// https://syzkaller.appspot.com/bug?id=5b958512cfd271399fd6c2f6cd9817279098103b // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ ({ \ int ok = 1; \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } else \ ok = 0; \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ ok; \ }) static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static void netlink_nest(struct nlmsg* nlmsg, int typ) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_type = typ; nlmsg->pos += sizeof(*attr); nlmsg->nested[nlmsg->nesting++] = attr; } static void netlink_done(struct nlmsg* nlmsg) { struct nlattr* attr = nlmsg->nested[--nlmsg->nesting]; attr->nla_len = nlmsg->pos - (char*)attr; } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_send(struct nlmsg* nlmsg, int sock) { return netlink_send_ext(nlmsg, sock, 0, NULL, true); } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } static void netlink_add_device_impl(struct nlmsg* nlmsg, const char* type, const char* name) { struct ifinfomsg hdr; memset(&hdr, 0, sizeof(hdr)); netlink_init(nlmsg, RTM_NEWLINK, NLM_F_EXCL | NLM_F_CREATE, &hdr, sizeof(hdr)); if (name) netlink_attr(nlmsg, IFLA_IFNAME, name, strlen(name)); netlink_nest(nlmsg, IFLA_LINKINFO); netlink_attr(nlmsg, IFLA_INFO_KIND, type, strlen(type)); } static void netlink_device_change(struct nlmsg* nlmsg, int sock, const char* name, bool up, const char* master, const void* mac, int macsize, const char* new_name) { struct ifinfomsg hdr; memset(&hdr, 0, sizeof(hdr)); if (up) hdr.ifi_flags = hdr.ifi_change = IFF_UP; hdr.ifi_index = if_nametoindex(name); netlink_init(nlmsg, RTM_NEWLINK, 0, &hdr, sizeof(hdr)); if (new_name) netlink_attr(nlmsg, IFLA_IFNAME, new_name, strlen(new_name)); if (master) { int ifindex = if_nametoindex(master); netlink_attr(nlmsg, IFLA_MASTER, &ifindex, sizeof(ifindex)); } if (macsize) netlink_attr(nlmsg, IFLA_ADDRESS, mac, macsize); int err = netlink_send(nlmsg, sock); if (err < 0) { } } static struct nlmsg nlmsg; #define MAX_FDS 30 static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int real_uid; static int real_gid; __attribute__((aligned(64 << 10))) static char sandbox_stack[1 << 20]; static int namespace_sandbox_proc(void* arg) { sandbox_common(); write_file("/proc/self/setgroups", "deny"); if (!write_file("/proc/self/uid_map", "0 %d 1\n", real_uid)) exit(1); if (!write_file("/proc/self/gid_map", "0 %d 1\n", real_gid)) exit(1); if (unshare(CLONE_NEWNET)) exit(1); if (mkdir("./syz-tmp", 0777)) exit(1); if (mount("", "./syz-tmp", "tmpfs", 0, NULL)) exit(1); if (mkdir("./syz-tmp/newroot", 0777)) exit(1); if (mkdir("./syz-tmp/newroot/dev", 0700)) exit(1); unsigned bind_mount_flags = MS_BIND | MS_REC | MS_PRIVATE; if (mount("/dev", "./syz-tmp/newroot/dev", NULL, bind_mount_flags, NULL)) exit(1); if (mkdir("./syz-tmp/newroot/proc", 0700)) exit(1); if (mount(NULL, "./syz-tmp/newroot/proc", "proc", 0, NULL)) exit(1); if (mkdir("./syz-tmp/newroot/selinux", 0700)) exit(1); const char* selinux_path = "./syz-tmp/newroot/selinux"; if (mount("/selinux", selinux_path, NULL, bind_mount_flags, NULL)) { if (errno != ENOENT) exit(1); if (mount("/sys/fs/selinux", selinux_path, NULL, bind_mount_flags, NULL) && errno != ENOENT) exit(1); } if (mkdir("./syz-tmp/newroot/sys", 0700)) exit(1); if (mount("/sys", "./syz-tmp/newroot/sys", 0, bind_mount_flags, NULL)) exit(1); if (mkdir("./syz-tmp/pivot", 0777)) exit(1); if (syscall(SYS_pivot_root, "./syz-tmp", "./syz-tmp/pivot")) { if (chdir("./syz-tmp")) exit(1); } else { if (chdir("/")) exit(1); if (umount2("./pivot", MNT_DETACH)) exit(1); } if (chroot("./newroot")) exit(1); if (chdir("/")) exit(1); drop_caps(); loop(); exit(1); } static int do_sandbox_namespace(void) { setup_common(); real_uid = getuid(); real_gid = getgid(); mprotect(sandbox_stack, 4096, PROT_NONE); int pid = clone(namespace_sandbox_proc, &sandbox_stack[sizeof(sandbox_stack) - 64], CLONE_NEWUSER | CLONE_NEWPID, 0); return wait_for_loop(pid); } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; retry: while (umount2(dir, MNT_DETACH) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, MNT_DETACH) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, MNT_DETACH)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void close_fds() { for (int fd = 3; fd < MAX_FDS; fd++) close(fd); } static void setup_sysctl() { char mypid[32]; snprintf(mypid, sizeof(mypid), "%d", getpid()); struct { const char* name; const char* data; } files[] = { {"/sys/kernel/debug/x86/nmi_longest_ns", "10000000000"}, {"/proc/sys/kernel/hung_task_check_interval_secs", "20"}, {"/proc/sys/net/core/bpf_jit_kallsyms", "1"}, {"/proc/sys/net/core/bpf_jit_harden", "0"}, {"/proc/sys/kernel/kptr_restrict", "0"}, {"/proc/sys/kernel/softlockup_all_cpu_backtrace", "1"}, {"/proc/sys/fs/mount-max", "100"}, {"/proc/sys/vm/oom_dump_tasks", "0"}, {"/proc/sys/debug/exception-trace", "0"}, {"/proc/sys/kernel/printk", "7 4 1 3"}, {"/proc/sys/net/ipv4/ping_group_range", "0 65535"}, {"/proc/sys/kernel/keys/gc_delay", "1"}, {"/proc/sys/vm/oom_kill_allocating_task", "1"}, {"/proc/sys/kernel/ctrl-alt-del", "0"}, {"/proc/sys/kernel/cad_pid", mypid}, }; for (size_t i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].name, files[i].data)) printf("write to %s failed: %s\n", files[i].name, strerror(errno)); } } #define NL802154_CMD_SET_SHORT_ADDR 11 #define NL802154_ATTR_IFINDEX 3 #define NL802154_ATTR_SHORT_ADDR 10 static void setup_802154() { int sock_route = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (sock_route == -1) exit(1); int sock_generic = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (sock_generic < 0) exit(1); int nl802154_family_id = netlink_query_family_id(&nlmsg, sock_generic, "nl802154", true); for (int i = 0; i < 2; i++) { char devname[] = "wpan0"; devname[strlen(devname) - 1] += i; uint64_t hwaddr = 0xaaaaaaaaaaaa0002 + (i << 8); uint16_t shortaddr = 0xaaa0 + i; int ifindex = if_nametoindex(devname); struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = NL802154_CMD_SET_SHORT_ADDR; netlink_init(&nlmsg, nl802154_family_id, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(&nlmsg, NL802154_ATTR_IFINDEX, &ifindex, sizeof(ifindex)); netlink_attr(&nlmsg, NL802154_ATTR_SHORT_ADDR, &shortaddr, sizeof(shortaddr)); int err = netlink_send(&nlmsg, sock_generic); if (err < 0) { } netlink_device_change(&nlmsg, sock_route, devname, true, 0, &hwaddr, sizeof(hwaddr), 0); if (i == 0) { netlink_add_device_impl(&nlmsg, "lowpan", "lowpan0"); netlink_done(&nlmsg); netlink_attr(&nlmsg, IFLA_LINK, &ifindex, sizeof(ifindex)); int err = netlink_send(&nlmsg, sock_route); if (err < 0) { } } } close(sock_route); close(sock_generic); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 9; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); close_fds(); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0xffffffffffffffff, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: NONFAILING(memcpy((void*)0x20000400, "./file0\000", 8)); syscall(__NR_mkdir, 0x20000400ul, 0ul); break; case 1: NONFAILING(memcpy((void*)0x20002080, "/dev/fuse\000", 10)); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20002080ul, 0x42ul, 0ul); if (res != -1) r[0] = res; break; case 2: syscall(__NR_clone, 0x26100900ul, 0ul, 0x9999999999999999ul, 0ul, -1ul); break; case 3: syscall(__NR_socket, 0xaul, 0ul, 0); break; case 4: NONFAILING(memcpy((void*)0x200042c0, "./file0\000", 8)); NONFAILING(memcpy((void*)0x20002000, "fuse\000", 5)); NONFAILING(memcpy((void*)0x20002280, "fd", 2)); NONFAILING(*(uint8_t*)0x20002282 = 0x3d); NONFAILING(sprintf((char*)0x20002283, "0x%016llx", (long long)r[0])); NONFAILING(*(uint8_t*)0x20002295 = 0x2c); NONFAILING(memcpy((void*)0x20002296, "rootmode", 8)); NONFAILING(*(uint8_t*)0x2000229e = 0x3d); NONFAILING(sprintf((char*)0x2000229f, "%023llo", (long long)0x4000)); NONFAILING(*(uint8_t*)0x200022b6 = 0x2c); NONFAILING(memcpy((void*)0x200022b7, "user_id", 7)); NONFAILING(*(uint8_t*)0x200022be = 0x3d); NONFAILING(sprintf((char*)0x200022bf, "%020llu", (long long)0)); NONFAILING(*(uint8_t*)0x200022d3 = 0x2c); NONFAILING(memcpy((void*)0x200022d4, "group_id", 8)); NONFAILING(*(uint8_t*)0x200022dc = 0x3d); NONFAILING(sprintf((char*)0x200022dd, "%020llu", (long long)0)); NONFAILING(*(uint8_t*)0x200022f1 = 0x2c); NONFAILING(*(uint8_t*)0x200022f2 = 0); syscall(__NR_mount, 0ul, 0x200042c0ul, 0x20002000ul, 0ul, 0x20002280ul); break; case 5: NONFAILING(memcpy((void*)0x200020c0, "./file0\000", 8)); syscall(__NR_chdir, 0x200020c0ul); break; case 6: res = syscall(__NR_read, r[0], 0x20004340ul, 0x2020ul); if (res != -1) NONFAILING(r[1] = *(uint64_t*)0x20004348); break; case 7: NONFAILING(*(uint32_t*)0x20004200 = 0x50); NONFAILING(*(uint32_t*)0x20004204 = 0); NONFAILING(*(uint64_t*)0x20004208 = r[1]); NONFAILING(*(uint32_t*)0x20004210 = 7); NONFAILING(*(uint32_t*)0x20004214 = 0x22); NONFAILING(*(uint32_t*)0x20004218 = 0); NONFAILING(*(uint32_t*)0x2000421c = 0); NONFAILING(*(uint16_t*)0x20004220 = 0); NONFAILING(*(uint16_t*)0x20004222 = 0); NONFAILING(*(uint32_t*)0x20004224 = 0); NONFAILING(*(uint32_t*)0x20004228 = 0); NONFAILING(*(uint16_t*)0x2000422c = 0); NONFAILING(*(uint16_t*)0x2000422e = 0); NONFAILING(memset((void*)0x20004230, 0, 32)); syscall(__NR_write, r[0], 0x20004200ul, 0x50ul); break; case 8: NONFAILING(memcpy( (void*)0x20006380, "\x2c\x83\xa2\x75\x2d\x07\xd6\xe7\xa5\x3d\x37\x1d\x92\x67\xc6\xd7\x94" "\x1e\x7c\xff\xf7\x55\xc0\xb7\xdd\x9e\x64\xb2\x19\xec\xa3\xab\x6c\x24" "\x63\x33\xd0\xbb\xf1\xa9\x97\x6e\x9d\xae\xa5\x46\x21\x7c\x31\xc1\x3d" "\x89\xd8\x21\x07\xdc\x6a\x9d\xf1\x58\xf8\xb9\x17\x44\xde\x08\x57\x54" "\xb4\x38\x9f\x3b\x5e\x88\x57\x38\x45\x29\xef\x14\x3c\x2d\x40\x07\xdb" "\x40\xec\x8e\x07\x04\xfa\x91\x6b\x3a\xc3\x76\xf2\x82\xf3\x8f\xce\xfd" "\x24\x8f\xe6\x97\x66\x46\xb0\x94\x66\x0b\x07\x77\xe6\x66\x15\x85\x6b" "\xea\xba\x7b\x75\x56\xb7\xee\xdc\x18\xdd\x3a\x49\x7c\x3c\x64\x6f\xbb" "\xa1\xba\xd0\x0b\x01\x9a\x11\xb3\xbe\xc1\x5e\xf9\x31\x66\x4b\xf9\xad" "\xd1\x02\x5a\xe5\x2c\x53\x56\x6d\x07\x4a\x28\xf0\xc8\x2e\xdc\xb8\x3c" "\x4b\x38\x81\x1b\xf5\x77\xbd\xf1\xd3\x9f\xce\xfd\x8c\x3f\x89\x3e\x8e" "\x0a\xbd\x11\x93\x9e\x05\x96\x06\x5e\x78\x30\x15\xad\xae\x33\x86\x97" "\xc3\x1d\xc6\x37\xb4\xbd\xfd\xe5\x8d\x0a\x86\x4a\x1d\xcf\x65\x7b\x62" "\x5e\x73\x8a\x2d\xc2\x5e\x5d\x98\x33\xed\xf3\xa7\x85\x8d\x23\xca\x41" "\xb1\x36\xc6\x42\x0d\xb0\x9e\x78\xd8\xa2\x17\x35\x5e\x7f\x55\x78\x71" "\x51\x07\x9f\x31\x21\x5b\x83\xe5\x33\x81\x86\x71\xec\x0b\x7b\x26\xbd" "\xa6\xe0\x6f\xb3\xa6\x72\x3c\x49\x0e\x76\x44\x74\x53\x3d\x0b\x4e\xf2" "\x2a\x75\xd4\xc4\xf3\x62\x1c\x37\x50\x4a\x7b\xf2\xf3\xc2\xc3\x5a\xd6" "\x62\xa8\x37\xd0\xce\xf2\x44\xa6\x48\x73\xf8\xcd\x37\x86\x8d\x68\x9b" "\xd6\x50\xc3\x16\xf6\xb9\xed\x1c\xe9\xb8\x4b\x57\x18\x16\xd0\x38\x13" "\x6b\xa6\x48\xe9\x06\xa3\x7f\x90\x8c\x25\x3f\x77\x07\x3a\xfd\x1e\xe7" "\x90\x85\x2e\xd2\x55\x70\x40\xd3\x67\x11\x7d\x56\xd4\xcd\xc1\xd0\xfa" "\x77\x62\x6c\xf1\x5e\x7e\x65\x3d\x78\x9f\x59\x3b\xd2\x07\xae\x44\x7f" "\x29\xbf\x69\xa9\xe2\xcc\x95\xd9\x6f\x85\xe8\x5c\xe9\x64\xd8\x21\xe2" "\xb0\xbc\x3e\x0e\x50\x67\x34\xe7\xf7\x51\x38\x40\x59\x2f\x5b\x53\x88" "\x76\x84\x60\x43\x67\x3e\x8d\xfa\x52\xc2\x87\xac\x45\xd9\xf7\x8b\xc5" "\x03\x2e\x40\xee\xf1\x90\x36\x69\xd8\xe3\x5c\xa8\xeb\x6e\xad\x82\x11" "\xde\xd3\x82\x49\xe8\x95\x81\x04\xbe\xbb\xa3\xba\x87\x54\xea\x13\xff" "\x2a\xda\x80\xbf\xf4\x88\xd5\x4d\x2e\x3f\xbe\x70\xf6\xee\x6b\xa8\x02" "\x58\xb6\x0d\xba\xde\x57\x29\x03\xe0\xef\xc8\x44\x7a\xa9\x52\xd0\x9f" "\xde\x2e\x6b\x1b\x8b\x0a\xbc\x69\x71\xb0\xf5\xab\x79\x21\x37\xc8\xce" "\xc3\x49\x77\x7f\x55\xb6\x44\xc3\xc7\xd2\x27\x92\xd1\x28\x80\xad\x68" "\x26\xec\xfe\x4f\x66\x8e\xfd\x10\xd7\x61\x6e\x9a\xbf\x3a\xc8\x0c\x50" "\x28\xea\xd6\xfc\x80\xf2\x4a\xb1\xb4\xcb\x5b\x6b\xfb\x88\x79\x63\x4e" "\x2a\x1e\x8f\x83\x34\x78\x2d\xbe\xb5\x92\xf3\x57\xa9\xf3\xd3\xe1\x75" "\x6d\x1f\x53\xa8\xdd\xed\xda\xd3\xd9\x51\x33\xd1\x83\x9b\xb8\x46\x66" "\x1b\x41\x8e\xed\x26\x3d\xc0\x12\xf8\x53\xfc\xd4\x95\x84\x39\xf4\x74" "\xa7\x47\x63\xcc\x36\x07\x89\x2c\x77\x12\x7d\xa1\xba\x07\x9e\x7c\xc1" "\xa4\x0f\xd0\x0a\x9f\x04\xc4\x87\xba\xaa\x60\x96\xc5\xaa\x28\xb6\x21" "\xe9\xc6\xb0\xc1\xa1\x9b\xe4\xd9\xb8\x78\xdd\x3c\x11\x21\x04\x14\x7f" "\x6a\x07\xf4\x84\x38\x3f\x7c\x70\x15\x38\x58\x14\x81\x45\xbd\x62\x57" "\x83\x07\xef\x9b\x07\xde\x30\x10\xed\xe2\x91\x85\xd0\xd4\xbf\x8f\xf2" "\x0c\xb3\xc3\xa6\xfa\xf9\x08\x1c\xd0\xed\x69\xc8\x93\xa6\xea\x23\xd9" "\xc9\xcd\xaf\x9b\x26\x23\xdf\xfe\x40\x23\x2a\x5f\x5c\x42\x24\xf5\x14" "\x99\x3c\x8e\x3e\x81\x53\x82\x07\xb4\x79\x39\x6c\x42\xf9\x49\x51\xd4" "\x56\xae\x23\x15\x04\x07\x47\xf1\x31\xbd\xa7\x04\x90\xb2\x2b\x6d\xc5" "\x17\x9c\x1f\x3f\xba\x59\x07\x48\xa8\xfb\xef\x83\xb5\x36\x32\xcb\x66" "\xd3\x59\x50\xd6\xf8\x85\xcc\xf1\x71\xfa\x58\xbf\x55\xef\xef\xb8\x62" "\x25\x24\xd1\x8b\x59\xec\xd9\x1a\xdf\x3c\xdd\xd0\xf8\x33\xc5\xf5\xce" "\xaf\x85\x83\x0a\xe9\x73\x9a\xcf\x3f\xd8\x96\x9c\x1c\x31\x4e\xbb\x70" "\xff\xc9\x97\x67\x25\x4c\xae\x8c\x3e\x0a\x0b\x64\xa8\xb0\x92\x04\x02" "\xd1\xf1\x05\x87\x2a\x64\x5f\xc7\xdf\x54\x78\xf0\x78\x64\x0b\x6b\xed" "\xd9\x57\x8b\x9c\x63\x6a\xb1\x13\x50\x04\xa2\xef\xfe\x0b\x58\xfe\xe8" "\xd6\xc3\x7f\xb4\x17\xb2\xfa\x7d\xee\x3a\x6c\x54\x03\x62\x3e\x6e\x4b" "\xb4\xe8\xb5\x19\x7e\x97\xd2\xfc\x0e\x47\x12\xfb\x6d\x15\x6e\x3e\xac" "\xdb\xd7\xe3\x9a\x79\xed\xf2\xfd\xef\x88\xb1\xf1\xa8\xb7\x69\xed\x1a" "\x23\xe9\x98\x81\xaa\x78\xb6\x83\xab\x12\x57\x3f\xa4\x06\x74\x90\xb7" "\xc8\xc3\xdb\x56\xac\x84\x34\x04\xdd\xae\xb2\x8c\xfc\x33\x40\xb1\xee" "\x70\x71\xf0\x3c\x46\x54\x34\xda\x24\x7f\x32\xe8\xf1\x52\x0f\x93\x05" "\xa5\x5e\xa7\x1f\x20\x0e\x80\xc8\x62\x19\x44\x0c\x0f\x18\x81\x33\x45" "\x7c\xcd\x23\x86\x90\xb9\x94\xdc\x36\x0f\xcd\xc1\xe2\xc6\x5a\x8c\xb8" "\x12\xe4\xa8\x76\xd8\x8c\xb3\x8c\xca\x29\x49\x6c\x08\xbe\xf3\x19\x5f" "\x55\x4d\x06\xf7\x23\x17\x01\xf3\xb6\x56\x7d\x01\x62\x89\xb9\x7b\xb4" "\xfc\x55\x5d\x0f\x91\x9b\x40\x54\x46\x5c\x0d\x57\xe9\x30\x6f\xaf\xad" "\xeb\xfb\x71\xff\xcb\x18\x5d\xd0\x08\x4b\xe5\xdf\x29\xaf\x41\x7f\xd4" "\x25\xd8\x88\x64\xf9\xb1\xb8\x14\x79\x92\xa8\x35\x7b\x4b\x9c\x6a\x47" "\x7a\xbb\x32\x09\x18\x1a\xf7\x27\xad\x76\xd3\xda\x28\xf1\x28\x12\x59" "\xb9\x15\xb5\xcc\x59\x52\xf6\x30\xef\x5f\x02\xe1\x17\x64\x63\x5b\xd2" "\x7b\xd6\x67\x63\xfe\xd2\x05\x70\x4e\x18\x10\xf2\x17\xe9\xe2\x54\x7e" "\xda\x20\x75\x33\x7f\x72\x1e\xf6\x05\x67\x9d\xba\x7e\x21\xf1\xc1\xa3" "\xc3\xe1\xa7\x6a\xac\x71\xee\x7b\xef\xe1\x29\x88\x69\x8d\x69\x17\x1c" "\x99\xb6\xaa\xbc\xec\xad\xbf\x76\x98\xa8\xce\x17\x0c\xea\x45\x57\x13" "\x58\xe3\xfc\x91\xd4\xa7\x4d\x4c\x07\xe4\x06\xcb\xe7\xec\x6a\x40\xc7" "\xbf\x52\xef\x52\x69\x2a\x25\xef\x0b\x7c\x2b\x74\x30\x0b\x03\x4a\x50" "\xf3\x35\xf9\xab\xe6\xa6\xeb\xfa\x85\x4c\x35\x53\xd2\xb8\x03\xd0\x35" "\xa1\x89\x37\x5f\x98\xfe\x4b\x91\xea\x67\x2d\xc4\x77\x16\x0c\x06\x6c" "\x84\xf8\x3e\x38\xbe\xe8\xce\x15\x22\xf4\x71\x24\x44\xea\xb6\xf5\x94" "\x97\x43\xf4\x96\x58\x6a\x11\x84\x60\x8a\xb9\x3b\x78\xbb\x82\x9a\x14" "\x58\x5e\x6a\xd6\xe5\x8c\xe0\x94\x99\xa0\x79\x56\xca\x30\x39\x55\xa1" "\xd7\xdb\x53\x9e\x32\xbb\xfb\x9c\x97\x6b\x51\x21\xf1\x25\xbe\xae\x30" "\x00\x6d\x02\x25\x78\x04\x84\x9f\xca\x52\x9c\xba\x35\xd7\xd3\x56\x84" "\xdb\x6c\xc9\xba\x21\xa0\xb6\x48\xc7\xa4\x00\x6e\x4c\x17\x6a\xdc\x25" "\xa0\x82\x03\xdb\x04\x08\x9e\xad\x5e\xe0\x41\x3a\xad\x82\x42\xfe\x0a" "\xdf\x86\x07\x27\xc6\xb1\x11\x4c\x1f\xdf\x17\x65\x07\x3b\x35\xee\xb4" "\xbf\x55\xf0\x47\x9f\xdb\xa3\xfe\xa4\x14\x0e\xde\xa1\x9d\x6d\xec\x3e" "\xf2\x75\xf0\xb5\x0c\x16\x0f\x3b\x27\x53\x23\x0e\xba\x47\xb9\x59\xe7" "\xef\x71\x6d\xe6\x75\xb7\xd6\x96\x2c\x82\xe6\x2b\x59\x5a\x92\xf0\x41" "\x81\xf8\x7d\x89\x11\x64\x9e\x37\xdb\xa4\x14\xbb\xf1\x64\x76\xe2\xbb" "\x7e\x0a\xf7\x4c\x95\x76\x96\x4c\x58\x60\xe2\xee\xa1\xab\x6b\x1e\x58" "\x79\xb9\xcf\xde\x8c\xd5\x7e\x28\x51\x4a\xea\x76\x28\x19\xc1\x1c\xc9" "\xe8\xc5\x31\x08\xf2\xf9\xa2\x58\x0f\xf4\x8b\xe1\x2f\xa9\x9c\x9e\x4a" "\x22\x94\x86\x27\xe8\x49\xef\xf3\x49\x54\x54\x48\xe7\x61\xaf\x8e\xb0" "\xe5\x3b\x7b\xe9\x4a\x15\x28\x72\x1c\x96\x85\x28\xed\x08\xc5\x0d\xa2" "\x18\xcc\x47\xd2\x44\x0b\xf6\x0e\xb7\xa1\x3b\xa7\xac\xea\xac\xbe\xe0" "\x68\x8d\x38\x8f\x55\x17\x74\xd2\xe7\xa8\x34\x7f\xfc\x28\xd7\x59\x75" "\xb0\x57\xa4\xb6\xb7\x76\xc8\x0a\xb4\x18\x9f\x96\x9d\xbf\x49\x44\x3e" "\xea\x95\x49\x39\x35\x45\xc6\x67\x66\x24\xde\x55\xcc\x19\x80\x49\x2f" "\x10\x8e\xf9\x94\xe4\x6a\x0c\xbe\x07\xba\xbe\x5f\xc3\x9a\x1d\x62\xff" "\x3c\xa2\x75\xba\x32\x81\x09\x00\x36\x18\x5c\xf6\x36\x03\xe0\x51\x8f" "\xa6\x1f\xdb\x4d\x83\xd3\x09\xfb\x7c\x8f\x8e\xc4\x50\x02\xad\x34\xba" "\xcd\x1c\x25\xf9\x93\x84\xbb\xcc\xad\xe5\x93\xe2\x03\x7a\x26\xd1\xe5" "\xf0\xaa\x89\x69\x47\xb4\x4b\x8b\x86\xc4\xbe\x6b\x89\x75\x7a\xc2\x72" "\x01\xe7\x98\x1b\x5c\x48\x91\xff\x88\x54\x94\x3f\xe5\x6f\x0f\x5e\x4a" "\x93\x77\x29\x6d\xe9\x13\x45\xb5\x9b\x3e\xff\xe6\x37\xc8\xcc\xd9\xe1" "\x8e\x83\x7a\x45\x65\xa5\x69\xae\x35\x3a\xb5\x61\xc9\xc2\x20\x9f\x9e" "\xca\x97\xaf\xd4\x46\x2a\x90\xfd\x4a\x42\x0b\x8d\x39\x0a\xc1\x2b\xc8" "\x3a\xd7\x40\x21\xea\x1b\x82\x0c\xe5\x79\x0b\xa8\x7b\xe5\x54\x59\x8b" "\xf7\xe1\x0b\x1f\xd0\xb6\x61\xfb\xde\x8f\xac\x68\xa1\xca\x5d\x40\x62" "\x57\x32\x88\x83\xce\x51\xe1\x0f\x5f\x86\xd6\x4c\xe7\x3f\xf8\x17\x76" "\xcc\x3e\xbb\x52\x4e\x70\x80\x27\x1a\xbb\xec\x8c\x9b\xe1\xe4\x57\xa5" "\x87\x53\x87\xbe\xdb\x8b\x6b\x47\x8a\xeb\x78\x69\x21\x86\x60\x37\xf1" "\x73\xfb\xe9\x8e\x1d\xe5\x3a\x3f\x21\xc1\x1e\x0b\x1b\x95\xfd\x81\x03" "\x27\xb8\xab\x6b\x2d\xa6\x6a\x0b\x52\x1c\x19\x73\xec\x10\x0e\x16\xa2" "\x99\x22\x12\x5a\x1e\x9d\xa5\x85\x7a\x89\x55\xd2\xb7\x21\x05\xf4\x47" "\x8b\x1d\x37\x0e\x5a\xac\xd8\xd3\x31\x70\x6d\xfd\xce\x12\x56\x7f\x83" "\x4b\xa1\xbc\x72\xb9\xd4\xf5\xfb\x21\x3b\x3d\xbe\xc5\xbd\x04\xd3\xad" "\xbe\x52\xbc\xef\x4b\x2f\x3e\xf0\xa4\x80\x3b\x18\xbd\x70\x44\xe0\xf2" "\x86\xa6\xf3\x51\x0d\x47\x22\x98\xa3\xf0\xa0\xe3\x0b\x0b\x79\x56\xc6" "\x7a\xa0\x94\xf7\xfb\x9e\x83\x3f\x82\xcb\x52\x9e\x1e\x6c\x76\x36\x24" "\xfc\xa5\xc3\x49\x4c\x01\x79\x4d\xf1\xd0\x2d\xb4\xa6\x8c\xb9\x13\x79" "\xbd\x32\x81\x1e\x5a\x73\x84\x0b\x4c\xa3\x27\xf3\x53\x3e\xb2\xd6\xab" "\xb4\xda\xd3\xd7\x28\x6a\x39\x4a\x44\x04\x9c\xf3\x7d\xab\x78\xa7\xa0" "\x80\x11\x6e\x6d\xa3\xd0\x47\xdb\x67\x78\x69\x4d\x29\x74\x62\xde\x6a" "\xf0\x95\x18\xe6\xc4\xe4\x72\x52\x5f\x54\x72\x68\xe6\xab\xc2\xaa\xd5" "\xd9\xee\x7e\xe0\xe3\xb0\x40\x83\xba\xca\xa5\x2e\xc6\xa1\x0e\xd6\xa4" "\x4b\x4b\x67\x0c\x9c\x39\xe6\xa9\x41\xdb\xd7\xb5\x75\x61\x12\xec\x4a" "\x9f\x2a\xac\x97\xb2\x67\x6d\x9a\xf1\x27\x8a\xc2\x8b\xb6\x0c\x88\x1f" "\x3a\x63\xee\x33\xe3\x71\x2e\x22\xa0\xd0\x4f\xcf\xf0\x56\x11\xe7\xcc" "\x19\x4f\x2b\xc7\x02\xb3\xcf\x58\x13\x17\x29\xbb\x8c\xb9\x57\xe1\x5b" "\xad\x90\x31\xca\xfc\x5a\x45\x52\x70\x27\x47\x35\x3a\x44\x5a\x94\x4a" "\x5f\x00\xef\x1f\xb7\x8e\x2b\xd4\xfc\x09\xc9\xe3\xad\x25\xb6\x0d\x36" "\xfa\x13\xac\x71\x8b\x58\x6b\x93\xba\x6a\x80\x7b\xa9\x5b\x07\x3d\x08" "\xf3\x85\xb9\x22\x13\x2a\x85\x0b\x0a\x24\xca\x6b\x29\x4c\x6a\xd8\xc4" "\x5d\x92\x65\xfa\x0c\xcc\xa6\xe6\x32\xc1\x52\x9f\x20\xae\x81\x33\x88" "\x48\x84\xa1\xcb\x0f\x58\x94\xba\x42\x62\x1c\xe2\x44\x3e\x47\xc3\xba" "\xf8\x06\xa0\x40\xd8\xdb\xc5\xc9\x4f\x9e\x05\xe7\x81\xc2\xb1\xb2\xa7" "\xfd\x78\xff\x2e\x04\xed\x55\x88\x85\x72\x75\x0d\xe3\xfe\xc8\x1b\x1d" "\x60\x00\x66\x59\x9c\xe6\xd5\xc2\xc0\xbf\xc6\x0e\xf4\x64\x44\x93\x03" "\xe9\x12\x10\xf7\xc1\x37\x0f\x2d\x4a\x77\xd6\xb4\xe1\xa0\x9e\xcf\xc7" "\x7e\x35\x4b\xb4\x24\xc3\xcb\xa9\x1b\x2b\x2d\x54\xf6\x69\x26\x08\x0f" "\x7b\x42\x9c\xb4\x1b\x99\x12\x09\x45\xdb\x6a\x43\xf9\x5e\x51\xe3\x1c" "\xce\xdc\x48\xb2\x4f\xa8\xc6\x20\xb3\x02\x07\xa0\xf0\x4c\xa2\x33\xd7" "\x66\x21\x36\x92\x10\xbe\x0f\xe8\x7f\x45\x80\x15\xba\x6d\xc1\x2c\x58" "\xd6\x9c\x5e\xcd\xc3\x8f\xd9\xcf\xec\xfe\x10\xb2\x26\x23\xdf\x94\xb5" "\x1d\xfa\x5f\x8a\x4e\xd9\xff\xb7\x97\x0b\x2f\x9f\x87\xca\x74\xaa\x2f" "\xcb\x2e\xb8\x4b\x85\xe8\xe7\xe1\x33\x54\x7e\xec\xbc\x8e\xcb\x19\x70" "\xd5\xca\x47\x7a\x0b\x30\xf7\x4d\x5a\x5c\x40\xba\x56\xa9\x0f\x45\x2b" "\x1c\x35\x53\xce\x33\xa9\x64\x86\x28\xb8\xec\x83\xa2\x61\x06\x73\x6b" "\xae\x5e\x90\x0c\x3f\x2c\x9d\x72\x1b\x19\x3a\x6c\x04\x4b\x5e\xc4\xf7" "\x62\x03\x18\xdf\x83\x61\x9e\x5e\x08\x38\xb6\x9a\x2b\x3d\xe5\x90\x8e" "\x34\x21\x58\xd2\x3c\x7c\x55\x62\xcc\x99\xe2\xa0\x2d\xe6\xfa\xba\x7d" "\x8e\xee\x01\xc2\x7b\x15\x9a\x8b\x87\x53\x71\xb3\xa6\xd4\x7f\xa1\xfe" "\xd6\x3c\x69\xa3\xaf\x3f\x05\x13\xf8\xc9\x53\x68\x93\x8a\xf1\x19\x29" "\x65\x82\x98\x0a\x4a\x3d\xc9\xe0\xce\x3a\x16\x8d\x89\x95\xf9\x3b\x8f" "\xa1\x6c\x51\x92\xc2\x14\xd5\x2e\x9a\xc0\xae\xfb\xb0\x86\x64\xe7\x1c" "\xc8\xf7\x83\x3c\x85\x51\x78\x71\x36\xd4\x3f\xa6\x11\x29\xea\x44\x62" "\x83\xff\x4d\xe9\x57\x43\x8d\x65\x48\xf8\xb2\x15\xf8\xd4\x31\x28\x0b" "\x87\x08\x27\x8c\xb6\xec\x9c\x44\xcc\x2b\xaa\xa7\x21\x01\xbb\x0f\xd6" "\xa7\xae\xfd\x9d\x0a\x7a\x0c\x38\x5d\xe2\x23\xeb\x05\x4f\x86\xa8\xf0" "\x3d\x49\xee\xbe\x21\x35\xf7\xc0\x7a\xaf\xa8\xe6\x8b\x14\xa1\xbf\x78" "\x66\x5e\x7e\x19\x55\xf3\x08\xc6\x58\xa6\xe2\xd4\xeb\xd2\x32\x81\x47" "\x68\xb2\xd7\xf9\x27\x5d\x9e\x5c\x42\x45\x41\xc9\x8b\xe7\x3a\x63\xcb" "\xd7\x42\x65\x38\xa1\x95\xf3\x83\x03\x67\xe4\x60\xf5\xb9\x98\x42\x28" "\x9d\x4b\x57\xf4\x9e\x83\x78\x54\xdd\x3a\xa0\xb9\x9d\xf2\x8c\xcd\x75" "\x1e\x7e\xb6\xa4\x23\x69\xe8\x29\x2b\x73\xfa\x96\x1a\x95\x7d\x28\xc0" "\x52\xa7\x55\x88\x06\xca\x96\xd9\xa3\x63\xcd\x00\xf9\x2b\x2c\x04\x47" "\x1c\x60\xf6\x54\xdb\x05\x5f\x03\x88\x83\xa7\x19\x9a\x41\x92\x6c\x45" "\xd5\xf9\x81\xbb\x2c\xfb\x91\x43\xe7\x8e\x91\x7a\xa7\x2b\x8d\xa2\xb4" "\x29\x5c\x48\x74\xc8\x79\xaa\x2e\x5f\x63\xa2\x17\xc5\x26\xef\xeb\x26" "\xf5\x0c\x69\xcb\xcb\x9d\xdc\xea\x8e\x50\x6d\x9e\xd6\x0d\x36\xc5\x4a" "\xe7\x36\x26\x94\xf5\xde\xf7\x1a\x6c\xe2\x84\x68\xf4\xb6\x27\xa5\xc0" "\xf7\x8e\xc1\xd2\xdb\x8b\x39\xfa\x34\xe8\x87\xe6\xa4\x8a\x28\x19\x48" "\x4f\xd8\x87\xd3\x5b\xcc\x50\x71\x64\x10\x13\xd0\x76\xf8\x3b\x8a\xc4" "\xf2\x5c\xcb\xe7\x4c\x7d\xfa\x90\xa9\x10\xbf\xae\x91\x33\x11\xb2\xd1" "\x0e\xb6\xdc\x47\x15\xe0\x2e\xed\xd9\xfb\xb1\xea\x69\x3b\x9a\x3a\xcc" "\xb4\x08\xf3\x09\xea\x4e\x89\xee\x29\xa0\xb7\xb8\x61\xce\xb1\x55\xdb" "\x11\x78\x67\xc3\xf5\xbf\x37\x01\x24\xa9\x89\xff\xa3\xc8\x1b\xe4\xd1" "\xf0\x2f\xd3\x8b\xfc\x2e\xfd\x8e\xa9\xe4\x79\x18\x30\xac\x1d\xcc\x73" "\x8a\xe7\x2b\xe4\x7e\x21\xab\xad\xf1\xc5\x94\x3d\x37\x91\x18\x65\x05" "\xb7\x77\x1a\x44\xf2\xaf\x35\x9f\x77\xbc\xcf\x55\xd7\x98\x51\x17\x1c" "\x4e\x1e\x35\x4e\xb0\x53\x09\x70\xf4\x9f\x1d\x2a\x61\x49\x4d\xc8\xae" "\xa9\x39\x88\x88\xdd\x85\xb7\x53\x67\x6f\x7c\x3d\xd5\xc4\x73\xa6\x0f" "\x78\x14\xae\x51\xb1\x1c\xc0\xb6\xad\x97\xc8\xd2\x35\xd0\x95\x60\x9f" "\xef\x39\x7f\xaa\x74\x19\x7f\x34\xa4\xed\x02\xfd\x28\x05\xbc\x99\xe1" "\xe1\xc7\xce\x64\x8d\x03\xe6\xaf\x7a\xbe\x27\x99\x7a\xc8\x3f\xcf\x6f" "\x87\x93\x6b\x72\x04\x81\x37\x08\x27\x74\xe0\xfb\xd3\xf7\x65\x08\x01" "\xc7\x3d\x98\xf3\x2d\xd8\x7f\x24\x00\x67\x9c\x02\xf6\xe2\xb7\xe9\x20" "\xd6\x91\x1a\x48\x26\x4d\x3e\xdf\xce\xb3\x89\x85\xbd\xe1\xf3\xcb\xc9" "\x88\x55\xec\x80\x9c\xae\x34\xe4\xfb\x56\x2a\x3d\x35\xf8\x90\x45\xd4" "\x01\xbc\x3d\x99\x22\x62\x0a\x83\x25\xa3\x4b\x4f\x50\xfe\x84\xa4\x74" "\xe5\xe3\xe4\x76\x08\xc3\xdb\xdf\x74\x3d\xe3\xce\xb3\x61\xbe\xd7\xbf" "\x1e\x2c\x7a\x29\xde\x2a\xf5\x9b\x17\x14\xe5\x19\x3b\x61\x1b\x9a\xad" "\x1e\x9f\xde\xaf\xbc\xa7\xd5\x2f\xd6\x55\xd2\x95\x86\xab\xef\xa8\x9b" "\xbd\x8c\x74\x9f\xb7\xa6\xd6\x1f\x8f\x65\xf4\x50\xbf\xdf\xaa\xbb\xd6" "\xed\x96\x1f\x88\xc6\xa1\x0c\xb1\xfd\x77\x6d\x84\x7a\x80\x80\xd7\x86" "\x3b\xaf\x37\x95\xf3\x9b\x96\xc1\xb4\x19\x7b\x47\xbc\x35\x16\x6b\x6c" "\x0f\x56\xe4\x8e\xf4\x92\x27\xf4\x42\x26\x21\x64\x93\x14\x20\x46\xf0" "\x0b\x47\x96\xcb\xce\x1f\x4f\x43\x3a\xa1\xd2\x48\x15\x18\x29\xac\x47" "\xa5\x6b\x98\xb1\xb9\x96\x7c\xb6\x70\x45\xda\xf0\x6f\x80\x28\x89\xff" "\x22\x67\x8e\x5d\xe4\x14\xd2\x1c\x26\x31\xbb\x78\x1c\xa6\xbc\x60\xbd" "\x4b\xca\xf0\xfa\xd7\x88\x99\x00\x44\xf7\xe7\xe8\xeb\x21\x1e\xc7\xd6" "\x3a\x1e\x6d\x0e\xd5\xd1\x82\x30\x33\x54\x79\x28\x18\x34\xee\xba\xe4" "\x07\x27\x41\x20\x76\xd4\xf1\x1a\x66\x92\xd3\xe2\xd7\xf0\x64\x73\x16" "\x1c\x67\xd4\x01\xd7\xb7\xc7\xe5\x0b\x5b\x56\x3e\xaf\x1a\x29\x68\x94" "\x42\x33\x84\x4c\xe3\x3e\xc6\xfa\x0a\xeb\x41\x51\x32\x42\x62\x5c\x11" "\x71\xde\xa6\xcc\xea\x90\x01\xe1\x91\x5c\x68\x96\x37\x86\x25\x18\x9a" "\x53\xdd\xfe\x51\x59\x8d\x2b\xcf\x95\x9b\xe2\xa3\xc5\x42\x22\x91\xb3" "\x4b\x57\x26\xae\x11\x65\x10\x99\x25\x3f\x2e\x2e\x69\x14\xe9\xef\xf6" "\x7a\x6e\x10\x43\xc0\xcf\x77\x4b\x28\x11\xdf\x97\x87\xe2\x76\xd7\xf4" "\x18\xb7\x1c\x1d\xaf\x77\x55\x67\x52\xa1\x17\xc5\x5e\x76\xbb\xf1\xd0" "\xb6\x1c\x83\xf8\x84\x78\x8c\x76\xed\x97\xb2\x3a\x38\x83\x73\x8a\xc1" "\xd5\xc4\x9d\x60\x36\xab\x53\xf7\x8f\x66\x6f\x56\x59\x35\x9c\xda\x60" "\x2c\x46\x58\x09\x38\x7d\x91\xcb\xbc\x5e\x0b\xf2\x54\xc3\xe7\xac\x42" "\x1e\x09\xd5\x40\xaf\x47\x37\x7f\xf0\x58\x6e\x45\xd2\xfc\x43\x0d\x2a" "\x69\x51\x18\x89\x77\x4d\xd4\xb4\x47\x89\xaa\xe0\xa8\xe6\x9b\x6d\x7b" "\xaf\x58\x07\x06\x19\xb4\x6a\xa9\xb4\x77\x49\xd7\xc7\x3b\xdc\x0a\x10" "\x11\x54\x3a\xe5\x9a\xf4\xb2\xfa\x49\x91\xc0\x95\x92\x25\xaa\xa6\xa5" "\x5b\xf1\x72\xd4\x7d\x51\x0f\x57\xf4\xa7\xfa\x89\xa0\x2d\xe2\x3f\x6c" "\x00\xc7\xdd\xee\xb8\x3e\xa6\x27\xea\xfb\xf3\x72\xd1\x11\x6f\x0e\xe8" "\x2f\x9b\x9b\x79\xee\xd9\xb5\xf0\xeb\xc7\xf5\x38\x20\x76\xe8\x8e\xf5" "\x97\x29\xe3\xff\x0a\x0b\xd8\x40\xc3\x49\xba\xb1\xd8\xc6\xad\xd4\x60" "\x92\xa9\xe7\xce\x40\xca\x8c\xd5\xd9\xf6\x64\x6a\x5d\x74\x1e\x18\x46" "\x72\xd2\x01\xfe\xb8\xf5\x8f\x22\xb2\x4d\x85\x03\x79\x57\x5c\x6b\xb7" "\x00\x89\x36\xf4\x62\x9b\xeb\xce\x7b\x19\x0b\xf7\xb7\xbe\x00\x69\x8b" "\xa5\xaf\x52\x0c\x99\xeb\x0c\xad\x44\xb9\x57\xb4\x98\x43\x1f\x10\xf9" "\x57\x23\x3a\x42\xc1\xfb\xc6\xa5\x65\xd7\x46\x8c\xab\x42\x5b\x32\xfa" "\x94\x92\xfb\xf8\x36\x68\x46\x40\xd8\xac\x6f\x72\x58\x65\xfe\x9d\x68" "\xeb\xca\x5f\xb4\x75\x1b\xc4\x8e\x59\xab\x01\x1c\x75\xf8\x14\x4c\x96" "\x08\x02\x76\x2f\x5e\x0a\x12\x17\x76\xac\x06\xa6\xaf\xe0\x37\x87\x63" "\xe9\xf4\x28\x65\xa5\xa3\x97\xf7\x5f\x9a\x14\x44\x33\x68\x1c\xcc\xd4" "\xcc\x76\x03\x15\x00\xe4\xd1\x4e\x35\xc8\x60\x30\x1b\x57\x1d\x30\x60" "\x17\x45\x19\xbb\x1f\x95\xfb\x26\xde\xca\xe3\xb6\xe6\x1d\x20\x6a\xff" "\xa3\x39\x48\x7d\x0c\xbb\x59\x46\x0f\x6a\xd8\xb0\xa0\xd9\xbc\x75\x74" "\xc4\xab\x35\xac\x76\x4f\x9a\x25\x70\x1d\x53\x42\x2e\x0b\xc5\x94\xf8" "\x03\x7d\x7d\x4e\x33\x92\x2f\x15\xa7\x12\x84\xf3\x95\x39\x9f\xcd\xf3" "\xfc\x02\xb7\xc2\xab\xaa\x52\xd1\x97\xa8\x27\xb3\x83\xea\x67\xe3\x66" "\x7e\x30\x29\x27\xf7\xf2\xf4\xc4\x62\xe1\x11\x91\xeb\xf7\x33\xbb\xaa" "\x32\x14\xd9\x1a\x22\xb9\xf2\xa4\x09\xc7\xb1\x49\x71\x84\xb6\x3f\x8f" "\x1a\x63\xed\x68\x91\x8c\xd7\x67\x12\x16\xc1\x9b\x1f\xe1\x2c\x5d\x42" "\x6f\xc8\x6f\x41\x50\xb8\xd9\x9a\xe8\xa5\x81\x9f\x3a\xeb\x43\x4d\x4d" "\xca\x6b\xa9\x5d\xf7\xdb\x3c\x3f\xef\xa7\x15\x68\x26\x77\xea\xeb\xfa" "\x89\x58\x04\xcb\x9f\x29\x91\xfd\x2b\x8a\xf0\xe0\xe0\x88\x40\xad\x8b" "\x88\xbf\x62\x91\x93\x18\x0b\x0c\x82\xfb\x3e\x22\xbd\xaf\x8b\xac\xae" "\xcd\xfc\x64\x85\xf4\xa3\x4a\x2d\xa2\x42\x9a\xf7\x96\xe3\x09\x58\x0d" "\x65\x80\x4d\x9e\x41\x3e\xa1\x9a\xfa\xed\x83\xfa\xbe\x67\xfd\x55\x37" "\xda\x3e\x5c\x7a\x07\xbd\x69\xf5\x6e\x1b\x8c\xe4\xfb\x4f\xec\x14\x50" "\x4d\x59\xed\xf0\xad\xb3\x1e\x0a\xd2\xa9\x53\x22\x05\xe0\xf5\x7e\x66" "\x0b\x6a\x3d\xa9\x21\x8e\xec\x55\x5c\x7b\xa4\x43\xe2\x2d\x76\x29\xa2" "\x7c\x34\x04\x05\xdb\x17\xad\xad\x09\xf6\x16\x1b\xcf\xa9\xaf\xfc\x25" "\xbc\xfc\x2a\x25\x05\xe4\x95\x6c\x21\xb3\x2b\x7d\xac\x80\x24\x4e\x0b" "\x45\xd7\x31\xc5\xd7\xde\x72\xd7\xfc\x43\x7f\x00\xa2\xed\x40\xa5\xe6" "\xa7\x66\xab\x6b\x3a\xf4\x81\x19\x0c\x73\xb3\x38\xc5\xd7\x24\x4c\x7d" "\x5a\x30\x2b\x73\xb9\xb7\x87\x86\xe9\x0c\x88\xb7\xec\xdc\x69\x08\x38" "\xfb\x41\x6c\xce\xc1\x1d\x42\x93\xd1\xec\x07\x1e\x49\x38\x62\xa5\xf7" "\xcd\xc1\x8a\xd7\x63\x84\xfe\xa8\x78\x82\x25\xa9\xcb\xba\x7d\xa6\x4c" "\x1c\x24\xb8\x5b\x09\x46\xf1\xf9\x11\xd1\x33\x76\x36\x63\xce\x43\x57" "\x58\xa3\xac\x6c\xa7\xb2\x8c\x15\x06\x9c\x7b\x76\xfb\xcf\x5e\xb8\x2c" "\xc5\x15\x2e\xdd\xc2\x03\x93\xef\x72\x4a\xa3\x36\x52\xb3\x8a\x3e\x66" "\x81\x18\xe1\x15\xde\x19\x1c\x85\x64\xde\x66\xf5\x23\x46\xe6\x80\x0f" "\x4a\xb8\xcb\xdf\x9e\xff\x9b\x01\xec\xa3\xab\x26\x9c\x46\x36\x15\xf1" "\xf8\x72\x2d\x92\x57\x98\xf2\x3a\xde\x19\xfd\x7c\x51\xe2\xa2\x40\x16" "\x32\xa1\xe3\xc1\x52\x4d\x4a\x14\x38\xca\x4e\x87\x78\x8e\x4a\xe4\x4a" "\xb9\x94\x99\xc5\x9d\x1c\x25\x77\x6f\xd0\x46\xbb\x0e\xd0\x40\xa9\xf3" "\x82\xd0\xf9\x96\x54\x22\xab\x61\x4e\x71\xc8\x3a\x4c\xe4\xa4\xa6\x87" "\xac\x8f\x4c\x7b\xb1\xe1\xbd\x5d\x8d\x41\x7d\x7a\x04\xc3\xd2\x15\xa2" "\xc8\x53\xf4\x8a\xbf\x19\x29\xc8\xd5\x3e\x7f\x00\x4a\x23\x83\x3a\x4f" "\xef\x17\x26\x67\x8e\x38\x0f\x8e\x2f\x19\x74\xe0\x17\xe8\x07\xfb\xc5" "\x7b\xa3\x8d\x8a\x36\x1d\xaa\x68\x37\x2c\xdd\xb2\xdb\xfe\x20\xa1\x58" "\x38\xb4\x77\x3a\xde\x91\x68\x28\x5f\xa6\x82\xfc\x7c\x97\x11\x16\x7e" "\x88\x96\x66\xdc\xec\x15\x60\x71\x9e\x97\x80\xff\x21\xc7\xb6\xb0\xd9" "\x8a\xfd\xd7\x32\xea\xe7\x78\x94\xe2\x18\x4f\x18\xa5\xcd\x72\x3f\x51" "\xf6\x6e\xf6\x4f\x04\x31\xf9\x74\xe3\x78\xb4\x99\xf5\x67\x8d\xf6\x3a" "\x4a\x4d\x67\x0e\x4e\xb8\x43\x78\x0c\x39\x57\x25\xa8\x0f\xa9\x79\xdb" "\xe6\xb8\xba\x37\xa5\x74\x4d\x05\x74\x29\x89\x32\x51\xb6\xa0\xf2\xcf" "\xf2\x59\x7f\xf4\x2b\xa0\xb5\x3b\x67\x90\x3c\xa9\x65\xeb\xb6\x28\xd1" "\xc8\x23\x53\xb4\x84\x1f\x9f\xd5\xed\x30\xf0\xf9\xf1\x08\xef\x93\x0d" "\xcd\x35\xb2\x1c\x39\x6d\x00\x18\xb2\xc8\x05\xf8\x06\xaa\xe6\x6e\xdf" "\x40\xc4\x9f\x0f\x4c\x42\x2d\x2a\x9c\x78\x77\xda\x0f\x38\xf0\xdb\x78" "\x63\xc5\xa0\x1b\xc1\xdb\x3f\xe3\x26\xfb\x7d\xf5\x89\x0b\x34\xc5\x9e" "\x97\xcc\xfd\x9c\xd8\xef\x1a\x42\x44\x57\xc9\xd5\xa0\xcc\x32\x42\xe7" "\xc5\x4e\x2a\x46\x68\x35\xdb\x7c\xc4\x8b\x97\xb4\x54\x43\x1f\x4c\x1c" "\x60\x31\x49\x63\xa5\x4c\xfe\x24\x17\xc2\x52\xd0\x4d\xa3\x10\x74\xe7" "\x02\x0e\x22\xf8\x10\xe1\x5a\x15\x6e\x24\x98\xda\xec\x81\x25\xb0\x1d" "\x54\x68\xf8\xea\x06\xda\x61\x8d\x95\xad\x55\x80\x2f\x10\x03\x25\x7c" "\x70\xe6\x61\x80\x31\xf5\xac\x37\xd2\x0f\xa3\xa7\xb9\x79\xc2\x37\x1b" "\x63\x1d\x03\x88\x90\x18\x93\x0c\xf2\xc3\xe5\x8c\x45\xf8\xf9\x7c\x88" "\xb7\xfd\xd4\xd3\x75\x6a\xe8\x1a\x81\x22\xbd\x36\xc0\x0c\x79\xde\x7a" "\x46\x77\x87\x03\xc2\xb7\x69\xbe\x4b\x08\xc5\x31\xf4\x25\x92\x01\xaf" "\xf2\xd2\xd3\x51\x1b\xd6\x70\x30\x54\x75\x42\x90\x21\xe9\x7c\x77\x3b" "\xf8\x29\x4b\x8c\x24\xac\x92\x96\x3d\xd6\xce\x81\x00\x13\x40\x77\x55" "\x54\xf1\x02\xf8\x76\x50\x49\x80\xf6\xe4\x36\x89\xc5\x8a\xa3\x11\x31" "\x17\xb9\x1d\x64\x85\xb7\x96\xd5\x39\xbb\x73\x48\x52\x94\xb4\x5c\x3a" "\xc0\x5a\x4a\xb8\xb9\xb4\xe3\xfc\xe7\x10\x81\x32\xbd\x1c\xd8\xc4\x30" "\xe3\xd4\xb3\x11\x59\xf0\x79\x80\xdd\x26\xb7\xdd\x5b\x27\x1a\x05\xba" "\x92\x7f\x4a\x05\xfa\x28\xd1\x62\x2a\x0d\x7b\x8d\x3f\x42\xd6\x13\x63" "\x9d\x33\xce\xe9\x3f\x84\x16\xb6\x88\x7b\x6d\xba\xce\x13\xf9\xc4\x9a" "\x80\xb8\x88\x08\x60\x66\xb1\x2d\x5e\x66\xcb\xae\xe7\xf6\x27\xe1\x9f" "\x69\xaa\x46\x81\x2d\xf4\xd3\x76\xb2\x62\xa7\x9d\x89\xe1\x3c\xd6\x12" "\x04\x28\x85\x92\xc9\x57\x9d\x68\xe5\xaf\xce\x8b\x5d\xbc\x7b\xbc\x05" "\x3f\xff\xc9\x47\x5b\xce\x15\xad\x71\x3a\x54\xdd\x2d\xbf\x5c\x7e\xd7" "\x5d\x2e\x44\xef\xc2\xae\x6f\xb1\xfb\xa4\x24\x45\x70\x0c\x6d\x4d\xf7" "\x34\x8c\xe5\xd9\xc6\x10\x18\xdd\x2f\x75\xfd\x35\x7c\x5d\x1f\x60\x0a" "\xc0\xc7\x8b\x03\xed\xe9\x4b\xff\x03\x88\x1e\x83\xb2\x64\x9a\x04\x14" "\x97\xf0\xe0\xbe\x2f\xa0\x6a\x45\xbd\x6b\xa9\x1e\x6a\xa8\x9c\xcd\xdf" "\x40\x5a\xfa\x33\xf7\x9d\xd3\xec\xc8\x66\x8b\xc0\x19\xb7\x50\x59\x64" "\x50\x58\x9b\xe9\x23\xa5\xac\xb4\x5d\xf4\x87\xa7\x0b\xfd\xeb\x73\x62" "\x3d\xcc\x85\xe4\x10\xc6\x69\xef\x4e\x68\x24\x88\x7f\x34\x80\xf3\x16" "\x63\x11\x2e\x01\xdd\x3a\x51\x8b\x3d\xc6\xb1\xad\x92\x9f\xfb\xc2\xaa" "\xf3\x04\xd2\x56\xf2\x11\xda\x8b\x0c\x91\x8a\x5c\x18\x75\xd7\x10\x6a" "\xa5\x30\xd9\x27\x3b\xe3\x22\xca\x36\x7d\x18\x87\xcf\xb4\xa7\x0e\x31" "\x5b\x47\xbb\xb2\x95\x37\xd1\x36\x4d\xe0\x36\x4c\x55\x63\x96\x8a\x97" "\x83\x3d\x08\xbb\x1a\x30\x7d\x07\xbe\x78\x0e\x7b\x88\x04\xc5\x16\xfd" "\x07\x81\xd0\x3a\xd1\x65\x5e\xb8\xd8\x45\xd4\xaa\xef\xac\x95\x37\x2e" "\xe1\x96\xd4\xe2\xfa\xa4\xce\xe2\xaf\xa3\x3e\x20\x01\x4f\x82\x58\x97" "\xed\x43\x0b\xac\x8e\x46\x4d\x26\x73\x1a\x74\x6c\x23\x2a\xba\x17\x95" "\xf4\x59\x41\x0e\x9f\x24\xa4\xb6\x79\xa4\x7c\x3b\xa2\x7b\xe9\xa2\xe6" "\x0c\x39\xaa\x08\x7a\x59\x63\xc4\xf5\x1a\xf1\x41\xa5\xa2\x56\xd1\xf2" "\x43\x32\xb0\xfd\x9b\x19\xe0\x66\x80\x40\xe9\xe4\x37\x8a\x80\x17\x71" "\xeb\x1a\xdc\xfa\x27\x85\xc4\x37\x81\x29\x38\x3b\xd7\x1a\x5c\x84\x0a" "\xef\xf8\x7e\x76\x6c\x85\x20\x99\x55\xc0\x91\x25\x8e\x51\x0a\x1d\xfe" "\xd5\xed\x92\xcd\x43\x9a\x44\x8c\x65\x8a\x9e\xa7\x24\x36\xbb\xd8\xe9" "\x7d\xe4\x65\x8d\xad\x09\x31\xf2\xad\x56\x70\x0f\x5e\x08\xd2\xbe\xe9" "\xcc\x25\xe7\x06\x06\xcd\xfc\x2a\xfc\xc7\x46\x9e\xce\xf7\xbb\x83\xb5" "\xcd\xcd\xd0\x79\x09\xa3\x6b\x46\xb1\xcf\xc8\x61\xa0\x64\x72\x4c\xde" "\x80\x63\x34\x27\xcc\x34\xa1\xfb\x75\x88\x08\xc5\x54\x42\xc1\x63\x34" "\x16\x38\xc6\x17\xfe\x09\x64\x23\xde\x77\xf5\x6e\xdb\xc1\xb7\x9f\x84" "\x82\xa4\xc8\xb1\x97\xcc\xc0\x97\xc1\xf1\xf2\x68\x64\x0f\x80\xfb\x10" "\x4f\x19\x12\x42\x77\x8d\x79\xcf\x9b\x73\xd4\x49\x3b\xe2\x4e\x7e\xcf" "\xb2\xea\x7d\xb8\x4b\x52\x97\x1c\xd4\xb0\x0a\x05\x8d\xc3\x5f\xa7\x90" "\x1e\x5a\x17\xb1\x09\xb1\x82\x29\x0a\xc9\xa8\xf9\xb2\x81\x9a\x87\x53" "\xbf\xbe\xa6\x35\xba\x09\xd3\x8d\x69\x4a\x2d\xd8\x0a\x56\xf8\xa4\x56" "\x19\x0a\x10\xca\x89\x0d\xdf\x72\xc9\x73\x69\x17\xbc\x5a\x04\xf1\x02" "\x4c\xbe\x66\x09\x6f\x46\x07\x4b\xba\x1d\xfc\x90\xaa\x4f\xe8\xd7\xfe" "\xe6\x17\xa9\x63\x60\x43\xb7\x6a\x47\xbd\x16\xfb\xe9\x60\x10\x12\xe1" "\xc8\x89\x83\xc2\xa9\xf5\x11\x21\xf4\xfc\xe5\x3d\x7a\xd6\xe3\xa4\xe0" "\xd8\x04\xa6\xf0\xb0\xc0\x62\x4d\x59\xb2\x3e\x69\x83\xbc\x95\xfa\xdf" "\xad\x44\x9f\x8d\x72\x68\xe0\xb5\x98\xd3\xd7\x95\xdb\xb0\x1c\x94\x9e" "\xf9\x96\xc1\x94\x02\xaa\x3e\xae\x4f\xcc\xb7\x7a\xcf\x25\x94\xd5\xac" "\xd3\x18\x25\xea\x8f\x24\x50\xae\x8e\x96\xcc\x5a\x36\xbe\xd7\x7a\xb3" "\x56\x38\x12\x8d\xe5\xb2\xc2\xd6\xef\x4e\x9d\xa8\xa2\xfa\x5f\xa6\x44" "\x7b\x53\x4f\xfc\x8e\x58\xf5\xbb\xb3\xc5\xe2\x6d\x16\xad\xdd\xab\x87" "\xda\xc3\xec\x24\x0c\x85\xb0\x70\x20\xc9\xeb\x57\xab\xa8\x46\x9b\xaf" "\x4b\xec\x94\x16\x19\xbb\x54\x3f\xcb\x41\xe4\x08\xcb\x75\x3d\x81\xd8" "\x4a\xa1\xa5\x4f\x09\x29\x3b\x0b\x6f\x97\x36\x7e\x3d\x3f\xb4\xa5\x70" "\xe0\x8d\x75\x89\x49\xd5\xaf\xb0\x92\xab\xc1\x74\xab\xbd\x9d\x87\xe2" "\x74\x41\x25\x4d\x2f\x22\x38\x51\xde\xb2\xd7\xda\x54\xf9\x3c\x4c\x1d" "\x8a\x91\xf5\xf4\x16\xf0\x56\x29\xf0\xff\xd4\xc5\x5b\x47\x5f\xb4\xbe" "\x87\x97\x12\xcf\x42\x98\x88\x67\x77\x8f\x89\x66\x1e\x3d\x2b\x3e\xc3" "\x68\xab\x77\x3e\x4f\x43\xf0\xf6\xf7\x4f\x54\x2a\x72\x41\x24\xca\xd1" "\xa3\xb5\xfa\x58\x06\x9e\x63\xb8\xb9\xca\x15\xae\xe9\x2d\x6c\xbd\xa0" "\x27\x15\xb0\xf6\xdc\x1d\x62\x35\x4b\xae\x13\x7b\x32\xd4\x18\xf2\x43" "\x05\x7c\xba\x20\x94\x2d\xfc\x05\xc9\x42\x55\x25\x76\xbc\x67\x9d\x74" "\x39\x11\x08\x95\xa8\x63\xa9\x86\x57\xee\xa4\xca\xd9\x0e\x61\x1a\x30" "\xb8\xda\xfc\x42\xd5\xec\x8e\x76\x38\xd0\xe4\x28\x66\xea\x02\x8e\xfd" "\x32\x98\x4f\xa6\x13\xc7\x5f\x28\xc8\xeb\x1b\xd6\x49\x2f\x3c\x4d\xe7" "\x39\x76\xd2\x68\x4e\x77\xd8\x50\x27\xf9\x6b\x9b\x7d\x8f\x8c\x2d\xe9" "\xde\xc0\xdf\xb5\x87\x2c\xff\x19\xf1\x6e\x9d\xcb\xea\xfa\x12\x6a\x58" "\x90\x0c\xb5\x99\x7b\x7c\x95\x0f\x79\xf2\x88\xd4\x24\xd0\x90\x4d\xa2" "\x7d\x47\x16\x90\xde\x5f\x5a\x22\x37\x87\xc5\x9a\xd6\x98\x45\xb7\x8a" "\x7c\xb6\xe7\x56\x1f\xd1\x8a\xdb\x70\xe1\xe4\x14\xfe\xa0\x74\xdb\x72" "\xa5\x82\x89\xea\x12\x52\x9b\x04\xf2\x53\x0f\xf6\x8b\xe3\x84\xb5\x86" "\xeb\xd8\x64\x03\xc5\x25\x90\x14\x13\x95\x51\x5c\x5c\xf9\xc2\xed\xe3" "\xea\x4a\x28\xb6\xe5\x09\x58\xbb\x39\x70\xfa\xe5\x15\x75\x5a\xa1\x2c" "\x4b\x00\x67\xae\x42\x16\xe2\xc4\x4a\xc5\x0d\x59\x19\x09\xbb\xe4\x8a" "\x15\x00\xc7\x4b\xef\x59\x49\x7e\xba\x57\xf6\xe5\x49\xcc\x58\xd6\xd4" "\x82\x25\xde\x04\x21\xaf\x97\x15\x3a\x53\x52\x69\x6d\xa8\xd3\xa2\x77" "\xaa\xfb\xa2\x19\x41\x09\xf6\x6c\x8c\x44\x53\x6a\x95\x3d\xe4\xe2\x7b" "\x51\xe4\xef\x84\x93\xfd\x44\xb8\x60\xcd\x34\x57\x72\x35\x23\x71\x0d" "\xba\x40\x5c\xc3\xb2\xa4\xf4\x54\xd6\x3f\xc6\xa2\xb1\xf0\xb8\xc4\x7a" "\x73\x6f\x45\x44\xff\xeb\xe8\x78\xd6\x49\xe2\xc5\xf0\xef\x6d\xc4\x37" "\xf3\x43\xb9\x44\xa2\xf9\x05\xda\xfe\xac\x8f\xfc\xae\x4e\xd5\x2c\xfd" "\xa7\x9c\xc4\x2b\x1a\x8c\xe0\x5c\x0d\xbc\xf3\x4b\x48\xc1\x2f\x1a\x9f" "\x51\xbe\x76\x78\x88\x5f\xc2\xdb\xc9\x0e\x03\x3c\xc5\x80\xbc\xa7\x6d" "\x02\xce\xba\x05\x66\x32\xf7\x65\x35\x0d\xc8\x34\xa7\x3c\xf5\x7b\xdc" "\xc6\xce\xf5\xa5\x27\xaa\xba\x90\xe1\x0e\x01\x79\xf0\x0e\xaa\xd3\x9c" "\x3d\x3e\x8c\xd6\xa5\xbd\x79\x2c\xd6\xd0\x88\x28\x8f\x52\xf0\x71\x69" "\xca\x9a\x3d\x3c\xb0\xf4\xc0\xb2\xb1\xd0\xfe\x96\xd0\x4e\xd0\xa9\xc1" "\x0b\x9b\x49\x85\xcc\xb0\x7d\x3b\xbc\x59\x31\x00\xa7\x48\x8d\xd9\x07" "\x9e\x3f\x89\xf3\xf8\xca\x11\x23\x31\x77\xf2\xd3\x2f\xb7\x1a\xaa\xaa" "\x55\x86\x0c\xd6\x45\x78\x94\x1f\x04\xfe\x6b\x7e\x3a\xa6\x7f\x44\x2e" "\x60\xc5\xb1\x5a\xf7\xb0\xcd\xf4\x3c\x58\xdf\xd9\x59\x8a\xf2\xa6\x05" "\xf6\xbb\x77\xbd\xb6\xf9\x89\xec\x0f\x76\xa0\x70\xf3\xfe\x9e\xc8\xb8" "\x67\x01\x25\x93\x19\x16\xcf\x51\xb3\xeb\xf9\x11\xf1\x2c\x4f\xb4\x25" "\x14\xd9\x4c\x66\x13\x1d\x64\x63\xf6\x8b\x0c\xf7\xc0\x1d\xac\x61\xc0" "\x51\xab\x37\x54\x12\x06\xcf\x66\x95\xfa\x0a\x98\x46\x66\xea\x10\xcb" "\x19\xd6\x28\xff\x0e\x15\x99\xd2\xa5\x42\x06\x83\xed\x06\xa0\x64\xa0" "\x55\x55\x79\x05\xf3\xb6\x74\x38\xaf\x17\x9e\xd3\x01\x2b\x09\xf6\xc1" "\x2b\xa4\xa1\x8d\x6d\x6f\xb2\x56\x18\x75\x5a\x68\x84\x5a\xca\xc4\xc2" "\x03\xfa\x44\xcd\x67\x2d\x2a\x9b\xea\x2b\x29\x33\xf4\xa0\x7d\xfe\x7c" "\x5a\x91\x44\xf3\xd5\x4a\x5a\x5e\x50\x37\x9c\xc6\x66\x40\x8c\x9c\x8e" "\xa4\x26\xf6\xbe\x90\x43\x81\x03\xc0\x1e\x5c\xe8\xb3\x67\xe0\x13\x21" "\x13\x16\x8f\xb4\xd0\x10\x58\xf6\xbb\x62\xfd\x71\x06\x50\x31\xa6\xf8" "\x96\xc9\xb3\x2f\xab\x4d\xc0\xab\xad\xc4\x3a\x56\x27\xdc\x04\x6a\x25" "\x3e\xa1\xab\xc3\x78\x55\x84\xa1\x0c\x4c\xa6\xd3\x7d\xef\x5f\x1d\xb8" "\x66\xf9\x62\xc1\x7a\xbe\x65\xe8\xbb\x77\x2e\x7d\x4f\xe6\x9f\x71\xc9" "\x7c\xdf\x62\x7c\xb8\x29\x8c\x93\xc0\x78\xda\xdd\x23\xbc\x2f\x6a\x56" "\x81\xfc\xc9\xa4\xad\x07\xa7\x58\xd7\xc1\x0e\x65\xc4\x32\xef\xf6\x6b" "\x2b\x86\xcf\x8a\x53\x08\x56\xe5\xe5\xd1\x64\x83\x5a\x3d\x26\x54\xae" "\xc1\xc0\xbc\x5f\x03\x14\xfb\xe5\xc7\x0d\x8d\x25\x5d\xf2\x94\xfe\xf6" "\x3b\xf6\x9d\x96\x2c\x20\x76\x7d\x6c\xb1\x70\x96\x0d\xc1\xe5\xf7\x51" "\x19\x9a\x29\xf2\xab\x09\xeb\x18\x33\xee\xd0\xdf\x1b\x6b\x45\xef\x32" "\x7a\xb0\xeb\x62\x52\x61\x7e\x07\x7a\x79\xe5\x7e\x2d\xe8\xa9\xb9\xa6" "\xaa\x4c\xc2\x05\x4a\x46\x20\x09\x75\x93\xfa\x1a\x24\xe6\x1b\x8d\x89" "\xbe\x6f\x5d\x01\x5a\xa1\xc7\x24\x8b\x3b\xe6\x67\x23\xc5\xb6\x8d\x76" "\x66\xf7\x4e\x1a\x0d\x2e\xd0\xdc\x8c\xa2\xef\xa3\xa6\x64\xe5\xc1\xfd" "\x68\x42\x09\x1b\x3c\xb8\x0f\x4b\x4e\xbd\xfc\xd4\xb9\xaa\xf9\xd1\x3f" "\x88\xaa\x01\xf5\x6a\x20\x3f\x2f\x52\x95\x4b\x5a\x90\x4f\x2b\x0c\x2d" "\xae\xf4\x72\x9d\x70\xc3\x5c\xa1\xb8\xeb\x7d\x9c\xc2\xc5\xc6\xaa\x2e" "\x57\x58\xa5\x7d\x3e\xae\x89\x85\x2c\x69\x6c\xa8\x59\xf5\x96\x09\xd0" "\x57\x36\x06\xe0\xd0\x41\x89\x2c\xde\x02\xc7\x83\x99\x4c\xe4\x04\x45" "\x63\x20\x89\x43\xcf\x7b\x38\x56\xf7\x66\x4a\xcb\xbb\x8e\x73\x75\x16" "\x87\xf5\x0b\x38\x4c\x40\x52\x1c\xe5\xb1\xe9\x44\xa7\xbd\xfa\x6c\x1a" "\x4b\x41\xae\x7b\x74\xac\x9d\x77\xa7\xa8\x6a\xd0\x71\x60\x7b\x75\xc3" "\x1c\xa8\xc2\x8c\xe3\x84\x09\xfd\x2e\x72\xaa\x6b\x22\x99\xc7\x1a\x4d" "\x78\xd3\xe3\xee\xd6\xf6\xe8\x2b\x9c\xe2\xb8\x38\x7a\xe3\xfe\x6b\x44" "\x6e\xd0\x16\xa1\x95\x98\x9f\xb0\x24\xeb\xf6\x9f\xf7\xd2\x72\x3f\xef" "\x02\xe7\x8f\x65\x4a\x8b\xe2\x45\xa3\x25\x95\xd6\xd5\xd6\xe2\x03\xa6" "\x2c\x04\x9d\xfa\xd9\xf3\xd1\x71\x05\x19\x41\x9d\xe6\x2f\x0e\x3c\xd3" "\xbc\x7a\x9e\x75\xf0\x43\x58\x12\x36\xc5\x47\x1f\x2e\xfe\x32\x82\xa1" "\xa6\x23\xd2\x53\x8d\x67\x98\x88\x41\x37\x9d\xa7\xb9\xce\xfd\x0a\xa0" "\x7d\x36\x5d\xe4\x15\x18\xc6\x16\x42\x76\xb3\xbb\xbc\x7c\x8c\xe4\xd0" "\x12\x01\x14\xae\x5e\x43\x3b\xfd\x52\xee\x22\x9d\x2a\x0f\x23\xff\xc4" "\xf5\xfd\xe2\xb0\x0c\x09\xf4\x40\x5b\x5c\x8c\x0d\x85\x34\xf0\xb9\x79" "\x9d\x60\x4b\x8b\x12\xcb\x2c\xe1\xfb\x82\xaf\x3f\xa0\xbd\x0a\x94\x11" "\x5b\x82\xf4\x8f\xa8\x67\xe2\x7e\x26\xa9\x67\xe9\x02\xea\x3a\x89\xdf" "\x1b\xb2\x95\x56\x18\x6d\x07\xf0\x6c\x6b\x9f\x56\x27\xc0\x42\xa3\x94" "\x88\xe4\x24\x49\x62\x2c\x64\xeb\xbd\xd7\x79\x6c\xdf\xd1\x1d\x27\x46" "\x27\xdf\xec\xc7\x9b\x4a\xb2\x58\x6d\x17\x57\xe1\xda\x71\x71\x2a\x18" "\x67\x0b\xed\x5b\x40\xae\x03\xc5\x54\xab\x12\x8f\x0e\x12\x0b\x3e\xed" "\x18\xa1\x4a\xcf\xd9\x8a\x57\x87\xec\x8d\x90\x63\xd2\x1b\xfc\x88\x94" "\x0b\xde\xbb\x9f\x65\x05\x73\x38\x11\x3b\x53\x82\xb4\x59\x46\x7a\x24" "\x6e\xfb\x63\xd7\x1a\x70\x75\xc2\x6d\x54\x55\x4d\x20\xf3\x9c\x16\xed" "\xf6\xa9\x3f\x67\x27\x59\xf0\xa7\x77\x92\x1c\x01\x01\x5c\xa6\x6c\x56" "\xae\x82\xea\x82\xcc\x3e\x76\x2c\xaf\x2c\x6e\xef\x5f\xa6\xec\x6d\x40" "\xe7\xb7\x5f\x65\x83\x7e\x68\xb5\x04\xca\xc3\x3e\x5b\x25\x9c\xc9\xae" "\xc2\x1d\xa1\x3e\x05\xfe\xfd\xa5\x49\x27\x2f\xee\xc0\x53\xf8\xef\xb6" "\xaa\x69\x4e\x91\xd3\xe5\xf7\xe1\x81\x88\x65\xe5\x36\x6d\x68\xef\x37" "\x32\x91\x08\x8f\x28\x43\xc1\x69\xe5\xfb\xa8\xc9\x48\x76\xd1\x28\x49" "\x0b\x16\x06\x57\x43\x07\x23\x18\x27\x76\xe9\x15\xcb\xf4\x91\xf2\x14" "\x1b\x64\x84\xd7\xc7\xf9\x33\x4f\xa6\xb2\x10\x25\xa6\x97\x0b\x24\xa1" "\x40\x2b\x5e\x80\x31\x98\x0b\x88\xe2\x0b\x6b\x65\x51\x44\xf3\x55\xc6" "\x97\x2b\xfe\xe3\x14\x14\x41\xc1\x9a\x66\x3c\xde\xdf\xd1\xc1\x37\x0e" "\xb5\xc7\x14\x77\xdf\xae\x86\xf4\x3a\xe9\xe4\xa7\x1a\xd3\x44\xba\x98" "\x0a\x83\x81\xa4\xb2\x18\xe7\x75\x1e\x34\xc1\x86\x39\x33\x17\xee\x69" "\xc7\xf0\x91\x19\xc5\xac\x57\x5c\xba\xea\xb4\xe2\xe7\x45\x19\xec\x0f" "\x2f\xa1\xce\x29\xd2\xa1\x0e\xf1\xd3\xd1\x91\xd6\xc6\xf3\xa5\x3f\x58" "\x10\x44\x34\xb3\x06\xaf\xd1\x2e\xc6\x85\xb1\x6a\x09\xa9\x64\x7e\xc7" "\x65\xc0\x18\x49\x88\x03\xb5\x1d\x7f\x68\xc1\x6f\x98\x62\xa2\x17\x8a" "\x99\x94\x20\xe7\x0f\x91\x29\x61\x07\xf3\x07\xdf\x1d\xaa\x1e\x32\x50" "\xdb\xb7\x80\x18\xf5\x77\xaa\x99\xc6\x76\x46\xbb\x68\x33\x8a\xda\x44" "\x36\xcf\xe3\xfc\x47\x3b\xb6\xe3\x99\x02\x36\x07\xad\x2c\x3c\x3e\x5f" "\x47\x61\xce\xc5\x29\xfb\x9d\xf5\x78\xbb\x67\x1f\xf1\xa7\xe2\x5e\x3a" "\x41\x8d\xae\xf1\xb7\x68\xbc\xcc\xb8\x63\x8c\x0b\x12\x3a\x0a\x63\xc9" "\x2a\x03\x02\x0e\xa8\x69\xe1\xa7\x98\xf4\x38\x7b\x85\xc2\x14\x47\x19" "\x8d\x63\x28\x3c\x1d\x8b\x27\x52\x17\x5a\xf9\x8a\xbc\xee\xc7\xe5\x7f" "\x7b\xb4\xec\xc6\x0f\x64\xa0\xec\x1e\xa3\xbd\xb0\xa3\xdc\xf5\xf0\x3a" "\xb9\x06\x41\xa1\xf6\xe5\x53\xc7\x05\x6f\xf0\x3c\x78\x53\x59\xa2\xb3" "\x09\xd3\x28\x50\xd2\x37\xb2\x6b\xd0\xbd\x66\x01\xd4\xdc\xb4\x71\x44" "\x17\xa9\x08\x6f\xd3\x6b\xbb\x0b\x29\x2a\xa3\x5d\x44\x7b\x1f\xd0\xcd" "\x63\x36\x64\x7d\x27\x61\x57\x87\x32\x28\xc8\xd3\xe1\xbc\x27\xa6\x97" "\xd0\xa9\x6f\xb7\xc2\x2d\x95\x59\x46\xf5\x74\x94\xfd\x9a\xda\x6f\x04" "\x7d\x36\x91\x3b\x94\x71\xf8\x35\xb1\x15\x75\x26\x5e\xaa\x17\xef\xa2" "\x84\x74\x2f\xf2\x8a\x7f\x1c\xb0\x00\xe3\xac\xf7\x91\xe8\x96\x2c\x19" "\x11\x17\x18\x85\x60\xdf\xe5\x90\x8f\xf1\x93\xd9\xd6\xa3\x4f\xfd\x58" "\x39\x9d\x59\x74\x92\x21\x21\x38\x74\x13\x32\xf5\xf7\xbf\xf4\xee\x0b" "\xdb\x32\x3e\x6d\xa5\x85\xda\x7c\xb4\xc2\xff\xdb\xc7\x47\xef\x29\x3f" "\x4a\xaa\x07\xf5\x37\x9b\xbd\x6a\x3d\xdf\x7c\x5a\x75\xa8\x8f\x13\x58" "\xd0\xbc\x23\x3c\x1a\x7f\x48\xbd\xe8\x14\xd1\x54\x15\x9a\xe7\x4a\x85" "\x93\x32\x34\x25\x84\xd3\x6a\xbe\x28\x5e\xd0\xe3\xba\x94\x24\x8c\x2f" "\x07\xa0\x30\xb1\x3b\x16\x59\x40\x4e\x85\x62\x79\x62\x3d\x22\x79\xcb" "\x97\xf6\x18\x2c\x07\xe1\xca\x82\x78\xb3\x24\xa7\x4c\xda\x8f\x06\xea" "\x7d\x79\x5a\x35\xed\x3f\x53\x61\x40\x16\x93\x74\x5b\x0c\x2a\x86\xc3" "\x20\xb1\xe8\xc3\x2a\x5c\xcb\x89\x34\x6d\x5e\x27\x6e\x09\x5c\xe9\xca" "\xf6\xcb\x3d\x0d\x4c\x7a\x00\xfa\xe2\xa2\xe6\xb0\x0d\xea\xe2\x0b\xb5" "\x4c\x3b\xc2\x30\xe6\xbc\x81\x87\x00\xba\x1c\xb7\x79\xa9\xff\xf6\x97" "\xc6\x97\x85\x0b\x2f\x37\x87\xfe\x1f\x3e\x4d\x6a\x13\x0d\x1a\xa7\xd8" "\x2f\xdb\x32\x51\xc3\x2e\x92\xe7\x9d\x3a\x4a\x3b\x2c\x29\x98\xbd\x84" "\x19\xbe\xf8\x2c\xa1\xd1\x4f\xd7\x07\x72\x4d\x83\xdb\x26\xbe\x8f\xce" "\x50\x0b\x69\x69\xdc\x6f\x27\x36\x84\x45\x9e\x45\x01\x15\x6a\x3a\xde" "\x31\xf9\x8c\x36\xb9\x21\x65\x1f\xc3\xa6\xe0\xfc\xa0\xc7\x35\x68\xc3" "\x04\x90\xf9\x14\x5f\x47\x04\x09\x7d\x8d\xff\x41\x24\x98\x8d\x1e\xc0" "\xad\xe9\x24\x11\x3e\x36\x5b\xa0\x6f\x59\x02\x58\xeb\x0b\x7b", 8192)); NONFAILING(*(uint64_t*)0x20000b80 = 0); NONFAILING(*(uint64_t*)0x20000b88 = 0); NONFAILING(*(uint64_t*)0x20000b90 = 0); NONFAILING(*(uint64_t*)0x20000b98 = 0); NONFAILING(*(uint64_t*)0x20000ba0 = 0); NONFAILING(*(uint64_t*)0x20000ba8 = 0); NONFAILING(*(uint64_t*)0x20000bb0 = 0); NONFAILING(*(uint64_t*)0x20000bb8 = 0); NONFAILING(*(uint64_t*)0x20000bc0 = 0); NONFAILING(*(uint64_t*)0x20000bc8 = 0); NONFAILING(*(uint64_t*)0x20000bd0 = 0); NONFAILING(*(uint64_t*)0x20000bd8 = 0); NONFAILING(*(uint64_t*)0x20000be0 = 0); NONFAILING(*(uint64_t*)0x20000be8 = 0); NONFAILING(*(uint64_t*)0x20000bf0 = 0); NONFAILING(*(uint64_t*)0x20000bf8 = 0); NONFAILING(syz_fuse_handle_req(r[0], 0x20006380, 0x2000, 0x20000b80)); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); setup_sysctl(); setup_802154(); install_segv_handler(); for (procid = 0; procid < 6; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_namespace(); } } sleep(1000000); return 0; }