7b\x2f\x8f\x59\x44\x04\xf5\x6d\xd9\x37\xc0\xa7\xe8\x65\xfa\x98" "\xe8\x58\xcb\x0a\xf6\x61\xcb\xe1\x2f\x15\xc9\x28\xc4\xc4\x5a\x98\x2e" "\x24\xcd\x32\x23\x20\xa9\x6c\xcd\x54\x65\x6b\x2c\x78\x76\xa5\xd7\x17" "\xe4\x2d\x3d\xf1\x31\x89\xb9\x5d\xdc\x2b\x5a\x92\x8d\xbd\xa9\xee\x02" "\xc3\x03\x52\x04\x5d\x02\xcb\xd8\x54\xaf\x82\x13\x00\xf1\x98\xb1\xce" "\x1e\xa8\xe4\x5c\x96\x90\x20\xe5\xc7\x67\x0f\xbd\x9b\x72\x27\xcf\xd3" "\xc8\x09\xfa\xc1\xdf\x2e\xb1\x8c\x19\x9b\x27\xe9\x69\xf3\x20\x52\x37" "\x6b\x45\x00\x03\xb7\xff\x63\x32\xee\x1d\x9f\xce\x1b\x59\x47\xb7\x25" "\x75\xec\x65\x41\xb9\x92\xfb\xc7\x6f\x0e\x03\xfc\x1b\xb9\xa0\xdf\x5e" "\xe3\xde\x0f\x34\x12\x5c\x31\x1d\x2d\xdb\x67\x96\x2c\xf9\xa8\x23\x0e" "\xff\xf8\x2c\x25\xc8\x96\x62\x10\x82\xa5\x87\x13\x9e\x99\x7e\x05\x32" "\x96\x2e\x84\xad\x69\x7a\x1a\x2b\x80\xd9\x97\xc2\xa2\x68\xec\xca\x8b" "\x7d\x10\x95\x53\x0b\x33\x2e\xf3\x68\x27\x0b\xf3\x1a\x75\xb7\x77\xa7" "\xcf\xe8\xc8\xd3\x24\xa8\xc5\x58\xd3\xc6\x5f\x80\x1d\xea\xc6\x82\x28" "\x42\xf8\x5f\x10\xa6\x41\xb7\x1a\xd7\xe5\xfb\x05\xf6\x4e\xb3\x03\x35" "\x07\xdc\x3a\x2e\x9e\xc0\x2d\x66\x7e\xf3\x6c\x55\x1f\x69\xc4\x38\xe8" "\xb6\xc3\x92\x77\x33\xd8\x3e\x94\xf0\x35\xef\x3d\xa2\x30\xb7\x59\xdf" "\x5f\x5d\x19\x64\x81\x5b\x17\x64\x78\xc4\xed\x94\x40\x2d\xc8\x26\x5e" "\x58\x91\x71\xdf\x16\x50\x94\xa2\xe4\xe7\x56\x14\xfc\x6f\xeb\xb8\x48" "\x4f\x28\xec\x8c\x12\x52\xb2\xd9\x33\x85\x25\x73\x92\x68\x37\xe1\xed" "\xf9\xda\x0d\xa3\xf9\x16\x97\xb2\x90\xc3\xee\x5a\x44\xfc\xab\x3b\x10" "\x09\x5b\x78\xb5\xdf\x37\x01\x43\x1c\xab\x31\x75\x0e\x21\x1d\x44\x2a" "\x77\xdb\xc5\xe2\xd4\xd0\xe6\x7b\xf3\x29\xf9\x10\x34\x14\xab\xd4\xf3" "\x87\x95\x11\x37\x5c\x88\x00\xf5\x2f\x8a\x17\xae\x68\x87\x21\x4b\xf8" "\x63\x4b\xd9\x90\x75\xab\x07\x35\x40\xf0\x4f\xf6\x75\xd3\x21\x90\xa3" "\xd1\x15\x2c\xee\xe3\x2e\x30\x71\x9c\xd8\x83\xa8\x21\x85\xf8\x9f\x07" "\x1c\x02\xdf\x44\x3c\xf7\x04\x6d\xce\x8a\x6d\xdc\x47\x2e\xd6\x39\x45" "\xfa\xef\x58\x8a\xcf\x57\x98\x5c\x7e\xcf\xfa\x43\x8f\x54\x27\xfb\x85" "\x1e\xbc\x6a\x4c\x57\x7a\x33\x89\x5a\x8f\xc4\x62\x82\x86\xa4\x8d\x3b" "\xbc\xda\x1b\x76\x9a\xa3\x19\x48\x69\xe1\x48\xba\x45\x79\x32\xfa\x6f" "\x2e\x46\x40\xe2\x75\x59\x40\xe2\xf5\xa6\xa6\x77\x96\xb5\xf8\x8a\xc1" "\x0f\x38\x9b\x40\x9c\x0c\x57\xbd\x4b\xf0\xcb\xe0\xfa\xc2\xfd\x2f\x58" "\xec\x49\x8d\x19\xc4\x39\x52\xe4\x52\x2b\x51\x93\x17\x12\xeb\x40\x02" "\xb7\xb2\x08\xc0\x2c\x4e\x06\xdf\x99\xfa\x8e\x93\xe4\xb9\xe8\xb0\xd7" "\xa5\x7e\x63\xaa\xcd\xaf\xb1\x9d\xb0\xfd\x42\x2f\x8e\x89\xd1\x27\x5b" "\x49\x96\x3b\xd8\x2b\x49\x0f\x9e\x4d\x24\xcf\xe9\x70\x0e\x98\xc7\x3b" "\x31\xfd\xcf\x7b\x7d\x30\xd7\x3e\x9b\xf6\xbd\x86\x43\x9d\xc8\xb6\x31" "\x71\xd5\x3c\xa7\xca\xa8\x60\xc6\x07\x77\x43\x60\x99\xdb\x54\x41\x64" "\xd4\xe4\xa8\x1a\x48\x3f\xfd\x5e\xf2\x98\x01\x10\xf4\x61\x52\x9c\x05" "\x7c\x40\xf2\xee\x63\xb7\x1a\x8e\xb2\xd8\x79\x19\x72\x6b\xda\x25\xa8" "\xfa\x2f\x24\x2d\x3f\xf7\xbf\x07\x26\xd8\xa1\x1d\x14\x1e\xb8\x7d\x27" "\x33\xf1\xfa\xf4\x56\xf2\xec\xcb\xe4\xc3\xa8\x56\x70\x2a\x80\xba\x7e" "\x36\xcd\x8e\xf8\xe0\x64\xe1\x6e\x61\xee\xdd\xa4\x47\x8d\x2e\xda\xf0" "\x44\x5e\x22\x47\xa7\x6e\x25\xb4\xb5\xc6\x87\x20\xb8\x7b\xba\x69\xb4" "\x17\x19\x83\xd9\x5a\x5a\x76\x4f\x42\xfa\x6f\x23\x46\x60\x96\xd9\xa0" "\x97\xed\xf8\x49\x52\x02\x3a\x45\x41\x11\x04\x56\xb9\x3e\xa5\x58\xc2" "\x05\x91\x56\xc2\x87\xfc\x6c\xde\x7c\x74\xab\xd9\x0e\xc5\x39\xa5\xf4" "\x3c\x2a\x64\x1b\x1a\x34\xcf\xfa\x25\x38\xba\x56\x5d\x0b\x57\x51\x3b" "\x8c\x1b\x3d\xf5\x41\xd0\x2d\x6d\x5a\x0a\xa2\xf9\x62\x00\xdb\xbf\x64" "\xab\x7c\x0a\xdb\x86\x8c\xce\x23\xca\x60\x7d\xb6\xd6\xdd\x18\xf9\x56" "\x18\x5c\x98\x3a\x90\xc8\xb4\xa7\xec\x63\x01\x78\x37\x6a\xc4\x00\xc6" "\x1c\x77\xfc\xba\xcb\x97\x9e\x2e\x07\x11\x5d\xb8\xa0\x34\xa0\x0f\xfb" "\x13\x6f\x91\xc0\xb1\x6c\x6d\x79\x6f\x52\x4f\x9c\xe6\xa0\xb7\x2c\x37" "\x8c\x89\x39\xb5\x6b\xb8\x3c\xa0\xf3\xd0\x9d\xa2\xb8\x2b\x4d\x34\x57" "\xb5\x68\x87\x8d\x01\x9f\x54\xf9\xcd\xdd\x51\x4a\x60\x1d\x4e\xdf\xae" "\x58\x2f\x1a\x26\x74\x89\x2b\xac\xf6\xea\xba\x66\x12\x4c\x79\x7e\x1e" "\xbf\x91\xe1\xb5\xf1\x2e\x52\x04\x04\xd2\x13\xb1\x27\x70\x96\x6d\x5c" "\x5f\x34\x35\x16\x9f\x88\x67\xfa\xed\x01\x07\xd2\xcd\x4c\xf0\x63\x8e" "\x4f\x1c\x48\x81\x22\xda\x75\x16\x82\x0c\xc3\xd1\x2c\xdc\x9f\x66\x37" "\x78\x45\x53\x52\xd2\xbe\x1d\x8d\x3c\xd6\x11\x80\x83\x04\x55\x4b\xde" "\x60\x1e\x4e\xc4\xc9\xaa\x50\xec\x22\x64\x8b\x12\xf4\x5c\x8d\x84\xbd" "\xcf\xc8\x5f\x94\x21\xd5\xaa\x5b\xcb\x3a\xb0\x0c\x72\xbc\x1d\xea\x95" "\xba\x0a\xfe\x25\x4d\xf5\xd8\xb4\x0d\x53\xad\xf1\xd4\xfe\x1d\xc3\x74" "\x4b\xd4\x86\xe3\xeb\x14\x77\x5f\x4f\x4c\x33\x3f\x75\x19\x75\xa4\xa8" "\xb5\xbf\xa4\x97\x85\x06\x33\xaf\xf3\xff\x98\xde\xb5\x3d\x1b\x51\x5a" "\x08\xc4\xc4\x74\xbc\xce\x46\x14\x9d\xfd\x5b\xec\xe5\x1d\x1d\xfb\x6e" "\xaf\x59\x3f\x8e\xe0\x37\x40\x4a\x5c\xe5\xed\xc2\x88\x70\x06\x05\x9c" "\xd3\x74\x34\x48\xab\x97\x78\x99\xf1\x05\x40\xb5\xa5\xea\xc1\xb9\xd4" "\x34\x66\x54\xe4\xeb\x02\x00\x85\x8b\x5b\x92\x52\x53\x99\xa8\x78\x59" "\x85\x92\x69\xd3\xb0\xfa\x4c\x21\x59\xdc\x80\x75\x48\x36\x8f\xf7\x01" "\x07\x66\x06\x37\x8b\x44\xce\xe2\x83\x9f\x05\xad\x94\xf6\x59\x27\x0a" "\xf8\x68\xcd\x67\x4b\x44\x72\x9b\xbb\x8e\xb2\xf6\x97\x10\x1b\xf4\xfb" "\x4f\x96\xd0\x7d\xab\xae\xb5\xb6\xa1\xcc\x88\x44\x23\xfc\xac\x3d\x38" "\x05\xbf\xfb\x3c\x8d\xe3\xe8\x01\xd6\x41\x43\x6c\xa6\xb1\xf5\x0a\xab" "\xce\x4c\x7b\x3b\x1a\x24\xeb\x69\x77\xd5\xa8\xc8\x4d\x6c\xce\x8e\xc9" "\xee\x93\xd3\x06\x2a\x4b\xd7\x8f\xf9\x16\xfb\xba\x7a\xb2\x28\x83\x8b" "\xd6\x1f\x25\x75\x9c\x6a\xc8\x65\x0a\xdb\xe2\xb3\x46\xe6\x56\x81\xdb" "\xaf\xbb\x93\x43\x58\xca\x2b\x1b\x85\x4b\xf4\x2f\x42\x40\x4a\x15\xca" "\xf9\x9b\x78\x5f\x13\x2b\x9a\x20\x41\x3b\x2d\x9d\x35\x32\x20\x65\x6a" "\xe2\x71\x88\x3c\xa9\x73\x34\x30\xdb\x09\xb5\xe8\x57\x8e\x9d\x4f\xff" "\x03\x2b\x0e\xe7\x92\xf4\x29\x79\x10\x89\xd9\x38\x76\xa3\x36\x65\xa3" "\x5c\x42\x0a\x06\x86\xc1\x25\x00\x52\x42\x55\x1d\xf2\x76\x73\xe0\x82" "\x6a\x1c\x38\xbc\x02\x8c\x10\x4e\x0f\x95\x8a\xe1\xff\xb2\xd5\x22\x1f" "\xd1\xa3\x6e\x59\x80\x65\xee\xd6\xa4\x49\x56\x7b\x41\xc0\x27\xb6\xfa" "\xa4\x61\xd3\xae\xee\x8d\xfb\x62\x85\x66\x1a\xf7\xfd\xcf\xa4\x84\xfe" "\xe6\x54\xb6\x33\x34\x2e\xb1\x22\xfe\x72\xd5\xd6\x8e\xa4\xcf\xc9\x88" "\xca\xbb\x0d\xf3\x9b\x8c\xbd\x06\x4d\x48\x9f\xcb\xc9\x0b\xf3\x13\xf3" "\xa2\x97\x97\xd4\x79\xa8\xfc\x12\xcf\x5b\x9e\xad\x09\x07\xa2\xdc\xa5" "\x68\xbc\x0f\x40\xd0\xfa\x4a\x9c\x37\x58\xf9\xbf\xd1\xac\x36\x62\xa9" "\xf0\x42\x60\xef\x0d\x2b\x86\xa0\x2d\x23\x75\x9b\x21\x0f\x38\x83\x0c" "\x4a\x22\x46\x49\x18\x6b\x6e\x4b\x87\xc6\xb4\x57\x21\x7c\x86\xf5\x02" "\x52\x19\x40\xca\xf1\xe5\xb2\xea\xdb\x72\x95\x1a\x79\x0c\x94\xdd\x74" "\xb9\x29\x23\x29\x47\xb0\x1c\xef\xd5\xa1\x48\x3e\x12\x7b\x1b\x6d\x21" "\x63\x17\xb5\x81\x45\x5f\x9c\xf9\x68\x76\xaf\x83\x7e\x5f\x88\xcc\x38" "\xa4\x6e\xb2\xfb\x6c\xd7\xfc\xc6\xfc\xe1\xa2\x64\x16\x7b\x86\x72\x38" "\x29\xff\xff\xc4\x13\xbb\xf3\xb8\x34\x31\x54\x94\x48\x75\xdd\x62\x19" "\xa9\x54\x18\x31\x4b\x1e\x07\x1d\xd5\x9d\x0e\x96\x08\x3e\x02\xcb\x87" "\x78\x06\x9e\xd5\x41\x37\xce\x98\xbd\x70\x2d\xea\xd8\xfc\x74\x99\x2d" "\x77\x43\xd1\x45\x0f\xaf\x7d\xe4\x4c\x2d\x59\xff\x2d\xd3\x39\xb8\x0d" "\x34\x49\x02\xbe\xa5\xb3\xa5\x64\xf0\x1a\xee\xfe\x30\x01\x65\xbf\x3b" "\x00\xd8\x11\xc7\xae\x86\x6c\xb1\xa0\xa1\xb8\x74\x00\xc2\x94\x18\x41" "\xcd\x2d\x69\x53\x30\x8f\x1a\x96\x3f\x1c\x6d\x44\x86\xe7\xe4\x5d\xaa" "\xbf\x0b\x06\x6a\xd8\x88\x4f\x45\x77\x53\x4d\x3c\x9f\x3d\x3f\x3b\xbe" "\x8a\x1a\x30\x88\xd9\xb9\x5d\xa1\xfc\x90\x15\x73\xe2\x6f\x5b\x86\xc7" "\xa8\x68\x42\x9b\x9b\x63\x4c\x9e\x35\xdf\xd0\x53\x45\x63\x16\x09\x12" "\xa4\x3c\x64\xba\xcc\x8e\xa1\xce\xd7\xbc\x1b\x77\xa2\x87\x16\x70\x0e" "\x50\x19\x05\xc9\xe8\x1e\x19\x02\x41\xe0\xed\xbf\x4f\x89\x4a\xee\x40" "\x47\xc5\xb5\xfb\x58\xa3\xdb\x4a\xfa\xf7\x67\x90\x69\x0f\xdc\x12\x89" "\x23\x6f\xbf\xc5\xf6\xcf\xf5\x40\xeb\x82\xde\x80\x44\xd1\x76\x58\xfb" "\x05\x4b\x19\x8c\xc2\x88\xcc\x43\xaa\x5d\x80\x5a\x51\xca\xda\xc3\xe7" "\x5c\x8f\xd8\x2a\xd0\x15\xa0\x49\x32\xcb\x6f\x6b\x53\xaa\x4e\x8d\x9d" "\x84\x01\x8f\xf8\xdb\x0f\x75\x6d\x6b\x5d\xb4\xe0\x6a\x68\x9b\x52\xfe" "\x84\x71\xb9\x23\x0c\x2d\xd1\x4d\x04\x2c\x1f\xea\x45\xc3\xd2\x45\x23" "\x51\xa4\x22\x24\x21\x36\x66\x10\xd8\x07\x85\xf7\xe4\x74\x74\xd4\xad" "\x58\x11\x63\x13\x81\x3d\x4d\xb3\x17\x6d\x93\xc4\xe2\x9e\x5c\x75\x62" "\x80\x68\x79\xdd\xc7\x5b\x9c\xfc\xf3\x8d\x6a\xed\x01\x5c\x0f\x4d\x52" "\x30\x2a\x51\x21\x51\x87\xbf\xe2\x54\xd6\x06\x5b\xd1\x42\xcc\x9b\x9e" "\x03\xf3\x2e\xbc\x96\x86\xad\x0d\x0c\xb3\xfc\xf0\xaf\xa3\x20\xa1\x5f" "\x37\xcf\x59\x16\x00\x63\x6a\x4e\xf8\x4c\x75\x6c\x0d\x42\xab\x98\xbc" "\x24\x79\xf0\xd5\xd2\x30\x35\x9f\x62\x24\x47\x10\x18\x44\x43\x0a\x75" "\x55\xa4\xcb\xc7\x02\xb5\x5a\x4a\x6e\xd9\x64\xcf\x39\x9a\x1a\x49\x3e" "\x40\x55\x5f\x62\x2d\xa1\x64\x30\x73\xa7\x86\xa3\x42\x5d\x95\x09\x0b" "\x9b\x0e\x20\x52\x11\x87\xe9\xe2\x0d\x35\xf4\xe0\x61\xe6\x20\x1e\x67" "\xe8\x44\xd8\x84\x57\xf7\x51\xe5\x51\x9d\xd3\x0d\xf9\x25\x1f\x1c\xe2" "\x83\x6e\x0b\xf6\x1e\xef\x8f\xc6\xed\x22\xe4\x88\x71\x86\x31\x65\x66" "\x27\x8b\xec\x46\xaf\x38\x23\xed\x53\xe3\xe1\x8c\xa5\x74\x11\x24\xdc" "\x53\xca\xdb\x5f\xf0\x84\x6c\xc1\xc6\xb9\xc0\x72\xbe\x6d\xea\x18\x7e" "\x83\x36\xeb\x6b\x6b\x70\x29\xef\x79\xff\x3b\x29\x99\x93\x8c\xc5\x9a" "\xaf\xa1\x61\x8f\xc4\x55\x6c\xe3\xc8\x1f\x99\x41\x4d\x5d\x79\x53\x8a" "\x83\xee\x9d\x8a\x9a\xd0\xb9\xe5\x70\x60\xd4\xbe\x9c\x53\x26\x6f\x41" "\x84\x55\xd7\x60\xf4\x23\xa1\x64\x2e\x9e\xdf\xcc\xed\xe2\x9d\x21\x89" "\x1d\x74\x21\xad\x0f\x1c\xef\xe4\x72\xd0\xef\x84\x96\x55\x75\x41\x98" "\x71\x37\x47\x27\xbf\x5f\x1d\xc7\x20\x57\xa1\x8e\xd4\xd7\xe0\xa2\xdd" "\xd6\xd1\x8b\xeb\x2c\xc3\x71\x86\x09\x81\x4c\x29\x68\xf2\x74\x65\xb0" "\x0f\xb4\xb4\xa6\x43\x59\x62\x97\x22\x32\x05\x83\xa0\x56\x44\x69\x3e" "\x6f\xca\xdd\xe0\xef\xc1\x2e\x66\xa0\xc8\xe4\x83\x11\xf0\x55\x0a\xb8" "\xfb\xc1\x55\x6b\x69\xbb\x2a\x5a\x0c\x03\xf1\xa5\x9d\x67\x04\x6d\x7a" "\xcd\x5b\xeb\x9f\x7f\x9a\xe6\xeb\x18\x58\x04\x31\x62\x4d\x63\xff\xe2" "\x94\xea\x54\x97\xa6\x5e\xc3\x89\x1f\x4c\x70\xb2\x6b\x7b\x17\xa9\xf8" "\x21\x45\xe5\xd5\x15\x6d\x6b\x33\x55\xad\x24\x9b\xb6\x61\x68\xbb\xb7" "\x45\xd0\x0c\x40\xd6\xef\x42\xd5\x2a\x03\x2c\xf6\x2c\xae\xea\xec\x31" "\xf4\xc8\x5a\xc4\x03\xcb\xb0\xc6\x75\x69\x53\xf0\xdd\xbf\x79\xda\x0c" "\xfa\x6c\xcc\x1c\x40\xde\x43\xbc\x4a\x10\xa7\x00\xb9\x83\x22\xe6\x71" "\x22\x5e\x80\xe6\x63\xd3\x01\x92\xff\x56\x11\xc4\x4c\x09\x53\x51\xbb" "\x69\xa4\xe1\x4c\x11\xa3\xd5\xb0\xb5\x3e\x78\x95\x46\x99\x76\x05\x16" "\x13\x4f\x31\x48\xe7\x1a\x2b\x0b\xb0\x4b\x24\xbb\x1a\x2c\x2b\x50\x3f" "\x56\x24\x9e\x0a\x2c\x63\x8f\xf4\x0e\x7c\x2c\x7d\x50\xef\x71\x96\xfc" "\x98\x93\xe1\x8c\x0a\xc3\xfc\x5a\x4c\x0d\x23\xee\x08\x08\x0f\x98\x4d" "\xc6\x43\x85\x4b\x54\xdf\x4a\x63\x8a\xf2\x9d\xc5\xdf\x79\xf9\x05\xc4" "\x13\x3c\xe2\x63\xf3\xb2\xbb\x55\xfa\x7d\x56\xfa\x82\x79\x56\x87\xe6" "\xee\x5c\x68\xcc\x13\xd7\x1e\x44\x36\x7e\xa8\x67\x04\x09\xcf\x22\x31" "\x99\x0c\xc6\xd0\x6e\x5a\xae\x2f\xc3\xaf\x15\x37\xb3\x3b\x42\x77\x5b" "\x40\xbb\xa3\xaa\x41\x70\x16\xfb\x9d\xd8\x9f\x90\xa8\x91\x96\xc1\x04" "\x01\x7a\x68\xf7\x52\x7b\x8b\x95\x8e\x38\xf9\x64\x68\x32\xa7\x79\x00" "\x45\xfe\x39\x4c\xe4\x1b\xcb\xd1\xcb\xcb\xe5\x2c\xd7\xe5\x6c\xec\x7b" "\x28\x56\xe4\x48\xfa\x5d\x7e\x83\x77\x98\xb8\x99\xf0\x5a\x2c\x2f\xbe" "\x6d\x9f\x1a\x7b\x19\x3b\xbf\x7c\x70\x44\x4d\x6a\x37\x81\x0d\x4d\x19" "\xd3\x59\xf9\xcd\x6b\x8a\x6e\xf2\x23\x0b\x73\x5f\x8b\xeb\xe0\xcc\xec" "\x94\xe4\x4e\xd9\x52\x34\xbf\xa4\xa3\x6a\x2f\x0e\xe9\xfd\x5c\xa7\x3d" "\x69\x73\x44\xd2\x84\x36\xe0\xfa\xb8\x1e\x73\xf4\x47\xbb\x14\x4a\x70" "\xaa\xf9\x6a\xcf\x6f\xf5\x2c\x47\x37\xe7\xa4\xde\xbc\xd2\x85\xbd\xb5" "\x4e\x36\x3d\x84\x2b\xc9\xa7\xd1\x80\xc1\x6f\x01\x0f\xe4\x07\x8b\x41" "\xc4\xc3\xe5\x65\xc3\xed\xd6\x4e\x61\xf9\x95\xab\x00\x86\xdb\xdc\x02" "\x6d\xc1\x82\x5b\x8c\x45\xed\x96\xed\xd8\xd2\xbd\x9d\xaa\x69\x9e\x5d" "\xa3\x33\x27\x4d\x6b\xee\x20\x97\xc0\x04\x46\x28\x48\xcd\x16\x84\x9f" "\x95\xcd\x22\x52\xc4\xc8\x70\x58\xa8\x21\xed\x97\x7e\xd7\x51\xb7\x7b" "\x0a\x8f\xc0\x96\x6b\xf3\xa3\x0c\x26\xd4\x9f\x31\x85\x78\x2a\x7d\x31" "\x4e\x89\xf0\x39\xa1\x5e\xde\x45\x85\x38\xf1\xad\xa8\xeb\x83\x6a\x36" "\xbb\x5d\x82\xc4\x02\xe3\xfe\xeb\xd3\x7e\x7b\x7c\x66\x7a\x1c\x82\xed" "\xc8\x72\x00\x72\x78\x9f\xa5\xf3\x88\x03\x9d\xaa\x73\x1c\xe7\x4d\xbd" "\x5a\xa8\x96\x5b\x7e\xe9\x9f\x6c\x27\x10\x35\x23\x9c\xa1\xc3\x4c\xdc" "\x3c\x57\xbd\x85\x10\xde\xe0\x8f\x74\xcd\xa3\x70\x95\xb1\xb0\x98\x99" "\x79\x98\xfa\x26\x7e\x0b\xe1\x5d\xe4\x74\xb2\xc7\x37\x93\x6c\xac\xcc" "\xb4\xba\x44\x11\x25\x70\xbb\xd1\x3f\x87\x0b\x55\xf3\x76\x3f\x77\x72" "\x4b\x58\x6d\x6e\x26\xc3\xe7\x2b\x20\xbb\x13\x27\x2f\x2e\xe3\x31\xbc" "\xab\xd4\xa7\x99\x80\xa8\xd2\x96\x5c\x20\xda\x2a\x39\x18\xc8\x55\x21" "\x5f\xec\xce\x95\xd2\x9b\xec\x58\xf5\x22\xd3\xd6\xd2\x85\x2c\x4a\xc0" "\x80\xff\xfc\xb3\xee\x7f\xb9\x85\x91\xf9\x9b\x7c\xfb\x7b\xb1\x24\xcc" "\x20\x07\x80\x30\x75\x6a\xee\x8f\xd2\x84\xdf\x06\xcd\x5f\x07\xc1\x3f" "\xd5\x6e\x53\x81\xb1\x9e\x0a\x3a\x9f\x41\x2a\x8d\x27\x42\x8c\xb6\xaf" "\x00\x78\xe4\xdc\x8c\xe4\x83\x66\x30\x36\x0a\x5c\x3b\x98\xff\x5e\x6c" "\xba\xc1\xd9\xd2\x9d\xe9\x83\x8a\x84\xd4\x72\x2c\xee\xa3\x76\x5b\xe3" "\xdf\x99\x84\xcf\x13\x97\x70\xf3\xfb\x98\x6b\x9c\xc9\x18\x5a\xb7\x87" "\xf5\x4b\xe3\x3d\x46\xc5\x4d\xe7\x4d\x94\xd1\x3f\x74\xec\x70\xcf\xbe" "\x16\x05\xc0\x0d\xb7\x9f\xa8\xde\x64\xcd\x83\x40\x90\xa3\x5c\x80\x75" "\x9f\x83\xc8\xfb\xef\xcf\x9a\x27\x6d\xde\x8a\x84\x98\xd0\x84\xb4\x61" "\x95\x78\xec\xcd\xda\x26\x51\xa4\x75\xf7\x33\x67\xbd\xa9\x68\x94\xbb" "\x36\xeb\x86\x80\x35\x25\x16\x94\xcb\xb7\x45\xfe\xb1\x50\x55\x5a\xda" "\x09\x90\x94\x97\xff\x1d\x9c\x8a\xee\x7a\x35\xb7\xc8\xb2\xfc\x64\xff" "\x48\x3f\x4f\xd3\x49\x1e\xd5\x23\x04\xe6\x01\x0b\x9b\xf2\xaf\x8c\x5b" "\x8e\x16\x2a\x38\x3a\x0b\xf0\xbf\x10\x8c\xa7\x8f\x50\x86\x13\x2b\x2b" "\x1a\x29\x58\x1f\x32\x38\x41\xc2\xf1\x89\x50\x98\x98\xd9\x32\x43\x6e" "\x5c\x1e\x69\x3e\xd9\x1f\x05\x24\xda\x02\x6f\xec\xaa\x2b\x7e\xfa\xb5" "\x4a\xee\xf1\x20\xbe\x61\xde\x45\x71\x71\xc5\x88\x11\xe0\xca\x8a\x76" "\x00\xe0\xac\x24\x9a\xa5\x79\xd7\x8d\x2e\x2b\x1d\x6f\x41\xa3\xda\x46" "\x76\xb6\x69\x0c\xa0\x24\x92\x51\xf5\xb4\x8b\x9a\x38\x20\xac\x5b\x25" "\xa5\x2c\xc0\x1b\xc3\x31\xc2\x40\x39\xb6\xf4\xbf\xab\x72\xd5\x83\x8a" "\x35\x62\x92\x59\x93\x0d\xea\x93\x6f\x8c\x60\xb4\xf1\xb1\x89\xdb\x1f" "\xd1\xb5\xe7\xe6\xc8\xa8\x42\x70\x7a\xd6\x75\x6d\x09\x8a\x9a\xb5\x43" "\xcd\xe3\xe1\xd1\x16\x19\x83\xea\x91\xb7\x32\x2e\xe2\xa7\x13\xbe\x3b" "\xad\x36\x9d\x81\x12\xfd\xc7\xf1\xac\x7b\x51\x22\xd5\x5d\xc5\xae\x44" "\x3e\x10\xdb\x71\x1d\xdd\x66\x19\xff\xbf\x96\x06\x8e\x28\x91\x1b\x1f" "\x54\x38\x84\x13\xa1\x79\x58\xd6\x1c\xa0\x74\x65\xb5\x46\x99\xa1\x35" "\x19\x15\x30\x0c\xb8\x26\xd3\xbf\x7f\x4f\x21\x7b\xba\x0e\xd3\x19\x5c" "\xbd\x07\x7b\x67\x16\x7b\x9a\x03\x04\x0a\xfc\x23\x7f\x3b\xb3\x6e\xdd" "\x9f\xed\x33\xd7\xd6\xe7\xc9\x49\x3f\xec\x34\xbe\x65\x43\x88\x0b\x0b" "\x44\x2d\x83\x51\x49\x6f\x2e\x8d\x60\xd4\xd9\x84\xcc\xa7\x43\x98\x3c" "\x0a\xfa\xb9\xcd\xed\xd5\xa9\xd7\x74\xa1\x21\xe9\x12\x30\xd3\x59\xc2" "\x7a\x3d\x7b\x4d\xb3\x8c\xe7\x3d\xb7\x47\xaf\x3c\xa0\x64\x70\x90\x1f" "\x26\x05\xc0\x31\xa7\xc9\xb7\xd1\xbb\xb1\xe8\x38\xd3\x6a\x4d\x39\xb0" "\x39\xe8\x0b\xcd\xdf\xae\xcc\xa9\x06\x70\x5f\xe8\xc8\x44\xe9\x3d\x5a" "\xee\x49\x4d\xc6\x2c\x7b\x4f\xcb\x6a\xbe\x09\xac\xf9\x25\xef\x42\x2d" "\xc0\x91\x85\xb5\x3e\x96\x07\x95\xc5\x65\x00\xb4\x3f\xaa\x6e\x89\x72" "\x0a\xee\xe7\x24\x53\x2f\x89\xe6\x0e\x20\xb1\x2c\xd4\xf8\x32\xb9\x51" "\x89\xbf\x45\xb9\x6a\xa7\xaf\x10\xcf\x82\x98\xb4\x42\x78\xde\x1c\x67" "\xe2\xd7\x1d\x81\x12\x40\xa7\xaa\x2d\x1d\x6d\xe2\x2e\x5b\x8c\xef\x4a" "\x1f\x30\x9d\xcd\xb8\x1c\x5a\x02\x8a\xab\xda\xbd\xdc\x96\x37\x97\x4c" "\x2d\xc1\x9b\x60\x45\x8f\x09\x54\xbc\x75\x1b\x7a\xe6\x28\xac\x60\x2e" "\xb7\xc5\x2c\x7f\xac\x0c\x16\x21\xee\x77\x57\xfc\x5b\x00\x2a\xd7\xe8" "\xfb\x66\xfc\x7d\xa0\x89\x65\x47\xab\xf0\x1e\xe0\x91\xc0\xcf\xe1\xd0" "\xfc\x66\xe6\xe0\x35\x99\xbb\x2a\xa7\x60\x8a\x72\xc3\x02\x03\xaf\x5e" "\xac\x39\x15\xa0\xb6\x61\x6b\x61\x19\xc4\xa0\x96\x54\xde\x2f\x56\xe5" "\x32\x96\xd1\xf8\x48\x7c\xd7\xec\x36\xc8\x68\x94\xba\xb7\x2e\xc3\xce" "\x61\x20\x8f\x84\x84\x32\xd4\x5a\x27\xca\xfc\xfb\xf2\xa2\xc5\x6b\x58" "\xe0\x17\xc7\x6a\xc7\xe9\x43\xaf\xf0\xb4\xac\xaf\x84\xdf\xb3\x43\xd9" "\x3e\xfb\x29\xc5\x18\xa9\xd5\x52\xc3\x6a\x3e\x44\xc6\xea\x94\x86\x73" "\xbc\x2a\xa7\x1c\x5a\x87\x3d\x1d\x30\x1a\x9c\x8b\x02\xf1\x9c\x08\x6f" "\x92\x2f\x0b\x3e\x4f\x7d\x14\xe8\xa5\x9c\x01\x78\x09\x18\x8e\x2e\x1b" "\x4d\xc6\xb5\x5f\xb8\xad\x82\xb1\xc0\x44\x60\xb5\xff\x2e\x9b\x8f\x47" "\xd3\xe8\x33\x59\x95\x19\xb7\x9a\xc6\xd9\xab\x28\x2d\xb4\xa5\x56\x54" "\xf6\x03\x96\xd2\xe7\x95\xc4\x1f\x52\x73\x5d\xde\x2b\xf8\xe2\xeb\xbc" "\x8c\x74\x29\x13\x35\x9e\xda\xdf\xcb\xda\x00\x00\x00\x00\x00", 8192); *(uint64_t*)0x200000001500 = 0; *(uint64_t*)0x200000001508 = 0; *(uint64_t*)0x200000001510 = 0; *(uint64_t*)0x200000001518 = 0; *(uint64_t*)0x200000001520 = 0; *(uint64_t*)0x200000001528 = 0; *(uint64_t*)0x200000001530 = 0; *(uint64_t*)0x200000001538 = 0; *(uint64_t*)0x200000001540 = 0; *(uint64_t*)0x200000001548 = 0; *(uint64_t*)0x200000001550 = 0; *(uint64_t*)0x200000001558 = 0x2000000005c0; *(uint32_t*)0x2000000005c0 = 0x90; *(uint32_t*)0x2000000005c4 = 0; *(uint64_t*)0x2000000005c8 = 0x88e; *(uint64_t*)0x2000000005d0 = 3; *(uint64_t*)0x2000000005d8 = 0; *(uint64_t*)0x2000000005e0 = 0xfffffe; *(uint64_t*)0x2000000005e8 = 0x105; *(uint32_t*)0x2000000005f0 = 0x3fe; *(uint32_t*)0x2000000005f4 = -1; *(uint64_t*)0x2000000005f8 = 5; *(uint64_t*)0x200000000600 = 0x8000000000000000; *(uint64_t*)0x200000000608 = 0; *(uint64_t*)0x200000000610 = 0; *(uint64_t*)0x200000000618 = 0x4362d09f; *(uint64_t*)0x200000000620 = 0x80000000; *(uint32_t*)0x200000000628 = 2; *(uint32_t*)0x20000000062c = 6; *(uint32_t*)0x200000000630 = 0; *(uint32_t*)0x200000000634 = 0x6000; *(uint32_t*)0x200000000638 = 0x1000; *(uint32_t*)0x20000000063c = r[2]; *(uint32_t*)0x200000000640 = 0; *(uint32_t*)0x200000000644 = 0x8008; *(uint32_t*)0x200000000648 = 0xdffffffe; *(uint32_t*)0x20000000064c = 0; *(uint64_t*)0x200000001560 = 0; *(uint64_t*)0x200000001568 = 0; *(uint64_t*)0x200000001570 = 0; *(uint64_t*)0x200000001578 = 0; *(uint64_t*)0x200000001580 = 0; syz_fuse_handle_req(/*fd=*/r[0], /*buf=*/0x20000000a200, /*len=*/0x2000, /*res=*/0x200000001500); break; case 6: // write$FUSE_CREATE_OPEN arguments: [ // fd: fd_fuse (resource) // arg: ptr[in, fuse_out_t[fuse_unique, fuse_create_open_out]] { // fuse_out_t[fuse_unique, fuse_create_open_out] { // len: len = 0xa0 (4 bytes) // err: fuse_errors = 0x0 (4 bytes) // unique: fuse_unique (resource) // payload: fuse_create_open_out { // entry: fuse_entry_out { // nodeid: int64 = 0x4 (8 bytes) // generation: int64 = 0x0 (8 bytes) // entry_valid: int64 = 0x4 (8 bytes) // attr_valid: int64 = 0x80010000000 (8 bytes) // entry_valid_nsec: int32 = 0x986a (4 bytes) // attr_valid_nsec: int32 = 0x1 (4 bytes) // attr: fuse_attr { // ino: int64 = 0x0 (8 bytes) // size: int64 = 0x9 (8 bytes) // blocks: int64 = 0x9 (8 bytes) // atime: int64 = 0x1 (8 bytes) // mtime: int64 = 0x7 (8 bytes) // ctime: int64 = 0x7ff (8 bytes) // atimensec: int32 = 0x5 (4 bytes) // mtimensec: int32 = 0x4 (4 bytes) // ctimensec: int32 = 0x6 (4 bytes) // mode: fuse_mode = 0x2000 (4 bytes) // nlink: int32 = 0x67 (4 bytes) // uid: uid (resource) // gid: gid (resource) // rdev: int32 = 0xfffffd6b (4 bytes) // blksize: int32 = 0x82e (4 bytes) // padding: const = 0x0 (4 bytes) // } // } // open: fuse_open_out { // fh: const = 0x0 (8 bytes) // open_flags: fuse_open_flags = 0x8 (4 bytes) // padding: const = 0x0 (4 bytes) // } // } // } // } // len: bytesize = 0xa0 (8 bytes) // ] *(uint32_t*)0x2000000005c0 = 0xa0; *(uint32_t*)0x2000000005c4 = 0; *(uint64_t*)0x2000000005c8 = 0; *(uint64_t*)0x2000000005d0 = 4; *(uint64_t*)0x2000000005d8 = 0; *(uint64_t*)0x2000000005e0 = 4; *(uint64_t*)0x2000000005e8 = 0x80010000000; *(uint32_t*)0x2000000005f0 = 0x986a; *(uint32_t*)0x2000000005f4 = 1; *(uint64_t*)0x2000000005f8 = 0; *(uint64_t*)0x200000000600 = 9; *(uint64_t*)0x200000000608 = 9; *(uint64_t*)0x200000000610 = 1; *(uint64_t*)0x200000000618 = 7; *(uint64_t*)0x200000000620 = 0x7ff; *(uint32_t*)0x200000000628 = 5; *(uint32_t*)0x20000000062c = 4; *(uint32_t*)0x200000000630 = 6; *(uint32_t*)0x200000000634 = 0x2000; *(uint32_t*)0x200000000638 = 0x67; *(uint32_t*)0x20000000063c = r[2]; *(uint32_t*)0x200000000640 = 0; *(uint32_t*)0x200000000644 = 0xfffffd6b; *(uint32_t*)0x200000000648 = 0x82e; *(uint32_t*)0x20000000064c = 0; *(uint64_t*)0x200000000650 = 0; *(uint32_t*)0x200000000658 = 8; *(uint32_t*)0x20000000065c = 0; syscall(__NR_write, /*fd=*/(intptr_t)-1, /*arg=*/0x2000000005c0ul, /*len=*/0xa0ul); break; case 7: // mount$incfs arguments: [ // src: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 30 00} (length 0x8) // } // dst: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 30 00} (length 0x8) // } // type: ptr[in, buffer] { // buffer: {69 6e 63 72 65 6d 65 6e 74 61 6c 2d 66 73 00} (length 0xf) // } // flags: mount_flags = 0x0 (8 bytes) // opts: nil // ] memcpy((void*)0x200000000000, "./file0\000", 8); memcpy((void*)0x200000000080, "./file0\000", 8); memcpy((void*)0x200000000180, "incremental-fs\000", 15); syscall(__NR_mount, /*src=*/0x200000000000ul, /*dst=*/0x200000000080ul, /*type=*/0x200000000180ul, /*flags=*/0ul, /*opts=*/0ul); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; }