// https://syzkaller.appspot.com/bug?id=2dc0a7760777197118e32b794d1146a7d84b894a // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif static unsigned long long procid; //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } else if (strncmp(fs, "gfs2", 4) == 0 && (strstr(opts, "errors=panic") || strstr(opts, "debug"))) { strcat(opts, ",errors=withdraw"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // syz_mount_image$hfs arguments: [ // fs: ptr[in, buffer] { // buffer: {68 66 73 00} (length 0x4) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: mount_flags = 0x1000812 (8 bytes) // opts: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {71 75 69 65 74 2c 63 6f 64 65 70 61 67 65 3d 63 // 70 38 36 30 2c 69 6f 63 68 61 72 73 65 74 3d 63 70 38 36 31 2c 00 // 80 8f ea d0 42 bd 35 dc 78 f7 f0 63 33 a5 e7 16 5b 82 71 e4 1a ee // 85 e5 9c bb 6c 2d f3 d4 e4 c1 6b 06 c7 3f 2e 3b 34 8a 7f ba 46 e2 // 86 37 8a 15 ee 51 6b ac 8d 48 13 c9 c3 d9 ce e1 dd b9 5d 1b bc f5 // 04 e0 65 b3 74 9a 1c bd 84 1e 68 5a 55 85 98 cf 0d b1 0b 55 88 59 // 46 e6 78 d0 a7 18 77 03 7a 09 00 00 00 07 00 84 88 79 ef 16 04 ca // dc 1f ac a3 aa 22 a5 76 75 0d 55 9c 4e 12 4d 4c b7 29 3e 73 93 b7 // 72 86 fa 8c 6d c4 49 ed a0 a0 3d 34 23 82 e8 4d 6d 3c 29 ab 95 cc // 92 3f be 25 e1 34 d1 c4 21 32 0a 3b ff aa 17 fc d6 b5 17 8e 32 2c // c4 71 33 b3 81 1e 3d 3b c3 49 98 dc 7e d0 29 83 4a d5 91 d9 d5 6c // 41 06 3d 8d e2 d5 0a 23 98 e7 3f f2 91 3a 9f e8 e9 54 a4 e4 ca 99 // ce b5 73 7e 57 19 3c 5f 47 fd 63 b1 6c 8b 34 f2 56 db ac 0e 5e bd // 00 90 78 df 2c b1 ca 10 51 ad 09 1a db fe e5 12 6d 8a 59 fa 54 38 // 73 4b c3 e8 cc 7b 7e dc 10 71 6a 0a 9b 71 19 52 cd f9 65 86 e0 6f // ba ce 21 dc 04 bd b4 a1 a2 07 2c e5 f7 2c f0} (length 0x153) // } // union ANYUNION { // ANYRESOCT: ANYRES64 (resource) // } // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {0b ff d5 ec e6 51 e2 a4 64 8f 9b 08 ce 06 62 6a // 8e fc c3 be e3 cc ef 03 f1 e2 27 9d 8d c4 4b c4 bd 6a 5d 44 5b 3f // 4f 75 b3 0e f3 cc 0a 9d 3c 33 8a 26 ff 99 6b 57 af be 65 c4 6e 61 // b6 6c f7 78 b4 49 29 25 92 95 26 63 ac 34 eb 94 f6 fd 4c fb da 2a // f6 c8 5c 6e 13 59 55 ca 06 4c 54 6a b6 38 c5 6d 24 32 e4 5e 6d 33 // 31 81 ee 92 1f 9f 26 a8 ef} (length 0x71) // } // } // } // chdir: int8 = 0x1 (1 bytes) // size: len = 0x305 (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x305) // } // ] // returns fd_dir memcpy((void*)0x200000000180, "hfs\000", 4); memcpy((void*)0x2000000000c0, "./file1\000", 8); memcpy( (void*)0x200000001cc0, "\x71\x75\x69\x65\x74\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x63\x70\x38" "\x36\x30\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x38\x36\x31" "\x2c\x00\x80\x8f\xea\xd0\x42\xbd\x35\xdc\x78\xf7\xf0\x63\x33\xa5\xe7\x16" "\x5b\x82\x71\xe4\x1a\xee\x85\xe5\x9c\xbb\x6c\x2d\xf3\xd4\xe4\xc1\x6b\x06" "\xc7\x3f\x2e\x3b\x34\x8a\x7f\xba\x46\xe2\x86\x37\x8a\x15\xee\x51\x6b\xac" "\x8d\x48\x13\xc9\xc3\xd9\xce\xe1\xdd\xb9\x5d\x1b\xbc\xf5\x04\xe0\x65\xb3" "\x74\x9a\x1c\xbd\x84\x1e\x68\x5a\x55\x85\x98\xcf\x0d\xb1\x0b\x55\x88\x59" "\x46\xe6\x78\xd0\xa7\x18\x77\x03\x7a\x09\x00\x00\x00\x07\x00\x84\x88\x79" "\xef\x16\x04\xca\xdc\x1f\xac\xa3\xaa\x22\xa5\x76\x75\x0d\x55\x9c\x4e\x12" "\x4d\x4c\xb7\x29\x3e\x73\x93\xb7\x72\x86\xfa\x8c\x6d\xc4\x49\xed\xa0\xa0" "\x3d\x34\x23\x82\xe8\x4d\x6d\x3c\x29\xab\x95\xcc\x92\x3f\xbe\x25\xe1\x34" "\xd1\xc4\x21\x32\x0a\x3b\xff\xaa\x17\xfc\xd6\xb5\x17\x8e\x32\x2c\xc4\x71" "\x33\xb3\x81\x1e\x3d\x3b\xc3\x49\x98\xdc\x7e\xd0\x29\x83\x4a\xd5\x91\xd9" "\xd5\x6c\x41\x06\x3d\x8d\xe2\xd5\x0a\x23\x98\xe7\x3f\xf2\x91\x3a\x9f\xe8" "\xe9\x54\xa4\xe4\xca\x99\xce\xb5\x73\x7e\x57\x19\x3c\x5f\x47\xfd\x63\xb1" "\x6c\x8b\x34\xf2\x56\xdb\xac\x0e\x5e\xbd\x00\x90\x78\xdf\x2c\xb1\xca\x10" "\x51\xad\x09\x1a\xdb\xfe\xe5\x12\x6d\x8a\x59\xfa\x54\x38\x73\x4b\xc3\xe8" "\xcc\x7b\x7e\xdc\x10\x71\x6a\x0a\x9b\x71\x19\x52\xcd\xf9\x65\x86\xe0\x6f" "\xba\xce\x21\xdc\x04\xbd\xb4\xa1\xa2\x07\x2c\xe5\xf7\x2c\xf0", 339); sprintf((char*)0x200000001e13, "%023llo", (long long)-1); *(uint32_t*)0x200000001e2a = -1; *(uint32_t*)0x200000001e2e = 0; sprintf((char*)0x200000001e32, "0x%016llx", (long long)0); memcpy((void*)0x200000001e44, "\x0b\xff\xd5\xec\xe6\x51\xe2\xa4\x64\x8f\x9b\x08\xce\x06\x62\x6a\x8e" "\xfc\xc3\xbe\xe3\xcc\xef\x03\xf1\xe2\x27\x9d\x8d\xc4\x4b\xc4\xbd\x6a" "\x5d\x44\x5b\x3f\x4f\x75\xb3\x0e\xf3\xcc\x0a\x9d\x3c\x33\x8a\x26\xff" "\x99\x6b\x57\xaf\xbe\x65\xc4\x6e\x61\xb6\x6c\xf7\x78\xb4\x49\x29\x25" "\x92\x95\x26\x63\xac\x34\xeb\x94\xf6\xfd\x4c\xfb\xda\x2a\xf6\xc8\x5c" "\x6e\x13\x59\x55\xca\x06\x4c\x54\x6a\xb6\x38\xc5\x6d\x24\x32\xe4\x5e" "\x6d\x33\x31\x81\xee\x92\x1f\x9f\x26\xa8\xef", 113); memcpy( (void*)0x200000000340, "\x78\x9c\xec\xdd\x4d\x6b\x13\x5b\x1c\xc7\xf1\xdf\x99\xa4\x4d\x7a\x9b\xdb" "\x9b\x3e\x5c\x2e\xdc\x65\xb5\xa0\x1b\xd1\xba\x11\x37\x11\xc9\x5b\x10\xc4" "\x85\x68\xdb\x08\xc5\x50\x51\x2b\xa8\x1b\x53\x71\x25\xa2\x7b\xf7\xbe\x05" "\x5f\x84\x1b\xc5\x37\xa0\x2b\x17\xe2\x0b\x68\x37\x8e\x9c\x33\x0f\xc9\x24" "\x93\x99\x34\x24\x1d\x83\xdf\x0f\x88\x93\xc9\xfc\xe7\xfc\xcf\x3c\xfe\x4f" "\xa0\x1c\x01\xf8\x63\x5d\x6d\x7e\x79\x77\xf1\x9b\xfd\x67\xa4\x92\x4a\xd2" "\xcb\xcb\x92\x27\xa9\x2a\x95\x25\xfd\xab\xff\xaa\x8f\xf6\xf6\x77\xf7\xdb" "\xad\x9d\xac\x1d\x95\x5c\x84\x8e\x7c\x19\x05\x91\x66\x60\x9b\xed\xbd\x96" "\xfb\xff\x20\xb9\xda\xc6\xb9\x88\x50\xdd\x7e\x2a\xab\xd6\xbb\x0e\xd3\xe1" "\xfb\xfe\x95\xaf\x7d\xeb\xbe\x7b\x05\x25\x83\xc2\xb8\xbb\x3f\x85\x27\x55" "\xc2\xbb\xd3\x7d\x5f\x3d\xf1\xcc\xb2\x1d\x8c\x19\xd7\x99\x70\x1e\xb3\xc6" "\x1c\xea\x50\x8f\xb5\x54\x74\x1e\x00\x80\x62\xd9\xf7\xff\x41\x50\xf8\xdb" "\xf7\x7c\x2d\xac\xdf\x3d\x4f\xda\x08\x5f\xfb\xbf\xe5\xfb\x7f\x5c\x87\x45" "\x27\x30\x75\x7e\xe6\xb7\x3d\xef\x7f\x37\xca\xf2\x8d\x3d\xbf\xff\xb8\xaf" "\xba\xe3\x3d\x37\x84\xb3\xdf\x7b\xd1\x28\x71\x94\x96\xe7\xfa\x3e\xcf\x2b" "\x28\x24\x13\x05\xa6\x49\x1f\x55\x76\x87\x7c\x2e\x17\x6f\xe1\xce\x6e\xbb" "\x75\x6e\xfb\x5e\x7b\xc7\xd3\x73\x35\x42\x3d\x01\x6b\x71\x0b\x21\x7b\x85" "\xe6\x64\xbb\x9e\x32\x36\xcd\x30\x42\xdf\x4d\x6a\x45\x19\xa4\xe5\xcd\xd9" "\x3e\x6c\x0e\xc9\x7f\x75\xcc\x16\x33\x0c\x0c\xdf\x12\x27\xc4\x7c\x30\x9f" "\xcc\x4d\x53\xd7\x5b\xed\xc4\xf5\x5f\xd9\x37\x36\x5b\x97\x70\xbd\xef\x4c" "\x05\xf9\x9f\x1f\xde\xde\xa2\x8b\xb2\x5b\x29\x7c\x6c\x34\x1a\x0d\xcf\xed" "\x28\xb2\xec\x1a\xf9\x3f\x79\xa6\x72\x7a\x59\x4d\x1f\x91\x28\x3a\xb0\xcb" "\x4a\xfe\x40\x50\xcf\xcb\xd3\x45\xad\xf4\x45\x05\xbd\xbb\x90\x1a\x50\x89" "\xa3\x56\x53\xa3\x36\xa3\x4f\x43\xda\x5a\x4b\x44\xd9\xde\xc4\x57\xf3\xf0" "\x2c\xa7\xcd\xbc\x36\xd7\xcd\xba\x7e\xe8\xbd\x9a\x3d\xf5\xbf\x67\xf3\xdb" "\xd0\xf0\x3b\x33\xf1\x8b\x8e\xd9\x08\x6e\x34\x77\xc4\x83\xfe\xcc\xa7\x37" "\x57\x76\xfb\xac\x0f\xbc\x39\x3a\xba\x51\x4b\xae\x89\x8f\x62\x65\x58\xea" "\x47\xd9\xcf\x34\x8c\x20\x3a\x87\xaf\xb4\xa5\x4b\x5a\x7a\xf8\xe4\xe9\xdd" "\x52\xbb\xdd\x7a\x60\x17\x6e\xa7\x2c\xdc\xaf\xc5\x6b\xe6\x5e\x48\xa9\xdb" "\x14\xbc\xa0\x4e\x77\x4d\x45\xbe\x33\xb0\x71\xf4\x0c\x4c\x84\x2f\x84\x2b" "\xa7\x94\xd8\xd9\x89\xee\xd0\x3e\x3f\x72\x37\xb6\x77\xd9\x89\x1c\xf9\xde" "\x2b\x21\xba\x61\x27\xd6\x84\xbc\xe2\x2f\xad\xac\x6b\xa3\xf9\xb1\xef\x42" "\x9a\xd8\x82\x5f\x99\xf0\x0e\x7f\xfa\x63\x44\xfd\x7d\xc2\x0f\x25\x14\xa5" "\x7b\xd2\x8b\xce\x04\x05\xb1\x75\x97\x09\xc6\x7f\xae\x92\x0f\xeb\x7d\x57" "\xaf\xd9\x6a\xe1\x5a\x65\x78\x9d\x1e\x15\x64\x69\x25\x9b\xab\xde\xc3\x3d" "\xfa\xb6\xc6\x8e\x47\x40\xd5\x44\xfc\x8a\x5b\xfa\x2b\x59\x46\xe7\x8c\x0d" "\x16\xc3\x3a\x26\x65\x1c\xd7\xd1\x68\x63\xae\x53\x67\xa4\xd3\xa3\xb7\x58" "\x0f\xf3\x9c\x0d\xfe\xb3\x9c\x0d\x4c\x53\x9f\x75\x8b\xdf\xff\x01\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x66\xcd\xf1\xff\xae\x60" "\xe1\xd8\x51\x45\xf7\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x80\x59\x17\xcf\xff\xab\x68\xfe\x5f\x8d\x36\xff\x6f\xff" "\x54\x2c\xe1\xfc\xbf\x55\xe5\xcc\xff\xbb\x35\x98\xc3\xc0\xfc\xbf\x6f\xf6" "\x64\x3a\x12\xf3\xff\x02\xd3\xf5\x2b\x00\x00\xff\xff\xff\x2c\x77\xb3", 773); res = -1; res = syz_mount_image( /*fs=*/0x200000000180, /*dir=*/0x2000000000c0, /*flags=MS_SYNCHRONOUS|MS_STRICTATIME|MS_NOSUID|MS_NODIRATIME*/ 0x1000812, /*opts=*/0x200000001cc0, /*chdir=*/1, /*size=*/0x305, /*img=*/0x200000000340); if (res != -1) { r[0] = res; r[1] = *(uint32_t*)0x200000001e2e; } // openat arguments: [ // fd: fd_dir (resource) // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: open_flags = 0xc4042 (4 bytes) // mode: open_mode = 0x1ff (2 bytes) // ] // returns fd memcpy((void*)0x200000000300, "./file1\000", 8); syscall( __NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000300ul, /*flags=O_NOATIME|O_DIRECT|O_CREAT|O_CLOEXEC|0x2*/ 0xc4042, /*mode=S_IXOTH|S_IWOTH|S_IROTH|S_IXGRP|S_IWGRP|S_IRGRP|S_IXUSR|S_IWUSR|0x100*/ 0x1ff); // truncate arguments: [ // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // len: intptr = 0x2fffffd (8 bytes) // ] memcpy((void*)0x200000000940, "./file1\000", 8); syscall(__NR_truncate, /*file=*/0x200000000940ul, /*len=*/0x2fffffdul); // syz_mount_image$msdos arguments: [ // fs: ptr[in, buffer] { // buffer: {6d 73 64 6f 73 00} (length 0x6) // } // dir: ptr[in, buffer] { // buffer: {2e 00} (length 0x2) // } // flags: mount_flags = 0x1a5a438 (8 bytes) // opts: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYRES8: ANYRES8 (resource) // } // union ANYUNION { // ANYRES16: ANYRES16 (resource) // } // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {4c 07 f1 8b 4a 72 a4 28 cd f1 fc c6 a8 89 d5 1c // 7d 39 5b fc 15 39 6c 27 2d 41 b4 a7 9d ba 07 39 c1 c7 46 1a e1 94 // 81 93 2a a4 c0 30 54 c8 b2 44 2a 4c 1e 43 11 03 2b eb b0 cb 70 49 // 5a cf cf 1f 08 73 5d f8 68 c7 05} (length 0x47) // } // union ANYUNION { // ANYBLOB: buffer: {37 b5 7c fa 7d 01 21 34 5c 29 b6 06 4f 49 a0 f9 // 5b 88 67 1b 8e 91 49 55 6e 5f f3 c7 01 2f 78 56 b6 55 7b ae 1d 1d // 61 ef ea 62 31 14 a0 b4 b5 2f 68 38 7d 20 40 dd 08 c5 aa 75 3b 59 // 6e de 3f 3d 63 7f 96 75 23 10 a3 89 ef cd 8c f3 35 ca 9d bb bc 10 // bd a7 a1 63 42 96 8c 9a b4 fd 1a c6 5d a6 04 cd 9b 42 d6 d0 dc 0e // 89 5e 0b 2f 42 82 2d 1b 34 2f 88 a8 d6 07 00 8d 20 b2 2b 77 6a 70 // a0 7a 2c 53 fc 32 be 09 4c 85 72 79 c5 85 42 b1 76 bf bc c6 c7 e9 // 80 8d a6 87 b4 4a 8b 21 d2 3c c2 f8 00 50 f8 fd 45 7f 5a 55 95 22 // 6d 20 08 bc de d2 26 ab 2e 75 d0 0a b5 59 2d aa 23 e8 09 e0 4c 2b // 37 0a f4 60 ae 93 b7 ef c3 2b f1 74 83 07 79 05 8a d7 52 90 b9 ab // b5 9b e5 f8 85 90 01 e6 51 c1 d4 04 a5 f2 8e af 37 81 f2 28 82 49 // ae 7b 38 5a 9c 40 92 9c ae 3f a5 a6 f1 42 cd 05 7e bd bc 00 00 00 // e3 4d b2 d1 4a 64 58 49 9d e0 81 9d 89 f5 70 a7 2f ee 0d d8 cf 74 // 4e 0d af 8f 31 b1 d8 ed da 87 29 6c a7 63 2e 1e 6e 23} (length // 0x12a) // } // union ANYUNION { // ANYRES16: ANYRES16 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {29 dd cb 57 31 bd 30 cc fe 31 b4 2b ec 88 d6 b1 // 80 e9 73 4e f8 fd ff 82 1c 55 0b b7 22 db 8e ec 86 c6 80 e3 7b df // f0 58 17 4a dd 79 95 59 b5 a8 7e 15 1d 8b 63 bb 4f be a4 7a 17 5a // c7 69 09 93 57 b3 f6 93 33 78 cd 6b 04 e2 12 1c 63 d5 dd 65 25 cc // 87 7f e7 78 2c 40 4e bd 79 87 ea e7 10 11 f7 89 78 63 52 3b e0 dc // 34 aa 88 8c 0e 1c 2c fa 1f 3e 82 6c fc 3e 2e e0 34 4a b5 10 1f 7f // 9e 59 c0 25 0b cb 1e 72 14 f7 cc f2 08 22 2f f3 74 fa 79 aa 08 d3 // 62 60 fc ec e9 57 94 58 7b 4e c2 d7 39 80 5b a2 a0 b2 8e fd 4b 50 // a8 60 38 56 fc b6 4e 90 39 18 e6 b6 b5 7f 3d cd 11 3a 68 54 6d f8 // ab 95 97 d9 51 8a 54 6a 7b 1e e0 16 9a 16 4a ec 3b 88 c0 dd 5a b2 // 4c 95 e7 c9 7c 58 16 75 e0 bf cc a5 4a b1 6f b7 01 69 1a 70 09 6d // 98 17 c6 ed 85 15 11 05 95 3d f5 7b} (length 0xf8) // } // union ANYUNION { // ANYBLOB: buffer: {ac 2d 5b 5b 89 45 d5 7e 78 69 64 8e be 10 b8 d2 // 71 97 63 b4 bf 3f 66 67 bf 8f 72 26 06 d2 b3 59 3f 26 21 8e 9a 5f // ba 2e 7d 41 66 78 7d a7 17 37 b3 80 04 5f b0 a6 82 e2 91 52 71 f2 // 14 c0 11 29 61 b7 3c 46 38 e7 ba 68 de b3 48 26 d7 68 2a ce 75 49 // c8 3b f5 2b d9 14 2b 6c 5a de bf 82 15 52 70 d3 32 04 c0 9c 07 ed // 4c a2 fc 93 2a f4 86 46 c9 62 4e 3e 35 44 d6 8f 61 a2 b0 73 fb 85 // 33 25 99 b2 99 a4 f4 41 a8 e2 f7 4c 57 aa 38 b5 b5 96 23 82 80 c1 // 69 3b ba 97 ff 25 86 79 ab 84 48 59 70 b6 0f 81 09 3d da 65 01 ba // ba 18 a7 79 0c a3 e6 fc fa 12 89 8b 9f ff 3f af 61 3d 71 f9 d6 4d // bd 5c 2e da d8 e7 74 fb 0d a3 9e 53 2d 92 16 4e 2d 34 af f7 ca e3 // 2f 3c d7 aa 9a ac e0 00 f1 36 32 3e 48 08 d0 c6 6c 08 28 94 2d ef // 38 de b2 e1 d8 47 55 5f e0 d5 ba 80 84 ba bb 31 69 f9 f0 62 46 ec // d5 32 77 58 44 8c 9c 7e 45 91 da 12 ff 1b 08 4e 75 7d 05 af 4f 0f // 04 44 ec fc c0 c4 d2 06 7a 98 d4 9f e5 24 12 21 83 80 bb 75 e2 1c // d2 37 24 e0 39 0b 11 6b 9a 1c 1e 33 50 b3 e6 f1 7c 5b d1 f1 ad b4 // ce 1d 03 d5 b3 0e b0 69 03 40 70 8f 06 df ca 5c 9d 74 a7 c1 40 ca // bd dd 0f 37 d8 bc f1 5e 57 8d de 85 d7 c2 8c cb 1c 96 33 ce eb 54 // bb 27 8d 5a 09 72 20 ca 53 a2 ea 47 81 ac a2 b7 01 89 19 99 38 af // ba 9a 70 0a 61 02 25 31 1f e8 31 67 94 ca 0a e1 39 a5 0d bd 34 d5 // 72 d6 16 5e aa a9 48 44 62 00 45 e6 15 d5 1f 5e 19 c2 9a ad ad 35 // 39 49 09 61 13 58 51 f1 5b bf d0 60 4f 39 26 87 75 83 d8 5c 45 a0 // 4c 6f 15 5a d6 e1 96 6d 20 04 ab 6a b5 1f 9b eb 82 db cd ca aa b8 // 86 56 4c bf 81 b5 81 da 39 7e ba 4f c8 fe 43 0e f9 3e d6 13 cd 58 // 8e 39 96 69 b9 f4 b6 34 81 16 3e 6c 2b 74 11 25 38 19 2b e9 55 1c // a4 00 bc 2b 94 7a 53 5f cc bc 56 7a 68 a3 ab 94 55 43 85 bb 1f 2a // 0e 21 46 31 01 13 10 2a 9f fb cb bf 44 d3 0e 07 6d 36 3d 62 01 fa // ec f8 bb bb c9 d7 fc d3 81 95 86 0b bc 85 ee 3f 5f 9b 2c 99 01 64 // ab c3 a7 67 4a b2 a6 31 14 7d 70 85 85 f5 26 94 a4 6b 68 1c bc 62 // 3b 53 a2 72 f2 1f 2a a5 59 7b ee c8 09 49 54 54 13 16 cc 45 ec 97 // 51 fe f1 23 69 e7 27 2b 7b dc b5 27 ba c4 a1 9e 0b ba 1b 68 ef 98 // e3 56 37 05 e9 ca 40 bb 91 4c ec e2 fd 75 c2 37 5b 81 a0 6d ad cd // b1 c5 4a 17 58 55 e3 0c 3d 9c a5 8c a8 73 e4 3d 70 3b 14 71 52 6f // b3 df e1 2e 14 0b 81 df 3a fa e6 10 4e 5f fa 4e 85 85 b4 56 a7 19 // 9c 75 c5 ab c7 af ec a7 43 fc e3 10 df 09 06 2f 20 b9 a9 9f ac 5d // 01 93 38 d9 86 06 80 5f 4f aa d9 cc 81 eb f0 3b 72 39 a3 40 c9 73 // 82 8b 67 6a f4 e5 94 d7 96 68 9f 98 23 73 0c 5e ad 8d ba 25 69 25 // 86 9a b0 d7 19 6a 99 b7 5a 15 f9 92 78 52 d7 81 3a a5 a4 cb 76 76 // 47 49 e8 82 d5 9c 09 4c 5e bd 19 11 15 31 50 e8 d5 3a a8 ab bf 36 // 0a 40 45 b6 3e 0e 29 6d 03 15 8d e8 aa 02 b5 ae b4 59 dc dc 6b 9d // 5a a8 c0 e4 55 e7 cb 6a 5d 9b 26 ee 54 20 e4 1d 89 59 0a 0c 04 ca // 87 01 a6 a3 86 71 6a 32 e0 41 02 f2 81 f6 63 17 a2 19 40 c0 cf 83 // e1 28 f4 f8 3b df 67 70 17 0d 74 d4 3f 3b 1f 4c 0b b5 e8 c6 92 54 // e0 bf d1 5c 6d 02 59 6b f3 b5 47 e5 b9 b8 e8 43 90 45 5a 9c 4b 00 // b6 33 c6 61 61 6a ca 4a 41 58 86 8b e2 16 33 f3 43 15 59 96 ea ff // 00 c2 c3 47 fe a0 3c 6f 06 e7 ad cd 83 cf 32 0e 3a 44 6d 07 db a2 // 02 e5 96 06 32 56 0d a8 a3 b6 0e fe 5a 81 4a 5c b2 a4 ff 08 42 ff // f2 38 97 b5 83 b3 81 e5 03 0e 50 6c ae f8 dc 97 be f9 53 21 11 e3 // eb 36 21 87 0e c3 9f e2 35 1d 38 14 a0 2d 2f 9e 38 aa c1 f0 89 7f // 32 dd bf fd c6 e0 ac de a9 5f f7 f6 78 65 da ae 11 30 f6 8f 00 98 // 56 82 ec ef c4 3f b6 f8 52 15 14 92 3b 5c f3 56 0b e0 73 9a eb 4e // b0 0b 38 9d 39 eb b9 b9 74 e0 54 12 0f cd 48 c0 d6 bc 09 44 1c 2c // 19 f4 1b df ce ed 01 a3 b6 86 92 15 00 fa e8 87 95 f2 16 79 4d 21 // dd 3a 98 f2 fd b5 a1 59 0e 0c bd c5 cd 95 93 b1 64 e2 55 13 1c 21 // f2 2e d7 e7 ed 4e c8 3d b9 1f 8b f5 f3 27 d7 22 2b e1 e4 70 a7 c0 // d0 a6 57 c7 3a d6 06 f2 ef 0c 59 d3 c1 18 c6 01 d2 3d 67 ee 16 ce // 36 58 c9 15 3b 81 31 f0 6c 1e 4f 83 c4 9d be 6d bc 34 78 b1 31 3b // 92 21 bc 4c 5e ad eb fd 16 cd 07 af de 50 9f 2e 92 6f cf d5 f8 fe // ab e8 36 f4 08 0e a5 e6 5c 1e 4d 85 9f 16 ac 45 ad 8c 80 4e b9 ec // ce 36 3f af 19 c1 40 9d 81 92 a6 44 82 35 78 cc fd 5b 64 34 78 eb // 94 82 23 67 6d 37 5f 81 1f ff a8 74 f7 c2 a2 81 10 4a 28 ba f4 da // 27 16 ae 87 0a bb 3e 0f 05 e6 34 66 17 63 56 72 8a 70 0f e3 9e bb // 62 bd bf f1 39 fd bf 21 52 00 22 98 4d c6 d3 ee d1 d8 1b 94 f2 8a // 07 cc 23 8c cb 64 d6 5e 87 53 4c 01 11 bb 76 21 23 68 c6 e8 e9 a5 // 36 e7 58 fa 2f 16 a2 ca b9 d3 19 84 05 54 88 b2 7b cf f1 2b cc 5a // 0f e2 1a 0e 44 ed fb 87 c6 81 06 0e 69 44 ff 89 dc e4 a9 c7 12 2c // 53 ac c2 79 13 a5 fb f1 5c 9a da 97 1d f8 8f 0d f3 f8 2e b5 63 f6 // 3c 64 0a d6 e3 9a 1f 5c 1a ad 83 c3 64 95 7e c6 d6 45 f4 24 3d 1f // b4 ec ef 27 5d 4c 0c a0 28 40 64 cd e0 c2 82 d7 93 f2 90 ba b5 a4 // de c1 5f 3e 2a dc c9 d4 55 d2 e2 8b d0 40 d6 e0 f6 51 ac 6f 20 f5 // 5d 13 03 d2 aa ef 21 04 b3 93 af c8 49 e9 cd 77 43 ca 20 a6 f0 92 // cb f4 2a 67 44 68 92 49 31 28 d3 8b b0 d0 f5 07 ff e3 fd 71 8e c4 // 8e ff 58 df 72 97 28 bc 01 ee 18 0d 67 6d fa 22 c8 1d a0 e4 e3 fd // a9 4f 4f 94 19 5b c8 2e 1f 94 1d 8a 29 0c a0 d4 16 37 3d 42 0e ba // 19 64 70 e4 f2 59 40 50 60 61 c6 01 f1 2b 36 56 d6 d6 b3 a4 7e 50 // d5 23 5b 7f d0 f8 2b b0 83 5a ee 34 70 b6 9b f7 e5 96 16 ec e4 47 // d9 af 36 c3 96 f6 87 21 4f f7 d7 e2 79 61 f4 61 c7 80 b4 c5 63 ae // b4 7f a9 f3 35 cb da de 8a 06 71 1b a7 9b 6f e8 77 8a c1 bc 06 bb // 59 13 1c 17 40 9c 1d 1d 0c c7 46 ae c8 c3 b1 34 8f 95 85 94 51 92 // d8 e3 20 02 c6 76 75 3a b2 46 a9 27 02 fc 8e 3a 3c e8 9b 84 66 1b // 1b 10 dc d7 3f dd ac d3 11 ca 66 3d 48 3b 87 a5 92 25 f6 06 27 ee // cf 40 9d 61 88 23 6b 19 86 33 d4 7c 5f 1c 0b a0 bb 43 21 aa c8 8a // 60 61 d5 e9 78 83 91 4c d7 42 84 ab 93 7b 95 79 cc ee 6a b5 bb 39 // f6 27 4a 04 e3 e7 a8 c3 d0 33 e3 40 35 7b c1 5c 5f 6d aa 04 7b 1c // ee 44 8a c3 80 bb de 4b f8 06 b0 89 1a 04 b9 e4 08 60 9b 04 0b 7d // 3a 02 d2 a7 6d 40 13 75 6d 79 24 47 92 c5 43 fe 23 27 a3 c3 71 85 // 2b ed 5a b5 4d e9 87 bc 46 99 b3 2a d1 c0 8f 7f ff 7a 23 06 9e 72 // bd dc 9a 59 0b 2c 70 7b ac 39 57 d4 6b 65 7a 4e 17 f1 91 4d b5 8f // b6 43 6b dd 58 b8 6d f4 91 01 6a 2b 9e be 0c 35 a8 59 b2 16 f1 7f // 48 28 c8 de e3 0a 38 ed 1f c3 63 47 af 97 89 99 d0 c4 04 31 3c f9 // 9c 92 81 c4 51 94 ab d7 94 75 a8 0e a1 48 68 40 aa d7 2b 1c 0c 4f // 17 fe 35 a1 50 fc b5 74 fa 9f cc 09 a7 fc 5d cd 34 e1 5d 4b f1 bc // cf a8 bf 42 3d 24 37 e2 eb 0d 3c a9 32 4f bf c7 e2 56 b8 62 c5 0e // bc 8d b3 fb 69 f6 90 03 d3 78 07 af 8d dc cf 2d 92 9a d9 d0 6e bb // b7 e5 38 d9 3b b0 b7 bc 82 8e 16 39 e0 b5 e8 9c 22 ba dc a3 07 ad // 28 18 3c 30 83 e8 7c 91 7f eb 4c 88 23 97 d3 97 ea 2e 7f f0 e0 5e // bb 25 29 40 30 2c dc 0f 0f 7e fe 40 68 5f 7c 3e 89 23 e3 79 5d 70 // d6 9c 70 d9 a0 71 e4 01 ce e7 71 f2 9d cb 53 16 47 17 68 46 4c 46 // 59 f2 c7 6d 11 71 3a b4 4f 4c 94 4a 48 19 de b1 24 8b 02 45 74 03 // e9 63 0a af 4a 18 0e 9e 55 bb 4d 29 1e 9a 2b c8 5a 1e d1 7f 90 6d // 54 93 5c 7e 5e 8b 70 7e ad 56 28 4f da 02 08 bd 88 ab 5c 32 59 bd // 53 29 c0 d2 66 53 eb 07 b6 85 6a d7 99 fd 6f a8 d2 11 1d a3 97 0f // f8 50 9b c2 ef 3a 88 13 d0 4f 36 00 15 26 b7 07 57 64 6e d4 bf 25 // a2 56 75 1b 8e c7 14 f2 e6 2d ea 19 e8 2a ac ec 38 91 95 53 2b f7 // f3 35 af ae 43 51 ad b9 3c 84 6e 22 f1 f2 a3 e0 d6 20 d8 16 88 bd // 55 30 e3 89 f2 28 4b 3c 99 7d 4a ba b7 c3 0a ac 1b 14 14 25 cd 9a // a3 15 dc 5a 5e 8b 04 fd 50 3d 79 89 6b 14 94 d8 be 48 04 8c 73 92 // fc 92 c3 25 b7 6b de 44 96 c4 9d a3 4c 9f f9 59 69 be c8 f9 5c 35 // 62 39 d5 33 69 07 95 73 83 b1 2c 51 2f ff 6d 79 70 97 a2 6a 5a ee // 92 51 ba e9 40 ef 1a 19 b3 f7 46 39 63 00 d3 ba eb 47 6b 02 3f 74 // 0e d7 c1 da 92 fd bf 18 34 c3 a8 82 a6 07 98 85 b9 33 33 3d 0e 19 // 4c c1 f2 5a 06 c3 a2 d3 70 93 68 86 cb 38 5d 98 61 d6 76 2c 74 16 // a1 db 52 75 22 8b 64 99 cd ef 97 67 fb 99 8d 43 25 1b 96 3b c4 47 // 7b 2c 05 1b 70 a0 31 7d e5 f6 ec 31 58 91 41 45 bd 03 6f f1 94 df // 97 22 d2 a3 d2 ac 23 97 89 1b 57 3a 34 ad 16 23 6c dc 7c a7 7b c1 // 5f 0f db c3 ca e9 23 d6 16 33 a4 2b ab 45 0a 80 cf 3e e6 58 0e 79 // 2b 16 17 d7 4f a1 89 d4 50 a6 4c a1 2d 8c 79 76 98 20 8e a6 10 10 // b6 07 28 85 b7 62 af 59 81 59 62 1f 83 8e ba cc 00 ea 11 f5 92 4b // 39 b2 bb bc 5c 7d 66 78 71 ce 32 e9 aa 75 89 3a 9f a1 3a 2f fe 66 // b3 60 e2 66 44 62 59 a8 74 5a dd b4 e1 86 13 9d 86 d4 e8 d4 85 37 // ac 35 02 9b 0d 87 c0 3e 8c 1a 9b 9a 42 25 94 49 6f ed a8 bc 55 02 // 77 74 28 fe 73 71 98 ed 89 6c 21 28 a4 f7 d5 52 f2 ee a8 fe f6 e6 // 8f ea f3 cb fd 54 9e 62 2e ea 7b c9 88 bb 16 fc 49 b7 ab 24 14 26 // f2 e4 0e dc ca 07 d4 f9 47 cc b1 d3 b8 c2 e9 cb 14 a0 c0 44 95 db // b7 5b d9 c9 35 f3 6b fe 39 84 55 b0 e5 f9 27 d5 72 6e 61 7c 69 ca // 81 fe 36 c3 e6 ea 51 0c 5f e4 73 51 61 c9 92 f9 eb f6 67 27 e5 a7 // de d5 90 06 1d 4d a3 b8 6b 99 68 46 a6 bb 10 2e 47 d3 34 65 d8 8a // 68 64 4c 8a 76 a7 70 d5 e0 31 8e 6c 30 1e 7c 7f 55 75 bf 15 a9 58 // 9b 32 cf aa 41 ee 15 97 24 88 49 71 95 a2 cb 49 a6 b6 f9 37 a8 e3 // 11 e3 4d 31 1d fd 4f e2 22 d3 ab c0 95 b0 b2 4a 1b 71 93 eb 33 53 // de f0 cc 15 11 c8 fc e9 b0 a7 86 7a e2 fe d4 db 93 00 96 46 dc 91 // a3 74 53 87 cb e6 1b 37 f7 49 b4 0d 5d 38 97 08 56 b7 ab 8b 6e 1e // 0b 81 c0 78 c6 8c b5 5c 57 85 4b 8b 58 63 b7 a4 c8 7f 42 e6 d6 dc // a2 de 03 26 b1 b2 69 70 16 8c 99 f5 98 16 87 74 48 e7 f7 26 26 f5 // 35 4f db 5e 03 3c d6 b4 2e 94 76 66 5e fa e6 62 87 e6 56 59 0d 1f // 80 b3 a0 95 57 a5 7d 7d e4 ba de 6a 12 2d 40 a9 2d b1 d3 47 46 3b // 74 15 1d 44 a0 2d be 06 72 59 c6 33 b8 c8 44 25 e7 7a 73 6f ca 99 // f0 6d 0f d6 6e 35 36 55 11 ec 01 75 37 f4 c2 12 e7 f2 e2 33 69 95 // 8c 3a 7b 92 fe ff ad 9e db 12 13 9f 1f 69 0f 95 12 72 5c 0a 1a 16 // 4e 78 b4 13 0c 91 fd 39 61 df 91 c1 a1 17 83 c2 4b 03 bc f3 05 fd // 0e 14 e6 51 0f 4d 58 cf 73 32 6e 94 f2 bc 1b 1a b2 95 29 7b ee 7a // 98 b7 7a fe 48 3a 7d 66 e7 80 d5 e1 11 b4 20 22 85 f5 80 ce 57 1e // cc 09 85 50 1f aa 0e 9f 2f 5b 98 48 d7 70 d8 d8 ad 7b 90 a9 51 f8 // 32 79 07 3e 45 a0 c7 ab cf 89 cd 62 00 f7 fc 32 0e 46 ea 3d e2 ad // de e3 a9 84 43 25 01 06 3f 99 28 d0 89 7d 93 dd e2 0f e8 fb e4 da // bc 1a c3 4b 0e fd b3 d7 c7 b4 d4 95 71 ea 64 25 2d 72 09 ff 6d 0a // e5 b9 5e f3 5d 81 60 c5 97 6f 7e d9 c4 b6 9d b8 1a 73 f6 d0 0f d2 // 54 c4 17 69 6d 6a f6 94 f3 68 88 26 cc 04 db 80 19 f2 41 9f a9 9e // 47 dc 43 6f d7 68 90 b5 29 1c d2 72 47 17 a1 e6 04 e6 cb 5e 21 42 // 35 66 4e 8c 71 48 c2 bd 87 99 6c 05 bc fe 1f 29 20 0f 40 a0 d7 66 // df 3d dc 6f ae f8 2f b3 4d 38 5f 90 b8 f0 e4 bb 7b a5 19 e7 98 67 // 35 c1 69 cb 35 46 d6 2f b7 0f bd 49 ee c4 ed d7 03 97 d2 fc bf db // 9c d8 73 31 fc e3 c9 78 6b 70 90 50 1b 90 4c 8f 92 5a 1d bf a1 51 // a1 8e 6c 14 5e bb 74 da 71 00 de 60 a6 27 10 0d 6c 04 ce 78 9a 7d // 4e 88 69 2c b0 90 fd 9f f2 00 6e 5d db 87 0f 5b 2a a5 02 08 1e b7 // a2 67 44 de 9a 0d 29 a6 6e f1 8e b0 97 e1 d3 96 56 10 78 e3 f9 25 // 80 46 a3 a3 e9 b5 87 89 64 d7 1b 52 67 55 08 4f 38 5d 97 77 b2 ab // 50 3f 9d 77 c0 9a 46 00 4b 50 05 f6 9e ed ee 80 ed d8 7d d1 7f 22 // 92 eb a0 0f 71 de db 01 0b 7b 00 3a 84 00 f6 b4 4d 63 55 9a 10 bc // 00 52 c6 78 ac 8e d9 65 8a ff 4f 85 87 78 eb b6 0c ba f5 3d 82 24 // 8a 26 0c 72 55 f9 43 71 1e 8a c3 1a 4b 7a 46 94 dc da ce 3b e2 5e // a4 3b dc 9d fd 52 d3 69 29 2d 8d 75 81 a6 97 9d 1b 8a d5 43 ba eb // 92 96 90 7e 09 26 02 5f 4c 35 97 e9 8e 2e ac d0 48 a5 de dd 0e 9d // ab c3 26 8e d3 5a 91 c6 18 09 08 af 07 a9 5b f3 74 57 3c 7b 4f 61 // 1e b3 0b bb 5f 17 21 a6 55 0f 48 3d ca ed 51 d8 4f da a5 c6 a5 2d // 7c 4d 04 ca 4e df d2 88 44 83 c2 d5 aa eb f6 f0 6c 6f ff 8b ff 81 // 39 23 ac 8c 6e dd 0e ad ef ab 93 84 42 ff 09 b1 b3 ff 92 6c 96 3d // 67 a0 1c cc bd 86 cb 69 bb 5e 5a 4a dc a8 21 10 f8 7d 3e e7 80 0b // 14 41 2b 48 cd 94 fe ac ba a9 c1 92 1e 81 6d 02 87 ad 11 98 b9 4f // d6 de 31 49 12 b7 99 38 a0 d0 0e f5 96 8c a4 cb 50 6a fa 14 96 ce // 48 86 c8 c4 49 55 a9 2c 9d 23 95 f1 08 a3 57 e2 40 51 1c c7 e6 54 // 8a c4 17 4e 5b 52 cc 1f 03 ea 8f a8 26 8a 72 83 e9 cd 25 51 8c c7 // 11 14 86 95 37 89 1b 64 33 72 22 f0 4c 11 14 07 bc 2c 87 77 f1 13 // 2e 1b 29 4e c5 33 61 0f d1 ae 3b 4a a7 e2 0c 31 5d 87 ae ed 3a 19 // 15 16 77 e0 41 73 fb d5 5e 88 66 9f 51 5d ea 19 c8 b9 9f 8d 7e 82 // 97 34 f6 15 a9 b9 5e 27 8f ec 62 cf 2d 1a 37 d5 35 ef 71 99 65 30 // c6 2e 65 bb 6f de 62 54 47 e9 12 2c fd 94 7d 70 32 c7 58 0b fa 52 // 86 bd de 0b d9 c4 f0 c6 3c bc ed dc 30 2e 1d ae f7 f2 7b f2 89 f7 // 24 56 80 25 60 e4 47 7b 27 52 0b 45 f3 a3 9e 78 78 24 f1 69 b3 fa // 0e c7 fb a1 c3 7f 44 99 d4 3a 9c dc a7 59 5f 3e 9a b7 42 23 c3 48 // 19 b2 60 13 0d 8a 76 13 65 31 01 cc 9a 6e 23 6a c0 19 65 35 6c 90 // 81 4c 63 2e d4 21 a6 26 54 a4 57 cc c6 60 40 02 64 51 61 0b 94 89 // 8d 13 29 2c f2 09 6f c1 74 4b 8f e6 7c eb bc ee 0a 38 30 be 98 76 // 94 e5 93 d7 32 f0 5e 3c 65 03 a7 11 73 dc 98 70 c3 ec a0 17 31 8b // 62 8d d6 51 23 2e a1 c4 24 a9 8b 39 41 88 c8 b8 db f3 0d 69 f1 97 // 62 19 fd 5b 19 75 f8 de eb ab ec a9 70 58 1f 01 1f 42 8c 16 4b b3 // 5e 0d 6b e1 87 a5 a2 88 7d 6b b0 88 9c 41 c5 c2 4d 0b 17 3f 05 db // 5d 3a 9e 50 31 8b 44 8b 3c 8c} (length 0x1000) // } // union ANYUNION { // ANYRESDEC: ANYRES64 (resource) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYRES16: ANYRES16 (resource) // } // } // } // chdir: int8 = 0xb (1 bytes) // size: len = 0x0 (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x0) // } // ] // returns fd_dir memcpy((void*)0x200000000f40, "msdos\000", 6); memcpy((void*)0x200000000f00, ".\000", 2); *(uint8_t*)0x200000002100 = r[1]; *(uint16_t*)0x200000002101 = -1; *(uint32_t*)0x200000002103 = -1; sprintf((char*)0x200000002107, "0x%016llx", (long long)-1); sprintf((char*)0x200000002119, "0x%016llx", (long long)-1); sprintf((char*)0x20000000212b, "0x%016llx", (long long)r[0]); memcpy( (void*)0x20000000213d, "\x4c\x07\xf1\x8b\x4a\x72\xa4\x28\xcd\xf1\xfc\xc6\xa8\x89\xd5\x1c\x7d\x39" "\x5b\xfc\x15\x39\x6c\x27\x2d\x41\xb4\xa7\x9d\xba\x07\x39\xc1\xc7\x46\x1a" "\xe1\x94\x81\x93\x2a\xa4\xc0\x30\x54\xc8\xb2\x44\x2a\x4c\x1e\x43\x11\x03" "\x2b\xeb\xb0\xcb\x70\x49\x5a\xcf\xcf\x1f\x08\x73\x5d\xf8\x68\xc7\x05", 71); memcpy( (void*)0x200000002184, "\x37\xb5\x7c\xfa\x7d\x01\x21\x34\x5c\x29\xb6\x06\x4f\x49\xa0\xf9\x5b\x88" "\x67\x1b\x8e\x91\x49\x55\x6e\x5f\xf3\xc7\x01\x2f\x78\x56\xb6\x55\x7b\xae" "\x1d\x1d\x61\xef\xea\x62\x31\x14\xa0\xb4\xb5\x2f\x68\x38\x7d\x20\x40\xdd" "\x08\xc5\xaa\x75\x3b\x59\x6e\xde\x3f\x3d\x63\x7f\x96\x75\x23\x10\xa3\x89" "\xef\xcd\x8c\xf3\x35\xca\x9d\xbb\xbc\x10\xbd\xa7\xa1\x63\x42\x96\x8c\x9a" "\xb4\xfd\x1a\xc6\x5d\xa6\x04\xcd\x9b\x42\xd6\xd0\xdc\x0e\x89\x5e\x0b\x2f" "\x42\x82\x2d\x1b\x34\x2f\x88\xa8\xd6\x07\x00\x8d\x20\xb2\x2b\x77\x6a\x70" "\xa0\x7a\x2c\x53\xfc\x32\xbe\x09\x4c\x85\x72\x79\xc5\x85\x42\xb1\x76\xbf" "\xbc\xc6\xc7\xe9\x80\x8d\xa6\x87\xb4\x4a\x8b\x21\xd2\x3c\xc2\xf8\x00\x50" "\xf8\xfd\x45\x7f\x5a\x55\x95\x22\x6d\x20\x08\xbc\xde\xd2\x26\xab\x2e\x75" "\xd0\x0a\xb5\x59\x2d\xaa\x23\xe8\x09\xe0\x4c\x2b\x37\x0a\xf4\x60\xae\x93" "\xb7\xef\xc3\x2b\xf1\x74\x83\x07\x79\x05\x8a\xd7\x52\x90\xb9\xab\xb5\x9b" "\xe5\xf8\x85\x90\x01\xe6\x51\xc1\xd4\x04\xa5\xf2\x8e\xaf\x37\x81\xf2\x28" "\x82\x49\xae\x7b\x38\x5a\x9c\x40\x92\x9c\xae\x3f\xa5\xa6\xf1\x42\xcd\x05" "\x7e\xbd\xbc\x00\x00\x00\xe3\x4d\xb2\xd1\x4a\x64\x58\x49\x9d\xe0\x81\x9d" "\x89\xf5\x70\xa7\x2f\xee\x0d\xd8\xcf\x74\x4e\x0d\xaf\x8f\x31\xb1\xd8\xed" "\xda\x87\x29\x6c\xa7\x63\x2e\x1e\x6e\x23", 298); *(uint16_t*)0x2000000022ae = -1; memcpy( (void*)0x2000000022b0, "\x29\xdd\xcb\x57\x31\xbd\x30\xcc\xfe\x31\xb4\x2b\xec\x88\xd6\xb1\x80\xe9" "\x73\x4e\xf8\xfd\xff\x82\x1c\x55\x0b\xb7\x22\xdb\x8e\xec\x86\xc6\x80\xe3" "\x7b\xdf\xf0\x58\x17\x4a\xdd\x79\x95\x59\xb5\xa8\x7e\x15\x1d\x8b\x63\xbb" "\x4f\xbe\xa4\x7a\x17\x5a\xc7\x69\x09\x93\x57\xb3\xf6\x93\x33\x78\xcd\x6b" "\x04\xe2\x12\x1c\x63\xd5\xdd\x65\x25\xcc\x87\x7f\xe7\x78\x2c\x40\x4e\xbd" "\x79\x87\xea\xe7\x10\x11\xf7\x89\x78\x63\x52\x3b\xe0\xdc\x34\xaa\x88\x8c" "\x0e\x1c\x2c\xfa\x1f\x3e\x82\x6c\xfc\x3e\x2e\xe0\x34\x4a\xb5\x10\x1f\x7f" "\x9e\x59\xc0\x25\x0b\xcb\x1e\x72\x14\xf7\xcc\xf2\x08\x22\x2f\xf3\x74\xfa" "\x79\xaa\x08\xd3\x62\x60\xfc\xec\xe9\x57\x94\x58\x7b\x4e\xc2\xd7\x39\x80" "\x5b\xa2\xa0\xb2\x8e\xfd\x4b\x50\xa8\x60\x38\x56\xfc\xb6\x4e\x90\x39\x18" "\xe6\xb6\xb5\x7f\x3d\xcd\x11\x3a\x68\x54\x6d\xf8\xab\x95\x97\xd9\x51\x8a" "\x54\x6a\x7b\x1e\xe0\x16\x9a\x16\x4a\xec\x3b\x88\xc0\xdd\x5a\xb2\x4c\x95" "\xe7\xc9\x7c\x58\x16\x75\xe0\xbf\xcc\xa5\x4a\xb1\x6f\xb7\x01\x69\x1a\x70" "\x09\x6d\x98\x17\xc6\xed\x85\x15\x11\x05\x95\x3d\xf5\x7b", 248); memcpy( (void*)0x2000000023a8, "\xac\x2d\x5b\x5b\x89\x45\xd5\x7e\x78\x69\x64\x8e\xbe\x10\xb8\xd2\x71\x97" "\x63\xb4\xbf\x3f\x66\x67\xbf\x8f\x72\x26\x06\xd2\xb3\x59\x3f\x26\x21\x8e" "\x9a\x5f\xba\x2e\x7d\x41\x66\x78\x7d\xa7\x17\x37\xb3\x80\x04\x5f\xb0\xa6" "\x82\xe2\x91\x52\x71\xf2\x14\xc0\x11\x29\x61\xb7\x3c\x46\x38\xe7\xba\x68" "\xde\xb3\x48\x26\xd7\x68\x2a\xce\x75\x49\xc8\x3b\xf5\x2b\xd9\x14\x2b\x6c" "\x5a\xde\xbf\x82\x15\x52\x70\xd3\x32\x04\xc0\x9c\x07\xed\x4c\xa2\xfc\x93" "\x2a\xf4\x86\x46\xc9\x62\x4e\x3e\x35\x44\xd6\x8f\x61\xa2\xb0\x73\xfb\x85" "\x33\x25\x99\xb2\x99\xa4\xf4\x41\xa8\xe2\xf7\x4c\x57\xaa\x38\xb5\xb5\x96" "\x23\x82\x80\xc1\x69\x3b\xba\x97\xff\x25\x86\x79\xab\x84\x48\x59\x70\xb6" "\x0f\x81\x09\x3d\xda\x65\x01\xba\xba\x18\xa7\x79\x0c\xa3\xe6\xfc\xfa\x12" "\x89\x8b\x9f\xff\x3f\xaf\x61\x3d\x71\xf9\xd6\x4d\xbd\x5c\x2e\xda\xd8\xe7" "\x74\xfb\x0d\xa3\x9e\x53\x2d\x92\x16\x4e\x2d\x34\xaf\xf7\xca\xe3\x2f\x3c" "\xd7\xaa\x9a\xac\xe0\x00\xf1\x36\x32\x3e\x48\x08\xd0\xc6\x6c\x08\x28\x94" "\x2d\xef\x38\xde\xb2\xe1\xd8\x47\x55\x5f\xe0\xd5\xba\x80\x84\xba\xbb\x31" "\x69\xf9\xf0\x62\x46\xec\xd5\x32\x77\x58\x44\x8c\x9c\x7e\x45\x91\xda\x12" "\xff\x1b\x08\x4e\x75\x7d\x05\xaf\x4f\x0f\x04\x44\xec\xfc\xc0\xc4\xd2\x06" "\x7a\x98\xd4\x9f\xe5\x24\x12\x21\x83\x80\xbb\x75\xe2\x1c\xd2\x37\x24\xe0" "\x39\x0b\x11\x6b\x9a\x1c\x1e\x33\x50\xb3\xe6\xf1\x7c\x5b\xd1\xf1\xad\xb4" "\xce\x1d\x03\xd5\xb3\x0e\xb0\x69\x03\x40\x70\x8f\x06\xdf\xca\x5c\x9d\x74" "\xa7\xc1\x40\xca\xbd\xdd\x0f\x37\xd8\xbc\xf1\x5e\x57\x8d\xde\x85\xd7\xc2" "\x8c\xcb\x1c\x96\x33\xce\xeb\x54\xbb\x27\x8d\x5a\x09\x72\x20\xca\x53\xa2" "\xea\x47\x81\xac\xa2\xb7\x01\x89\x19\x99\x38\xaf\xba\x9a\x70\x0a\x61\x02" "\x25\x31\x1f\xe8\x31\x67\x94\xca\x0a\xe1\x39\xa5\x0d\xbd\x34\xd5\x72\xd6" "\x16\x5e\xaa\xa9\x48\x44\x62\x00\x45\xe6\x15\xd5\x1f\x5e\x19\xc2\x9a\xad" "\xad\x35\x39\x49\x09\x61\x13\x58\x51\xf1\x5b\xbf\xd0\x60\x4f\x39\x26\x87" "\x75\x83\xd8\x5c\x45\xa0\x4c\x6f\x15\x5a\xd6\xe1\x96\x6d\x20\x04\xab\x6a" "\xb5\x1f\x9b\xeb\x82\xdb\xcd\xca\xaa\xb8\x86\x56\x4c\xbf\x81\xb5\x81\xda" "\x39\x7e\xba\x4f\xc8\xfe\x43\x0e\xf9\x3e\xd6\x13\xcd\x58\x8e\x39\x96\x69" "\xb9\xf4\xb6\x34\x81\x16\x3e\x6c\x2b\x74\x11\x25\x38\x19\x2b\xe9\x55\x1c" "\xa4\x00\xbc\x2b\x94\x7a\x53\x5f\xcc\xbc\x56\x7a\x68\xa3\xab\x94\x55\x43" "\x85\xbb\x1f\x2a\x0e\x21\x46\x31\x01\x13\x10\x2a\x9f\xfb\xcb\xbf\x44\xd3" "\x0e\x07\x6d\x36\x3d\x62\x01\xfa\xec\xf8\xbb\xbb\xc9\xd7\xfc\xd3\x81\x95" "\x86\x0b\xbc\x85\xee\x3f\x5f\x9b\x2c\x99\x01\x64\xab\xc3\xa7\x67\x4a\xb2" "\xa6\x31\x14\x7d\x70\x85\x85\xf5\x26\x94\xa4\x6b\x68\x1c\xbc\x62\x3b\x53" "\xa2\x72\xf2\x1f\x2a\xa5\x59\x7b\xee\xc8\x09\x49\x54\x54\x13\x16\xcc\x45" "\xec\x97\x51\xfe\xf1\x23\x69\xe7\x27\x2b\x7b\xdc\xb5\x27\xba\xc4\xa1\x9e" "\x0b\xba\x1b\x68\xef\x98\xe3\x56\x37\x05\xe9\xca\x40\xbb\x91\x4c\xec\xe2" "\xfd\x75\xc2\x37\x5b\x81\xa0\x6d\xad\xcd\xb1\xc5\x4a\x17\x58\x55\xe3\x0c" "\x3d\x9c\xa5\x8c\xa8\x73\xe4\x3d\x70\x3b\x14\x71\x52\x6f\xb3\xdf\xe1\x2e" "\x14\x0b\x81\xdf\x3a\xfa\xe6\x10\x4e\x5f\xfa\x4e\x85\x85\xb4\x56\xa7\x19" "\x9c\x75\xc5\xab\xc7\xaf\xec\xa7\x43\xfc\xe3\x10\xdf\x09\x06\x2f\x20\xb9" "\xa9\x9f\xac\x5d\x01\x93\x38\xd9\x86\x06\x80\x5f\x4f\xaa\xd9\xcc\x81\xeb" "\xf0\x3b\x72\x39\xa3\x40\xc9\x73\x82\x8b\x67\x6a\xf4\xe5\x94\xd7\x96\x68" "\x9f\x98\x23\x73\x0c\x5e\xad\x8d\xba\x25\x69\x25\x86\x9a\xb0\xd7\x19\x6a" "\x99\xb7\x5a\x15\xf9\x92\x78\x52\xd7\x81\x3a\xa5\xa4\xcb\x76\x76\x47\x49" "\xe8\x82\xd5\x9c\x09\x4c\x5e\xbd\x19\x11\x15\x31\x50\xe8\xd5\x3a\xa8\xab" "\xbf\x36\x0a\x40\x45\xb6\x3e\x0e\x29\x6d\x03\x15\x8d\xe8\xaa\x02\xb5\xae" "\xb4\x59\xdc\xdc\x6b\x9d\x5a\xa8\xc0\xe4\x55\xe7\xcb\x6a\x5d\x9b\x26\xee" "\x54\x20\xe4\x1d\x89\x59\x0a\x0c\x04\xca\x87\x01\xa6\xa3\x86\x71\x6a\x32" "\xe0\x41\x02\xf2\x81\xf6\x63\x17\xa2\x19\x40\xc0\xcf\x83\xe1\x28\xf4\xf8" "\x3b\xdf\x67\x70\x17\x0d\x74\xd4\x3f\x3b\x1f\x4c\x0b\xb5\xe8\xc6\x92\x54" "\xe0\xbf\xd1\x5c\x6d\x02\x59\x6b\xf3\xb5\x47\xe5\xb9\xb8\xe8\x43\x90\x45" "\x5a\x9c\x4b\x00\xb6\x33\xc6\x61\x61\x6a\xca\x4a\x41\x58\x86\x8b\xe2\x16" "\x33\xf3\x43\x15\x59\x96\xea\xff\x00\xc2\xc3\x47\xfe\xa0\x3c\x6f\x06\xe7" "\xad\xcd\x83\xcf\x32\x0e\x3a\x44\x6d\x07\xdb\xa2\x02\xe5\x96\x06\x32\x56" "\x0d\xa8\xa3\xb6\x0e\xfe\x5a\x81\x4a\x5c\xb2\xa4\xff\x08\x42\xff\xf2\x38" "\x97\xb5\x83\xb3\x81\xe5\x03\x0e\x50\x6c\xae\xf8\xdc\x97\xbe\xf9\x53\x21" "\x11\xe3\xeb\x36\x21\x87\x0e\xc3\x9f\xe2\x35\x1d\x38\x14\xa0\x2d\x2f\x9e" "\x38\xaa\xc1\xf0\x89\x7f\x32\xdd\xbf\xfd\xc6\xe0\xac\xde\xa9\x5f\xf7\xf6" "\x78\x65\xda\xae\x11\x30\xf6\x8f\x00\x98\x56\x82\xec\xef\xc4\x3f\xb6\xf8" "\x52\x15\x14\x92\x3b\x5c\xf3\x56\x0b\xe0\x73\x9a\xeb\x4e\xb0\x0b\x38\x9d" "\x39\xeb\xb9\xb9\x74\xe0\x54\x12\x0f\xcd\x48\xc0\xd6\xbc\x09\x44\x1c\x2c" "\x19\xf4\x1b\xdf\xce\xed\x01\xa3\xb6\x86\x92\x15\x00\xfa\xe8\x87\x95\xf2" "\x16\x79\x4d\x21\xdd\x3a\x98\xf2\xfd\xb5\xa1\x59\x0e\x0c\xbd\xc5\xcd\x95" "\x93\xb1\x64\xe2\x55\x13\x1c\x21\xf2\x2e\xd7\xe7\xed\x4e\xc8\x3d\xb9\x1f" "\x8b\xf5\xf3\x27\xd7\x22\x2b\xe1\xe4\x70\xa7\xc0\xd0\xa6\x57\xc7\x3a\xd6" "\x06\xf2\xef\x0c\x59\xd3\xc1\x18\xc6\x01\xd2\x3d\x67\xee\x16\xce\x36\x58" "\xc9\x15\x3b\x81\x31\xf0\x6c\x1e\x4f\x83\xc4\x9d\xbe\x6d\xbc\x34\x78\xb1" "\x31\x3b\x92\x21\xbc\x4c\x5e\xad\xeb\xfd\x16\xcd\x07\xaf\xde\x50\x9f\x2e" "\x92\x6f\xcf\xd5\xf8\xfe\xab\xe8\x36\xf4\x08\x0e\xa5\xe6\x5c\x1e\x4d\x85" "\x9f\x16\xac\x45\xad\x8c\x80\x4e\xb9\xec\xce\x36\x3f\xaf\x19\xc1\x40\x9d" "\x81\x92\xa6\x44\x82\x35\x78\xcc\xfd\x5b\x64\x34\x78\xeb\x94\x82\x23\x67" "\x6d\x37\x5f\x81\x1f\xff\xa8\x74\xf7\xc2\xa2\x81\x10\x4a\x28\xba\xf4\xda" "\x27\x16\xae\x87\x0a\xbb\x3e\x0f\x05\xe6\x34\x66\x17\x63\x56\x72\x8a\x70" "\x0f\xe3\x9e\xbb\x62\xbd\xbf\xf1\x39\xfd\xbf\x21\x52\x00\x22\x98\x4d\xc6" "\xd3\xee\xd1\xd8\x1b\x94\xf2\x8a\x07\xcc\x23\x8c\xcb\x64\xd6\x5e\x87\x53" "\x4c\x01\x11\xbb\x76\x21\x23\x68\xc6\xe8\xe9\xa5\x36\xe7\x58\xfa\x2f\x16" "\xa2\xca\xb9\xd3\x19\x84\x05\x54\x88\xb2\x7b\xcf\xf1\x2b\xcc\x5a\x0f\xe2" "\x1a\x0e\x44\xed\xfb\x87\xc6\x81\x06\x0e\x69\x44\xff\x89\xdc\xe4\xa9\xc7" "\x12\x2c\x53\xac\xc2\x79\x13\xa5\xfb\xf1\x5c\x9a\xda\x97\x1d\xf8\x8f\x0d" "\xf3\xf8\x2e\xb5\x63\xf6\x3c\x64\x0a\xd6\xe3\x9a\x1f\x5c\x1a\xad\x83\xc3" "\x64\x95\x7e\xc6\xd6\x45\xf4\x24\x3d\x1f\xb4\xec\xef\x27\x5d\x4c\x0c\xa0" "\x28\x40\x64\xcd\xe0\xc2\x82\xd7\x93\xf2\x90\xba\xb5\xa4\xde\xc1\x5f\x3e" "\x2a\xdc\xc9\xd4\x55\xd2\xe2\x8b\xd0\x40\xd6\xe0\xf6\x51\xac\x6f\x20\xf5" "\x5d\x13\x03\xd2\xaa\xef\x21\x04\xb3\x93\xaf\xc8\x49\xe9\xcd\x77\x43\xca" "\x20\xa6\xf0\x92\xcb\xf4\x2a\x67\x44\x68\x92\x49\x31\x28\xd3\x8b\xb0\xd0" "\xf5\x07\xff\xe3\xfd\x71\x8e\xc4\x8e\xff\x58\xdf\x72\x97\x28\xbc\x01\xee" "\x18\x0d\x67\x6d\xfa\x22\xc8\x1d\xa0\xe4\xe3\xfd\xa9\x4f\x4f\x94\x19\x5b" "\xc8\x2e\x1f\x94\x1d\x8a\x29\x0c\xa0\xd4\x16\x37\x3d\x42\x0e\xba\x19\x64" "\x70\xe4\xf2\x59\x40\x50\x60\x61\xc6\x01\xf1\x2b\x36\x56\xd6\xd6\xb3\xa4" "\x7e\x50\xd5\x23\x5b\x7f\xd0\xf8\x2b\xb0\x83\x5a\xee\x34\x70\xb6\x9b\xf7" "\xe5\x96\x16\xec\xe4\x47\xd9\xaf\x36\xc3\x96\xf6\x87\x21\x4f\xf7\xd7\xe2" "\x79\x61\xf4\x61\xc7\x80\xb4\xc5\x63\xae\xb4\x7f\xa9\xf3\x35\xcb\xda\xde" "\x8a\x06\x71\x1b\xa7\x9b\x6f\xe8\x77\x8a\xc1\xbc\x06\xbb\x59\x13\x1c\x17" "\x40\x9c\x1d\x1d\x0c\xc7\x46\xae\xc8\xc3\xb1\x34\x8f\x95\x85\x94\x51\x92" "\xd8\xe3\x20\x02\xc6\x76\x75\x3a\xb2\x46\xa9\x27\x02\xfc\x8e\x3a\x3c\xe8" "\x9b\x84\x66\x1b\x1b\x10\xdc\xd7\x3f\xdd\xac\xd3\x11\xca\x66\x3d\x48\x3b" "\x87\xa5\x92\x25\xf6\x06\x27\xee\xcf\x40\x9d\x61\x88\x23\x6b\x19\x86\x33" "\xd4\x7c\x5f\x1c\x0b\xa0\xbb\x43\x21\xaa\xc8\x8a\x60\x61\xd5\xe9\x78\x83" "\x91\x4c\xd7\x42\x84\xab\x93\x7b\x95\x79\xcc\xee\x6a\xb5\xbb\x39\xf6\x27" "\x4a\x04\xe3\xe7\xa8\xc3\xd0\x33\xe3\x40\x35\x7b\xc1\x5c\x5f\x6d\xaa\x04" "\x7b\x1c\xee\x44\x8a\xc3\x80\xbb\xde\x4b\xf8\x06\xb0\x89\x1a\x04\xb9\xe4" "\x08\x60\x9b\x04\x0b\x7d\x3a\x02\xd2\xa7\x6d\x40\x13\x75\x6d\x79\x24\x47" "\x92\xc5\x43\xfe\x23\x27\xa3\xc3\x71\x85\x2b\xed\x5a\xb5\x4d\xe9\x87\xbc" "\x46\x99\xb3\x2a\xd1\xc0\x8f\x7f\xff\x7a\x23\x06\x9e\x72\xbd\xdc\x9a\x59" "\x0b\x2c\x70\x7b\xac\x39\x57\xd4\x6b\x65\x7a\x4e\x17\xf1\x91\x4d\xb5\x8f" "\xb6\x43\x6b\xdd\x58\xb8\x6d\xf4\x91\x01\x6a\x2b\x9e\xbe\x0c\x35\xa8\x59" "\xb2\x16\xf1\x7f\x48\x28\xc8\xde\xe3\x0a\x38\xed\x1f\xc3\x63\x47\xaf\x97" "\x89\x99\xd0\xc4\x04\x31\x3c\xf9\x9c\x92\x81\xc4\x51\x94\xab\xd7\x94\x75" "\xa8\x0e\xa1\x48\x68\x40\xaa\xd7\x2b\x1c\x0c\x4f\x17\xfe\x35\xa1\x50\xfc" "\xb5\x74\xfa\x9f\xcc\x09\xa7\xfc\x5d\xcd\x34\xe1\x5d\x4b\xf1\xbc\xcf\xa8" "\xbf\x42\x3d\x24\x37\xe2\xeb\x0d\x3c\xa9\x32\x4f\xbf\xc7\xe2\x56\xb8\x62" "\xc5\x0e\xbc\x8d\xb3\xfb\x69\xf6\x90\x03\xd3\x78\x07\xaf\x8d\xdc\xcf\x2d" "\x92\x9a\xd9\xd0\x6e\xbb\xb7\xe5\x38\xd9\x3b\xb0\xb7\xbc\x82\x8e\x16\x39" "\xe0\xb5\xe8\x9c\x22\xba\xdc\xa3\x07\xad\x28\x18\x3c\x30\x83\xe8\x7c\x91" "\x7f\xeb\x4c\x88\x23\x97\xd3\x97\xea\x2e\x7f\xf0\xe0\x5e\xbb\x25\x29\x40" "\x30\x2c\xdc\x0f\x0f\x7e\xfe\x40\x68\x5f\x7c\x3e\x89\x23\xe3\x79\x5d\x70" "\xd6\x9c\x70\xd9\xa0\x71\xe4\x01\xce\xe7\x71\xf2\x9d\xcb\x53\x16\x47\x17" "\x68\x46\x4c\x46\x59\xf2\xc7\x6d\x11\x71\x3a\xb4\x4f\x4c\x94\x4a\x48\x19" "\xde\xb1\x24\x8b\x02\x45\x74\x03\xe9\x63\x0a\xaf\x4a\x18\x0e\x9e\x55\xbb" "\x4d\x29\x1e\x9a\x2b\xc8\x5a\x1e\xd1\x7f\x90\x6d\x54\x93\x5c\x7e\x5e\x8b" "\x70\x7e\xad\x56\x28\x4f\xda\x02\x08\xbd\x88\xab\x5c\x32\x59\xbd\x53\x29" "\xc0\xd2\x66\x53\xeb\x07\xb6\x85\x6a\xd7\x99\xfd\x6f\xa8\xd2\x11\x1d\xa3" "\x97\x0f\xf8\x50\x9b\xc2\xef\x3a\x88\x13\xd0\x4f\x36\x00\x15\x26\xb7\x07" "\x57\x64\x6e\xd4\xbf\x25\xa2\x56\x75\x1b\x8e\xc7\x14\xf2\xe6\x2d\xea\x19" "\xe8\x2a\xac\xec\x38\x91\x95\x53\x2b\xf7\xf3\x35\xaf\xae\x43\x51\xad\xb9" "\x3c\x84\x6e\x22\xf1\xf2\xa3\xe0\xd6\x20\xd8\x16\x88\xbd\x55\x30\xe3\x89" "\xf2\x28\x4b\x3c\x99\x7d\x4a\xba\xb7\xc3\x0a\xac\x1b\x14\x14\x25\xcd\x9a" "\xa3\x15\xdc\x5a\x5e\x8b\x04\xfd\x50\x3d\x79\x89\x6b\x14\x94\xd8\xbe\x48" "\x04\x8c\x73\x92\xfc\x92\xc3\x25\xb7\x6b\xde\x44\x96\xc4\x9d\xa3\x4c\x9f" "\xf9\x59\x69\xbe\xc8\xf9\x5c\x35\x62\x39\xd5\x33\x69\x07\x95\x73\x83\xb1" "\x2c\x51\x2f\xff\x6d\x79\x70\x97\xa2\x6a\x5a\xee\x92\x51\xba\xe9\x40\xef" "\x1a\x19\xb3\xf7\x46\x39\x63\x00\xd3\xba\xeb\x47\x6b\x02\x3f\x74\x0e\xd7" "\xc1\xda\x92\xfd\xbf\x18\x34\xc3\xa8\x82\xa6\x07\x98\x85\xb9\x33\x33\x3d" "\x0e\x19\x4c\xc1\xf2\x5a\x06\xc3\xa2\xd3\x70\x93\x68\x86\xcb\x38\x5d\x98" "\x61\xd6\x76\x2c\x74\x16\xa1\xdb\x52\x75\x22\x8b\x64\x99\xcd\xef\x97\x67" "\xfb\x99\x8d\x43\x25\x1b\x96\x3b\xc4\x47\x7b\x2c\x05\x1b\x70\xa0\x31\x7d" "\xe5\xf6\xec\x31\x58\x91\x41\x45\xbd\x03\x6f\xf1\x94\xdf\x97\x22\xd2\xa3" "\xd2\xac\x23\x97\x89\x1b\x57\x3a\x34\xad\x16\x23\x6c\xdc\x7c\xa7\x7b\xc1" "\x5f\x0f\xdb\xc3\xca\xe9\x23\xd6\x16\x33\xa4\x2b\xab\x45\x0a\x80\xcf\x3e" "\xe6\x58\x0e\x79\x2b\x16\x17\xd7\x4f\xa1\x89\xd4\x50\xa6\x4c\xa1\x2d\x8c" "\x79\x76\x98\x20\x8e\xa6\x10\x10\xb6\x07\x28\x85\xb7\x62\xaf\x59\x81\x59" "\x62\x1f\x83\x8e\xba\xcc\x00\xea\x11\xf5\x92\x4b\x39\xb2\xbb\xbc\x5c\x7d" "\x66\x78\x71\xce\x32\xe9\xaa\x75\x89\x3a\x9f\xa1\x3a\x2f\xfe\x66\xb3\x60" "\xe2\x66\x44\x62\x59\xa8\x74\x5a\xdd\xb4\xe1\x86\x13\x9d\x86\xd4\xe8\xd4" "\x85\x37\xac\x35\x02\x9b\x0d\x87\xc0\x3e\x8c\x1a\x9b\x9a\x42\x25\x94\x49" "\x6f\xed\xa8\xbc\x55\x02\x77\x74\x28\xfe\x73\x71\x98\xed\x89\x6c\x21\x28" "\xa4\xf7\xd5\x52\xf2\xee\xa8\xfe\xf6\xe6\x8f\xea\xf3\xcb\xfd\x54\x9e\x62" "\x2e\xea\x7b\xc9\x88\xbb\x16\xfc\x49\xb7\xab\x24\x14\x26\xf2\xe4\x0e\xdc" "\xca\x07\xd4\xf9\x47\xcc\xb1\xd3\xb8\xc2\xe9\xcb\x14\xa0\xc0\x44\x95\xdb" "\xb7\x5b\xd9\xc9\x35\xf3\x6b\xfe\x39\x84\x55\xb0\xe5\xf9\x27\xd5\x72\x6e" "\x61\x7c\x69\xca\x81\xfe\x36\xc3\xe6\xea\x51\x0c\x5f\xe4\x73\x51\x61\xc9" "\x92\xf9\xeb\xf6\x67\x27\xe5\xa7\xde\xd5\x90\x06\x1d\x4d\xa3\xb8\x6b\x99" "\x68\x46\xa6\xbb\x10\x2e\x47\xd3\x34\x65\xd8\x8a\x68\x64\x4c\x8a\x76\xa7" "\x70\xd5\xe0\x31\x8e\x6c\x30\x1e\x7c\x7f\x55\x75\xbf\x15\xa9\x58\x9b\x32" "\xcf\xaa\x41\xee\x15\x97\x24\x88\x49\x71\x95\xa2\xcb\x49\xa6\xb6\xf9\x37" "\xa8\xe3\x11\xe3\x4d\x31\x1d\xfd\x4f\xe2\x22\xd3\xab\xc0\x95\xb0\xb2\x4a" "\x1b\x71\x93\xeb\x33\x53\xde\xf0\xcc\x15\x11\xc8\xfc\xe9\xb0\xa7\x86\x7a" "\xe2\xfe\xd4\xdb\x93\x00\x96\x46\xdc\x91\xa3\x74\x53\x87\xcb\xe6\x1b\x37" "\xf7\x49\xb4\x0d\x5d\x38\x97\x08\x56\xb7\xab\x8b\x6e\x1e\x0b\x81\xc0\x78" "\xc6\x8c\xb5\x5c\x57\x85\x4b\x8b\x58\x63\xb7\xa4\xc8\x7f\x42\xe6\xd6\xdc" "\xa2\xde\x03\x26\xb1\xb2\x69\x70\x16\x8c\x99\xf5\x98\x16\x87\x74\x48\xe7" "\xf7\x26\x26\xf5\x35\x4f\xdb\x5e\x03\x3c\xd6\xb4\x2e\x94\x76\x66\x5e\xfa" "\xe6\x62\x87\xe6\x56\x59\x0d\x1f\x80\xb3\xa0\x95\x57\xa5\x7d\x7d\xe4\xba" "\xde\x6a\x12\x2d\x40\xa9\x2d\xb1\xd3\x47\x46\x3b\x74\x15\x1d\x44\xa0\x2d" "\xbe\x06\x72\x59\xc6\x33\xb8\xc8\x44\x25\xe7\x7a\x73\x6f\xca\x99\xf0\x6d" "\x0f\xd6\x6e\x35\x36\x55\x11\xec\x01\x75\x37\xf4\xc2\x12\xe7\xf2\xe2\x33" "\x69\x95\x8c\x3a\x7b\x92\xfe\xff\xad\x9e\xdb\x12\x13\x9f\x1f\x69\x0f\x95" "\x12\x72\x5c\x0a\x1a\x16\x4e\x78\xb4\x13\x0c\x91\xfd\x39\x61\xdf\x91\xc1" "\xa1\x17\x83\xc2\x4b\x03\xbc\xf3\x05\xfd\x0e\x14\xe6\x51\x0f\x4d\x58\xcf" "\x73\x32\x6e\x94\xf2\xbc\x1b\x1a\xb2\x95\x29\x7b\xee\x7a\x98\xb7\x7a\xfe" "\x48\x3a\x7d\x66\xe7\x80\xd5\xe1\x11\xb4\x20\x22\x85\xf5\x80\xce\x57\x1e" "\xcc\x09\x85\x50\x1f\xaa\x0e\x9f\x2f\x5b\x98\x48\xd7\x70\xd8\xd8\xad\x7b" "\x90\xa9\x51\xf8\x32\x79\x07\x3e\x45\xa0\xc7\xab\xcf\x89\xcd\x62\x00\xf7" "\xfc\x32\x0e\x46\xea\x3d\xe2\xad\xde\xe3\xa9\x84\x43\x25\x01\x06\x3f\x99" "\x28\xd0\x89\x7d\x93\xdd\xe2\x0f\xe8\xfb\xe4\xda\xbc\x1a\xc3\x4b\x0e\xfd" "\xb3\xd7\xc7\xb4\xd4\x95\x71\xea\x64\x25\x2d\x72\x09\xff\x6d\x0a\xe5\xb9" "\x5e\xf3\x5d\x81\x60\xc5\x97\x6f\x7e\xd9\xc4\xb6\x9d\xb8\x1a\x73\xf6\xd0" "\x0f\xd2\x54\xc4\x17\x69\x6d\x6a\xf6\x94\xf3\x68\x88\x26\xcc\x04\xdb\x80" "\x19\xf2\x41\x9f\xa9\x9e\x47\xdc\x43\x6f\xd7\x68\x90\xb5\x29\x1c\xd2\x72" "\x47\x17\xa1\xe6\x04\xe6\xcb\x5e\x21\x42\x35\x66\x4e\x8c\x71\x48\xc2\xbd" "\x87\x99\x6c\x05\xbc\xfe\x1f\x29\x20\x0f\x40\xa0\xd7\x66\xdf\x3d\xdc\x6f" "\xae\xf8\x2f\xb3\x4d\x38\x5f\x90\xb8\xf0\xe4\xbb\x7b\xa5\x19\xe7\x98\x67" "\x35\xc1\x69\xcb\x35\x46\xd6\x2f\xb7\x0f\xbd\x49\xee\xc4\xed\xd7\x03\x97" "\xd2\xfc\xbf\xdb\x9c\xd8\x73\x31\xfc\xe3\xc9\x78\x6b\x70\x90\x50\x1b\x90" "\x4c\x8f\x92\x5a\x1d\xbf\xa1\x51\xa1\x8e\x6c\x14\x5e\xbb\x74\xda\x71\x00" "\xde\x60\xa6\x27\x10\x0d\x6c\x04\xce\x78\x9a\x7d\x4e\x88\x69\x2c\xb0\x90" "\xfd\x9f\xf2\x00\x6e\x5d\xdb\x87\x0f\x5b\x2a\xa5\x02\x08\x1e\xb7\xa2\x67" "\x44\xde\x9a\x0d\x29\xa6\x6e\xf1\x8e\xb0\x97\xe1\xd3\x96\x56\x10\x78\xe3" "\xf9\x25\x80\x46\xa3\xa3\xe9\xb5\x87\x89\x64\xd7\x1b\x52\x67\x55\x08\x4f" "\x38\x5d\x97\x77\xb2\xab\x50\x3f\x9d\x77\xc0\x9a\x46\x00\x4b\x50\x05\xf6" "\x9e\xed\xee\x80\xed\xd8\x7d\xd1\x7f\x22\x92\xeb\xa0\x0f\x71\xde\xdb\x01" "\x0b\x7b\x00\x3a\x84\x00\xf6\xb4\x4d\x63\x55\x9a\x10\xbc\x00\x52\xc6\x78" "\xac\x8e\xd9\x65\x8a\xff\x4f\x85\x87\x78\xeb\xb6\x0c\xba\xf5\x3d\x82\x24" "\x8a\x26\x0c\x72\x55\xf9\x43\x71\x1e\x8a\xc3\x1a\x4b\x7a\x46\x94\xdc\xda" "\xce\x3b\xe2\x5e\xa4\x3b\xdc\x9d\xfd\x52\xd3\x69\x29\x2d\x8d\x75\x81\xa6" "\x97\x9d\x1b\x8a\xd5\x43\xba\xeb\x92\x96\x90\x7e\x09\x26\x02\x5f\x4c\x35" "\x97\xe9\x8e\x2e\xac\xd0\x48\xa5\xde\xdd\x0e\x9d\xab\xc3\x26\x8e\xd3\x5a" "\x91\xc6\x18\x09\x08\xaf\x07\xa9\x5b\xf3\x74\x57\x3c\x7b\x4f\x61\x1e\xb3" "\x0b\xbb\x5f\x17\x21\xa6\x55\x0f\x48\x3d\xca\xed\x51\xd8\x4f\xda\xa5\xc6" "\xa5\x2d\x7c\x4d\x04\xca\x4e\xdf\xd2\x88\x44\x83\xc2\xd5\xaa\xeb\xf6\xf0" "\x6c\x6f\xff\x8b\xff\x81\x39\x23\xac\x8c\x6e\xdd\x0e\xad\xef\xab\x93\x84" "\x42\xff\x09\xb1\xb3\xff\x92\x6c\x96\x3d\x67\xa0\x1c\xcc\xbd\x86\xcb\x69" "\xbb\x5e\x5a\x4a\xdc\xa8\x21\x10\xf8\x7d\x3e\xe7\x80\x0b\x14\x41\x2b\x48" "\xcd\x94\xfe\xac\xba\xa9\xc1\x92\x1e\x81\x6d\x02\x87\xad\x11\x98\xb9\x4f" "\xd6\xde\x31\x49\x12\xb7\x99\x38\xa0\xd0\x0e\xf5\x96\x8c\xa4\xcb\x50\x6a" "\xfa\x14\x96\xce\x48\x86\xc8\xc4\x49\x55\xa9\x2c\x9d\x23\x95\xf1\x08\xa3" "\x57\xe2\x40\x51\x1c\xc7\xe6\x54\x8a\xc4\x17\x4e\x5b\x52\xcc\x1f\x03\xea" "\x8f\xa8\x26\x8a\x72\x83\xe9\xcd\x25\x51\x8c\xc7\x11\x14\x86\x95\x37\x89" "\x1b\x64\x33\x72\x22\xf0\x4c\x11\x14\x07\xbc\x2c\x87\x77\xf1\x13\x2e\x1b" "\x29\x4e\xc5\x33\x61\x0f\xd1\xae\x3b\x4a\xa7\xe2\x0c\x31\x5d\x87\xae\xed" "\x3a\x19\x15\x16\x77\xe0\x41\x73\xfb\xd5\x5e\x88\x66\x9f\x51\x5d\xea\x19" "\xc8\xb9\x9f\x8d\x7e\x82\x97\x34\xf6\x15\xa9\xb9\x5e\x27\x8f\xec\x62\xcf" "\x2d\x1a\x37\xd5\x35\xef\x71\x99\x65\x30\xc6\x2e\x65\xbb\x6f\xde\x62\x54" "\x47\xe9\x12\x2c\xfd\x94\x7d\x70\x32\xc7\x58\x0b\xfa\x52\x86\xbd\xde\x0b" "\xd9\xc4\xf0\xc6\x3c\xbc\xed\xdc\x30\x2e\x1d\xae\xf7\xf2\x7b\xf2\x89\xf7" "\x24\x56\x80\x25\x60\xe4\x47\x7b\x27\x52\x0b\x45\xf3\xa3\x9e\x78\x78\x24" "\xf1\x69\xb3\xfa\x0e\xc7\xfb\xa1\xc3\x7f\x44\x99\xd4\x3a\x9c\xdc\xa7\x59" "\x5f\x3e\x9a\xb7\x42\x23\xc3\x48\x19\xb2\x60\x13\x0d\x8a\x76\x13\x65\x31" "\x01\xcc\x9a\x6e\x23\x6a\xc0\x19\x65\x35\x6c\x90\x81\x4c\x63\x2e\xd4\x21" "\xa6\x26\x54\xa4\x57\xcc\xc6\x60\x40\x02\x64\x51\x61\x0b\x94\x89\x8d\x13" "\x29\x2c\xf2\x09\x6f\xc1\x74\x4b\x8f\xe6\x7c\xeb\xbc\xee\x0a\x38\x30\xbe" "\x98\x76\x94\xe5\x93\xd7\x32\xf0\x5e\x3c\x65\x03\xa7\x11\x73\xdc\x98\x70" "\xc3\xec\xa0\x17\x31\x8b\x62\x8d\xd6\x51\x23\x2e\xa1\xc4\x24\xa9\x8b\x39" "\x41\x88\xc8\xb8\xdb\xf3\x0d\x69\xf1\x97\x62\x19\xfd\x5b\x19\x75\xf8\xde" "\xeb\xab\xec\xa9\x70\x58\x1f\x01\x1f\x42\x8c\x16\x4b\xb3\x5e\x0d\x6b\xe1" "\x87\xa5\xa2\x88\x7d\x6b\xb0\x88\x9c\x41\xc5\xc2\x4d\x0b\x17\x3f\x05\xdb" "\x5d\x3a\x9e\x50\x31\x8b\x44\x8b\x3c\x8c", 4096); sprintf((char*)0x2000000033a8, "%020llu", (long long)-1); sprintf((char*)0x2000000033bc, "0x%016llx", (long long)-1); *(uint16_t*)0x2000000033ce = -1; syz_mount_image( /*fs=*/0x200000000f40, /*dir=*/0x200000000f00, /*flags=MS_I_VERSION|MS_PRIVATE|MS_POSIXACL|MS_SYNCHRONOUS|MS_STRICTATIME|MS_SILENT|0x202428*/ 0x1a5a438, /*opts=*/0x200000002100, /*chdir=*/0xb, /*size=*/0, /*img=*/0x200000000000); return 0; }