// https://syzkaller.appspot.com/bug?id=de836bfde2d37d8cbe9843e3baa33a029ad69c34 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } else if (strncmp(fs, "gfs2", 4) == 0 && (strstr(opts, "errors=panic") || strstr(opts, "debug"))) { strcat(opts, ",errors=withdraw"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; const int umount_flags = MNT_FORCE | UMOUNT_NOFOLLOW; retry: while (umount2(dir, umount_flags) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, umount_flags) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, umount_flags)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, umount_flags)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); if (symlink("/dev/binderfs", "./binderfs")) { } } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // syz_mount_image$ext4 arguments: [ // fs: ptr[in, buffer] { // buffer: {65 78 74 34 00} (length 0x5) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 30 00} (length 0x8) // } // flags: mount_flags = 0x800744 (8 bytes) // opts: ptr[in, fs_options[ext4_options]] { // fs_options[ext4_options] { // elems: array[fs_opt_elem[ext4_options]] { // fs_opt_elem[ext4_options] { // elem: union ext4_options { // data_err_ignore: buffer: {64 61 74 61 5f 65 72 72 3d 69 67 6e // 6f 72 65} (length 0xf) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // oldalloc: buffer: {6f 6c 64 61 6c 6c 6f 63} (length 0x8) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // debug_want_extra_isize: fs_opt["debug_want_extra_isize", // fmt[hex, int32]] { // name: buffer: {64 65 62 75 67 5f 77 61 6e 74 5f 65 78 74 72 // 61 5f 69 73 69 7a 65} (length 0x16) eq: const = 0x3d (1 // bytes) val: int32 = 0x5a (18 bytes) // } // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // nobh: buffer: {6e 6f 62 68} (length 0x4) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // errors_remount: buffer: {65 72 72 6f 72 73 3d 72 65 6d 6f 75 // 6e 74 2d 72 6f} (length 0x11) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // nodiscard: buffer: {6e 6f 64 69 73 63 61 72 64} (length 0x9) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // grpid: buffer: {67 72 70 69 64} (length 0x5) // } // comma: const = 0x2c (1 bytes) // } // } // common: array[fs_opt_elem[fs_options_common]] { // } // null: const = 0x0 (1 bytes) // } // } // chdir: int8 = 0x1 (1 bytes) // size: len = 0x47a (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x47a) // } // ] // returns fd_dir memcpy((void*)0x2000000001c0, "ext4\000", 5); memcpy((void*)0x200000000b80, "./file0\000", 8); memcpy((void*)0x200000000300, "data_err=ignore", 15); *(uint8_t*)0x20000000030f = 0x2c; memcpy((void*)0x200000000310, "oldalloc", 8); *(uint8_t*)0x200000000318 = 0x2c; memcpy((void*)0x200000000319, "debug_want_extra_isize", 22); *(uint8_t*)0x20000000032f = 0x3d; sprintf((char*)0x200000000330, "0x%016llx", (long long)0x5a); *(uint8_t*)0x200000000342 = 0x2c; memcpy((void*)0x200000000343, "nobh", 4); *(uint8_t*)0x200000000347 = 0x2c; memcpy((void*)0x200000000348, "errors=remount-ro", 17); *(uint8_t*)0x200000000359 = 0x2c; memcpy((void*)0x20000000035a, "nodiscard", 9); *(uint8_t*)0x200000000363 = 0x2c; memcpy((void*)0x200000000364, "grpid", 5); *(uint8_t*)0x200000000369 = 0x2c; *(uint8_t*)0x20000000036a = 0; memcpy( (void*)0x2000000006c0, "\x78\x9c\xec\xdb\xcb\x8f\x14\xc5\x1f\x00\xf0\x6f\xf7\x3e\x80\x1f\x8f\xe5" "\x87\xf8\x00\x51\x57\x89\xc9\x46\xe3\x2e\xbb\xa0\x72\xf0\xa2\xd1\xc4\x18" "\x8c\x26\x7a\xc0\xe3\x3a\x3b\x90\x0d\x03\x6b\xd8\xd5\x08\x12\x59\x8c\xf1" "\x64\x62\x48\xf4\x4c\x3c\x1a\xfd\x0b\xbc\x19\x13\xa3\x9e\x4c\xb8\x7a\xf2" "\x64\x48\x88\x72\x01\x3c\xad\xe9\x9e\x6e\x98\x1d\x66\x78\xb8\x33\xcc\xb2" "\xf3\xf9\x24\x3d\x53\xd5\x5d\x3d\x55\x35\xd5\x8f\xea\xaa\x99\x00\xfa\xd6" "\x68\xf6\x92\x44\x6c\x8a\x88\xdf\x23\x62\xa4\x1e\x5d\x9e\x60\xb4\xfe\x76" "\xe5\xd2\xa9\xca\xd5\x4b\xa7\x2a\x49\x2c\x2d\xbd\xf5\x57\x92\xa7\xbb\x7c" "\xe9\x54\xa5\x4c\x5a\xee\xb7\xb1\x88\x8c\xa5\x11\xe9\xa7\x49\x91\xc9\x72" "\xf3\x27\x4e\x1e\x99\xae\xd5\xaa\xc7\x8b\xf8\xc4\xc2\xd1\xf7\x26\xe6\x4f" "\x9c\x7c\xe6\x83\xa3\xd3\x87\xab\x87\xab\xc7\xa6\xf6\xef\xdf\xb7\x77\xf2" "\xf9\xe7\xa6\x9e\xed\x48\x3d\xb3\x7a\x5d\xde\xf9\xf1\xdc\xae\x1d\xaf\xbe" "\x73\xf6\xf5\xca\xc1\xb3\xef\xfe\xf2\x5d\x56\xde\x4d\xc5\xf6\xc6\x7a\x74" "\xca\x68\x56\xf1\xbf\x97\x72\xcd\xdb\x9e\xec\x74\x66\x3d\xb6\xb9\x21\x9c" "\x0c\xf6\xb0\x20\xdc\x91\x81\x88\xc8\x9a\x6b\x28\x3f\xff\x47\x62\x20\xae" "\x37\xde\x48\xbc\xf2\x49\x4f\x0b\x07\x74\x55\x76\x6f\x5a\xd7\x7e\xf3\xe2" "\x12\xb0\x86\x25\xd1\xeb\x12\x00\xbd\x51\xde\xe8\xb3\xe7\xdf\x72\xb9\x4b" "\x5d\x8f\x55\xe1\xe2\x8b\xf5\x07\xa0\xac\xde\x57\x8a\xa5\xbe\x65\x30\xd2" "\x22\xcd\x50\xd3\xf3\x6d\x27\x8d\x46\xc4\xc1\xc5\x7f\xce\x65\x4b\x74\x69" "\x1c\x02\x00\xa0\xd1\xe7\x95\xaf\x0e\x0c\x47\xc4\x47\x57\xbf\x7d\x2d\xeb" "\x7b\x8c\x44\x44\x39\x1e\xf4\x40\xfe\xfa\x47\xfe\xba\xa5\x98\x43\xd9\x1a" "\x11\xff\x8f\x88\x6d\x11\x71\x5f\x44\x6c\x8f\x88\xfb\x8b\xb4\x0f\x46\xc4" "\x43\x2b\x2c\xcf\x8d\xfd\x9f\xf4\xc2\x0a\x3f\xf2\xa6\xb2\xfe\xdf\x0b\xc5" "\xdc\xd6\xf2\xfe\x5f\xd9\xfb\x8b\xad\x03\x45\x6c\x73\x5e\xff\xa1\xe4\xd0" "\x6c\xad\xba\x27\xd6\xe5\xdf\xc9\x58\x0c\xad\xcb\xe2\x93\x37\xc9\xe3\x87" "\x97\xcf\x7f\xd1\x6e\x5b\x63\xff\x2f\x5b\xb2\xfc\xcb\xbe\x60\x51\x8e\x0b" "\x83\x4d\x03\x74\x33\xd3\x0b\xd3\x79\xa7\xb4\x03\x2e\x9e\x89\xd8\x39\xd8" "\xaa\xfe\xc9\xb5\x99\x80\x24\x22\x76\x44\xc4\xce\x3b\xfb\xe8\x2d\x65\x60" "\xf6\xa9\x6f\x76\xb5\x4b\xd4\xba\xfe\x97\xcf\xdd\x56\x0e\x1d\x98\x67\x5a" "\xfa\x3a\xab\xde\x62\x56\xff\xc5\x68\xaa\x7f\x29\x69\x9c\x9f\x9c\xbd\x61" "\x7e\x72\x62\x7d\xd4\xaa\x7b\x26\xea\x47\x45\x2b\xbf\xfe\xf6\xd9\x9b\xed" "\xf2\xbf\x75\xfb\x77\xd7\xc5\x6a\xfd\xbd\xa1\xfd\x9b\x93\x6c\x4d\x1a\xe7" "\x6b\xe7\x3b\x9b\xff\x7f\x3c\xfe\xd3\xe1\xe4\xed\x7c\x9e\x79\xb8\x58\xf7" "\xe1\xf4\xc2\xc2\xf1\xc9\x88\xe1\xe4\x40\x1e\x5f\xb6\x7e\xea\xfa\xbe\x65" "\xbc\x4c\x9f\x1d\xff\x63\xbb\x5b\x9f\xff\xdb\x8a\x7d\xb2\xfa\x3f\x1c\x11" "\xd9\x41\xfc\x48\x44\x3c\x1a\x11\x8f\x15\x65\x7f\x3c\x22\x9e\x88\x88\xdd" "\x37\xa9\xe3\xcf\x2f\xdd\xba\xfe\x91\xf6\xa8\xfd\xcf\x44\xcc\xb4\xbc\xfe" "\x5d\x3b\xfe\x9b\xda\xff\xce\x03\x03\x47\x7e\xfa\xbe\x5d\xfe\xb7\xd7\xfe" "\xfb\xf2\xd0\x58\xb1\x26\xbf\xfe\xdd\x42\xab\xe2\x64\x97\x8b\xe6\x02\xae" "\xe4\xbb\x03\x00\x00\x80\x7b\x45\x9a\xff\x06\x3e\x49\xc7\xaf\x85\xd3\x74" "\x7c\xbc\xfe\x1b\xfe\xed\xf1\xbf\xb4\x36\x37\xbf\xf0\xf4\xa1\xb9\xf7\x8f" "\xcd\xc4\xf9\x2d\xf5\xf1\xcf\xb4\x1c\xe9\x1a\x29\xc6\x43\x6b\xb3\xb5\xea" "\x64\xb2\x58\x7c\x62\x7d\x7c\x74\xaa\x18\x2b\x2e\xc7\x4b\xf7\x16\xe3\xc6" "\x5f\x0e\x6c\xc8\xe3\xe3\x95\xb9\xda\x4c\x8f\xeb\x0e\xfd\x6e\x63\x9b\xf3" "\x3f\xf3\xe7\x40\xaf\x4b\x07\x74\xd9\x86\x96\x6b\xa7\x86\xef\x7a\x41\x80" "\x1e\x68\x9e\x47\x4f\x97\x47\x4f\xbf\x11\x2e\x06\xb0\x56\xf9\xbf\x36\xf4" "\xaf\xf2\xfc\x6f\xf3\xbc\xdf\xf8\x3f\x18\x60\x8d\x71\xff\x87\xfe\xd5\xea" "\xfc\x3f\xdd\x14\x37\x17\x00\x6b\x93\xfb\x3f\xf4\x2f\xe7\x3f\xf4\xa9\xf4" "\xc7\x15\xec\xec\xa9\x00\xee\x75\xee\xff\xd0\x97\x56\xf2\xbf\xfe\x2e\x06" "\xd6\xaf\x8e\x62\xf4\x26\xb0\x5a\x1b\x25\x0f\x44\x94\x81\x74\x55\x94\x47" "\xa0\x4b\x81\x5e\x5f\x99\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x3a\xe3\xdf\x00\x00\x00\xff\xff\x8f\x73\xe7\x6a", 1146); syz_mount_image( /*fs=*/0x2000000001c0, /*dir=*/0x200000000b80, /*flags=MS_I_VERSION|MS_NODEV|MS_NOATIME|MS_MANDLOCK|0x300*/ 0x800744, /*opts=*/0x200000000300, /*chdir=*/1, /*size=*/0x47a, /*img=*/0x2000000006c0); // syz_mount_image$ext4 arguments: [ // fs: ptr[in, buffer] { // buffer: {65 78 74 34 00} (length 0x5) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: mount_flags = 0x10000 (8 bytes) // opts: ptr[in, fs_options[ext4_options]] { // fs_options[ext4_options] { // elems: array[fs_opt_elem[ext4_options]] { // fs_opt_elem[ext4_options] { // elem: union ext4_options { // grpid: buffer: {67 72 70 69 64} (length 0x5) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // auto_da_alloc: buffer: {61 75 74 6f 5f 64 61 5f 61 6c 6c 6f // 63} (length 0xd) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // jqfmt_vfsold: buffer: {6a 71 66 6d 74 3d 76 66 73 6f 6c 64} // (length 0xc) // } // comma: const = 0x2c (1 bytes) // } // fs_opt_elem[ext4_options] { // elem: union ext4_options { // journal_dev: fs_opt["journal_dev", fmt[hex, int32]] { // name: buffer: {6a 6f 75 72 6e 61 6c 5f 64 65 76} (length // 0xb) eq: const = 0x3d (1 bytes) val: int32 = 0x6 (18 bytes) // } // } // comma: const = 0x2c (1 bytes) // } // } // common: array[fs_opt_elem[fs_options_common]] { // } // null: const = 0x0 (1 bytes) // } // } // chdir: int8 = 0x7 (1 bytes) // size: len = 0x4da (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x4da) // } // ] // returns fd_dir memcpy((void*)0x200000000040, "ext4\000", 5); memcpy((void*)0x200000000000, "./file1\000", 8); memcpy((void*)0x200000000240, "grpid", 5); *(uint8_t*)0x200000000245 = 0x2c; memcpy((void*)0x200000000246, "auto_da_alloc", 13); *(uint8_t*)0x200000000253 = 0x2c; memcpy((void*)0x200000000254, "jqfmt=vfsold", 12); *(uint8_t*)0x200000000260 = 0x2c; memcpy((void*)0x200000000261, "journal_dev", 11); *(uint8_t*)0x20000000026c = 0x3d; sprintf((char*)0x20000000026d, "0x%016llx", (long long)6); *(uint8_t*)0x20000000027f = 0x2c; *(uint8_t*)0x200000000280 = 0; memcpy( (void*)0x200000000900, "\x78\x9c\xec\xdc\xc1\x6f\x14\xd5\x1f\x00\xf0\xef\x6c\x77\x69\x81\x1f\x3f" "\x0b\x22\x0a\xa2\x14\xd0\xd8\x18\x6d\xa1\xa0\x70\xf0\x82\x89\x89\x07\x4d" "\x8c\x78\x90\x63\xd3\x56\x82\x14\x30\xb4\x07\x21\x44\x4a\x62\xb8\x93\x78" "\x34\x31\x1e\x8d\x37\x4d\xbc\xea\xd1\x78\xf2\x0f\xc0\x83\x07\x13\x43\x42" "\x0c\x17\xc0\xd3\x9a\xd9\x9d\x69\xb7\xdb\xd9\xed\x2e\x2c\x2d\x65\x3f\x9f" "\x64\xbb\xef\xcd\xbe\x99\xf7\xde\xcc\xbc\xd9\xb7\xef\x75\x26\x80\xbe\x35" "\x92\xfe\x49\x22\xfe\x17\x11\x37\x23\xe2\xa9\x7a\x74\x79\x82\x91\xfa\xdb" "\xbd\x3b\x57\xa6\xee\xdf\xb9\x32\x15\x0b\xd5\xea\xc9\x7f\x92\x5a\xba\xbb" "\x69\x3c\x93\xaf\xb7\x35\x8b\x8c\x96\x22\x4a\x5f\x26\x4d\x1b\xac\x9b\xbb" "\x74\xf9\xec\xe4\xec\xec\xcc\xc5\x2c\x3e\x3e\x7f\xee\xb3\xf1\xb9\x4b\x97" "\x5f\x3f\x73\x6e\xf2\xf4\xcc\xe9\x99\xf3\x13\xc7\x8f\x1f\x3d\x72\xf8\xd8" "\x9b\x13\x6f\x74\x5f\xa9\x82\xfc\xd2\x7a\xdd\xdd\xf3\xc5\x85\xbd\xbb\xdf" "\x3d\x75\xe3\xfd\xa9\x72\xbe\x7c\x28\x7b\x6f\xac\x47\x4b\xe5\xee\x8a\x31" "\xd2\xe6\xb3\x97\xbb\xdb\xd4\x63\x6f\x5b\x43\x38\x59\xb9\x9f\xae\xae\x69" "\x61\xe8\xd8\x50\x76\x5a\x57\xd2\xf6\x7f\x65\xf6\xc0\xa9\xf5\x2e\x10\xb0" "\x66\xaa\xd5\x6a\x75\xb0\xf5\xc7\x0b\xd5\x66\xd7\x56\x2c\x01\x36\xac\x24" "\xd6\xbb\x04\xc0\xfa\xc8\xbf\xe8\xd3\xdf\xbf\xf9\x6b\x8d\xba\x1e\x8f\x85" "\xdb\x27\xea\x3f\x80\xd2\x7a\xdf\xcb\x5e\xf5\x4f\xca\x51\xca\xd2\x54\x9a" "\x7e\xdf\xf6\xd2\x48\x44\x7c\xbc\xf0\xef\x37\xe9\x2b\xda\x8d\x43\xfc\xf9" "\x88\x0a\x00\x00\xf4\x9d\x5f\x4e\xe4\x3d\xc1\xe6\xfe\x5f\x29\x76\x35\xa4" "\xfb\x7f\x36\x87\x32\x1c\x11\xdb\x23\x62\x47\x44\x3c\x1d\x11\x3b\x23\xe2" "\x99\x88\x5a\xda\x67\x23\xe2\xb9\xe6\x0c\x92\x88\x6a\x9b\xfc\x77\x36\xc5" "\x97\xf2\xff\x71\xfb\xc0\xc5\xd7\xd2\xc0\xad\x1e\x54\xb3\xa5\xb4\xff\xf7" "\x56\x36\xb7\xb5\xbc\xff\x97\xf7\xfe\x62\x78\x20\x8b\x6d\x8b\xc8\x3b\xcc" "\x33\x87\xb2\x7d\x32\x1a\x95\xc1\x4f\xce\xcc\xce\x1c\x6e\xb1\xfd\x4d\xab" "\xe4\xdf\xd8\xff\x4b\x5f\x69\xfe\x79\x5f\x30\x2b\xc7\xad\x72\xd3\x00\xdd" "\xf4\xe4\xfc\xe4\x83\xd5\x76\xa5\xdb\xd7\x22\xf6\x94\x9b\xeb\x9f\x94\xd3" "\x03\x97\x4f\xe3\x24\x11\xb1\x3b\x22\xf6\x74\xb1\xdd\xe1\x86\xf0\x99\x57" "\xbf\xdb\xbb\x18\xa9\x64\xef\x5f\xd7\xdf\x56\xaf\x7f\x4d\xb5\x60\x4a\xaf" "\xeb\xf9\xb8\x22\xd5\x6f\x23\x5e\xa9\x1f\xff\x85\x68\x3c\xfe\xc9\x52\x8e" "\x49\xfb\xf9\xc9\xf1\xa1\x98\x9d\x39\x34\x9e\x9e\x05\x87\x0a\xf3\xf8\xed" "\xf7\xeb\x1f\xb4\xca\x7f\xd5\xfa\xff\xf4\x57\xf3\x2a\xef\x1c\xfb\xf9\xe4" "\x43\xd7\x3b\x97\x1e\xff\x2d\x0d\xe7\x7f\xe4\xf3\xb7\x4b\x93\xa8\xc3\x49" "\x44\xb2\x38\x5f\x3b\x17\x51\x1d\xe8\x2e\x8f\xeb\x7f\xb4\x5e\xe1\x41\xcf" "\xff\x4d\xc9\x47\xb5\x70\xde\xbe\x3e\x9f\x9c\x9f\xbf\x78\x38\x62\x53\xf2" "\xde\xca\xe5\x13\x4b\xeb\xe6\xf1\x3c\x7d\x5a\xff\xd1\x83\xc5\xed\x7f\x47" "\xb6\x4e\xba\x27\x9e\x8f\x88\xf4\x24\x7e\x21\x22\x5e\x8c\x88\x7d\x59\xd9" "\xf7\x47\xc4\x81\x88\x38\xd8\xa6\xfe\xbf\xbe\xfd\xd2\xa7\x9d\xd7\x7f\xb0" "\xe8\xfc\x7f\x64\xd2\xfa\x4f\x17\x5e\xff\x96\x1d\xff\xa5\xf9\xfa\x0e\x03" "\xf9\xca\xe9\x92\x81\xb3\xfb\x6f\xde\x6f\x71\xf1\xe8\xec\xf8\x1f\xad\x85" "\x46\xb3\x25\xc5\xd7\xbf\x64\xd9\x25\xa2\xd3\x92\x3e\xdc\xde\x03\x00\x00" "\x80\x8d\xa1\x14\xb5\xff\xfd\x2f\x8d\x2d\x86\x4b\xa5\xb1\xb1\xfa\x18\xd0" "\xce\xd8\x52\x9a\xbd\x30\x37\xbf\x2f\x22\xce\x4f\xd7\xef\x11\x18\x8e\x4a" "\x29\x1f\xe9\xaa\x8f\x07\x57\x92\x7c\xfc\x73\xb8\x21\x3e\xd1\x14\x3f\x92" "\x8d\x1b\x7f\x35\xb0\xb9\x16\x1f\x9b\xba\x30\x3b\xbd\xde\x95\x87\x3e\xb7" "\xb5\xd6\xe6\x93\x15\xed\x3f\xf5\x77\x97\xe3\xbc\xc0\x06\xd4\x83\x79\x34" "\x60\x83\x5a\xad\xfd\xef\xba\xb1\x46\x05\x01\xd6\x9c\xef\x7f\xe8\x5f\x0d" "\xed\x7f\xa1\x45\x92\x05\xff\x29\x03\x4f\x26\xdf\xff\xd0\xbf\x8a\xda\xff" "\xd5\xf8\xbe\xed\xbd\x0b\xae\x19\xb0\xf1\x55\xb5\x65\xe8\x6b\xda\x3f\xf4" "\xaf\x72\x7c\xb8\x18\xae\xdd\xf6\x5c\x78\xb7\x2d\xf0\x24\xf2\xfd\x0f\x7d" "\xa9\xdb\xfb\xfa\x3b\x09\xe4\x8f\x6b\xb8\x7c\xb6\x3a\x58\x9c\x66\x28\x0a" "\x9e\x18\x30\xd4\xe3\x62\x64\x81\xcd\x05\x79\xad\x4b\x20\xed\x59\xf5\x70" "\x83\x95\x88\xe8\x2c\xf1\xe6\x07\xc9\x22\xef\x02\xb6\x7e\xc2\x43\xa9\xbb" "\x0d\x0e\xc6\xca\x8f\x06\xa2\xdd\x5a\x49\x17\xcf\x71\xc8\x03\xe9\x5e\x59" "\x35\xf1\xe9\x5d\x3d\x3f\xf9\xf3\x67\xa2\xf4\xfa\xb4\xf9\x61\xa9\x9d\x56" "\x1a\x8e\x45\x79\xb5\xa3\xf3\xf0\x81\x35\xbd\x0c\x01\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x3c\x32\xff\x05\x00\x00\xff\xff\xe3\x5b\xcf" "\x51", 1242); syz_mount_image(/*fs=*/0x200000000040, /*dir=*/0x200000000000, /*flags=MS_POSIXACL*/ 0x10000, /*opts=*/0x200000000240, /*chdir=*/7, /*size=*/0x4da, /*img=*/0x200000000900); // creat arguments: [ // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // mode: open_mode = 0xe7 (8 bytes) // ] // returns fd memcpy((void*)0x200000000100, "./file1\000", 8); res = syscall(__NR_creat, /*file=*/0x200000000100ul, /*mode=S_IXOTH|S_IWOTH|S_IROTH|S_IRGRP|S_IXUSR|S_IWUSR*/ 0xe7ul); if (res != -1) r[0] = res; // write$UHID_INPUT arguments: [ // fd: fd_uhid (resource) // data: ptr[in, uhid_req[UHID_INPUT, uhid_input_req]] { // uhid_req[UHID_INPUT, uhid_input_req] { // type: const = 0x8 (4 bytes) // data: uhid_input_req { // data: buffer: {25 0c df 69 7a cb 4f 06 05 d5 04 3e 74 bf ab 6d d6 // 79 14 17 c1 a4 3c 66 ab a7 ce ed ee c7 8b 57 bc 7f 7b 05 ea d0 24 // e5 47 26 ee de 5e cb 73 35 3e f7 43 48 a3 2b 5a fe 16 da d0 00 68 // ff 38 d4 81 12 72 80 2f d3 7e cc 09 6e b6 a2 92 7a f8 06 b2 ea 70 // ae 52 1e a6 31 14 46 1b fd 55 c4 6e 1d 4d 6b 8b 80 a7 2f 7b 65 99 // 77 4a 45 c2 40 0f ca 75 57 da 82 a3 7f 93 7a c7 86 ce 43 64 1a 60 // f3 42 0b 06 48 47 95 af 35 e8 77 c3 b5 dc bb 14 e5 e8 75 3b 8c 82 // 5c 0a 95 ff e0 f6 fd 89 8f e3 c0 5a 4f e0 16 1c 27 04 64 7c 93 ed // ac bb e0 5d 18 c8 00 ec dd 17 d6 13 a6 97 87 5e c5 c2 52 60 c5 74 // fe 76 01 b5 34 3c 7c 96 0e c7 bc c8 7e 70 64 7b 11 93 8b 78 fa 3a // 9f 37 9e 7a dc 34 0c 6b 46 18 26 59 c6 ee c1 0e d0 fe 94 d6 87 c5 // ba 9d 9c 7a 7f 3a e6 5f 1e 98 7f 48 84 a4 dc 67 fb f0 83 48 96 02 // 58 23 b9 03 10 37 c0 c7 d6 b7 d5 2c d7 8c 66 43 2b 5c 30 b5 6c e2 // 15 9c ed 61 2a 55 57 d1 7c 94 fd 39 08 1f 5d a3 62 d9 3f 9b 15 3c // 1d fd 92 4a 5f 06 f7 2a 69 0e c0 0a ce 5b a2 a8 6a 22 ad eb f4 5a // b6 e9 a7 c3 2f 7d 62 00 8c d5 a7 4e 53 d8 da 35 49 1e 9f 79 84 49 // d2 33 3c 5a b6 4a e3 3c 16 77 ae c5 3e b0 fd 7f ea 9a 4c b9 e1 23 // f9 c1 c0 7e b7 09 66 6e 7b 1d 45 8e 58 b5 3f 8e a6 94 81 8f db ca // ea 6f 4e 01 73 29 a2 87 f1 23 4b 90 a0 39 d3 da 8f cb a3 69 38 ad // 4b 83 8e a9 8b cd 27 3f 12 d1 9f ab e7 ae 42 3f 75 0b 32 16 56 2c // d4 fa d3 8e cb 49 62 ad 39 b6 dd 4c 5d 82 59 4a 85 0f ec 12 05 3c // eb 2c 99 13 70 2a 6f 93 35 34 6b ff 81 6b 8d e0 fb db 05 af 00 26 // e2 4a cc 2c d4 c2 7a 8b ec 96 54 53 23 8f 1e aa 4d 79 6b a9 34 6e // 1d e7 22 35 a3 3f b3 d1 17 1a 0b b3 7e c0 35 64 56 2b 70 0d 3b d7 // ae 0e fd 52 c0 8b 47 15 1d db d5 da 50 e7 df df 2c 9c c4 cd 6f 75 // 5c 24 1f 80 f1 a5 18 d5 33 82 22 ee 58 6d 9d 30 50 33 e7 97 5e df // b5 5e c8 ac f2 f6 0c 51 48 c6 c0 55 73 56 23 3d d1 f3 87 7b 31 4e // 5a db 50 49 70 bc e1 b1 f2 c7 3c 4b ca ee dd d5 0e f1 fb b4 2d bd // 52 a5 84 50 23 74 7d c2 bd 92 df a9 31 2f 5f fb fe bb b3 15 70 e5 // 7f ea 6d b2 25 a3 75 60 9e fe ab 91 a3 9d 51 8c 5c 59 7b 11 01 8d // f4 36 d1 ef 38 ad e9 da e1 c4 40 4f 6a 73 62 76 08 04 96 cb c0 73 // b7 a0 e3 fd 81 45 fb b3 a6 51 36 78 1a 39 20 45 e6 44 e5 e6 c6 e4 // 03 06 ad 92 59 9e a2 d7 d4 03 75 38 28 43 93 a8 6f 7a c6 a7 c2 b5 // 5c db ee 04 a3 67 da 8c 0b 2f 91 b4 73 64 6c 7a 99 7d 7c 01 ae b7 // 53 05 a3 b1 b8 c0 c4 e5 0e 58 86 59 af 31 cd 10 8a cd 8d 52 dd b2 // 72 df 05 9c 5a 81 c5 5c 73 82 64 b6 23 4f fa 93 2f 30 e2 0c 9f 5b // d7 0b 77 fc c3 f7 6b 01 99 01 6f c2 c7 bf 01 49 cb 52 17 52 71 5f // af 9b a8 ab 0d 28 49 81 09 e8 9d 19 ba 90 dc b6 4f 0f b6 2f 5a 9f // 85 c3 89 17 22 a9 a5 2f de 49 34 4f 72 ac 94 a9 cc c7 01 a7 b4 91 // ef a3 85 55 97 64 e2 2c 3e dd 23 e6 4b c9 df 9a b4 03 fe fc 13 a0 // a6 b2 02 e5 7d 61 f7 59 19 83 5a f1 33 39 11 6b 24 e8 e7 36 7b ae // c4 5c 35 06 db 11 b9 d3 bf be 85 83 ee 42 a1 08 ab fd 04 a3 bb 0d // ac 11 97 2b b5 1e ba 6b b0 a1 22 c6 49 ee 97 91 9d 10 41 a3 50 f6 // 49 09 c4 5c dc 70 01 0a 92 57 1a 67 46 54 79 38 0e 5c 9c 19 b4 30 // b0 cf 0b 24 f5 e2 65 b1 7f 4f bf 8e b5 52 5f 62 55 8b 0d dc a7 a3 // 60 d9 36 c7 2f 05 35 69 49 de 6b ca cf 8d d7 28 8e 7f 58 34 3c 65 // 88 b8 0b 3a b6 50 db 3e 82 f7 6f dc 5e 03 44 52 8f 9a 25 ad 99 c1 // 02 6c bb 71 7b cf 91 52 be a4 f6 5c c9 2e 7c 99 ea 3f cb c7 63 5c // 06 d7 e0 8c b3 3c 56 25 6a c4 1d 7d 39 ae 24 05 14 0a 2c de 55 fc // f4 6d 48 4c bd a5 32 6d 3a b4 4a a8 d1 ef 72 16 ae dd aa 18 a4 a7 // 27 31 0a 73 9f d5 da a7 19 f0 6d bd 85 3f 90 c8 65 81 88 e7 20 8a // c6 a0 5d 4a 88 36 0b 0b bd 5f b0 c1 2d 46 73 df 7f ff 69 6b fc 69 // a5 b4 75 05 ea dd dc 40 3c 6a 80 71 5b da 86 16 d9 0a 28 73 c7 66 // bb 33 5a 7d 55 85 67 cc e1 ab f3 93 e6 90 6f 81 7f b2 b5 92 d4 37 // 08 62 5d 1f 54 28 e1 8c 00 34 8d c9 79 0f fa 0a b5 21 5e 03 77 3b // b6 d4 dd 67 ff 1f 78 5e e8 44 bd f2 1a 2f 16 86 5b b5 cb 98 2a 04 // e6 58 e2 40 8b fb 15 b3 ec 64 e4 7b 0a 74 cd d2 64 a4 f3 34 ef 53 // 50 0b f3 f9 29 5e 68 04 fc dc ea 37 55 23 3c 07 58 81 8c 55 a4 b0 // 52 17 77 f8 f2 ba ab 45 6a 1f 84 cc ae 6e f1 bf 3b 04 3d 6b 8f 04 // 54 7a ca a9 d3 46 f3 7f 06 e8 52 82 56 7f d6 3f e5 17 43 98 33 9d // 32 f2 d2 12 82 5f 6f d2 d6 cc 7f a3 42 10 17 45 2a 0e 2b f8 09 45 // dd b6 ba 87 6f 98 58 ef 79 70 6e f7 03 11 aa d5 1e f2 75 0f 8e e0 // 48 f9 6f 5d 0f 77 28 2e 74 b5 83 e7 25 11 b4 e0 44 73 72 32 19 f9 // c2 f5 7e 89 d1 83 7b 4f bb a9 ad fc a5 5f 42 83 08 80 57 1c c2 c6 // 48 e2 a1 46 bf 6a b4 c7 bb bc 06 e7 64 9a 78 84 eb 49 92 c9 f3 64 // c2 24 2f 94 9b 05 29 16 76 72 62 b4 1c da 49 f0 e3 03 54 98 c3 c5 // d9 a4 d0 f2 5e 4a 3b a0 fe 09 09 12 b1 43 cc 67 e2 98 99 6f f6 b8 // ed 1e f0 00 ea 3d 9e 2b 3e b5 d0 f1 07 a5 d1 7a 44 65 a6 b4 4b 33 // b2 70 78 8e ef dc 03 4f ec ce 8f 5e ee 4f 57 4a ba c7 76 9d 4e c9 // 32 53 56 53 e7 95 3d 9a 51 55 af af 06 d5 70 00 2f b2 fa a4 a3 05 // c5 5e cd a1 70 23 e7 41 c1 94 ba c7 ef 3b c4 70 a1 46 8f 86 d6 40 // c5 0b 27 82 59 b6 a3 9e 60 f1 94 7f da 84 15 fe a3 fb cb b8 34 d6 // cf 95 cd 9a 69 a3 fa 89 29 3f cf 79 b6 e2 39 a5 9a 06 d2 b5 0c 8c // ee 83 0f f9 9c 02 20 98 c4 36 eb f6 ec f7 51 64 29 30 c1 4a 35 86 // 09 19 b1 7d f5 b9 61 1d 7a 6e a7 09 1f 11 e4 e4 a0 f0 85 15 39 e3 // b6 aa 3c 0e a1 ef cb 04 38 8e bc e2 e5 d7 5b 5c dc 6e e5 03 22 0f // 24 60 00 42 2e 7c 22 d7 d1 74 c0 f7 43 b3 d7 fd 14 79 62 38 55 9e // 4f c3 2d bd 39 05 e0 a1 42 6d 3d d3 3c c3 36 33 89 15 47 3d 5c 35 // cb b6 ae 69 43 e5 61 29 47 62 8c f1 7c 25 ea 98 ea 86 40 15 1e 6e // a3 7c 29 0f de 0c 4f 75 b7 56 89 ed 69 8f f2 13 31 29 93 ac 31 44 // 0f 51 ec 9f 3f 2c cb 25 3e db e3 3f f4 ab 10 5d cc 41 53 f6 2a d0 // fb 4b de a0 58 e5 1e ce 7c e8 e5 2a 8a f0 f7 9a ba a5 7e 90 3c 06 // 09 fd c9 a8 c1 f4 af 59 26 23 62 45 dd 26 f7 c5 a8 c0 b3 33 26 d7 // 7f 82 62 bc 76 a6 0c 31 f6 91 a4 52 87 40 0e 85 de ec ec a9 33 c6 // e9 fa 7a ad 6f 99 8b 98 7b c3 ca bd ee ba ae ee 82 52 9e 38 7d b3 // be 24 dd ef 2a 0e bc 64 0d 7a d8 b3 aa ee 1a 98 90 b6 f1 96 3b 56 // 16 d5 30 d7 9f b2 0a 71 8b 46 85 41 81 4a 34 2c c6 4e b4 9b 88 25 // fa 36 67 f7 70 5b 54 1e fb f9 43 70 ab d3 e2 9e 17 bb ee 2c b4 bc // a3 db ff 1f 7e fd 49 4c 1e 4f 58 0a 87 0c 33 dc 5e 40 0d 19 e6 bc // 24 46 f5 17 8b 0d 0e 73 91 c4 d2 bb 9d 81 ff 50 fe 51 e4 66 02 b0 // 78 ba 1b af 27 fc 1d a1 a9 3d e8 c8 63 06 db e0 b2 18 e6 07 40 37 // cf 98 95 8f e6 83 98 26 ee fa 99 ec d6 27 ef f1 bc 77 c1 3e b5 25 // 4c f9 fb 95 c4 0c 31 1d 8d a1 1b df 04 02 50 fa ba d9 e0 0d 55 6b // 1d 73 12 e9 1c 9d e6 0e d4 50 e4 a1 66 31 8a ef c0 da 32 21 cb 89 // fa 01 ac 6b e8 4a f8 1f 9e a2 6d bf 61 af 12 a0 59 11 61 00 71 1b // dc c8 b6 b0 65 85 ad 6a 3c 26 36 ae ef 28 16 84 c0 e6 6e a7 a1 73 // 0e 9d e4 cc 3c 44 f3 ed 8e 5f 98 c9 77 a2 ec e1 ec 62 58 07 57 3f // 10 5d 9e 88 28 0f 38 ad 65 b9 c9 81 f5 ef 6d 8a 05 7e 9e c0 f4 6b // 83 d5 60 7f f2 b5 06 dd 9d a6 5c 07 18 65 bd 32 f4 e4 fc 28 df e2 // 3b c8 ac a0 d3 ca 99 2b 21 c6 ef 9b cd 3f f0 22 b9 64 9c 3d fa d5 // 13 b1 17 cd 9e 27 d1 4f c3 76 90 0b ab 6d 81 58 46 ba 52 79 a3 4b // 42 1f d2 4b 38 5e 7d 10 ed e5 91 2b 9e 94 27 bf f1 87 7d 34 d8 18 // ef a6 59 1d 63 c8 4a a2 a1 fe d0 54 93 dd a7 5a af 4a 2c b4 cc 9b // 95 98 c2 98 f0 42 64 1d a6 b4 9c b8 9f 0a e4 99 68 1d 77 bb c3 a7 // 9b b0 e8 ff 2b 98 3b c9 9e af 32 50 34 13 cf 5e da c6 a7 fb 80 47 // 6f 8d ce f6 9d 17 41 df 80 65 b0 6f 1f e7 53 95 78 18 36 45 ca ad // 94 16 e0 3d 00 1d ba b6 10 3a 16 ca d9 8b c7 21 2e 7d af bd 35 19 // 05 9c 8d c3 a1 54 14 a2 45 6f 75 e8 f4 74 d6 99 0a 7c 52 02 d4 2e // 04 fa c3 b5 91 7e 05 6e b5 62 93 0f 9d 38 8f d1 8e e6 45 b7 97 f3 // 8b d1 0c 76 52 50 a1 11 e4 8e ee da 8f 31 0d 02 55 26 ad 78 da 1c // 13 cf d0 e3 a5 95 85 9d 2b 37 08 87 56 72 37 69 99 13 4c 68 39 0f // f6 62 84 7b 24 0a ae bd ce 27 72 df 67 bc c4 14 d9 90 5f 7a 34 48 // 03 bb df a7 1f 4b 2c 7c 28 b2 e9 95 80 5d 4c af 3f ee 84 4d 70 b9 // e8 59 0b f1 a8 6c 12 33 02 33 b5 0e a2 4f 34 ad e8 8d 98 9c 9c 29 // da ac 01 73 d1 b1 61 9f 66 a4 42 e1 43 5e ff b1 9a 11 59 25 73 8e // d7 ea ca 5b 1e 0f 53 e3 57 83 c4 77 55 94 1d 63 3c 24 b2 e5 05 bd // 5a 3d a4 f0 2a ab 98 21 e8 a8 ca cf bc 4f df 31 e1 29 bc 40 c4 c5 // d7 a2 19 78 48 a6 4b 7f 98 54 f3 d0 a7 15 d1 5d 8f a8 62 cd 10 c8 // 24 3c 5d db 1e 11 25 7d c6 7b 1d 21 74 cf b5 50 46 f6 be af f1 c8 // 86 60 0d 05 a4 9f ae f2 90 c7 da 43 e9 ed 4d 10 37 0a 7b a6 06 81 // 16 f2 78 0f 7f a3 fd 8e 08 e4 08 19 20 af f1 18 57 d1 ff 7a 1d 71 // 88 73 73 f4 18 cf a6 58 ce bd f2 d7 ff 4c 51 4e 7c cd d8 e7 f9 2e // d4 7b c2 b7 d6 c0 18 34 2d 74 d0 41 ff 81 5e 3b 4d 91 bc b5 f1 93 // 98 6e 18 89 3c 63 ed f9 f5 64 09 25 ef 33 a8 92 8a 0b 6c 65 cc f5 // 1b 5c dd 51 33 4b 5b 20 ab 5c c2 37 e7 2f a9 ca 05 50 c2 21 42 e5 // 16 15 30 35 de f2 d8 76 37 86 1a ff 5c 2c 41 72 b3 f5 e9 bc eb 3f // f6 90 b5 00 f2 56 ce 90 0e d6 d4 e0 55 0d 7a 0e 40 39 6e db 0d 64 // 24 ee 4d 67 51 4a 48 2c f3 74 28 c4 31 31 c0 6a b1 f5 ab 95 c6 18 // 0a ad 6f e8 92 33 3d 4b 77 ac b6 47 3c 6d ca 6b 6d 20 07 47 df aa // 35 70 5c 7f be e3 00 b5 4c 54 d7 f2 90 38 4d a5 9d fc 1d 3e 73 48 // 14 a2 b1 22 85 09 28 c0 12 51 f1 29 77 b3 a9 e7 15 b7 bd 82 3f 1b // 84 51 08 e5 01 a2 48 59 e6 fe 1c d1 ad 40 50 97 f1 bb 5f 16 0c 87 // 9c 80 60 6b 1d 4a 05 e0 48 bd ed f9 56 ee 31 cb 85 a5 fc 4a f9 a1 // 14 a1 87 76 b8 53 0f 96 8a be b9 3e a2 ad e5 86 95 ce db ad 8d 0f // 87 67 19 56 59 9f 08 28 ab 84 38 f7 d0 db 5c a6 f8 ce c8 e5 e3 44 // f0 d3 24 41 05 92 4f fc 10 eb 70 ec b7 40 5e b0 ae 86 e2 0f 94 a4 // 96 3c a1 27 43 fb 37 5b dc 61 13 75 45 be 1c 68 97 fe ac 63 49 cc // bd 98 a5 94 82 cf 23 98 0c c4 8e 0b 51 f1 c2 a8 59 dd 1c 9f 9d 88 // 63 49 f9 0a 67 20 26 84 53 42 f9 ee 0f e8 b8 52 0c 33 e1 83 9d 24 // 35 ec ed a7 f6 32 ef e7 f5 83 69 81 b0 54 05 27 d4 12 bf 54 41 59 // e4 a9 00 32 52 f7 45 06 07 8f fa df a1 7b 8d 48 3c 20 18 c8 7b 3e // a0 7f 79 0f 6f 3c f5 c7 37 cd 0d f8 a9 98 90 01 28 1e 06 39 91 f7 // dc 8f 86 e0 5b 1c f0 0d 59 6e c7 25 b0 5d f3 f2 1c 30 60 44 0d ce // 37 6d 5e 6a 4b da e5 7c 40 36 36 0d a3 5b df ed 49 10 a9 b4 f2 95 // e9 1a 66 ae 0b 3f 47 ee b1 59 c0 25 31 f4 ed 1f 59 91 64 39 79 ef // 43 25 9c 2c bb ce a7 88 49 77 6f 98 3e dd 8f 6c 71 a9 d0 de bb 69 // 28 03 a8 0a 9e 91 fd d3 06 46 16 0a 1e e0 00 16 2e 50 24 e6 ea 60 // a3 37 e9 e1 bc 16 f5 1a 4f 6b 7a 2a c3 1c 84 c8 0c 8f 8e 6d 7b bf // 25 67 ca cf 36 d4 27 eb 75 95 b6 bf 99 cb 6e ab 4f f4 30 ba cd 13 // 7c 0f 3f 97 4a fd b2 c6 99 96 7f 9f c2 57 4a e6 4f e2 84 a6 3f 7f // 66 93 e9 58 5e 7a db ea 19 1f ff eb 9e ff 8f 3e 0e 8f a6 e6 e7 05 // 4d c1 78 fb 67 89 16 27 2f a1 52 ba 9d 11 8f ea 38 28 cf c5 a2 5c // b0 c8 5f bb 41 68 1f 46 aa a6 cb 43 17 68 0d 75 3b e5 82 d3 55 d9 // 02 a7 48 99 4c 5a 3b 2e 33 8a 3c 65 4f 65 cc aa c8 29 23 db 89 b8 // 6e 65 e2 7e 2b 80 47 d1 31 4b 6b 94 44 7f 0b 3e 75 aa b8 0f 52 a3 // d1 1c b7 4d 62 21 af be c4 e2 03 25 83 56 87 54 64 d2 6a 74 59 1b // 07 96 35 85 7d 73 20 60 b6 f0 61 46 58 40 b0 a4 6d 6f 3d c1 da 7d // 49 c5 11 e9 c9 b1 de 16 ec 60 64 0f 75 cf 70 59 ab cf 80 97 59 51 // 2f 81 96 e9 5c 7a c6 d0 20 e5 85 e7 25 22 e3 05 b9 07 e9 5f 64 05 // de 1c e7 db 90 74 7e db 1c 02 4e f5 69 59 96 55 86 6c b6 7f 0b 0c // da 72 c2 62 7e c0 39 00 64 21 b2 c4 70 4b 76 af 62 2d e9 c6 56 23 // 8a 27 e9 f2 a1 16 41 63 e2 58 bc cd a6 d2 65 cc 1d f2 36 88 c8 6e // db 83 de 1f be e1 4d 38 4d 2f 78 cd 9d 4f 4e ff 2c 1f b2 4f e8 ae // ea 00 2a c5 d0 05 97 96 8c 30 d1 0c 9f fd c5 b8 4f 72 9c 89 15 79 // 72 a3 42 7d e7 eb 2d 39 5a 5c 2c a9 87 ff 01 c4 db 2c 75 ee db 24 // 2d 9b 81 8c d7 44 7b af b6 1e 46 e5 22 b0 a4 35 39 9b ab 62 ea a3 // a8 c6 99 d8 12 dc 2d 96 ec 4f e8 7f a2 60 6d 34 79 27 7e 5a 7b 3a // 03 74 c0 26 ff be 37 26 b6 91 71 f8 a7 46 ca af f0 16 da 48 2b 8b // e5 82 34 05 4d f7 bc 96 3c 20 5f b0 c4 1e f3 9a 6f 26 2c 57 0e 8f // 0e bd 9c 17 07 cd c3 03 9c 50 fe a2 e1 a6 40 65 f6 47 7c 55 1c ce // 3d 38 7f 5c 2d 74 8a 75 82 8f c5 a3 b8 94 e7 24 3b 6b bf 6b 63 65 // 59 19 12 5d 63 c9 4d ae 15 88 d1 da 71 79 8e e4 8a 27 42 95 e3 1a // b2 57 7b b7 61 a4 9e 64 9e 3e ac 3b 52 c1 e6 d5 2d 20 f0 5a 4c ba // c2 e5 48 a1 0b 78 33 c7 cc 5a 06 a4 5b c9 1a e9 6e 80 e9 b9 a1 ad // 19 7c d6 3b d2 37 9f f6 be ff 6a c8 80 61 18 36 19 0a 45 6d e8 ec // ba c8 2a f0 3b 36 17 f4 3e 79 6e a5 84 f6 6d 62 65 c2 04 f8 f8 15 // 93 7c 77 e8 3e 0b 35 65 6e a3 5d 0f 91 64 fb 6d d0 a4 5a de 6f 21 // 96 80 64 9e 83 c0 d5 2b 07 b1 42 c0 0b 3d d7 65 07 15 99 22 d0 3c // cf a3 21 d7 9a 3a a0 f8 33 4f ac 81 dd 5f 9d a6 91 53 d9 fe a7 d2 // 02 bf ef 16 39 0d 27 b4 62 d2 39 62 82 af 86 97 e2 f8 fa 90 3f 51 // ec 95 f2 08 7f e7 be 66 70 67 55 8a de 4f 9e 05 30 89 7a 9a df f8 // a9 30 ff bf 8c f9 02 d6 b8 32 98 26 d0 76 32 a5 81 c7 d1 45 74 12 // f1 ab fa 3b c7 88 93 92 79 f6 47 d1 00 fe 91 41 c3 e4 b1 74 62 7c // 77 eb 4a bf c2 47 c0 c7 38 c3 8d 6c 79 6b 5f 82 34 93 fb f2 3b 28 // 6a f0 2a e2 68 f2 3a 51 8a f0 19 55 35 ab 69 af 4e 68 f0 8b 51 3e // 21 4a e4 a2 ef 60 b3 f8 8a 42 7d a1 f3 3a fa c9 b1 29 d4 cc 75 7c // ae a0 d1 94 a3 cc bf 5b b5} (length 0x1000) size: len = 0x1000 (2 // bytes) // } // } // } // len: len = 0x1006 (8 bytes) // ] *(uint32_t*)0x200000001680 = 8; memcpy( (void*)0x200000001684, "\x25\x0c\xdf\x69\x7a\xcb\x4f\x06\x05\xd5\x04\x3e\x74\xbf\xab\x6d\xd6\x79" "\x14\x17\xc1\xa4\x3c\x66\xab\xa7\xce\xed\xee\xc7\x8b\x57\xbc\x7f\x7b\x05" "\xea\xd0\x24\xe5\x47\x26\xee\xde\x5e\xcb\x73\x35\x3e\xf7\x43\x48\xa3\x2b" "\x5a\xfe\x16\xda\xd0\x00\x68\xff\x38\xd4\x81\x12\x72\x80\x2f\xd3\x7e\xcc" "\x09\x6e\xb6\xa2\x92\x7a\xf8\x06\xb2\xea\x70\xae\x52\x1e\xa6\x31\x14\x46" "\x1b\xfd\x55\xc4\x6e\x1d\x4d\x6b\x8b\x80\xa7\x2f\x7b\x65\x99\x77\x4a\x45" "\xc2\x40\x0f\xca\x75\x57\xda\x82\xa3\x7f\x93\x7a\xc7\x86\xce\x43\x64\x1a" "\x60\xf3\x42\x0b\x06\x48\x47\x95\xaf\x35\xe8\x77\xc3\xb5\xdc\xbb\x14\xe5" "\xe8\x75\x3b\x8c\x82\x5c\x0a\x95\xff\xe0\xf6\xfd\x89\x8f\xe3\xc0\x5a\x4f" "\xe0\x16\x1c\x27\x04\x64\x7c\x93\xed\xac\xbb\xe0\x5d\x18\xc8\x00\xec\xdd" "\x17\xd6\x13\xa6\x97\x87\x5e\xc5\xc2\x52\x60\xc5\x74\xfe\x76\x01\xb5\x34" "\x3c\x7c\x96\x0e\xc7\xbc\xc8\x7e\x70\x64\x7b\x11\x93\x8b\x78\xfa\x3a\x9f" "\x37\x9e\x7a\xdc\x34\x0c\x6b\x46\x18\x26\x59\xc6\xee\xc1\x0e\xd0\xfe\x94" "\xd6\x87\xc5\xba\x9d\x9c\x7a\x7f\x3a\xe6\x5f\x1e\x98\x7f\x48\x84\xa4\xdc" "\x67\xfb\xf0\x83\x48\x96\x02\x58\x23\xb9\x03\x10\x37\xc0\xc7\xd6\xb7\xd5" "\x2c\xd7\x8c\x66\x43\x2b\x5c\x30\xb5\x6c\xe2\x15\x9c\xed\x61\x2a\x55\x57" "\xd1\x7c\x94\xfd\x39\x08\x1f\x5d\xa3\x62\xd9\x3f\x9b\x15\x3c\x1d\xfd\x92" "\x4a\x5f\x06\xf7\x2a\x69\x0e\xc0\x0a\xce\x5b\xa2\xa8\x6a\x22\xad\xeb\xf4" "\x5a\xb6\xe9\xa7\xc3\x2f\x7d\x62\x00\x8c\xd5\xa7\x4e\x53\xd8\xda\x35\x49" "\x1e\x9f\x79\x84\x49\xd2\x33\x3c\x5a\xb6\x4a\xe3\x3c\x16\x77\xae\xc5\x3e" "\xb0\xfd\x7f\xea\x9a\x4c\xb9\xe1\x23\xf9\xc1\xc0\x7e\xb7\x09\x66\x6e\x7b" "\x1d\x45\x8e\x58\xb5\x3f\x8e\xa6\x94\x81\x8f\xdb\xca\xea\x6f\x4e\x01\x73" "\x29\xa2\x87\xf1\x23\x4b\x90\xa0\x39\xd3\xda\x8f\xcb\xa3\x69\x38\xad\x4b" "\x83\x8e\xa9\x8b\xcd\x27\x3f\x12\xd1\x9f\xab\xe7\xae\x42\x3f\x75\x0b\x32" "\x16\x56\x2c\xd4\xfa\xd3\x8e\xcb\x49\x62\xad\x39\xb6\xdd\x4c\x5d\x82\x59" "\x4a\x85\x0f\xec\x12\x05\x3c\xeb\x2c\x99\x13\x70\x2a\x6f\x93\x35\x34\x6b" "\xff\x81\x6b\x8d\xe0\xfb\xdb\x05\xaf\x00\x26\xe2\x4a\xcc\x2c\xd4\xc2\x7a" "\x8b\xec\x96\x54\x53\x23\x8f\x1e\xaa\x4d\x79\x6b\xa9\x34\x6e\x1d\xe7\x22" "\x35\xa3\x3f\xb3\xd1\x17\x1a\x0b\xb3\x7e\xc0\x35\x64\x56\x2b\x70\x0d\x3b" "\xd7\xae\x0e\xfd\x52\xc0\x8b\x47\x15\x1d\xdb\xd5\xda\x50\xe7\xdf\xdf\x2c" "\x9c\xc4\xcd\x6f\x75\x5c\x24\x1f\x80\xf1\xa5\x18\xd5\x33\x82\x22\xee\x58" "\x6d\x9d\x30\x50\x33\xe7\x97\x5e\xdf\xb5\x5e\xc8\xac\xf2\xf6\x0c\x51\x48" "\xc6\xc0\x55\x73\x56\x23\x3d\xd1\xf3\x87\x7b\x31\x4e\x5a\xdb\x50\x49\x70" "\xbc\xe1\xb1\xf2\xc7\x3c\x4b\xca\xee\xdd\xd5\x0e\xf1\xfb\xb4\x2d\xbd\x52" "\xa5\x84\x50\x23\x74\x7d\xc2\xbd\x92\xdf\xa9\x31\x2f\x5f\xfb\xfe\xbb\xb3" "\x15\x70\xe5\x7f\xea\x6d\xb2\x25\xa3\x75\x60\x9e\xfe\xab\x91\xa3\x9d\x51" "\x8c\x5c\x59\x7b\x11\x01\x8d\xf4\x36\xd1\xef\x38\xad\xe9\xda\xe1\xc4\x40" "\x4f\x6a\x73\x62\x76\x08\x04\x96\xcb\xc0\x73\xb7\xa0\xe3\xfd\x81\x45\xfb" "\xb3\xa6\x51\x36\x78\x1a\x39\x20\x45\xe6\x44\xe5\xe6\xc6\xe4\x03\x06\xad" "\x92\x59\x9e\xa2\xd7\xd4\x03\x75\x38\x28\x43\x93\xa8\x6f\x7a\xc6\xa7\xc2" "\xb5\x5c\xdb\xee\x04\xa3\x67\xda\x8c\x0b\x2f\x91\xb4\x73\x64\x6c\x7a\x99" "\x7d\x7c\x01\xae\xb7\x53\x05\xa3\xb1\xb8\xc0\xc4\xe5\x0e\x58\x86\x59\xaf" "\x31\xcd\x10\x8a\xcd\x8d\x52\xdd\xb2\x72\xdf\x05\x9c\x5a\x81\xc5\x5c\x73" "\x82\x64\xb6\x23\x4f\xfa\x93\x2f\x30\xe2\x0c\x9f\x5b\xd7\x0b\x77\xfc\xc3" "\xf7\x6b\x01\x99\x01\x6f\xc2\xc7\xbf\x01\x49\xcb\x52\x17\x52\x71\x5f\xaf" "\x9b\xa8\xab\x0d\x28\x49\x81\x09\xe8\x9d\x19\xba\x90\xdc\xb6\x4f\x0f\xb6" "\x2f\x5a\x9f\x85\xc3\x89\x17\x22\xa9\xa5\x2f\xde\x49\x34\x4f\x72\xac\x94" "\xa9\xcc\xc7\x01\xa7\xb4\x91\xef\xa3\x85\x55\x97\x64\xe2\x2c\x3e\xdd\x23" "\xe6\x4b\xc9\xdf\x9a\xb4\x03\xfe\xfc\x13\xa0\xa6\xb2\x02\xe5\x7d\x61\xf7" "\x59\x19\x83\x5a\xf1\x33\x39\x11\x6b\x24\xe8\xe7\x36\x7b\xae\xc4\x5c\x35" "\x06\xdb\x11\xb9\xd3\xbf\xbe\x85\x83\xee\x42\xa1\x08\xab\xfd\x04\xa3\xbb" "\x0d\xac\x11\x97\x2b\xb5\x1e\xba\x6b\xb0\xa1\x22\xc6\x49\xee\x97\x91\x9d" "\x10\x41\xa3\x50\xf6\x49\x09\xc4\x5c\xdc\x70\x01\x0a\x92\x57\x1a\x67\x46" "\x54\x79\x38\x0e\x5c\x9c\x19\xb4\x30\xb0\xcf\x0b\x24\xf5\xe2\x65\xb1\x7f" "\x4f\xbf\x8e\xb5\x52\x5f\x62\x55\x8b\x0d\xdc\xa7\xa3\x60\xd9\x36\xc7\x2f" "\x05\x35\x69\x49\xde\x6b\xca\xcf\x8d\xd7\x28\x8e\x7f\x58\x34\x3c\x65\x88" "\xb8\x0b\x3a\xb6\x50\xdb\x3e\x82\xf7\x6f\xdc\x5e\x03\x44\x52\x8f\x9a\x25" "\xad\x99\xc1\x02\x6c\xbb\x71\x7b\xcf\x91\x52\xbe\xa4\xf6\x5c\xc9\x2e\x7c" "\x99\xea\x3f\xcb\xc7\x63\x5c\x06\xd7\xe0\x8c\xb3\x3c\x56\x25\x6a\xc4\x1d" "\x7d\x39\xae\x24\x05\x14\x0a\x2c\xde\x55\xfc\xf4\x6d\x48\x4c\xbd\xa5\x32" "\x6d\x3a\xb4\x4a\xa8\xd1\xef\x72\x16\xae\xdd\xaa\x18\xa4\xa7\x27\x31\x0a" "\x73\x9f\xd5\xda\xa7\x19\xf0\x6d\xbd\x85\x3f\x90\xc8\x65\x81\x88\xe7\x20" "\x8a\xc6\xa0\x5d\x4a\x88\x36\x0b\x0b\xbd\x5f\xb0\xc1\x2d\x46\x73\xdf\x7f" "\xff\x69\x6b\xfc\x69\xa5\xb4\x75\x05\xea\xdd\xdc\x40\x3c\x6a\x80\x71\x5b" "\xda\x86\x16\xd9\x0a\x28\x73\xc7\x66\xbb\x33\x5a\x7d\x55\x85\x67\xcc\xe1" "\xab\xf3\x93\xe6\x90\x6f\x81\x7f\xb2\xb5\x92\xd4\x37\x08\x62\x5d\x1f\x54" "\x28\xe1\x8c\x00\x34\x8d\xc9\x79\x0f\xfa\x0a\xb5\x21\x5e\x03\x77\x3b\xb6" "\xd4\xdd\x67\xff\x1f\x78\x5e\xe8\x44\xbd\xf2\x1a\x2f\x16\x86\x5b\xb5\xcb" "\x98\x2a\x04\xe6\x58\xe2\x40\x8b\xfb\x15\xb3\xec\x64\xe4\x7b\x0a\x74\xcd" "\xd2\x64\xa4\xf3\x34\xef\x53\x50\x0b\xf3\xf9\x29\x5e\x68\x04\xfc\xdc\xea" "\x37\x55\x23\x3c\x07\x58\x81\x8c\x55\xa4\xb0\x52\x17\x77\xf8\xf2\xba\xab" "\x45\x6a\x1f\x84\xcc\xae\x6e\xf1\xbf\x3b\x04\x3d\x6b\x8f\x04\x54\x7a\xca" "\xa9\xd3\x46\xf3\x7f\x06\xe8\x52\x82\x56\x7f\xd6\x3f\xe5\x17\x43\x98\x33" "\x9d\x32\xf2\xd2\x12\x82\x5f\x6f\xd2\xd6\xcc\x7f\xa3\x42\x10\x17\x45\x2a" "\x0e\x2b\xf8\x09\x45\xdd\xb6\xba\x87\x6f\x98\x58\xef\x79\x70\x6e\xf7\x03" "\x11\xaa\xd5\x1e\xf2\x75\x0f\x8e\xe0\x48\xf9\x6f\x5d\x0f\x77\x28\x2e\x74" "\xb5\x83\xe7\x25\x11\xb4\xe0\x44\x73\x72\x32\x19\xf9\xc2\xf5\x7e\x89\xd1" "\x83\x7b\x4f\xbb\xa9\xad\xfc\xa5\x5f\x42\x83\x08\x80\x57\x1c\xc2\xc6\x48" "\xe2\xa1\x46\xbf\x6a\xb4\xc7\xbb\xbc\x06\xe7\x64\x9a\x78\x84\xeb\x49\x92" "\xc9\xf3\x64\xc2\x24\x2f\x94\x9b\x05\x29\x16\x76\x72\x62\xb4\x1c\xda\x49" "\xf0\xe3\x03\x54\x98\xc3\xc5\xd9\xa4\xd0\xf2\x5e\x4a\x3b\xa0\xfe\x09\x09" "\x12\xb1\x43\xcc\x67\xe2\x98\x99\x6f\xf6\xb8\xed\x1e\xf0\x00\xea\x3d\x9e" "\x2b\x3e\xb5\xd0\xf1\x07\xa5\xd1\x7a\x44\x65\xa6\xb4\x4b\x33\xb2\x70\x78" "\x8e\xef\xdc\x03\x4f\xec\xce\x8f\x5e\xee\x4f\x57\x4a\xba\xc7\x76\x9d\x4e" "\xc9\x32\x53\x56\x53\xe7\x95\x3d\x9a\x51\x55\xaf\xaf\x06\xd5\x70\x00\x2f" "\xb2\xfa\xa4\xa3\x05\xc5\x5e\xcd\xa1\x70\x23\xe7\x41\xc1\x94\xba\xc7\xef" "\x3b\xc4\x70\xa1\x46\x8f\x86\xd6\x40\xc5\x0b\x27\x82\x59\xb6\xa3\x9e\x60" "\xf1\x94\x7f\xda\x84\x15\xfe\xa3\xfb\xcb\xb8\x34\xd6\xcf\x95\xcd\x9a\x69" "\xa3\xfa\x89\x29\x3f\xcf\x79\xb6\xe2\x39\xa5\x9a\x06\xd2\xb5\x0c\x8c\xee" "\x83\x0f\xf9\x9c\x02\x20\x98\xc4\x36\xeb\xf6\xec\xf7\x51\x64\x29\x30\xc1" "\x4a\x35\x86\x09\x19\xb1\x7d\xf5\xb9\x61\x1d\x7a\x6e\xa7\x09\x1f\x11\xe4" "\xe4\xa0\xf0\x85\x15\x39\xe3\xb6\xaa\x3c\x0e\xa1\xef\xcb\x04\x38\x8e\xbc" "\xe2\xe5\xd7\x5b\x5c\xdc\x6e\xe5\x03\x22\x0f\x24\x60\x00\x42\x2e\x7c\x22" "\xd7\xd1\x74\xc0\xf7\x43\xb3\xd7\xfd\x14\x79\x62\x38\x55\x9e\x4f\xc3\x2d" "\xbd\x39\x05\xe0\xa1\x42\x6d\x3d\xd3\x3c\xc3\x36\x33\x89\x15\x47\x3d\x5c" "\x35\xcb\xb6\xae\x69\x43\xe5\x61\x29\x47\x62\x8c\xf1\x7c\x25\xea\x98\xea" "\x86\x40\x15\x1e\x6e\xa3\x7c\x29\x0f\xde\x0c\x4f\x75\xb7\x56\x89\xed\x69" "\x8f\xf2\x13\x31\x29\x93\xac\x31\x44\x0f\x51\xec\x9f\x3f\x2c\xcb\x25\x3e" "\xdb\xe3\x3f\xf4\xab\x10\x5d\xcc\x41\x53\xf6\x2a\xd0\xfb\x4b\xde\xa0\x58" "\xe5\x1e\xce\x7c\xe8\xe5\x2a\x8a\xf0\xf7\x9a\xba\xa5\x7e\x90\x3c\x06\x09" "\xfd\xc9\xa8\xc1\xf4\xaf\x59\x26\x23\x62\x45\xdd\x26\xf7\xc5\xa8\xc0\xb3" "\x33\x26\xd7\x7f\x82\x62\xbc\x76\xa6\x0c\x31\xf6\x91\xa4\x52\x87\x40\x0e" "\x85\xde\xec\xec\xa9\x33\xc6\xe9\xfa\x7a\xad\x6f\x99\x8b\x98\x7b\xc3\xca" "\xbd\xee\xba\xae\xee\x82\x52\x9e\x38\x7d\xb3\xbe\x24\xdd\xef\x2a\x0e\xbc" "\x64\x0d\x7a\xd8\xb3\xaa\xee\x1a\x98\x90\xb6\xf1\x96\x3b\x56\x16\xd5\x30" "\xd7\x9f\xb2\x0a\x71\x8b\x46\x85\x41\x81\x4a\x34\x2c\xc6\x4e\xb4\x9b\x88" "\x25\xfa\x36\x67\xf7\x70\x5b\x54\x1e\xfb\xf9\x43\x70\xab\xd3\xe2\x9e\x17" "\xbb\xee\x2c\xb4\xbc\xa3\xdb\xff\x1f\x7e\xfd\x49\x4c\x1e\x4f\x58\x0a\x87" "\x0c\x33\xdc\x5e\x40\x0d\x19\xe6\xbc\x24\x46\xf5\x17\x8b\x0d\x0e\x73\x91" "\xc4\xd2\xbb\x9d\x81\xff\x50\xfe\x51\xe4\x66\x02\xb0\x78\xba\x1b\xaf\x27" "\xfc\x1d\xa1\xa9\x3d\xe8\xc8\x63\x06\xdb\xe0\xb2\x18\xe6\x07\x40\x37\xcf" "\x98\x95\x8f\xe6\x83\x98\x26\xee\xfa\x99\xec\xd6\x27\xef\xf1\xbc\x77\xc1" "\x3e\xb5\x25\x4c\xf9\xfb\x95\xc4\x0c\x31\x1d\x8d\xa1\x1b\xdf\x04\x02\x50" "\xfa\xba\xd9\xe0\x0d\x55\x6b\x1d\x73\x12\xe9\x1c\x9d\xe6\x0e\xd4\x50\xe4" "\xa1\x66\x31\x8a\xef\xc0\xda\x32\x21\xcb\x89\xfa\x01\xac\x6b\xe8\x4a\xf8" "\x1f\x9e\xa2\x6d\xbf\x61\xaf\x12\xa0\x59\x11\x61\x00\x71\x1b\xdc\xc8\xb6" "\xb0\x65\x85\xad\x6a\x3c\x26\x36\xae\xef\x28\x16\x84\xc0\xe6\x6e\xa7\xa1" "\x73\x0e\x9d\xe4\xcc\x3c\x44\xf3\xed\x8e\x5f\x98\xc9\x77\xa2\xec\xe1\xec" "\x62\x58\x07\x57\x3f\x10\x5d\x9e\x88\x28\x0f\x38\xad\x65\xb9\xc9\x81\xf5" "\xef\x6d\x8a\x05\x7e\x9e\xc0\xf4\x6b\x83\xd5\x60\x7f\xf2\xb5\x06\xdd\x9d" "\xa6\x5c\x07\x18\x65\xbd\x32\xf4\xe4\xfc\x28\xdf\xe2\x3b\xc8\xac\xa0\xd3" "\xca\x99\x2b\x21\xc6\xef\x9b\xcd\x3f\xf0\x22\xb9\x64\x9c\x3d\xfa\xd5\x13" "\xb1\x17\xcd\x9e\x27\xd1\x4f\xc3\x76\x90\x0b\xab\x6d\x81\x58\x46\xba\x52" "\x79\xa3\x4b\x42\x1f\xd2\x4b\x38\x5e\x7d\x10\xed\xe5\x91\x2b\x9e\x94\x27" "\xbf\xf1\x87\x7d\x34\xd8\x18\xef\xa6\x59\x1d\x63\xc8\x4a\xa2\xa1\xfe\xd0" "\x54\x93\xdd\xa7\x5a\xaf\x4a\x2c\xb4\xcc\x9b\x95\x98\xc2\x98\xf0\x42\x64" "\x1d\xa6\xb4\x9c\xb8\x9f\x0a\xe4\x99\x68\x1d\x77\xbb\xc3\xa7\x9b\xb0\xe8" "\xff\x2b\x98\x3b\xc9\x9e\xaf\x32\x50\x34\x13\xcf\x5e\xda\xc6\xa7\xfb\x80" "\x47\x6f\x8d\xce\xf6\x9d\x17\x41\xdf\x80\x65\xb0\x6f\x1f\xe7\x53\x95\x78" "\x18\x36\x45\xca\xad\x94\x16\xe0\x3d\x00\x1d\xba\xb6\x10\x3a\x16\xca\xd9" "\x8b\xc7\x21\x2e\x7d\xaf\xbd\x35\x19\x05\x9c\x8d\xc3\xa1\x54\x14\xa2\x45" "\x6f\x75\xe8\xf4\x74\xd6\x99\x0a\x7c\x52\x02\xd4\x2e\x04\xfa\xc3\xb5\x91" "\x7e\x05\x6e\xb5\x62\x93\x0f\x9d\x38\x8f\xd1\x8e\xe6\x45\xb7\x97\xf3\x8b" "\xd1\x0c\x76\x52\x50\xa1\x11\xe4\x8e\xee\xda\x8f\x31\x0d\x02\x55\x26\xad" "\x78\xda\x1c\x13\xcf\xd0\xe3\xa5\x95\x85\x9d\x2b\x37\x08\x87\x56\x72\x37" "\x69\x99\x13\x4c\x68\x39\x0f\xf6\x62\x84\x7b\x24\x0a\xae\xbd\xce\x27\x72" "\xdf\x67\xbc\xc4\x14\xd9\x90\x5f\x7a\x34\x48\x03\xbb\xdf\xa7\x1f\x4b\x2c" "\x7c\x28\xb2\xe9\x95\x80\x5d\x4c\xaf\x3f\xee\x84\x4d\x70\xb9\xe8\x59\x0b" "\xf1\xa8\x6c\x12\x33\x02\x33\xb5\x0e\xa2\x4f\x34\xad\xe8\x8d\x98\x9c\x9c" "\x29\xda\xac\x01\x73\xd1\xb1\x61\x9f\x66\xa4\x42\xe1\x43\x5e\xff\xb1\x9a" "\x11\x59\x25\x73\x8e\xd7\xea\xca\x5b\x1e\x0f\x53\xe3\x57\x83\xc4\x77\x55" "\x94\x1d\x63\x3c\x24\xb2\xe5\x05\xbd\x5a\x3d\xa4\xf0\x2a\xab\x98\x21\xe8" "\xa8\xca\xcf\xbc\x4f\xdf\x31\xe1\x29\xbc\x40\xc4\xc5\xd7\xa2\x19\x78\x48" "\xa6\x4b\x7f\x98\x54\xf3\xd0\xa7\x15\xd1\x5d\x8f\xa8\x62\xcd\x10\xc8\x24" "\x3c\x5d\xdb\x1e\x11\x25\x7d\xc6\x7b\x1d\x21\x74\xcf\xb5\x50\x46\xf6\xbe" "\xaf\xf1\xc8\x86\x60\x0d\x05\xa4\x9f\xae\xf2\x90\xc7\xda\x43\xe9\xed\x4d" "\x10\x37\x0a\x7b\xa6\x06\x81\x16\xf2\x78\x0f\x7f\xa3\xfd\x8e\x08\xe4\x08" "\x19\x20\xaf\xf1\x18\x57\xd1\xff\x7a\x1d\x71\x88\x73\x73\xf4\x18\xcf\xa6" "\x58\xce\xbd\xf2\xd7\xff\x4c\x51\x4e\x7c\xcd\xd8\xe7\xf9\x2e\xd4\x7b\xc2" "\xb7\xd6\xc0\x18\x34\x2d\x74\xd0\x41\xff\x81\x5e\x3b\x4d\x91\xbc\xb5\xf1" "\x93\x98\x6e\x18\x89\x3c\x63\xed\xf9\xf5\x64\x09\x25\xef\x33\xa8\x92\x8a" "\x0b\x6c\x65\xcc\xf5\x1b\x5c\xdd\x51\x33\x4b\x5b\x20\xab\x5c\xc2\x37\xe7" "\x2f\xa9\xca\x05\x50\xc2\x21\x42\xe5\x16\x15\x30\x35\xde\xf2\xd8\x76\x37" "\x86\x1a\xff\x5c\x2c\x41\x72\xb3\xf5\xe9\xbc\xeb\x3f\xf6\x90\xb5\x00\xf2" "\x56\xce\x90\x0e\xd6\xd4\xe0\x55\x0d\x7a\x0e\x40\x39\x6e\xdb\x0d\x64\x24" "\xee\x4d\x67\x51\x4a\x48\x2c\xf3\x74\x28\xc4\x31\x31\xc0\x6a\xb1\xf5\xab" "\x95\xc6\x18\x0a\xad\x6f\xe8\x92\x33\x3d\x4b\x77\xac\xb6\x47\x3c\x6d\xca" "\x6b\x6d\x20\x07\x47\xdf\xaa\x35\x70\x5c\x7f\xbe\xe3\x00\xb5\x4c\x54\xd7" "\xf2\x90\x38\x4d\xa5\x9d\xfc\x1d\x3e\x73\x48\x14\xa2\xb1\x22\x85\x09\x28" "\xc0\x12\x51\xf1\x29\x77\xb3\xa9\xe7\x15\xb7\xbd\x82\x3f\x1b\x84\x51\x08" "\xe5\x01\xa2\x48\x59\xe6\xfe\x1c\xd1\xad\x40\x50\x97\xf1\xbb\x5f\x16\x0c" "\x87\x9c\x80\x60\x6b\x1d\x4a\x05\xe0\x48\xbd\xed\xf9\x56\xee\x31\xcb\x85" "\xa5\xfc\x4a\xf9\xa1\x14\xa1\x87\x76\xb8\x53\x0f\x96\x8a\xbe\xb9\x3e\xa2" "\xad\xe5\x86\x95\xce\xdb\xad\x8d\x0f\x87\x67\x19\x56\x59\x9f\x08\x28\xab" "\x84\x38\xf7\xd0\xdb\x5c\xa6\xf8\xce\xc8\xe5\xe3\x44\xf0\xd3\x24\x41\x05" "\x92\x4f\xfc\x10\xeb\x70\xec\xb7\x40\x5e\xb0\xae\x86\xe2\x0f\x94\xa4\x96" "\x3c\xa1\x27\x43\xfb\x37\x5b\xdc\x61\x13\x75\x45\xbe\x1c\x68\x97\xfe\xac" "\x63\x49\xcc\xbd\x98\xa5\x94\x82\xcf\x23\x98\x0c\xc4\x8e\x0b\x51\xf1\xc2" "\xa8\x59\xdd\x1c\x9f\x9d\x88\x63\x49\xf9\x0a\x67\x20\x26\x84\x53\x42\xf9" "\xee\x0f\xe8\xb8\x52\x0c\x33\xe1\x83\x9d\x24\x35\xec\xed\xa7\xf6\x32\xef" "\xe7\xf5\x83\x69\x81\xb0\x54\x05\x27\xd4\x12\xbf\x54\x41\x59\xe4\xa9\x00" "\x32\x52\xf7\x45\x06\x07\x8f\xfa\xdf\xa1\x7b\x8d\x48\x3c\x20\x18\xc8\x7b" "\x3e\xa0\x7f\x79\x0f\x6f\x3c\xf5\xc7\x37\xcd\x0d\xf8\xa9\x98\x90\x01\x28" "\x1e\x06\x39\x91\xf7\xdc\x8f\x86\xe0\x5b\x1c\xf0\x0d\x59\x6e\xc7\x25\xb0" "\x5d\xf3\xf2\x1c\x30\x60\x44\x0d\xce\x37\x6d\x5e\x6a\x4b\xda\xe5\x7c\x40" "\x36\x36\x0d\xa3\x5b\xdf\xed\x49\x10\xa9\xb4\xf2\x95\xe9\x1a\x66\xae\x0b" "\x3f\x47\xee\xb1\x59\xc0\x25\x31\xf4\xed\x1f\x59\x91\x64\x39\x79\xef\x43" "\x25\x9c\x2c\xbb\xce\xa7\x88\x49\x77\x6f\x98\x3e\xdd\x8f\x6c\x71\xa9\xd0" "\xde\xbb\x69\x28\x03\xa8\x0a\x9e\x91\xfd\xd3\x06\x46\x16\x0a\x1e\xe0\x00" "\x16\x2e\x50\x24\xe6\xea\x60\xa3\x37\xe9\xe1\xbc\x16\xf5\x1a\x4f\x6b\x7a" "\x2a\xc3\x1c\x84\xc8\x0c\x8f\x8e\x6d\x7b\xbf\x25\x67\xca\xcf\x36\xd4\x27" "\xeb\x75\x95\xb6\xbf\x99\xcb\x6e\xab\x4f\xf4\x30\xba\xcd\x13\x7c\x0f\x3f" "\x97\x4a\xfd\xb2\xc6\x99\x96\x7f\x9f\xc2\x57\x4a\xe6\x4f\xe2\x84\xa6\x3f" "\x7f\x66\x93\xe9\x58\x5e\x7a\xdb\xea\x19\x1f\xff\xeb\x9e\xff\x8f\x3e\x0e" "\x8f\xa6\xe6\xe7\x05\x4d\xc1\x78\xfb\x67\x89\x16\x27\x2f\xa1\x52\xba\x9d" "\x11\x8f\xea\x38\x28\xcf\xc5\xa2\x5c\xb0\xc8\x5f\xbb\x41\x68\x1f\x46\xaa" "\xa6\xcb\x43\x17\x68\x0d\x75\x3b\xe5\x82\xd3\x55\xd9\x02\xa7\x48\x99\x4c" "\x5a\x3b\x2e\x33\x8a\x3c\x65\x4f\x65\xcc\xaa\xc8\x29\x23\xdb\x89\xb8\x6e" "\x65\xe2\x7e\x2b\x80\x47\xd1\x31\x4b\x6b\x94\x44\x7f\x0b\x3e\x75\xaa\xb8" "\x0f\x52\xa3\xd1\x1c\xb7\x4d\x62\x21\xaf\xbe\xc4\xe2\x03\x25\x83\x56\x87" "\x54\x64\xd2\x6a\x74\x59\x1b\x07\x96\x35\x85\x7d\x73\x20\x60\xb6\xf0\x61" "\x46\x58\x40\xb0\xa4\x6d\x6f\x3d\xc1\xda\x7d\x49\xc5\x11\xe9\xc9\xb1\xde" "\x16\xec\x60\x64\x0f\x75\xcf\x70\x59\xab\xcf\x80\x97\x59\x51\x2f\x81\x96" "\xe9\x5c\x7a\xc6\xd0\x20\xe5\x85\xe7\x25\x22\xe3\x05\xb9\x07\xe9\x5f\x64" "\x05\xde\x1c\xe7\xdb\x90\x74\x7e\xdb\x1c\x02\x4e\xf5\x69\x59\x96\x55\x86" "\x6c\xb6\x7f\x0b\x0c\xda\x72\xc2\x62\x7e\xc0\x39\x00\x64\x21\xb2\xc4\x70" "\x4b\x76\xaf\x62\x2d\xe9\xc6\x56\x23\x8a\x27\xe9\xf2\xa1\x16\x41\x63\xe2" "\x58\xbc\xcd\xa6\xd2\x65\xcc\x1d\xf2\x36\x88\xc8\x6e\xdb\x83\xde\x1f\xbe" "\xe1\x4d\x38\x4d\x2f\x78\xcd\x9d\x4f\x4e\xff\x2c\x1f\xb2\x4f\xe8\xae\xea" "\x00\x2a\xc5\xd0\x05\x97\x96\x8c\x30\xd1\x0c\x9f\xfd\xc5\xb8\x4f\x72\x9c" "\x89\x15\x79\x72\xa3\x42\x7d\xe7\xeb\x2d\x39\x5a\x5c\x2c\xa9\x87\xff\x01" "\xc4\xdb\x2c\x75\xee\xdb\x24\x2d\x9b\x81\x8c\xd7\x44\x7b\xaf\xb6\x1e\x46" "\xe5\x22\xb0\xa4\x35\x39\x9b\xab\x62\xea\xa3\xa8\xc6\x99\xd8\x12\xdc\x2d" "\x96\xec\x4f\xe8\x7f\xa2\x60\x6d\x34\x79\x27\x7e\x5a\x7b\x3a\x03\x74\xc0" "\x26\xff\xbe\x37\x26\xb6\x91\x71\xf8\xa7\x46\xca\xaf\xf0\x16\xda\x48\x2b" "\x8b\xe5\x82\x34\x05\x4d\xf7\xbc\x96\x3c\x20\x5f\xb0\xc4\x1e\xf3\x9a\x6f" "\x26\x2c\x57\x0e\x8f\x0e\xbd\x9c\x17\x07\xcd\xc3\x03\x9c\x50\xfe\xa2\xe1" "\xa6\x40\x65\xf6\x47\x7c\x55\x1c\xce\x3d\x38\x7f\x5c\x2d\x74\x8a\x75\x82" "\x8f\xc5\xa3\xb8\x94\xe7\x24\x3b\x6b\xbf\x6b\x63\x65\x59\x19\x12\x5d\x63" "\xc9\x4d\xae\x15\x88\xd1\xda\x71\x79\x8e\xe4\x8a\x27\x42\x95\xe3\x1a\xb2" "\x57\x7b\xb7\x61\xa4\x9e\x64\x9e\x3e\xac\x3b\x52\xc1\xe6\xd5\x2d\x20\xf0" "\x5a\x4c\xba\xc2\xe5\x48\xa1\x0b\x78\x33\xc7\xcc\x5a\x06\xa4\x5b\xc9\x1a" "\xe9\x6e\x80\xe9\xb9\xa1\xad\x19\x7c\xd6\x3b\xd2\x37\x9f\xf6\xbe\xff\x6a" "\xc8\x80\x61\x18\x36\x19\x0a\x45\x6d\xe8\xec\xba\xc8\x2a\xf0\x3b\x36\x17" "\xf4\x3e\x79\x6e\xa5\x84\xf6\x6d\x62\x65\xc2\x04\xf8\xf8\x15\x93\x7c\x77" "\xe8\x3e\x0b\x35\x65\x6e\xa3\x5d\x0f\x91\x64\xfb\x6d\xd0\xa4\x5a\xde\x6f" "\x21\x96\x80\x64\x9e\x83\xc0\xd5\x2b\x07\xb1\x42\xc0\x0b\x3d\xd7\x65\x07" "\x15\x99\x22\xd0\x3c\xcf\xa3\x21\xd7\x9a\x3a\xa0\xf8\x33\x4f\xac\x81\xdd" "\x5f\x9d\xa6\x91\x53\xd9\xfe\xa7\xd2\x02\xbf\xef\x16\x39\x0d\x27\xb4\x62" "\xd2\x39\x62\x82\xaf\x86\x97\xe2\xf8\xfa\x90\x3f\x51\xec\x95\xf2\x08\x7f" "\xe7\xbe\x66\x70\x67\x55\x8a\xde\x4f\x9e\x05\x30\x89\x7a\x9a\xdf\xf8\xa9" "\x30\xff\xbf\x8c\xf9\x02\xd6\xb8\x32\x98\x26\xd0\x76\x32\xa5\x81\xc7\xd1" "\x45\x74\x12\xf1\xab\xfa\x3b\xc7\x88\x93\x92\x79\xf6\x47\xd1\x00\xfe\x91" "\x41\xc3\xe4\xb1\x74\x62\x7c\x77\xeb\x4a\xbf\xc2\x47\xc0\xc7\x38\xc3\x8d" "\x6c\x79\x6b\x5f\x82\x34\x93\xfb\xf2\x3b\x28\x6a\xf0\x2a\xe2\x68\xf2\x3a" "\x51\x8a\xf0\x19\x55\x35\xab\x69\xaf\x4e\x68\xf0\x8b\x51\x3e\x21\x4a\xe4" "\xa2\xef\x60\xb3\xf8\x8a\x42\x7d\xa1\xf3\x3a\xfa\xc9\xb1\x29\xd4\xcc\x75" "\x7c\xae\xa0\xd1\x94\xa3\xcc\xbf\x5b\xb5", 4096); *(uint16_t*)0x200000002684 = 0x1000; syscall(__NR_write, /*fd=*/r[0], /*data=*/0x200000001680ul, /*len=*/0x1006ul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; use_temporary_dir(); loop(); return 0; }