// https://syzkaller.appspot.com/bug?id=da8d0f300157c342f3922aa936635922202b3260 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, loopfd = -1, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } errno = err; return res; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define FUSE_MIN_READ_BUFFER 8192 enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, FUSE_GETATTR = 3, FUSE_SETATTR = 4, FUSE_READLINK = 5, FUSE_SYMLINK = 6, FUSE_MKNOD = 8, FUSE_MKDIR = 9, FUSE_UNLINK = 10, FUSE_RMDIR = 11, FUSE_RENAME = 12, FUSE_LINK = 13, FUSE_OPEN = 14, FUSE_READ = 15, FUSE_WRITE = 16, FUSE_STATFS = 17, FUSE_RELEASE = 18, FUSE_FSYNC = 20, FUSE_SETXATTR = 21, FUSE_GETXATTR = 22, FUSE_LISTXATTR = 23, FUSE_REMOVEXATTR = 24, FUSE_FLUSH = 25, FUSE_INIT = 26, FUSE_OPENDIR = 27, FUSE_READDIR = 28, FUSE_RELEASEDIR = 29, FUSE_FSYNCDIR = 30, FUSE_GETLK = 31, FUSE_SETLK = 32, FUSE_SETLKW = 33, FUSE_ACCESS = 34, FUSE_CREATE = 35, FUSE_INTERRUPT = 36, FUSE_BMAP = 37, FUSE_DESTROY = 38, FUSE_IOCTL = 39, FUSE_POLL = 40, FUSE_NOTIFY_REPLY = 41, FUSE_BATCH_FORGET = 42, FUSE_FALLOCATE = 43, FUSE_READDIRPLUS = 44, FUSE_RENAME2 = 45, FUSE_LSEEK = 46, FUSE_COPY_FILE_RANGE = 47, FUSE_SETUPMAPPING = 48, FUSE_REMOVEMAPPING = 49, CUSE_INIT = 4096, CUSE_INIT_BSWAP_RESERVED = 1048576, FUSE_INIT_BSWAP_RESERVED = 436207616, }; struct fuse_in_header { uint32_t len; uint32_t opcode; uint64_t unique; uint64_t nodeid; uint32_t uid; uint32_t gid; uint32_t pid; uint32_t padding; }; struct fuse_out_header { uint32_t len; uint32_t error; uint64_t unique; }; struct syz_fuse_req_out { struct fuse_out_header* init; struct fuse_out_header* lseek; struct fuse_out_header* bmap; struct fuse_out_header* poll; struct fuse_out_header* getxattr; struct fuse_out_header* lk; struct fuse_out_header* statfs; struct fuse_out_header* write; struct fuse_out_header* read; struct fuse_out_header* open; struct fuse_out_header* attr; struct fuse_out_header* entry; struct fuse_out_header* dirent; struct fuse_out_header* direntplus; struct fuse_out_header* create_open; struct fuse_out_header* ioctl; }; static int fuse_send_response(int fd, const struct fuse_in_header* in_hdr, struct fuse_out_header* out_hdr) { if (!out_hdr) { return -1; } out_hdr->unique = in_hdr->unique; if (write(fd, out_hdr, out_hdr->len) == -1) { return -1; } return 0; } static volatile long syz_fuse_handle_req(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { struct syz_fuse_req_out* req_out = (struct syz_fuse_req_out*)a3; struct fuse_out_header* out_hdr = NULL; char* buf = (char*)a1; int buf_len = (int)a2; int fd = (int)a0; if (!req_out) { return -1; } if (buf_len < FUSE_MIN_READ_BUFFER) { return -1; } int ret = read(fd, buf, buf_len); if (ret == -1) { return -1; } if ((size_t)ret < sizeof(struct fuse_in_header)) { return -1; } const struct fuse_in_header* in_hdr = (const struct fuse_in_header*)buf; if (in_hdr->len > (uint32_t)ret) { return -1; } switch (in_hdr->opcode) { case FUSE_GETATTR: case FUSE_SETATTR: out_hdr = req_out->attr; break; case FUSE_LOOKUP: case FUSE_SYMLINK: case FUSE_LINK: case FUSE_MKNOD: case FUSE_MKDIR: out_hdr = req_out->entry; break; case FUSE_OPEN: case FUSE_OPENDIR: out_hdr = req_out->open; break; case FUSE_STATFS: out_hdr = req_out->statfs; break; case FUSE_RMDIR: case FUSE_RENAME: case FUSE_RENAME2: case FUSE_FALLOCATE: case FUSE_SETXATTR: case FUSE_REMOVEXATTR: case FUSE_FSYNCDIR: case FUSE_FSYNC: case FUSE_SETLKW: case FUSE_SETLK: case FUSE_ACCESS: case FUSE_FLUSH: case FUSE_RELEASE: case FUSE_RELEASEDIR: case FUSE_UNLINK: case FUSE_DESTROY: out_hdr = req_out->init; if (!out_hdr) { return -1; } out_hdr->len = sizeof(struct fuse_out_header); break; case FUSE_READ: out_hdr = req_out->read; break; case FUSE_READDIR: out_hdr = req_out->dirent; break; case FUSE_READDIRPLUS: out_hdr = req_out->direntplus; break; case FUSE_INIT: out_hdr = req_out->init; break; case FUSE_LSEEK: out_hdr = req_out->lseek; break; case FUSE_GETLK: out_hdr = req_out->lk; break; case FUSE_BMAP: out_hdr = req_out->bmap; break; case FUSE_POLL: out_hdr = req_out->poll; break; case FUSE_GETXATTR: case FUSE_LISTXATTR: out_hdr = req_out->getxattr; break; case FUSE_WRITE: case FUSE_COPY_FILE_RANGE: out_hdr = req_out->write; break; case FUSE_FORGET: case FUSE_BATCH_FORGET: return 0; case FUSE_CREATE: out_hdr = req_out->create_open; break; case FUSE_IOCTL: out_hdr = req_out->ioctl; break; default: return -1; } return fuse_send_response(fd, in_hdr, out_hdr); } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 6; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[4] = {0xffffffffffffffff, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20003b80, "/dev/fuse\000", 10); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20003b80ul, /*flags=*/2ul, /*mode=*/0ul); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000040, "fuse\000", 5); memcpy((void*)0x20000080, "./file0\000", 8); memcpy((void*)0x20002240, "fd", 2); *(uint8_t*)0x20002242 = 0x3d; sprintf((char*)0x20002243, "0x%016llx", (long long)r[0]); *(uint8_t*)0x20002255 = 0x2c; memcpy((void*)0x20002256, "rootmode", 8); *(uint8_t*)0x2000225e = 0x3d; sprintf((char*)0x2000225f, "%023llo", (long long)0x4000); *(uint8_t*)0x20002276 = 0x2c; memcpy((void*)0x20002277, "user_id", 7); *(uint8_t*)0x2000227e = 0x3d; sprintf((char*)0x2000227f, "%020llu", (long long)0); *(uint8_t*)0x20002293 = 0x2c; memcpy((void*)0x20002294, "group_id", 8); *(uint8_t*)0x2000229c = 0x3d; sprintf((char*)0x2000229d, "%020llu", (long long)0); *(uint8_t*)0x200022b1 = 0x2c; *(uint8_t*)0x200022b2 = 0; syz_mount_image(/*fs=*/0x20000040, /*dir=*/0x20000080, /*flags=*/0, /*opts=*/0x20002240, /*chdir=*/0, /*size=*/0, /*img=*/0); break; case 2: memcpy((void*)0x20002740, "./file0/file0\000", 14); syscall(__NR_setxattr, /*path=*/0x20002740ul, /*name=*/0ul, /*val=*/0ul, /*size=*/0ul, /*flags=*/4ul); break; case 3: res = syscall(__NR_read, /*fd=*/r[0], /*buf=*/0x20000180ul, /*len=*/0x2020ul); if (res != -1) { r[1] = *(uint64_t*)0x20000188; r[2] = *(uint32_t*)0x20000190; r[3] = *(uint32_t*)0x20000194; } break; case 4: *(uint32_t*)0x200021c0 = 0x18; *(uint32_t*)0x200021c4 = 0; *(uint64_t*)0x200021c8 = r[1]; *(uint64_t*)0x200021d0 = 7; syscall(__NR_write, /*fd=*/r[0], /*arg=*/0x200021c0ul, /*len=*/0x18ul); break; case 5: memcpy( (void*)0x20007140, "\x49\xbb\xc2\x16\xe4\x29\x7a\xd6\x82\xd9\x53\x2c\xb3\xd8\xa6\xed\xbe" "\x42\x1b\xb1\x13\xc1\xd8\x40\x89\x25\xe9\x30\x83\x41\xe5\xf0\xa8\x0a" "\xc2\x10\x56\xe8\x83\x17\xb0\x76\xd3\x23\x2e\xa4\xad\x87\xf5\xc0\xe7" "\xb3\x32\xd0\xd0\xd8\x75\x0d\x43\xff\xd5\x4e\x72\x02\x17\x56\x10\x48" "\x45\x95\x42\x1e\x0a\xa1\xb7\x9f\xa6\x74\x65\x2f\x8d\x64\xcf\x41\x84" "\xb7\xa8\x05\x1b\x46\x32\xa7\x51\x20\xf0\x2b\x18\x3c\x14\x44\x2c\x34" "\x1d\x75\x88\xbd\x1c\x54\x69\xd3\xdf\x34\xea\x5f\x09\xf8\x82\x85\xd6" "\xda\xcd\x1c\x50\x57\xf6\x14\x3c\x9f\xdb\x9b\x50\x33\xc4\xf6\x8e\x7d" "\x45\xc7\x78\xd4\xe0\x3c\x2b\x2d\xa7\x3e\x81\x9d\x9f\x69\x71\x68\xd1" "\x7b\x0d\xdd\x40\xdc\x39\xb7\xa5\x64\x72\x1d\xd7\x12\xce\x34\x24\x01" "\x16\x86\x02\x03\x99\x37\x88\xf6\x33\x62\x81\x9d\xd9\x1b\x2b\x7c\x28" "\xd1\xed\x45\xae\x67\x9c\xd4\xc3\xcc\xd3\xc4\x94\x43\xb5\xfa\xb0\x00" "\x63\xf8\xb9\x32\xcf\x6a\xa4\xab\x0e\x80\xf0\x66\xb0\xa7\x61\x70\x7d" "\x3e\x2d\xaf\x9b\x70\x74\x45\x68\x0e\xb0\x0c\x53\x10\x9f\xfa\xf2\xe2" "\xaa\x4b\xfa\x72\x8f\xee\xbd\xee\x12\xae\x78\x1c\x1e\xe7\xb3\x7f\xbf" "\x8e\x59\xd0\x5c\x40\xce\xcf\xd5\xa9\xea\x5d\xae\x8a\xec\x32\x2b\x82" "\x9b\x35\xa7\x64\xa8\xab\x7a\x1a\x15\xa9\xb5\xc7\x79\x46\x5c\x7c\x95" "\x0e\xfe\x88\x56\x48\x1e\x74\x97\xbd\xae\x69\x30\xaf\xb3\x98\xd2\xa2" "\x86\xe6\x92\x87\x8b\xa2\x3e\x73\xa3\xc9\x8c\xa3\xd7\x84\x54\x27\xc3" "\x8a\x7e\x42\xad\x85\x78\x4c\x19\xde\x8d\xa6\x88\x09\xed\x8a\xc3\xf0" "\x85\x8a\xf8\xbe\xb8\xd2\x18\x41\x3a\x5a\xd6\xf5\xc7\xf8\xce\x3e\x61" "\x1d\x6a\x8f\x55\x04\xcf\xdf\xae\x75\x56\x68\xdc\x59\x41\x22\x85\x19" "\x9f\xb4\xeb\x77\x4b\xd1\x87\xb2\x40\x9e\xa1\xee\x65\x85\xe7\x6b\x93" "\xcc\x79\x51\x6f\x45\xeb\xc3\xcd\x6f\xfe\xf2\x99\x26\xbb\x38\x93\x73" "\x18\x18\xea\xb4\xf8\x9d\x7e\x63\x14\x08\x55\xaa\x08\x9b\x04\x1a\x7b" "\x46\x07\x87\xf8\x90\x8c\xc4\x0f\x97\x93\xe8\x1d\x24\xed\xc5\xea\xbc" "\x20\x6b\x05\xe3\x2c\x32\x9a\xa8\x74\xd0\x29\xa5\xa6\xbc\x76\x22\x66" "\x6d\x04\xd5\x42\xdf\x51\xff\xbc\xa0\x82\xe9\x06\x4c\x10\xd7\xda\x7b" "\x68\x37\x59\x51\x29\x96\x3e\x30\xf7\x11\x60\x9e\x9d\x1e\x5b\x49\x79" "\xd5\xdd\x89\x3a\xb3\xdc\xed\xf7\x26\xae\x42\x53\x13\xfe\xdd\xf1\x1f" "\x20\x25\xdb\x4a\x51\xd0\x92\xa8\x08\x8a\xf5\xfb\x2b\xa8\x56\xbd\x8e" "\x91\xcc\x5c\x7c\x41\xef\x8e\x42\x86\x15\xc0\xb9\xd3\xc7\xe2\xab\x71" "\x34\x0e\x71\xd9\x8f\x33\x5d\x5b\x3b\xf6\x17\xf7\xba\x06\x81\x18\x51" "\xbe\x27\xee\x8f\x8b\xf6\x79\xbd\x3e\x59\xf3\xe6\x6b\x60\x42\x41\x81" "\xb3\x69\xb7\xd1\xbc\xed\x9b\x29\xfc\x1c\x4f\xfd\xc9\x41\x9d\x4f\x66" "\xb9\x7a\xad\x8d\xd3\x2b\xf2\x02\xa6\xdd\x85\x86\xd1\xc4\xb0\xa0\xa8" "\x19\x00\x60\x7a\x98\x0b\xfe\xcb\x19\xe1\x48\x94\x37\xe3\xaa\xe2\xff" "\x3a\x5e\xf3\xb5\x3e\x35\x52\x20\x93\x66\xff\x73\x9e\x69\x97\x0a\x09" "\x30\x50\x2a\xbf\x9a\x79\x76\x35\x3a\x36\x5e\x88\xa2\x97\x55\xb7\x43" "\x08\xd9\xbc\x50\x45\x93\x5e\xc5\xe4\xc6\x0e\x3a\xdf\xbc\xfd\x57\x9e" "\x15\xd0\xb8\x90\x28\x5d\xcc\x0c\xc7\xe3\x4a\xd9\x61\xb0\xa1\x1f\x60" "\xad\xed\x59\xa8\xe8\xbc\xa4\x01\x24\xdc\xc0\x1c\x3a\x99\x75\x82\x07" "\x10\x8a\x3f\xe4\x18\x16\x92\xa3\xa0\xf7\x55\xff\x80\x73\xd9\xc6\x79" "\x5c\x82\x40\x75\x1d\x7b\xa2\x32\x80\x97\x10\x66\x4b\x13\x88\xac\xbb" "\xb7\x94\x65\x01\x8f\xab\x33\xde\x99\x68\x7a\x32\x1a\xaa\xfc\x9b\x25" "\xb3\x8c\x83\xee\xad\xd1\xb3\xff\xc5\x5b\xd3\x43\x69\x9a\x00\xe0\x8b" "\x56\xa8\x1b\x0e\xac\xd2\x6d\x6b\xc4\x34\x06\x1d\xcc\x18\xed\x05\x25" "\x2b\x66\x90\x28\x4f\x06\x84\xd1\xf7\x80\xc5\xc1\x1d\xcb\x81\x14\x7b" "\xdc\xd9\xb9\x7f\x5a\x80\x99\x0d\x03\x9c\x66\x94\x36\xe7\xb6\x1c\x89" "\xc5\x04\x8f\xfc\x3f\x98\x49\x8a\x5d\x39\x4c\xd5\x90\xb7\x5a\xb5\xd1" "\x70\x71\x58\xca\x7f\x34\x0a\xba\x10\xb0\x9c\x0e\x8c\x22\x12\xfa\x90" "\x35\x88\x50\x56\x77\x30\xda\x7d\xef\xd9\x09\x07\x22\x07\x6c\x14\x49" "\x53\x93\x1a\x76\x24\x4e\xd3\x77\x12\x75\x5d\xde\xa3\x36\x6b\x00\x2a" "\x1e\xae\xf5\xb0\x64\xa8\x66\x02\xd4\x2b\x38\xa1\xf9\x84\xfb\x1e\x96" "\xab\x6e\xc4\xcd\x89\x27\x1c\x4d\xb9\x8e\x5e\x22\x13\x20\xda\x02\x3c" "\xbc\x54\xf2\x9a\xde\xeb\x1b\x68\xb2\x6e\x8a\xfe\xc0\x69\xb4\xbc\x0f" "\x70\x2d\x11\xf3\xeb\xfe\x52\x94\x04\x96\x21\xab\xf7\xcc\x40\xf6\x24" "\x30\x8d\x9c\xcf\xff\x51\x98\xfe\x43\x46\x61\xd9\xbb\xef\x85\xec\xcd" "\xd8\x98\x3c\x7f\x83\xb9\x05\xf7\x28\x87\x62\xe9\xcb\xf9\xc4\x49\x0b" "\x65\x20\x4f\xb0\x73\x0f\x15\xc9\xed\xb8\x2b\x84\x7f\x63\xfd\x3c\xa5" "\x58\x36\xf8\x79\x0a\xe4\x56\x3b\x79\x9e\x82\xf5\x78\x22\x31\xf5\x2c" "\xb2\x78\x9c\x1a\x82\x95\xee\xd8\xed\x8a\x46\x8f\x64\xd5\x9f\xe4\x0d" "\xbe\xf0\x51\x90\xdf\xd5\x78\x13\x28\x3a\x56\x6d\x8b\xd1\xee\x2f\xe5" "\x77\x2b\x22\x30\xab\x39\x0c\xd0\xe1\xce\x5b\x41\x29\x55\x25\xd2\x3e" "\x11\x1a\x09\xb1\x91\xba\x1e\x36\x2c\x5e\xe5\xe0\x69\x13\x71\xf1\xd0" "\x65\xb3\xfb\xb6\xab\x82\xeb\x5d\x88\x3a\x2b\x6b\xf6\xb6\x92\xa4\x07" "\xa1\x02\x19\x60\x55\x75\x2f\x35\x62\x67\x6e\x2b\x9f\x58\x7f\x8f\x3c" "\x80\xc3\xca\xd6\x6b\x38\xe9\xad\x45\xd1\x84\x7b\x3c\x31\x78\x45\xa4" "\x7c\xb0\xef\x55\x6c\x3b\x46\x8d\x7e\x93\x8e\xae\x9c\xca\x24\xfb\x8c" "\x20\x97\x6c\x34\x09\x58\x8e\xd1\x62\x17\x6d\xba\x54\x63\x3c\xcd\xdb" "\x84\x47\x98\xc0\xea\xd8\x24\xe6\x8f\x57\xdd\xc4\xdb\x8d\xce\x68\xd5" "\x67\xaf\x57\x99\x78\x64\x72\xed\x2d\x63\x0f\x32\x18\xc0\xca\x2f\x55" "\x1b\x6f\xf9\x2b\xd4\x34\x93\x8a\x78\xaf\x78\x21\xe5\x56\xbf\xf5\x35" "\x5a\x83\xae\x30\x35\xfe\xc4\x36\x67\xdb\x50\x6a\x09\x0b\x19\x44\x86" "\x46\x4f\xce\x76\xb5\xe1\x42\xa7\x8f\x7e\x3e\xa6\xf1\xa5\xb5\x15\x8e" "\x9f\xc4\xe5\x34\x77\x82\x4a\xf4\x85\xeb\x0f\xc9\x99\x4f\x1c\x8e\x65" "\x02\x25\x42\xbf\x5c\x54\xbe\xb8\xec\x1a\xbe\xe3\xa2\x66\x7c\xda\xdd" "\xe8\x57\x7a\xc0\xf6\x42\xb1\x29\x71\x62\x0d\x4d\xa0\xef\x14\x84\xfc" "\x23\x50\x94\xf1\x87\x35\xd4\xf8\x86\x01\x00\xcf\xca\x0e\x12\x63\x4d" "\x60\x19\x5d\xa3\xc8\xbb\xa0\x57\xe3\x6a\x7b\x16\xf8\xbe\xba\x27\x61" "\xea\x44\xf9\xa3\x19\x0c\xec\x39\xe1\x29\xfa\x0b\x94\xf6\x96\x5f\x9e" "\xa1\x19\xb3\xc1\x11\x7e\xc5\x55\xf7\x89\x1b\xb6\xc1\x9f\xd2\xa1\x50" "\xda\x0e\x6e\xde\x94\x5c\x93\xfb\x4e\x50\x6c\x93\x56\x06\xe9\xa7\xdf" "\x42\x05\x95\xc1\x57\x31\xf9\x07\x79\xc6\xe5\xff\x57\x15\xea\xf8\x9f" "\x24\x16\xbe\xf2\xf2\xd3\xcf\x7c\x75\x34\xb0\x18\x74\xa0\x59\x20\x3a" "\x24\x6a\x21\xc9\x6d\x56\x2d\x1f\x89\xbd\xcc\x3e\x2a\xc5\xbb\x07\x4c" "\x0f\x8e\x01\xa9\x71\x87\xe6\xb1\x08\xa2\x52\x6e\xf9\x63\xde\x24\xdf" "\x06\x42\x2c\x46\x72\x81\x6c\x94\xf5\x99\x77\x58\x86\xac\xdb\x41\x53" "\xa3\xee\xe6\x0b\xa1\x31\x13\x36\xc0\xe4\xb0\xa2\x40\x94\x4b\x6f\x59" "\xdd\xc0\x86\x82\x5c\x6d\xa0\xbd\xbb\x63\xfa\xe7\x15\x78\xd0\xe7\xcd" "\xad\x63\x9d\x88\x05\x13\x04\x55\xc8\x6a\x80\x7a\x62\x46\x98\x50\xf4" "\x7a\xba\x2c\x98\xa3\x01\x81\x0b\x5e\x3a\xa8\x1f\x3a\xc7\x61\x0f\x7a" "\x64\x55\xba\x47\x56\x7e\x00\xb6\x84\x2c\x11\xe2\x14\x30\x02\x4b\xd9" "\x2f\x80\x55\xbd\x06\x58\x1b\x6d\x18\xf7\x4f\xda\x26\x39\x2b\x94\x07" "\xb6\x29\x47\xbd\x79\xea\x1e\xa0\xf2\x4b\x4b\x0c\x35\xea\x5d\xc3\xd7" "\x5d\x75\xe3\x4b\x5c\xf3\x3f\x1f\xbb\xe1\xa7\x20\x6f\x2f\xb6\x33\x31" "\x46\x40\x80\x72\x41\x9c\x01\x65\x5b\x13\x1e\x27\xbe\x0c\x93\xb0\xe1" "\x34\x90\xf1\xa0\x4c\x58\x0d\x2a\x2a\x96\x6e\x28\x74\xb2\xf0\x63\x80" "\x26\x52\x22\x96\x18\xeb\xc9\x1e\xcd\x3c\x80\x51\x0a\x81\x29\x19\x52" "\x18\x4f\xd5\x77\x90\xb2\x72\x23\x5c\x9f\x98\x24\x10\x72\x1f\x9c\x8a" "\x5a\x43\x4d\xea\x51\xd8\xb4\x39\x8f\xe6\x25\x81\x7d\x28\x9c\x0f\xcb" "\xbd\x0f\xc7\xaa\x04\x99\xc1\x24\xd6\x1b\x62\xd3\xe0\x2d\xdf\x1c\x5c" "\xc2\x3e\xc4\x64\x10\xdf\xb2\x86\x0a\x87\x31\x8e\xee\xbd\x2d\xb5\x90" "\x18\xef\xf0\x72\x17\xf7\xfc\xa8\xc5\x6e\xde\x1c\xd4\x37\x9b\x31\xae" "\x8f\xea\x7c\x65\x9f\x2f\xe0\xaf\x01\xe4\xdf\x3c\xc2\xd8\x01\x80\x79" "\xb1\x6b\x92\xe9\x99\xca\x28\xf5\x21\xf8\x30\xd5\x6b\x5d\x10\x91\xd2" "\xa6\xd2\x49\x2c\xdf\xe3\xd8\xdf\xe3\x96\xd2\x56\xe2\x11\x9d\x31\xc8" "\x58\xec\xa8\x59\xfb\xb2\x33\x99\xcc\x29\x6a\xfd\x3b\xa9\xc0\x8c\xe3" "\xaf\xf7\xe0\x33\xf7\xce\xa0\xe5\x0c\x43\x21\x46\x3c\x97\xde\x33\x80" "\xd7\xf3\xb7\xbd\x99\x57\xc2\x25\x79\x32\x3b\xd5\x21\x75\x07\xa2\x49" "\xe9\xf9\xd0\xd7\x3b\xb7\x91\x10\x46\xa7\x60\xd9\xab\xf9\xd0\x92\x3a" "\x59\xa8\x69\x69\x37\x6c\xbc\xd9\x6e\xd7\x6f\x0d\x23\x94\x72\x76\x90" "\x85\x05\xf8\x6c\x8d\xff\x7f\xa4\xcb\xd7\xed\xfc\x0f\x15\x86\x53\xa6" "\x24\xe6\xb9\x63\x03\x59\xa6\xae\x19\x3f\x1a\x6b\x4c\xc4\x47\xe2\xea" "\xb6\xfb\x4b\xa9\x98\x19\xbb\x93\x2d\xdf\xa0\xce\xb1\x24\xdf\xcc\xe2" "\x0e\xb8\xa6\xb9\xe1\x0c\xc8\x6b\xe2\x16\xc6\xfa\x0e\x55\x6b\xc3\xb6" "\x96\x46\x7c\x2e\x13\x4c\xe4\x48\x2f\x26\x46\xc4\x22\x97\xdb\x5d\x21" "\x49\x82\x65\xbe\x34\x20\x4f\x83\xc4\xa8\xbd\xb3\xad\xee\x9b\xbe\xb1" "\xb9\x55\x3a\x13\xb5\x7c\x72\x09\x8d\xf3\x2f\x10\xd0\xf3\x52\xef\x0c" "\xc1\x12\xf7\x69\x38\xfd\xf7\x54\xbe\xb0\x66\x7e\x40\xeb\xf5\x8e\x24" "\x81\x5e\x66\xf1\x99\x50\x48\x55\x50\x5a\x05\x1a\x61\x2d\xfa\xca\xee" "\xd0\xdf\x8b\x1b\xa6\x65\x08\x52\xbb\xdc\xff\x7d\xe4\xfa\x5e\xb9\x02" "\x59\x8d\x84\x52\xce\x32\x51\xd2\x42\xc2\xba\xb2\x5c\x25\x3e\xe3\xa3" "\x49\xc5\x81\x9d\xf2\x73\x0b\xba\x46\xa8\x6a\xbe\xa1\x2a\x90\xcc\x2d" "\x15\xc2\x2e\xa1\x18\xa7\x71\xe0\x7a\x58\xb3\x7b\x23\xfd\x1d\x60\x8f" "\xee\x78\xb1\x72\x20\x93\x3e\xd8\x9d\x49\x1a\x09\x83\x85\x13\x8f\xa8" "\x5d\xed\x4e\x99\x41\xbc\x32\xf3\x56\xde\xf8\x55\x54\x65\x25\x68\x35" "\x3b\xdb\xb4\xc8\xa3\xdf\x8c\xf7\xa0\xd0\xe6\xe9\x72\x79\x4f\xba\xcc" "\x0e\x85\xbb\x7c\x98\x9e\xe2\x93\xd4\xcd\x23\xc7\x2b\x90\x6b\x44\x5a" "\xff\x3f\x54\xd1\x5a\x52\x33\xcc\xe7\x45\xd3\x22\x21\x75\x0c\x04\x5b" "\xd5\xd4\x9b\x3d\xf4\xe3\x25\xf0\x7e\x8b\xa2\x78\x2b\x26\x07\x2b\x29" "\xd5\x4e\xd7\x62\x9a\x89\x2c\x37\x9a\x98\x4a\xf8\x40\x4f\xd5\xde\x05" "\x52\x98\xab\xd8\x42\x31\x73\xa2\x55\xc2\xd6\x27\xf9\xb3\x88\x7c\xa9" "\x7a\x57\xad\x8f\x55\xa2\x49\xc4\x36\xb4\x0b\x3e\xd9\x00\x11\x32\xd7" "\x9c\x82\x74\x08\x4f\x35\xce\x7d\x8b\xb6\x0d\x82\x28\x20\xc9\xc9\x80" "\xbf\x33\x35\x53\x09\xd1\x21\x07\xc7\xde\x4d\xf1\xd8\x83\x38\xdf\xe0" "\xfd\x36\x97\xf6\xd7\xbf\xd1\xc6\x7d\xed\x6a\xd0\xd8\x71\xf4\xa4\xcf" "\x87\x91\x04\x61\x37\x08\x39\xe9\x7f\x9b\xf9\x5c\x3f\x23\xbe\xc3\xc9" "\xe1\x0b\x13\x8e\xda\x00\xc0\x3f\x8f\x70\x78\x4b\xca\x4c\x15\xb0\xfb" "\x9b\x46\x6e\x47\x0b\xd1\x8f\xe0\xf1\xe1\xda\x19\x4d\x8b\xa6\xf5\x6c" "\x5d\xf5\x72\x2f\x86\xf8\xe4\x33\xb8\x7b\xd8\x2c\x2d\x8f\x90\x06\xfa" "\x59\x16\x6d\xd2\x6b\x50\x68\xaa\x35\xad\xda\xec\xaf\x56\xcf\x40\x6f" "\x8b\x36\xcc\x32\x2f\x13\x12\x15\x05\xf4\x0f\xc0\xad\x41\x0e\x7e\x64" "\xe7\x6f\x75\x81\xf1\x0e\xdc\xc7\xa1\x60\x5c\xca\x99\x6a\x59\x83\xb1" "\x9a\xaf\x6b\xc7\xc0\xba\xe5\x1f\x2b\xb3\x01\xa3\x9f\x1f\x47\x28\xdd" "\xb1\xc1\x64\xcd\x04\x95\x27\x55\x42\xef\xe8\x1c\x0b\x1a\x46\xe4\x40" "\x13\x66\xe4\xe1\xe5\x55\xbd\xd1\xe9\x4e\x1d\xdc\xd2\xd4\x90\x71\x62" "\x95\x92\x27\x46\x3a\x0a\x96\x4f\xcc\x0d\x0e\xda\x7e\x46\x48\x42\x6b" "\x04\xd1\x3d\x77\xb0\x30\x2d\x82\xb8\xdc\x16\x7d\x4c\xe0\x6c\xeb\x7f" "\x03\x20\x05\xc7\xce\x70\x0d\x96\x89\x7d\x97\xf6\xf4\xd4\x4b\xba\xca" "\xf0\x58\x16\xa1\xe7\xf0\x03\x7f\xa2\x6a\x82\xef\x90\xe1\xc6\x83\xab" "\x8c\x88\x9f\x17\x6a\xcf\xcb\x30\x5d\x32\xa1\x03\x88\x1f\x00\x67\xf2" "\x2c\xe1\x7f\xc7\x1c\x1d\x84\xf4\x5d\x59\x4b\x8c\x1a\x5a\xd6\xb3\xd8" "\xef\xd7\x15\xc8\x09\xf4\xbb\xe7\xd8\x1b\x59\xaa\x15\x94\x5e\xd1\x78" "\x46\x54\x15\xa0\x82\x0a\x10\x91\x33\xe2\x60\x85\x0c\xdc\x43\x7e\xe9" "\xf8\x92\x9b\x2c\xf8\x72\x4f\xd0\xcb\xe7\x70\xfe\x9b\xab\xf2\x98\x8f" "\xbc\xa6\x4b\xc3\x8a\x8b\x12\x45\x61\xb2\x46\xc7\xfc\x0d\x1a\xab\xad" "\x60\x62\x69\x28\xaf\x6a\xce\x4d\xa4\x94\x67\xdd\x46\x3c\xda\x21\x0e" "\xa1\xdc\x08\x0f\xf4\xea\xc5\x6f\x3a\x44\xd8\xb3\x0a\x72\xc3\xab\x70" "\xd8\xf3\x29\xbb\x29\x5c\xcc\x7e\xf2\x31\x2d\x8a\xdf\x5b\x98\xfa\x9b" "\x58\x0b\x8f\xe6\x1f\x73\x36\x08\x1d\x49\x13\x90\x92\x17\xd1\xba\x49" "\x71\xf0\x9a\x02\x17\x1e\x9f\xab\xda\x55\x7f\x90\x7a\xf9\x69\xe0\x25" "\xfc\x46\x5a\x3b\xc0\xdd\xaa\x12\x37\x0f\xb7\x52\x18\xad\x88\x58\x14" "\x42\x21\x89\xc7\x16\x21\xf4\x08\xc8\x1c\xc7\xda\xe9\x04\x01\xc4\xda" "\x0a\xe7\x65\x12\x44\xd3\xf7\x59\x13\x23\x21\x70\x7c\x8b\x34\x3e\x46" "\xd1\x36\xec\xec\x0d\xa1\x92\x2f\x0c\x95\x82\xf2\xcb\xc8\x70\x89\xae" "\xae\x16\x48\x95\x2c\x8a\x68\x2f\xa6\xaa\x96\xac\xc4\xdf\xb8\x29\x1d" "\x35\xb9\xc0\x3a\xb0\xb4\xc8\x0c\x80\x33\x11\xa6\x55\x21\xcb\xd8\xaa" "\x24\x9f\x83\xd4\x8a\xf2\x45\x7d\xa7\xe6\xd5\xf5\x07\x71\x08\x66\x09" "\x7b\x39\x9b\x4b\x7d\x15\x33\x94\xe7\xe9\x4d\x30\x47\x98\x08\x66\x21" "\xae\x14\xd2\xa0\x56\x8f\x8d\x39\xb1\xfc\xac\xe1\x44\x40\x12\x97\x87" "\xba\x1a\x9a\x62\x0b\x45\x64\x28\x54\x04\xc6\x50\xfb\xd1\x43\xe8\x6f" "\x4e\x8e\x6c\xc8\xb0\xf5\x5c\xeb\xb6\x55\x57\x15\x4f\x8e\x11\x7b\xe3" "\xb5\x99\x4b\xe9\xc3\xa9\xc7\x0d\x71\x63\x57\x30\xbe\x52\x50\x69\xfc" "\x0e\x62\x1c\x98\x80\x6c\x35\x90\xbc\x50\xf4\xd4\x4e\x50\xe1\x0a\xb6" "\x42\x67\xd3\x1b\x9d\x04\x75\x19\x0a\x99\x27\x99\xe8\xd5\xcd\xc8\x81" "\x93\x3c\x3f\x48\x61\xf8\xa0\x64\x98\xad\x4f\x0d\xe9\xa8\x85\xa4\x25" "\x9a\xda\x9b\xd0\xaf\xf1\x0b\x4e\x02\xa9\x95\xee\x1b\xb0\xc5\x9c\x0f" "\x39\x0f\x5c\x5f\x30\xcf\x9e\x58\x53\x45\x8d\x1c\x3a\x87\x23\x09\x4a" "\x22\x1f\xe9\x2a\x28\x73\xeb\x8d\x72\x22\x9f\x78\x75\x98\x70\xc8\x85" "\x95\xef\x07\x90\xc5\x45\x76\x97\x78\x5a\x4c\xff\x22\x3e\xf0\x01\x42" "\xdb\xf9\x8b\x2f\xdc\xf5\xbe\x9d\x4a\x53\x79\xc2\x06\x32\xad\x52\x6f" "\x03\x6c\xe7\x32\xe3\x49\x67\x3a\x03\x37\x1b\xf9\x41\x56\x06\xff\x63" "\x28\xcc\x08\x8d\x47\xbe\x8f\x46\x52\xc8\x75\x7c\xab\x27\x5e\x42\x89" "\xda\x52\x22\x3b\xb0\xa0\x70\x91\x5d\x14\xd2\x54\xf8\x27\x76\xcf\x34" "\x79\x88\xcf\x24\xc9\x14\x0c\x27\x69\x33\xa3\x18\x21\x9f\xae\xaa\x4e" "\x12\xb1\x94\x74\x0b\xd9\x7f\x1e\x1a\x78\x7f\x58\x6d\xcc\xdf\x2a\x01" "\x57\x86\x4b\xf7\x94\xac\x49\xec\x47\x54\x6b\xb9\x7c\xdd\x50\x0b\x04" "\x8d\xd2\x83\xc9\x22\xfb\x82\x76\x45\x8d\x09\x30\x05\x26\xa3\xda\x85" "\xd8\x71\x80\x23\x04\x1d\x54\xdc\xa2\xcf\x35\xd0\x77\x13\x67\xf1\xeb" "\x07\x1f\xf3\x4f\x7b\xe1\xf2\x42\x6d\xff\xce\xdd\xcd\xe0\xeb\x0e\x03" "\x29\x91\x38\x9e\x02\x0d\x03\x10\xc5\xfc\x31\xb6\x56\x8f\x20\x90\x52" "\x0c\xa6\x82\xa0\xfb\xa7\xc0\x9d\x71\xb2\x59\xfd\x6d\x4c\x11\xad\x53" "\x90\x68\x27\x40\x65\x16\xcf\x51\x8b\xdc\xcb\xa4\x90\xf8\xb8\xd5\x90" "\xfa\xff\x7e\x97\xa4\x08\x82\xa8\xcb\x16\xf0\xfe\xf4\x2d\xb1\xde\x33" "\xa7\xef\x9d\xdc\x5c\x55\xfe\xcb\xe8\x0b\x1d\x3b\xd0\x81\x28\x56\xe8" "\xf8\xcc\xf8\x24\xd9\xd9\xd6\x08\xae\x49\x15\x95\x70\x13\xd9\xf2\x18" "\x61\x7b\xa5\x66\x85\x5b\x86\x38\x96\xb3\x33\x9f\xbf\x4c\x8c\xe9\x12" "\x4c\xae\x7e\x1e\x41\x9b\x9c\x7f\xe8\x8c\x90\x30\x3b\x63\xe0\xcd\x15" "\x84\x1c\xd5\xd1\xa9\x0e\x99\x78\x4b\x54\x8d\x50\x87\x93\x8c\x71\x87" "\x5c\xd2\xab\x36\x5f\xd2\x11\xec\x1d\x92\x52\x18\x26\x2e\x14\x63\xdd" "\xd6\x0b\xb8\xdb\xba\x4b\x06\xd7\xf0\xd9\xbd\x52\xc7\x38\xe8\x43\xd6" "\xd9\x7a\xe1\x3b\x1e\xa1\x85\x43\xfd\xd2\xa1\x9d\x8d\x27\x8c\x1a\xda" "\xb5\x20\x92\xcb\x2a\xa5\x52\x9e\x0d\x12\x2d\x15\xde\x1c\x60\x24\x96" "\xf7\xd3\x50\x2a\xaf\xf7\xf0\x89\xe8\x4e\xf3\x12\xab\x3f\xc1\xef\x57" "\x9a\x0b\x06\x68\x0c\x52\x4d\x9b\x75\xab\x36\x57\x7e\x8c\xe5\x07\x48" "\x7b\x94\x58\xa5\x4c\x27\xc2\x36\x82\x7f\x96\x56\x98\xe7\x7a\x4e\x19" "\x49\x8d\xb9\x8c\xa2\xc9\x5d\xff\xe2\x09\xe4\xa1\x05\xe4\xfb\xe9\x41" "\x48\x69\x91\x39\xf6\x53\xbd\x0f\x2c\x83\x2e\x3c\xb2\x07\x97\xfa\x71" "\xfd\x58\x75\x99\xa4\xbd\x47\x8d\xa3\xdb\x46\xc8\xb3\xf3\x14\x51\x56" "\xfd\x30\x8f\x3b\xe7\x98\xdc\xd1\xf8\xac\x21\xa7\x40\x5c\x00\xcc\x7b" "\x38\x1d\x08\xa7\x75\x84\xef\xe7\xa0\xb6\xd3\x9e\xce\x0d\xc1\x70\xb7" "\xe1\x99\x30\x90\xd2\x29\xe7\xc0\xb1\x33\xed\x3b\x2f\x4a\xae\xaa\xa2" "\x0a\x6c\xc9\xa7\x0f\x1a\x49\xa2\xe9\x5c\x4f\x42\xd8\xce\xa9\xec\x19" "\xe2\xea\x06\xd2\x63\xcf\xb7\xd6\x07\x0b\x96\xdb\x52\x5b\x4d\x0b\xf5" "\x89\x70\xaa\x47\xf3\x49\x86\x0f\x11\xbb\x1c\x12\xe5\x77\x9a\x1d\x36" "\xcd\xd2\x69\x23\x90\xab\xd1\x33\x2b\x0e\x93\x95\xf4\x1f\xba\x43\x3f" "\xd2\x95\xa8\x02\x2e\x34\x0e\x0d\x0a\x9e\x2c\x2c\x55\x33\x1f\x1a\x27" "\x20\x41\xb5\xe4\x72\x39\x9b\xc7\x9a\x03\xd2\x05\xc6\x59\x2f\x19\x61" "\x99\x45\x66\xe5\x93\x9f\x22\xfe\xc5\x6c\x55\xb6\xf0\x30\x3f\x9c\xd5" "\x36\x68\x65\xae\x3f\x82\x4c\xe8\xb1\x5e\x1e\x28\x8c\x34\x0e\xe6\xb8" "\x6b\xa6\x33\x6f\x9c\xb0\x6a\x6f\x3b\x23\x55\x85\x69\x30\x21\x59\x12" "\x22\xfa\xb2\x72\x1d\xcc\x80\x30\x02\x62\xaa\x98\xae\x1e\x33\x72\xe2" "\xc5\x92\x79\x01\xe1\x0e\x83\xda\xdc\x32\x14\xe9\x2e\xd8\x67\xc5\x0b" "\x3d\xca\xe0\xd7\xc6\x00\x83\xc3\x35\xcf\x5d\xb3\x14\x23\x88\xbb\xff" "\x8e\x51\x34\x17\x68\xd9\x8d\xbe\xa1\x0a\xcd\x31\xcf\xd2\xe6\x64\xcc" "\x37\xef\x72\xfc\x3b\xb6\x76\xaa\xb2\xe4\xba\x24\xd0\xd2\x94\x9f\xcf" "\x89\x3b\x2e\xce\xa3\xa6\x3b\x45\x76\xc1\x47\x26\xab\x74\x8f\x62\x6c" "\x5f\xa1\x36\xa1\x43\x2b\x26\x54\x0c\xc3\xe1\x41\xcc\x97\x72\xef\x0f" "\xb9\xd9\xbd\x55\x83\xdb\xbf\xda\x9b\xa1\x32\xe0\x3d\xd7\x4d\x40\x90" "\x22\x65\x92\xd1\xe8\x54\xce\xab\x04\xb8\xea\xc9\x82\x41\xf8\x29\x68" "\x4b\x87\x3b\x93\x53\x11\x84\x57\x91\x39\x11\x05\x0b\xb1\x6f\xbf\xf7" "\x0f\xa3\xdb\x18\x6c\xa6\x41\x41\x46\x04\x00\xac\xf7\x6f\xc4\x21\xc8" "\x9a\x59\xce\x3f\xb6\x61\xd3\xcd\x5a\x96\x88\x3e\x78\x04\xb2\x3e\x5c" "\xc2\xbc\xc0\x9d\x71\x03\x69\xd6\x2b\x7a\xd0\xe7\x89\xe3\x2e\x01\xc3" "\x6f\x33\xbe\xb1\x39\x20\xf0\xaa\x91\x52\xdd\xdc\x12\xc2\xdb\x75\xfb" "\xa7\x48\x54\x82\x40\x92\x9a\x72\x17\xc5\xc2\xfb\xff\x97\xec\xea\xa0" "\x04\x72\x7e\x24\x49\x59\x02\x31\xa7\x23\x67\x2c\x5e\xe4\x11\x5c\x78" "\xb4\xa7\x3d\xaf\x45\xbf\x6a\x0d\x57\x8f\x7c\x84\x4e\xce\xb0\xfe\x9c" "\x88\x18\x30\x87\x13\x0e\x24\x61\xf6\x3d\x57\xaa\xe1\x01\x28\x92\x75" "\x03\x2e\x54\xc8\x25\xb9\x13\x2e\x02\xf7\xbf\xb5\x4e\x20\x29\xf1\xc8" "\x51\xdc\xec\xa9\xc2\x9f\x30\x0c\x4b\x86\x12\x15\xac\x63\x2b\x8c\xb1" "\xf3\xf9\x26\xf5\x7c\xd2\x0d\x0e\x91\x2c\x32\xd3\x6d\x5d\x8c\x20\x42" "\x99\xe7\x3a\x10\xd7\x88\x47\x41\x29\x71\xaa\x89\x6f\x14\x05\xc8\x58" "\xbf\x1d\xb0\x62\x25\x72\x68\xd9\x5c\xa3\xbd\x52\x3e\x24\x0d\x0b\x93" "\xcc\x00\x67\x60\x31\xc9\xa3\x72\xcd\xaf\xf2\x88\xde\x6d\x67\x88\x27" "\x29\xff\x36\x8b\x7d\x09\xfb\x0e\x08\x05\x84\x65\x02\x9f\x4a\xa0\x9f" "\xec\x3b\x6e\xdb\x4a\x27\xaf\x52\x65\x52\xaa\xc9\xe7\xa4\xe2\x00\x91" "\x21\xf6\x63\x8c\x4c\x5a\xe1\x70\x8c\xf5\xaf\xa3\xb7\x63\x39\x6b\x30" "\xe3\xe4\xfb\xb7\x9c\x06\xa4\xac\x9c\x03\x83\xa1\x20\x63\x0a\x84\xa2" "\x2b\x7a\x93\xc7\xa9\x07\xde\xbc\x32\x78\x85\xc6\x71\xfa\x8d\x76\xf5" "\x0d\xf6\x43\xcf\x6c\x56\x32\xd6\x21\x2b\x70\x14\xa9\xe5\x2c\xfe\x06" "\xa7\x78\x7b\x80\x91\xd4\x28\x8e\x92\xd2\x09\x01\xce\x94\x40\xef\x19" "\xd5\x13\x7f\x89\xc3\x75\x85\x58\x65\xc7\x3e\x8f\x4c\x9f\x99\xf6\xcf" "\xb1\x4f\x6f\xd8\xb2\x17\xc4\x30\x67\x87\xa9\xdd\x1e\x93\x35\x96\x92" "\x3c\xab\x16\xf6\xf4\x69\xc5\x15\x92\x36\xd9\x2d\xe1\x49\x67\xd6\xd1" "\xf7\x4f\x17\x05\x26\x44\xe2\x9f\x63\x11\xde\x77\x20\xf5\x54\x99\x8d" "\x78\xbc\x4b\x28\xcd\x18\x24\x99\x3c\x6c\xdf\x25\x37\xa7\x16\x9e\xa9" "\x7e\x73\x29\x29\x57\x26\x6a\xbb\x2c\xc5\x9e\x15\x98\x00\xd7\x8d\x01" "\x51\x1d\xc1\x16\x43\xec\x72\x76\x19\x91\x37\xb6\xc6\x3a\xf4\xdd\x8f" "\x59\x42\xe0\xe6\x32\x82\x25\x7d\xfd\xe5\x5f\xbd\xe1\x90\x59\x25\x74" "\x6c\x5a\xbf\x08\x6b\xfe\xfb\x72\x45\xb4\x14\xbf\xc0\xce\xe0\x63\xc3" "\xdd\x9f\xa9\xe8\x70\x37\x2e\xcb\xe1\x9c\xa4\x54\xef\x3d\xcd\x18\x44" "\x45\x28\x80\xe5\x9d\x91\x4e\x5a\xc7\xf4\xb4\x16\x28\x88\xdb\x83\x44" "\xbd\x48\x4b\x70\x4f\x2d\x9c\xae\x08\xfe\xe4\xbe\x5c\x91\x20\x8e\xef" "\x0b\xa3\xbf\x96\x59\xce\xe6\xe2\x83\xe9\x43\x14\xc4\x85\xf6\xdb\x6d" "\xf6\xf9\x26\x97\x7f\x93\xd1\x60\xfe\x2a\xa2\xed\x12\xf9\x35\x21\xca" "\x06\x91\x4e\xd4\x08\x7e\x5c\x3d\x87\x90\xeb\x68\x23\x4d\xc1\x44\x6b" "\xac\xe8\xba\xc2\x85\x92\x80\x1f\xfd\x57\xf3\xd2\x9c\x27\x62\x7f\xa5" "\x7a\xa8\xe1\xd9\x20\x4b\xb4\xfe\x5c\x17\x06\x9a\x52\x08\x60\x37\x67" "\xd2\x1b\x26\x9a\x52\x83\xff\x4e\x14\x96\x88\x6c\x4d\x52\x51\xe7\xcf" "\xb3\x2c\x55\xa7\x49\xd2\x45\xd8\xd8\x6d\xab\xd5\xd5\x2a\x9e\xea\x17" "\x63\x91\xc2\x2e\xca\xe8\x3f\xe1\x36\x50\xfb\x7e\x7c\x92\x74\x79\xe2" "\xe6\x7b\xed\xf2\x4b\x35\x44\x83\x7d\x4d\xc9\x57\xd9\xdf\xe4\xc6\xe3" "\x69\xe8\x81\x81\xb8\xd4\xab\xb8\x8a\xdd\xc3\x3b\x9e\xb1\x30\x5e\xa1" "\x10\x76\x7f\xb8\x54\x9a\x97\x53\x78\x42\x23\xac\xb9\xf4\x8e\xbc\x03" "\x49\x6c\x71\xe3\xde\xf1\x37\x74\x9e\x27\xd6\x27\x0f\xbd\x7c\x03\xe8" "\x14\x9d\x66\x0a\x8e\x7d\x13\xa8\xd6\x71\x40\xc6\xb2\xb9\xf4\xd5\xdf" "\x95\xea\xae\x3b\x15\xa2\x0b\x9c\x28\x6d\xbc\xe7\xee\xd6\x77\xde\xf0" "\xcd\x8d\x69\xaa\x56\x47\x1a\xbd\x6e\xcd\xbd\x0d\xd5\x46\x39\x3e\xa8" "\xb6\x25\x21\xa8\x14\x0d\x80\xdb\xd2\x15\x0a\x77\x8b\x5c\xf8\x81\xbf" "\xb9\xaf\x16\x8d\x46\x4c\x57\xc5\x4f\xea\x72\x6a\x3d\xc3\xbc\x82\x59" "\x77\xf2\x08\x2e\x9c\x04\xf9\xd3\x00\x49\xcb\x41\xda\x4d\x68\x11\x6b" "\xf1\xb5\xe4\xb3\x26\xb2\x47\x43\xe2\x69\x91\x7c\x89\x1a\xb1\x4d\x90" "\xc6\x8e\x59\x46\xb8\x34\x35\x38\x82\x37\xc2\x24\xb5\x80\x23\x1a\x1c" "\xab\x1f\x54\x7d\xdc\xa3\xed\xd4\x61\x66\x9c\xa8\xc6\xcc\x9b\x28\xe0" "\x6e\xb0\xd8\x58\x13\xd8\x4a\x71\x48\xa1\x0c\x7e\x79\x44\x95\x20\x54" "\x26\xe5\x02\x76\xd3\xba\xe6\xef\xbe\x04\x6b\xb2\x7d\x4e\xa6\x1e\x7b" "\xeb\x8b\x1f\x54\x01\xd4\xea\x0e\x75\x77\x3f\x14\x53\x8f\x12\xfd\x3c" "\x58\x6b\xd3\x53\xba\x89\xc5\x90\x23\x17\x43\x98\x09\x29\x4e\xbd\x79" "\xfb\x2e\x19\xe8\x08\x62\xb2\xca\x4c\xbf\x73\x56\x78\x4a\xc7\x27\x53" "\x0a\xd6\x8b\x11\xee\x2e\xc8\x79\x9d\xdf\x18\xf5\xa3\x08\x0b\x94\xe3" "\x47\x2b\x0c\xd4\xf4\xbc\x69\x58\x6a\xf2\xc0\x63\xa0\xcb\x08\xa4\xd1" "\x00\x38\x36\xa2\x77\x6e\xa3\x4a\x4f\xec\x0f\xea\x44\x26\xe3\x1d\x2d" "\x06\x00\xa6\xda\x00\xb3\xb8\xa3\x9c\x00\xfb\xbe\x38\x0b\x97\x8e\x21" "\xdc\x3f\x03\x82\x3b\x8d\xfd\xe1\xf7\x63\xaa\x4d\x66\x17\x26\x20\x70" "\x2b\xdc\xa3\x1f\x8d\x73\xcb\x61\x6b\x2b\x3b\x7e\xe4\xe5\x1c\x01\xed" "\xbe\xb5\x21\x5b\x42\x5b\x0b\x17\x93\x2f\x4e\x36\x48\xdd\x6d\xa4\xf2" "\x91\xa5\xbd\xea\xcb\x40\x59\xe8\x10\xce\x62\x10\x87\x02\xcd\x4d\xae" "\xfc\x3f\x10\xac\xa8\xda\xc8\x70\xcb\xbd\xed\xd5\x39\xd1\x66\x21\x9d" "\xbe\x62\x3c\x61\x45\x9c\xf2\x91\xc9\xa3\xc5\xb2\x30\x58\x40\xba\x73" "\xea\x92\x01\xd8\x67\x1f\xb7\xb1\x5a\x58\x42\x09\x9f\xc0\xf3\x33\xa8" "\x74\x3f\x11\xd7\x83\xb5\xc6\x5c\x6a\x7e\xc2\xd7\x84\x0b\x92\x69\x29" "\xd2\x82\x23\x8a\x07\xbe\x22\x0a\x3c\x7f\x48\xd7\x5f\x65\x08\x68\xa4" "\x0d\x6c\xaa\x1d\xab\xf5\xa6\x86\x35\xd8\xf6\xe4\x8f\xfc\x70\xec\x1d" "\x87\x0c\x6a\x30\x6a\xc0\x23\x17\x99\x83\x4e\xaa\x6b\x25\x4f\xe9\x10" "\xfc\xfb\x7d\x2d\x7e\x90\xcf\x00\x1c\x9d\xa6\x43\x09\xa4\x9f\x6f\x71" "\x25\x50\xae\x63\x7e\x9a\x03\x9d\xa3\x3b\xc9\x2f\x59\x35\xca\x3a\x5f" "\xcc\x87\x0c\x43\x24\xef\x3b\xe5\xeb\xde\x6b\xa3\x4a\x1b\xb9\xfb\xf0" "\x06\x44\xbc\xb4\xf0\x40\xc6\x7c\x2a\x34\xb3\xf3\x54\x2d\xa7\x64\xd6" "\x01\xb1\xb8\x30\xb8\xc4\xef\x56\x55\xcd\x5e\x9c\xcf\xae\x8a\x50\xe3" "\xbc\x74\x93\x7b\xc5\x5f\x3a\xb6\xd6\x86\x1f\xad\x96\xd3\x89\x0a\xfe" "\x62\x63\x51\x41\x46\x63\x9a\xda\x1e\xe8\x2e\x23\x92\x81\x4c\x27\x90" "\x6b\xd1\x5d\xf8\xcd\x83\x21\xbe\xd0\x88\x05\x2e\xcb\x33\x8b\xa9\xb9" "\x95\x9c\x41\xe6\x57\x88\x28\x47\xbe\x88\xac\x52\xdd\x14\x6c\x78\xa4" "\xf5\x17\xfd\x7f\x79\x66\xe8\x9e\xb6\x05\xfb\x96\x8c\x5f\xf3\x0e\x35" "\xab\x3e\x3e\x0f\x77\x4f\x14\x7e\xee\xc2\x24\x85\x6c\xdf\x6e\xcd\x01" "\xbf\x41\x57\x51\xc3\xd9\x8a\xf5\x75\x16\xda\x9b\x80\x91\xc9\x21\xcf" "\xac\x6d\x12\x12\x20\x4e\xf7\xa1\xaa\xd2\x8f\x2d\xc8\x3a\xf0\x46\x90" "\xdc\x19\xc5\x06\xf4\x99\x3b\xab\x24\xee\xcd\xd9\x9d\xee\xbf\x4f\x21" "\xd8\x43\xa4\x2d\x54\x6e\x1a\x5b\x07\x59\xf2\x13\x90\xae\x51\xee\xc8" "\xc1\x74\xe0\xcb\x96\x07\x69\xea\xe4\x35\xab\x2f\x19\x1c\xfd\xa8\xfc" "\xe8\x47\x6c\xc6\xcf\x8b\x0f\x48\x44\xb1\xbe\xfa\x69\xef\xa7\x16\x42" "\x2b\x0b\x3f\x6c\x67\xea\x4d\x80\xec\x49\x5a\x44\x1b\xe4\x55\x1f\x3c" "\x33\xb6\x95\x82\xba\x64\x04\x8f\x75\xfd\xdb\xa8\xfb\xb6\xee\x0c\xb6" "\x79\xcc\xd5\xdf\xcb\x34\xd9\xcf\xa6\x79\xf1\x2c\xee\x82\x46\x90\x6c" "\x39\xb3\x7b\x05\xf0\x2c\x1b\x67\xa0\x1c\xf4\xb2\xa7\xa5\x3a\x9b\x3e" "\x11\x84\xed\x30\x5b\xdd\x54\xde\xbf\xe1\x1a\x03\xf5\xc1\xe0\x5e\xfe" "\xbb\xcc\xbb\xbb\x34\x07\xc7\x3b\xa5\x27\x8d\xff\x23\xcb\xb7\xee\x9e" "\xfe\x0e\x1c\xad\xe5\xdc\x6d\x66\xe4\xb4\xa6\x32\x34\xcb\xd9\x66\xa9" "\x6d\x4d\x40\xdd\xe6\x52\x46\x60\x52\x56\x17\xce\x2f\x1d\x18\xef\xb4" "\x31\xf3\xf9\xf5\xe2\x24\xb3\x4f\xb6\xdd\x25\x6c\xc1\x69\x03\x12\x9b" "\xa9\x76\x9f\xa9\x3a\xb2\xce\xf8\x63\x0b\xc4\x12\x44\x21\x01\xca\x0f" "\x5d\xcb\x58\xeb\x81\x11\x0f\xd3\xd2\xe2\xbb\xcd\x2c\x26\x4f\xb3\xed" "\x10\x06\x56\x23\xe0\x82\x5f\x7e\xa4\x77\x1f\x3d\x2a\x08\x4b\x9c\xef" "\x6a\xa4\x8a\x91\xc3\xe2\x6e\x75\x7d\x8a\x10\x6b\x97\x00\x2a\x20\x94" "\xbd\xcb\xd5\x6e\xd0\x1a\x21\x4a\xb4\x48\x14\x66\xfd\x23\xb0\x29\x55" "\xe8\x78\x26\x3b\x24\xd9\x10\x08\xaa\xd7\x68\x53\xa4\x58\x2e\xd4\x2b" "\xb2\xaf\xa4\xd6\x44\x91\x62\x94\x54\xd7\x1b\xe8\xcd\xeb\x13\x32\x1e" "\x01\x4d\x15\x7c\xeb\xb0\xc1\xac\xe6\xf4\xb2\xfe\x52\x87\x8f\x72\xcb" "\x32\xd9\x3d\xcb\x5a\xb1\x49\x93\x8b\xe5\xe9\xf9\x2f\x08\x20\x1e\x77" "\x76\x9d\xe3\x6e\x63\x1a\xde\x44\xf5\xf5\x62\x02\x29\xe9\xff\x74\x0f" "\xfd\x08\xb3\x97\xa2\x97\x6f\x24\x0c\x40\x8b\x65\xd7\xf7\x53\x9d\x19" "\xd9\x14\x22\x90\x6c\x24\x0d\xad\x13\x8a\x1c\x79\xcf\x7c\xcd\x23\x83" "\xee\xf6\xb1\xa7\x99\xa0\xaa\x12\x56\x5e\x23\x7d\x06\x68\x88\x6c\xdf" "\xdf\xc5\x8a\x47\xe2\x98\xcf\xc1\x93\x8c\x18\x7d\x33\xe6\x84\x0a\x1e" "\x6e\x5d\xa4\x95\xaa\x45\xef\x15\x0f\xdd\xa6\xfa\x8a\xa3\xb0\x93\xb4" "\x14\x6c\xaa\xcf\x7b\x02\xd2\x49\x22\x3f\xe7\x24\xcf\x25\xba\x45\x59" "\xff\x44\x51\xbe\x91\x69\xd5\x61\x79\xaf\x32\x54\x7d\x15\x7f\xf9\x97" "\x92\x7e\x89\x29\x74\x86\x40\xdb\x06\x5e\x8b\x74\x62\xc9\x68\x36\x0b" "\x75\x38\x4d\x14\xab\x8d\xd5\x3c\x92\x10\xf0\xc3\x33\x42\x06\xca\x16" "\x55\x53\x43\x40\x96\xbf\x78\xfb\xd5\x71\x98\x45\x16\xd5\x3e\x39\x98" "\xe4\xd1\x49\xc4\x30\xf5\xa0\x8d\x2a\x23\x15\x15\x26\x3f\x7b\x02\xec" "\x2f\x73\x6e\x9b\x51\xff\x75\x91\x9a\x73\xf9\x38\x00\x11\x6b\x40\xf5" "\x7a\xa9\x50\x4e\xa8\xd4\xbf\x2b\xce\x44\x1e\xab\xc4\xe7\xb0\x19\x27" "\xb7\x3c\xf9\x3a\x6a\xb9\x8a\x5f\x9a\xa5\x44\xd3\xd6\x95\x2b\xbc\xc7" "\x39\x4c\x35\x45\x25\x4d\xc4\xd9\x42\xdc\xd4\xb2\xba\xa4\xe9\xec\xb5" "\x7e\xdf\x88\xc8\xa4\x0f\x4a\xf8\x61\xf2\x9e\x5f\xea\x70\x55\xc6\x43" "\x9b\x0c\x51\xf8\x49\x61\x92\xd8\x13\xb4\x57\xce\x90\xe3\x36\xc0\x05" "\x04\x26\x95\x0e\xda\xc6\x69\x29\x92\x68\xa9\x59\xad\x86\x12\x4f\xdd" "\xe7\xf3\x85\x26\xa4\x75\x48\xa6\xc8\x44\x6b\xd9\xf7\xd2\x3d\x67\x37" "\x13\xb8\x94\x31\xc0\xd4\xc4\xbd\x44\xd9\x1d\x85\xb6\xe7\x61\x89\xfb" "\x4a\x89\xc4\x44\xb1\x9f\xf7\x96\xbb\x49\x78\xe5\x0b\x0e\x91\xe1\xef" "\x92\x68\x4a\x69\xb1\x96\x05\xc7\x0a\x02\x9d\xe6\xdf\x9b\xe0\x75\x79" "\x60\xc7\x7f\xf6\xe6\x1e\x68\xf9\x2d\x31\x9e\xd1\x53\x8b\x32\x2c\xde" "\x74\x00\xe5\x6e\xde\x1a\xb8\x75\xa7\xdf\xc4\x35\xe2\xb0\x09\x46\x1d" "\x5d\xbb\x99\xa0\x6b\xc3\x5b\x05\x59\xaa\xff\xa4\xf5\x26\x3b\xfb\xad" "\x3a\x08\xa2\xf9\x1d\xbc\x2b\x3a\x64\xd8\x84\x34\xef\x8d\x75\xe8\x74" "\x4b\xb2\xca\xad\xcf\xf4\x07\xe4\xae\x2b\xee\x25\x72\xf1\x98\x66\x83" "\xfe\x3f\x46\x41\x7d\x0c\xcc\xa2\xb8\xe9\x27\xe6\x48\x06\x67\x8e\x21" "\x78\xd9\x27\xf4\xc6\xc7\x11\xea\x34\x1a\xe0\x0d\x16\x68\x71\x42\xdd" "\x09\x26\xb1\x77\xc4\x7a\x24\x21\x60\xc5\xc6\xd8\x91\xa2\x6a\x99\x8d" "\xe2\x5a\x97\xea\x8d\x39\xb3\xc1\xfc\xf3\x06\x29\x9b\x33\xca\x24\x10" "\x8f\x8f\xe8\x32\xa0\x0c\x63\xee\x50\x8f\xc7\xc9\x11\x9a\x14\x2b\x0a" "\xd5\xfe\xa0\xa5\xcf\x65\x49\x5f\xc4\x27\xe7\x75\xd0\xde\xf8\xb3\xac" "\xb6\xc6\xd3\x7b\x03\x8c\xc4\xbb\xb0\x22\xdb\x74\x8b\x86\xc4\xdd\xaa" "\x8e\x30\x87\x11\x0c\x8e\x6f\x78\xae\xe9\x63\xe2\x50\x94\xb6\xac\xcb" "\x52\xf2\xfd\x89\x26\x22\xd6\xed\xa7\x44\x4e\x2d\x83\xbf\x9b\xf9\x2c" "\x92\xba\xad\xd1\x85\x3d\x05\xcf\x8e\x0e\xe7\x92\xbe\x20\x31\x21\x4d" "\x13\xa0\x16\x5d\xf3\xce\x0f\xd5\x44\xd8\x26\x20\xd5\xd6\x4d\x87\x0f" "\x19\x0b\xd9\xd5\x55\x0a\x9c\x6f\x61\xb5\x9d\x7d\xb0\x18\x16\x79\x0f" "\x77\x43\xc2\x78\xfa\xf7\x97\xec\x5b\x2c\xea\xe3\xa3\x40\x54\x9e\xf0" "\x63\x4d\xd1\xa8\x7e\x11\xbd\xe5\xa9\x0a\x3e\xb3\xb8\x61\xd1\x0b\x77" "\xaf\x0d\x52\xc5\x38\x05\xe1\xfa\x5f\x1e\x1d\xdd\x33\x33\xde\x34\x79" "\xdd\x20\x14\x43\x5d\x02\x48\x85\xfa\x2e\x25\x86\xb8\xf1\x7b\xc1\xda" "\x0a\x3e\x1a\x4c\x9f\x09\x81\x2f\x6b\x20\x20\x32\x5b\x81\x54\x7c\x3a" "\xae\x4d\x16\xba\x05\xb6\x8a\x45\x2c\x3a\xe4\xf7\x62\x69\xac\xb1\xd8" "\x9c\x82\x21\x86\xe8\x5d\xc0\x3a\xf7\x9f\xff\x5e\xbd\x63\xeb\x2f\xca" "\x83\x83\xe8\xc1\x0e\xa3\x4f\xda\x01\x77\xf5\xf2\x59\x0e\xa1\x65\x75" "\x0f\x04\x21\x82\xa6\x99\x44\x63\xff\xbc\xcf\xbd\x44\xbb\xeb\x62\xd4" "\xde\x94\x2a\x6f\xea\xed\x10\x0d\x46\x74\x40\x0e\x2c\x0c\xd7\x33\x1e" "\x65\x40\x25\x6e\x21\x47\x5f\x9b\x51\xdc\xdf\xa3\xae\xd7\xbc\x0a\x02" "\xf7\x52\x0a\xc9\xee\xe0\x41\x29\x1d\x98\xd5\x19\x60\x2f\x1c\x7e\x50" "\xda\x9c\xea\x5e\x7c\xc5\x81\xc1\x5d\xfc\x0a\x91\xc8\x90\x10\x93\x43" "\x8e\x25\x92\xc1\x85\xdd\x0c\x96\xb2\xc4\xcf\xec\x97\xe5\xb6\x3f\xfb" "\x13\x7c\xc9\xa9\xc6\x9d\x27\xbc\x5b\x56\x28\x03\x08\xc8\x5b\x73\x2c" "\x85\x62\xb2\xa2\x1a\xc0\xe3\x93\x41\x9f\x1d\xd5\x91\x69\xad\x47\x39" "\xe3\x3b\x01\x07\x52\x18\x7c\x4e\xd3\xbd\xb6\xe5\x2e\x2d\x04\x99\x50" "\x90\x5b\xe4\x8c\xf2\xf7\xf6\xc9\xf4\x3a\xeb\x2d\x46\x21\xab\x3a\xbc" "\x0d\xb5\xd5\x5d\xc8\xd6\xeb\xc1\x95\x40\x94\x97\x3e\xfa\xb2\xd5\x1b" "\x98\x46\x1a\x41\x74\xfb\xd3\x9c\x10\x2d\x5a\x04\xfa\xb9\xd6\xe9\x9f" "\xf5\xc2\xb4\xc2\x2c\x64\x3e\x64\xdf\x74\x66\x3d\x90\x17\x1a\xf5\xe7" "\xfd\x0a\x52\x6f\x65\x05\x5b\x80\x6c\x68\x36\x91\x32\x6b\x0c\xa5\xcf" "\x95\xc7\xbc\x86\x5f\x6d\x92\xaf\xc8\x6d\x87\x74\xa9\x6f\x2d\x99\xfe" "\xbf\x8a\x67\x96\xed\xfc\xc9\xc2\xcb\x99\xde\x79\xf1\x98\x55\xe2\xe3" "\x82\xdc\xa6\xd9\x6c\xcd\x80\x8d\x6a\x67\x4b\xf0\x35\x1e\xe3\xe0\x28" "\x9b\xf0\x7f\x5e\x89\xcb\xfb\x27\x76\xb8\xb7\x1d\x17\x53\xbe\x4e\xf8" "\x98\x89\x62\x86\x33\xe7\x20\xf1\x3d\xbb\x76\x6c\x85\x08\x6e\xa6\x97" "\x3c\xab\x14\x07\xbd\xf4\x0a\xdc\x5c\xe8\xbc\xe6\xa8\xef\x18\x4f\x1e" "\x5d\x3d\x8b\x3b\xee\x44\x8f\x93\x5b\x72\x28\x14\x66\xc7\x31\xb6\x63" "\xa8\xd7\x84\x57\xe8\x6c\x52\xdc\x74\xab\x78\x7b\xa3\x5d\xb9\x31\x42" "\x88\xd8\x37\x79\xcb\xa1\x11\xb2\x43\x20\x33\xd3\x91\x38\x4f\x6d\x80" "\xbb\xf4\xda\x61\x8b\x7e\xa2\x34\x28\xf8\x4b\xe8\x27\x83\x66\x37\x6e" "\x5c\xb9\x29\xa9\x4b\xa0\x45\x00\x0d\x6e\xb6\xe2\x78\xe8\xda\xd6\x1e" "\x8e\x95\x2a\x72\x9b\xd9\x8a\xb5\xe9\x25\x5c\x39\x41\xe6\x38\x09\x2e" "\x8a\x1c\x8a\x19\x35\xee\xf6\xc0\x97\xe2\xc7\xa3\xb0\x4a\xd4\x87\x2a" "\x25\x34\xb5\x7b\xf6\x11\x79\x84\xb4\x27\xa6\x6a\x7b\x3e\x7c\x4f\xe4" "\x96\x8d\xae\x0f\xee\x17\x47\xe2\xa4\x33\x13\x57\xa0\xdd\xe9\xc3\x73" "\xf9\xbb\xf0\xfb\x7a\xa3\xb9\x13\xe1\x3d\x73\xad\x41\x3f\xbd\xd1\xdd" "\xd5\x77\xc1\x1b\xa4\x7d\x4b\xc5\xe3\xa7\xa2\x01\x51\xca\x83\x70\xf6" "\x00\x08\x10\x62\xc4\x12\x83\x82\xb4\x46\x5a\xb9\x83\x2f\xb2\xa2\x82" "\xed\x04\x0b\x11\xf9\x8c\xff\xdc\x0f\xbf\xe3\x85\x9f\x82\x34\x9d\xe5" "\xdf\x26\x35\xab\x99\x6e\xc2\x5d\x91\x22\x6a\x8f\xb9\x9a\x74\x45\x37" "\x55\x59\xc4\x59\x25\x33\x46\xdd\x54\x29\xea\x40\xef\x08\xf1\x30\xb5" "\x3b\x8b\x85\x15\x7f\xb3\xe7\x63\xeb\xfe\x4e\x32\xf6\xac\x10\x9a\xf6" "\xb8\xa2\xa1\x8a\xf7\xbe\x01\xd3\x4e\x46\xd5\xfc\xf3\xfb\xf1\xa0\xa0" "\x51\xb9\xe5\xcb\xcc\x29\x7b\x7f\xe9\x4b\xde\x96\xe0\xe3\x83\x27\x53" "\x8a\xe8\x73\x88\x56\xaa\x44\xbf\x8a\xff\x2a\x36\xcb\xe4\x43\x19\x5b" "\x61\xfc\x1d\xf7\xf9\x61\x97\x03\x64\x45\x76\x9c\xc2\xc4\x6d\xc5\xb4" "\x33\xde\x7b\x87\xa5\x55\x31\x0e\x90\x1d\x01\xfa\x71\x9d\x7b\x9c\x5b" "\xfb\x9b\x2b\xdc\x37\x6a\xc6\x21\x9b\x9f\x65\x57\x4d\xbd\xaf\xe2\xcf" "\xcb\xb2\xd9\xe6\x70\x5e\xf1\xff\x89\xf2\x56\xf4\x28\x13\xfc\x76\xa2" "\xea\x09\xc8\xf7\x1b\x14\xe7\x0a\xed\x62\x6f\xe0\x4d\xb7\x40\x83\xa1" "\xfc\x13\xdc\x82\xcd\xa4\xfc\x76\x0f\xa9\xcc\x64\xe7\xfb\xc1\x75\xb6" "\x6a\xef\x84\xe4\x36\x66\xd1\xff\x35\x8d\x78\x2f\xba\xf6\x15\x1b\x9a" "\xb3\xc0\x38\x57\x5b\x38\x14\x89\xc0\x95\x7c\xbd\x99\x98\xe5\xc5\xe5" "\xf2\xd4\xa4\x20\x8f\x1f\x17\x7e\x3b\x8b\x30\xfa\xae\x46\xe4\x75\xce" "\xe7\x2b\x68\xea\x86\x5f\xc9\x8f\xf4\x29\xb4\xcb\x83\xa9\xd5\xa4\x03" "\xea\x3a\xa6\xa2\x14\xcf\x00\xf4\xc9\x9e\xc7\x39\x25\x81\x56\xfa\xa4" "\xa4\xe7\x09\x8d\xc7\xac\xa7\xf0\x4d\x81\xc3\xe9\x00\x7a\x70\x87\x1d" "\xb1\x05\x4d\x51\xae\x5d\x2d\xd8\xfb\x40\xe1\x31\xb5\xd2\x53\xea\x06" "\xc3\x39\x30\x0c\xf2\x43\xaf\x37\xf2\x32\x26\xfd\x98\xe4\x7a\x4f\x2a" "\x6b\x4c\xe1\x5c\x83\x83\x47\x93\xd2\xa8\x9a\xd6\x2f\x6a\x45\x09\x5b" "\x3b\xaa\xd9\xb1\x44\xcc\x17\xca\xc8\xf9\xa6\xc2\x72\x76\xf8\x4a\xd6" "\x50\x6b\xd9\x7a\xe0\xb5\x48\x40\xf3\x7c\x94\x94\xfa\x00\x4f\xa9\xb4" "\xf8\xc2\x71\xd6\xf9\xce\x6a\x98\xd5\xc1\xd4\x65\xa2\x48\x22\xd2\x85" "\xc8\x4e\x78\xa0\x87\xaf\xe5\x69\x7e\x55\xd1\xa8\xdf\x25\xf5\x28\xad" "\x71\xdd\x64\x1d\x06\xa4\x31\x83\x38\xd8\x60\xd7\xaf\x1c\xed\x5d\x01" "\x20\x8d\x3d\xf0\xef\x66\xfc\x0f\x8e\x54\x99\xdd\x3d\x07\xe0\xe9\xce" "\x41\x42\x13\xe9\xf0\x83\x87\x74\x5e\xea\x7f\xeb\xf3\x7d\x26\x33\x11" "\x8f\xf4\xa5\x6e\x0a\x92\x9f\x13\xe5\x6d\x96\xa6\xba\xd7\x80\x2e\x51" "\x88\xaa\x81\xcf\x3a\x23\xdc\xc5\xd4\x94\x1d\xa6\xe3\xce\x4d\x61\xbc" "\xf7\x6b\x58\x59\x48\x35\x89\x93\xbd\xb7\xda\x14\x91\x3c\xf5\xf3\x63" "\xe5\x2f\x0d\x0c\x1e\x9a\xb6\x6a\x6d\xdd\xed\x28\xc4\x3f\x99\xd1\x1e" "\xa7\xa3\x4d\x88\xdf\x87\x7c\x41\x34\x87\x6f\xa5\x0e\x9d\x43\x72\x9f" "\x21\xef\xad\xec\x34\x69\xad\xf9\xbb\xd0\xf2\xb9\xea\x08\x8a\xd2\x4c" "\x30\x35\x88\x01\x98\x09\x17\xb0\x08\xae\xe2\x64\x1e\xb9\xde\x64\xe3" "\x92\xc3\x15\x3f\xcb\xd6\xc9\x4f\xb9\x26\xd0\x0c\xdc\xbf\x1a\x26\xe8" "\x99\x2d\xaa\x72\x7e\xed\x13\x01\x2d\x47\xed\xd1\x2c\x88\x2f\x9f\x2e" "\x8e\x81\x88\x2d\xdb\x2f\x0d\x07\xd3\xb9\x29\x5b\xfe\xfe\xfc\x0d\xca" "\x8a\x37\xcf\xc5\x79\x2e\xe8\x3e\xed\x04\x16\x8b\x4c\x9c\xa2\xda\xa1" "\x72\xfa\x96\xc0\x1d\xce\xcb\x5e\x94\xc7\x62\x74\xb6\x5c\x2e\xed\x9e" "\xae\x43\xce\x61\xec\x66\x45\xc6\x4d\x01\x7c\x25\x32\xc8\x99\x7e\x7e" "\x58\xb6\x9d\xef\x1d\x30\xda\xfc\x67\x7b\xf1\xbb\x38\xac\x3a\xe5\x56" "\x63\xb8\x90\xa1\x35\x65\x03\xbf\xd3\xfb\x19\x4d\x11\x1b\x82\x68\x8f" "\x24\x73\x51\xa3\x07\xf2\x7e\xf8\x12\xd9\x86\xdb\xe7\x8e\xa9\x02\x6b" "\x7b\x56\x15\x41\x0e\x70\xea\xec\xd1\x94\x4f\x66\x72\x6c\xb1\x66\x9f" "\xaf\x7a\xa9\x0a\xc2\x90\x17\x04\xd8\xd0\x0a\xbf\x90\xec\x97\x45\x7c" "\xd0\xde\x76\x46\xbb\xb7\x16\xd7\x4a\xfd\x3b\x7b\x11\xa4\x18\x77\xc1" "\x08\xe2\xa5\x1d\xb5\xea\xff\x9e\x66\x2f\x53\xa3\x92\xb4\xc4\x7e\x07" "\x84\x78\xa2\x83\x15\x58\xb7\x36\x38\x49\xa2\x0a\x59\xcf\xd5\x9a\xce" "\xd8\x36\x79\x6d\x81\xb0\x27\x47\x91\xa0\x96\xd7\xab\xbe\xac\xab\x61" "\x6c\x47\xb3\xc3\x8c\xc8\x03\xc6\xf7\xec\x23\xb1\x4b\x4a\x21\xc8\xeb" "\x42\x5c\x53\x0a\x69\x80\xa1\x4d\xf8\x8f\xca\xd3\xf7\x16\x65\xbc\x3a" "\xb8\x9a\x22\x73\x10\x46\x27\x38\x82\x83\x42\x92\x76\x13\x92\xbc\x67" "\xdb\x36\x71\xd5\xaf\x9e\x19\x0d\x81\x44\x41\x47\x0d\x03\x4b\x4d\xbc" "\x27\xb7\x0f\xca\x06\x5a\x5f\x9d\x10\x40\xee\x1d\x4e\x85\xcc\xae\xcd" "\xe4\x22\x31\x88\xf2\x44\xcc\x64\x42\x0f\x16\x8c\xdf\x03\x3d\x8a\x71" "\x21\xf6\xd6\xa0\x0a\x86\x3c\x75\x31\x93\x0b\xd8\x60\xdd\xa1\x4b\xc3" "\x4b\x70\x81\x65\xe8\xc3\xf2\x4d\x73\x60\xc6\xc8\x0c\xa4\x86\xb4\xc5" "\x0c\xab\xf8\x83\x1e\xca\xfa\xfd\xbf\x23\xa5\xcd\x46\xd4\x8c\x59\x61" "\x5e\x8e\x0c\x26\x65\xdb\x57\x20\x41\x34\xab\x0c\xa3\x35\x06", 8192); *(uint64_t*)0x20002bc0 = 0; *(uint64_t*)0x20002bc8 = 0; *(uint64_t*)0x20002bd0 = 0; *(uint64_t*)0x20002bd8 = 0; *(uint64_t*)0x20002be0 = 0; *(uint64_t*)0x20002be8 = 0; *(uint64_t*)0x20002bf0 = 0; *(uint64_t*)0x20002bf8 = 0; *(uint64_t*)0x20002c00 = 0; *(uint64_t*)0x20002c08 = 0; *(uint64_t*)0x20002c10 = 0; *(uint64_t*)0x20002c18 = 0x20002840; *(uint32_t*)0x20002840 = 0x90; *(uint32_t*)0x20002844 = 0; *(uint64_t*)0x20002848 = 2; *(uint64_t*)0x20002850 = 6; *(uint64_t*)0x20002858 = 3; *(uint64_t*)0x20002860 = 3; *(uint64_t*)0x20002868 = 0xc0db; *(uint32_t*)0x20002870 = 0x7601; *(uint32_t*)0x20002874 = 0xfffffff9; *(uint64_t*)0x20002878 = 5; *(uint64_t*)0x20002880 = 1; *(uint64_t*)0x20002888 = 0x20; *(uint64_t*)0x20002890 = 0; *(uint64_t*)0x20002898 = 0x80000000; *(uint64_t*)0x200028a0 = 7; *(uint32_t*)0x200028a8 = 0xcd66; *(uint32_t*)0x200028ac = 8; *(uint32_t*)0x200028b0 = 8; *(uint32_t*)0x200028b4 = 0x8000; *(uint32_t*)0x200028b8 = 0xa1; *(uint32_t*)0x200028bc = r[2]; *(uint32_t*)0x200028c0 = r[3]; *(uint32_t*)0x200028c4 = 0x3c6e; *(uint32_t*)0x200028c8 = 0xcf3; *(uint32_t*)0x200028cc = 0; *(uint64_t*)0x20002c20 = 0; *(uint64_t*)0x20002c28 = 0; *(uint64_t*)0x20002c30 = 0; *(uint64_t*)0x20002c38 = 0; syz_fuse_handle_req(/*fd=*/r[0], /*buf=*/0x20007140, /*len=*/0x2000, /*res=*/0x20002bc0); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); loop(); return 0; }