// https://syzkaller.appspot.com/bug?id=fc28634f4815322260d0735ad0ed14f767b558b6 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } #define MAX_FDS 30 #define USB_DEBUG 0 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; struct usb_endpoint_descriptor eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; static bool parse_usb_descriptor(char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num], buffer + offset, sizeof(iface->eps[iface->eps_num])); iface->eps_num++; } } offset += desc_length; } return true; } enum usb_fuzzer_event_type { USB_FUZZER_EVENT_INVALID, USB_FUZZER_EVENT_CONNECT, USB_FUZZER_EVENT_DISCONNECT, USB_FUZZER_EVENT_SUSPEND, USB_FUZZER_EVENT_RESUME, USB_FUZZER_EVENT_CONTROL, }; struct usb_fuzzer_event { uint32_t type; uint32_t length; char data[0]; }; struct usb_fuzzer_init { uint64_t speed; const char* driver_name; const char* device_name; }; struct usb_fuzzer_ep_io { uint16_t ep; uint16_t flags; uint32_t length; char data[0]; }; #define USB_FUZZER_IOCTL_INIT _IOW('U', 0, struct usb_fuzzer_init) #define USB_FUZZER_IOCTL_RUN _IO('U', 1) #define USB_FUZZER_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_fuzzer_event) #define USB_FUZZER_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_fuzzer_ep_io) #define USB_FUZZER_IOCTL_EP0_READ _IOWR('U', 4, struct usb_fuzzer_ep_io) #define USB_FUZZER_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_FUZZER_IOCTL_EP_DISABLE _IOW('U', 6, int) #define USB_FUZZER_IOCTL_EP_WRITE _IOW('U', 7, struct usb_fuzzer_ep_io) #define USB_FUZZER_IOCTL_EP_READ _IOWR('U', 8, struct usb_fuzzer_ep_io) #define USB_FUZZER_IOCTL_CONFIGURE _IO('U', 9) #define USB_FUZZER_IOCTL_VBUS_DRAW _IOW('U', 10, uint32_t) static int usb_fuzzer_open() { return open("/sys/kernel/debug/usb-fuzzer", O_RDWR); } static int usb_fuzzer_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_fuzzer_init arg; arg.speed = speed; arg.driver_name = driver; arg.device_name = device; return ioctl(fd, USB_FUZZER_IOCTL_INIT, &arg); } static int usb_fuzzer_run(int fd) { return ioctl(fd, USB_FUZZER_IOCTL_RUN, 0); } static int usb_fuzzer_event_fetch(int fd, struct usb_fuzzer_event* event) { return ioctl(fd, USB_FUZZER_IOCTL_EVENT_FETCH, event); } static int usb_fuzzer_ep0_write(int fd, struct usb_fuzzer_ep_io* io) { return ioctl(fd, USB_FUZZER_IOCTL_EP0_WRITE, io); } static int usb_fuzzer_ep0_read(int fd, struct usb_fuzzer_ep_io* io) { return ioctl(fd, USB_FUZZER_IOCTL_EP0_READ, io); } static int usb_fuzzer_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_FUZZER_IOCTL_EP_ENABLE, desc); } static int usb_fuzzer_ep_disable(int fd, int ep) { return ioctl(fd, USB_FUZZER_IOCTL_EP_DISABLE, ep); } static int usb_fuzzer_configure(int fd) { return ioctl(fd, USB_FUZZER_IOCTL_CONFIGURE, 0); } static int usb_fuzzer_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_FUZZER_IOCTL_VBUS_DRAW, power); } #define MAX_USB_FDS 6 struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[MAX_USB_FDS]; static int usb_devices_num; static struct usb_device_index* add_usb_index(int fd, char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= MAX_USB_FDS) return NULL; int rv = 0; rv = parse_usb_descriptor(dev, dev_len, &usb_devices[i].index); if (!rv) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } static struct usb_device_index* lookup_usb_index(int fd) { int i; for (i = 0; i < MAX_USB_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) { return &usb_devices[i].index; } } return NULL; } static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); int ep; if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_fuzzer_ep_disable(fd, ep); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_fuzzer_ep_enable(fd, &index->ifaces[n].eps[ep]); if (rv < 0) { } else { } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_fuzzer_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_fuzzer_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } #define USB_MAX_PACKET_SIZE 1024 struct usb_fuzzer_control_event { struct usb_fuzzer_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_fuzzer_ep_io_data { struct usb_fuzzer_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = {8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0}; static const char default_lang_id[] = {4, USB_DT_STRING, 0x09, 0x04}; static bool lookup_connect_response(int fd, struct vusb_connect_descriptors* descs, struct usb_ctrlrequest* ctrl, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { struct usb_qualifier_descriptor* qual = (struct usb_qualifier_descriptor*)response_data; qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: exit(1); return false; } break; default: exit(1); return false; } break; default: exit(1); return false; } return false; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; char* dev = (char*)a2; struct vusb_connect_descriptors* descs = (struct vusb_connect_descriptors*)a3; if (!dev) { return -1; } int fd = usb_fuzzer_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_fuzzer_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_fuzzer_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_fuzzer_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_fuzzer_event_fetch(fd, (struct usb_fuzzer_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_FUZZER_EVENT_CONTROL) continue; bool response_found = false; char* response_data = NULL; uint32_t response_length = 0; if (event.ctrl.bRequestType & USB_DIR_IN) { response_found = lookup_connect_response( fd, descs, &event.ctrl, &response_data, &response_length); if (!response_found) { return -1; } } else { if ((event.ctrl.bRequestType & USB_TYPE_MASK) != USB_TYPE_STANDARD || event.ctrl.bRequest != USB_REQ_SET_CONFIGURATION) { exit(1); return -1; } done = true; } if (done) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_fuzzer_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_fuzzer_ep0_write(fd, (struct usb_fuzzer_ep_io*)&response); } else { rv = usb_fuzzer_ep0_read(fd, (struct usb_fuzzer_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); int i; for (i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter; for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } } } void execute_one(void) { memcpy( (void*)0x20001340, "\x12\x01\x00\x00\xec\x3b\xb3\x20\xd3\x13\x25\x33\x11\x7a\x00\x00\x00\x01" "\x09\x02\x12\x00\x01\x00\x00\x00\x00\x09\x04\x9e\x08\x00\xf0\x57\x13\x00" "\x00\x21\x03\x00\x02\x01\x22\x4d\x0c\x09\x05\x0f\x00\x31\x01\x1f\x3f\x09" "\x00\x25\x01\x01\x00\x66\x9a\x09\x05\x06\x10\x18\x00\x04\x02\x20\x09\x05" "\x04\x00\x18\x02\x05\x80\x01\x00\x23\xc3\x4d\x5d\x73\x5c\xfb\xd5\x9d\x6a" "\x3a\x6f\x4b\xaf\xbb\x8f\x3c\xd3\xae\x13\x7c\x11\x2c\x4e\x19\x43\x2c\x8f" "\x15\x47\x03\xae\xdb\x06\x93\xd7\xaf\xb6\x96\xa8\x5e\x79\x92\x61\xb1\xe6" "\x20\xe6\x0a\x56\xa8\x20\x33\x84\xd0\xf5\xf2\x7a\xeb\xb7\x8f\x75\x60\xc2" "\xab\xe1\xa7\xeb\xc1\x23\x61\x4b\xce\x48\x1c\xf1\x90\x7b\x3b\xcf\x4e\xe8" "\xe2\x04\xa7\x4e\x1e\xd9\x09\xd6\xd8\x71\x4a\x69\xee\x8d\xbb\xc4\x01\x90" "\x76\xaa\xac\xcc\x4c\xe7\xe0\xa2\x35\xb7\x99\x1b\xc8\xed\x8f\x5f\xb4\x32" "\xb7\xcb\x28\x70\x5d\x10\x5a\xca\x17\xc9\x1d\x73\x34\x3f\x00\x1f\x32\x78" "\x15\x1a\x1b\xca\xc6\x63\x5e\xd2\x8b\x50\xb6\x18\x6b\x47\x45\x1b\x73\x10" "\x87\x71\xfe\x3b\x6a\xd2\xe8\xce\x9b\x6f\xa0\xde\x6b\x80\xbd\x21\xb1\xad" "\xc7\xa9\xf3\x7b\x46\xb7\x82\x97\xc3\xfd\xaf\xe5\x7f\x7c\x1d\x39\xe1\x06" "\xca\x3c\xbe\xe0\x70\x6b\x71\x68\x9e\xc9\xec\xa8\xc0\x3f\x55\x5d\xd1\x07" "\x18\x52\xe0\xe7\x31\x49\x6f\xa8\xc3\xb2\x31\xab\x49\x73\x68\xe6\x89\x82" "\x9f\x74\x0e\x97\x51\x1f\xb6\x4a\xd4\x78\x74\x9d\x06\x9a\x64\x50\x12\xae" "\x4c\x76\xb3\x9f\x53\xa5\x8b\xd6\x74\xab\x40\xd7\x2d\x79\x1d\xf5\x76\x66" "\x25\x54\x46\x72\x5d\x82\xfa\x34\xce\xf0\x75\x32\x25\x99\x3c\xc5\xa1\xb7" "\xf6\x04\x2c\xe4\x65\x0a\x5c\x8d\x0d\xbe\x14\x27\x82\xa3\xf9\x7c\x54\x01" "\x7d\x79\x4a\x37\xb7\x24\xb3\xc2\x87\x4f\x6c\x1b\xfb\xbe\xf6\x7e\x25\xd1" "\x56\xfd\x17\x72\xbe\xd9\x68\xdb\x35\x0b\x9e\xc5\x47\xe2\xe2\xaa\x38\xaa" "\x79\xae\x65\x09\xd0\x94\xd1\x8b\x2a\xe0\xc7\xe3\x99\x55\x18\xb9\x15\xf3" "\x78\x91\xe1\x26\x88\xd4\x01\x5b\xf6\x11\x62\xf5\x77\xde\x68\x7a\xaa\x9e" "\xe0\x36\xc9\x74\x8f\xb0\xf0\x0d\x08\x73\xb1\x54\x77\xd8\xf2\x3d\xcc\x4c" "\x41\x7f\x71\x10\x33\x16\x55\xef\x57\xcc\x84\x3e\x13\x1d\xd3\x4e\xbd\xbd" "\x2e\xeb\xbb\x43\x61\x8a\x78\x53\xce\x6e\x2a\x43\x73\x7b\x02\x81\x58\x02" "\x54\xf3\x94\x13\x46\x22\x62\x15\x4a\x83\x64\x36\x7f\x95\x9d\xda\x5b\xca" "\xa9\xcc\x47\x5d\xdc\xdf\x71\xe2\x58\x7b\x64\xf1\xd3\x39\x35\xa9\x7c\x0f" "\x13\x2f\x7b\xbe\x44\xe1\x5b\x04\x85\xc9\x86\x2c\xfa\xa7\xe1\x03\x3a\x3f" "\x13\xcc\x1f\x77\xe8\xb8\x51\x1e\x0e\x8d\x14\x6a\x27\xd9\x06\x65\x79\xa8" "\x21\x88\xb1\x76\xe1\x40\x5a\xb2\x6a\xcb\xcc\xa0\x55\x5a\x2a\x5b\x11\x93" "\xc0\x40\x82\x38\x7a\x79\x84\x94\x12\x22\x1e\x08\xa9\x40\x87\x29\x97\x5b" "\x5e\x88\xc2\x2c\x42\x7d\xdd\x6a\xa5\x1d\x9e\x1e\x5e\xfc\x42\x64\x6a\xbe" "\xb7\xc4\xde\x81\x7c\x32\x2c\xc9\xd2\x52\x06\xc9\xce\x57\x6c\xf4\xb6\x45" "\x16\x72\x23\xab\x86\x13\x03\x51\xf5\xd1\x33\x10\x94\x09\x40\x7c\x5d\xd8" "\x35\x26\xd1\xc6\xd9\x6e\x92\xe1\x29\xe3\x0f\x21\x84\x67\xf7\xce\x26\x60" "\x0c\x4e\x94\xf2\x71\xb2\x67\x43\xf0\xcc\x60\xc8\x4a\x01\x53\xe4\x04\xd4" "\x48\x51\xc7\x27\xa4\x5e\x37\xb5\x22\x1a\x9f\x23\xa0\x77\x3c\x7a\x8d\x44" "\x81\x3d\x75\x90\xed\x60\x1d\xee\x2a\x83\x6e\xb9\x59\xd2\x3a\x81\x2f\x9b" "\x5d\x00\xd1\x11\x74\x64\x8a\x1e\xce\xe4\x64\xb8\x8e\x2f\x20\xba\x08\x95" "\x72\x1e\x09\xfc\x34\xd7\x35\xf1\x05\xb4\x22\x1d\x57\x0d\x47\x1a\xc9\x21" "\x5b\x61\xd8\x2c\x65\xdf\x7d\x34\xaf\x1d\xd9\x4b\x14\xdb\xe1\x2c\x62\xea" "\xc2\x3c\x6d\xdf\x84\xe0\x78\xa4\xcc\x01\x41\x0d\xae\x1b\xbc\xfc\xaa\x93" "\xba\xd6\xda\x2a\xf9\x98\x32\x79\x20\x5c\x23\xb7\x41\x9b\x47\x16\x72\xa8" "\x66\x99\x11\x9e\x1c\xd5\x90\x54\xff\x96\x3a\x82\x9d\x9b\xdc\x25\x14\x71" "\x37\x62\x76\xbd\xf7\x51\x55\x4c\xc1\x17\xd3\x1b\x79\x94\x49\x49\xd5\x71" "\x13\x93\x2b\x84\x3e\x32\x1d\xfa\xf5\xa1\xce\xf4\x28\xe8\x45\x67\x20\xf8" "\x94\x08\xc3\xfd\x51\xaf\xd5\x02\xbd\x32\xc8\x76\x24\xb7\x71\x3e\xe4\x74" "\xae\xda\x66\x7b\x77\x0f\x2c\xc6\xa6\x94\xaf\x5b\xd5\xa6\x3e\xdd\xee\xbe" "\x14\x6d\x90\xeb\xeb\x97\x49\x8c\xad\x68\xa2\x07\x80\x7f\x87\x47\xa8\x93" "\x21\xe9\xae\xa9\xd2\x11\x9e\x07\xe8\xb0\xd7\xa0\x49\x34\x76\xca\xd9\x55" "\x50\x20\x95\xda\x3e\x0a\x24\x97\x4c\xa4\x09\x92\x83\x56\xcc\x77\xe5\xb9" "\xef\x61\x61\x56\x0f\xdc\x4e\x26\x02\x30\x31\x77\x1b\x1c\x9c\xeb\xaf\xf4" "\x9f\x40\x06\x08\x8c\xe2\xac\xe9\x1f\x13\x6d\x4f\x54\xc5\xb6\x70\x45\xf9" "\x5b\x98\x76\x93\x0b\x6f\xd7\xbb\x47\x6d\xc9\x06\x8e\xde\x67\xf4\x39\xf1" "\x4f\xd9\x20\x9d\xff\xd0\xe0\xcd\x2c\x4e\xab\x1a\xa8\x9b\xae\x38\x33\xd0" "\xee\xcb\x7d\x52\x73\x3b\x21\xdc\xbd\xe5\xaf\x59\xbc\xba\x82\xde\x50\x70" "\xdd\x52\xf7\xca\xaf\x1f\x33\xfc\xb8\x6b\xe1\x98\x4d\x82\x8c\x1f\x2c\xf0" "\x12\xff\x82\x11\xa2\x5e\x69\x0c\xb5\x06\xc8\xdd\x19\x52\xa3\xfd\xde\xa8" "\xa0\xeb\xfb\x35\x07\x3c\xe2\x90\x51\x93\xd6\x58\x98\x8e\x76\x31\xaf\x22" "\x48\x76\x86\x82\xe6\xdb\xf3\x77\xe6\xf3\x27\x1c\xe2\x7d\xe8\xc0\xf1\x25" "\x28\x47\x53\x6c\x0f\x8f\x75\x12\x6c\x53\xa4\x72\xb1\xe1\x23\xa4\xa7\x8a" "\x48\x7c\xfc\x1a\xd1\x49\x29\x4c\x57\xb7\x06\xf7\x71\xdb\x43\x43\x2e\x5a" "\xf7\x36\x92\xbc\x67\x7a\xe5\x9e\xe8\x33\x2b\x20\x3d\xd1\xe4\x86\x1c\x1f" "\x1d\x48\x70\x7e\x38\x5c\x8b\x41\xf1\x74\xe8\xbf\xfc\x63\x48\x02\xb7\x02" "\xc1\x2d\x28\x34\x0b\xcd\xb2\x7b\x51\x25\x30\x7f\x0b\x35\x28\x0c\x61\xb9" "\x48\xb6\xc0\xf5\x3d\x33\xf9\x9d\x06\x66\xfc\xb7\x62\xc0\x56\x61\xd7\x49" "\xaa\x12\x82\xc1\xb3\x68\x20\xde\x34\xbb\x1b\xb8\x76\x48\xe9\x3f\xc8\x23" "\xff\xb3\x45\x94\x12\x39\x19\x21\xeb\xec\x65\x7d\xec\xa2\x76\x25\x8c\x90" "\xdf\xd8\xda\x85\x7b\x86\xb5\x90\xd7\xcf\x8a\x6d\xce\xd5\x54\x23\xd0\xd9" "\xa7\xa0\x35\x40\xa6\x80\x65\x49\xd1\x33\xb2\x31\x22\xf4\x6c\x6f\xc2\x53" "\x97\x6a\x85\x11\xe5\x1c\x76\x14\xb3\x5e\x57\x4a\x29\x30\x97\x32\x4a\x6f" "\x3f\x6d\x5f\x07\xd6\x65\x84\x08\xf1\x6e\x7e\xe8\x07\x3f\x98\x1e\x94\x01" "\x84\xb6\x0f\xe1\xe4\xe7\xca\x31\x8e\x89\xc6\xbd\x9b\x3a\xfc\x22\x4e\xd7" "\xd4\x14\x9a\xa6\x9f\x1d\x52\x5e\x4a\x2a\xaa\x1b\xb4\x32\xba\x71\xbb\xdb" "\x10\x2c\x56\xf7\x94\x60\xce\xfa\xb6\xd4\xa3\x48\xdd\xe9\x59\x4f\x5c\x6d" "\xa1\x6a\xca\xf4\x48\x95\x79\xbd\xab\x32\x0e\x16\xe6\x5f\x49\x8c\x0b\x1c" "\x3c\xd9\x03\x69\xd8\x20\xd1\x13\xe4\x70\x62\xc9\x5f\x6d\x91\x83\x79\x60" "\x19\xbe\xae\xf7\xcc\xcd\x3f\x05\x16\xc1\xc4\xfc\xa4\x63\x82\xb4\x8e\xdb" "\xd7\x72\x6c\xde\x60\x44\x9a\xb2\xf0\xd5\x8a\xc7\xe5\xfb\x53\x27\xe7\x86" "\x35\xd5\xfd\xb7\xce\xf6\x29\x34\xb6\xf7\xe3\x72\x1e\xc5\x87\xcf\x32\x7a" "\xbc\x36\xbc\x05\xe9\x88\x6c\x61\xeb\x6a\xdc\xeb\xda\xaa\x91\xc8\x3b\xce" "\x71\x04\x0f\x50\xa7\x32\x1d\x89\x0e\x5f\xbb\x22\x79\x2f\x25\x06\x33\xd5" "\xd6\x12\xb0\xad\x1c\xe8\x9c\x92\xb9\xa0\x69\x94\x80\x87\x66\x9a\x4c\x48" "\x37\x2a\x97\xc8\x88\xb2\x25\xc5\xbb\x2c\x5a\xb0\x25\xda\x8d\x63\xb0\x93" "\x2d\xf4\x70\xf3\x44\x3e\xd3\x2a\xd6\x32\xc1\xb7\xec\xa2\x92\x84\x4b\x7c" "\x4c\x10\x79\x99\x9b\xb6\x89\x01\x38\x13\x00\x62\x53\xf6\x8b\x30\x39\x23" "\x15\xf6\x58\x5e\x80\xcc\x56\x2a\x2a\x3a\x79\x37\x67\xd9\x80\x7d\xd2\xa4" "\x8e\x6c\xbc\xcb\x24\xd8\xe7\x73\xc5\x31\x26\xc7\x7b\x16\x97\xbc\xd8\xfb" "\xf3\x2f\xa4\x01\x62\x45\xc1\x47\xb8\x00\x97\x7d\xfa\x99\xe6\x31\x84\x2e" "\xad\xdd\xb7\xce\x11\x06\x51\x51\x1b\x50\xd9\x07\x44\x80\x9b\xd4\xb4\x08" "\x6f\x90\x69\x5a\xd6\xac\x8d\x96\x18\x05\xdd\xd7\x23\x21\x16\x69\x71\xec" "\xeb\x74\x29\xf2\xe0\xcb\x46\xf2\x72\x74\x10\xc3\x19\x02\xb4\x5a\xa2\x99" "\xc0\x5c\xf0\x6a\x51\x85\x4f\x65\x5c\xb5\x36\xc6\xe4\x0c\x73\x2b\xe5\x68" "\x90\x81\x53\xbe\x65\x93\xfb\x42\xc1\x82\x73\xe2\xfb\xb2\x0e\x39\x67\x62" "\xb7\x5d\x98\xa1\x28\xa1\x29\x80\xd8\x4c\xd8\x5d\x81\x2c\xee\x1b\xdf\x59" "\x18\x5c\xc6\x13\xed\xc2\xfd\x5b\x63\xb0\xa5\x19\xc4\xd3\x21\x6d\x67\xf8" "\x43\x21\x6d\x59\x37\x3b\x71\xe5\x03\x01\x0f\x2b\x7e\xd9\x6b\xea\xae\x5e" "\x63\xbe\x16\xc8\x86\x98\x6c\x18\x4b\xe5\x95\x71\xa3\x2a\xc1\xa9\xbb\x71" "\x68\xfe\xc4\x88\x50\xc8\x47\x94\xe7\x4e\xd1\x1c\xe5\xa3\x67\xe5\xd0\xca" "\x97\xa9\x31\x34\x5b\x6d\xaa\xa6\xfe\x2a\x8c\xae\x7c\x6b\xca\x6f\x63\x46" "\xec\x6c\x5a\x80\xcc\x94\x51\x11\xfe\x72\x40\x01\x36\x00\x16\x99\x8b\x9d" "\x69\x52\x45\x00\xe3\xbe\xdc\x6c\x6e\xcc\x4f\xb6\xcb\x59\x0f\x42\x5f\xfb" "\x04\x87\x34\x66\x3b\x46\x38\xf2\xae\x3c\x97\x95\x0a\xcd\x67\xb0\x57\x3e" "\x3c\x3e\x45\xc5\x63\x57\x32\x84\x39\x2d\xb7\x7a\x53\x2e\xe8\x7f\xab\xcc" "\x4e\xfb\x43\x60\x3c\x0e\x19\x3b\x36\xe9\x84\x65\xc0\x18\x74\xa3\x87\x71" "\x3a\x38\x11\x61\xff\xe7\x42\xdd\xeb\x25\xb5\xac\x06\x61\x8e\x32\x02\xfa" "\x50\x3b\x1d\x79\xfe\xef\xb0\x7b\x06\x43\x14\xc1\x4b\xe5\xd8\xb3\xa8\x53" "\x78\xf4\xf8\x0a\x86\x9b\x86\x06\xb7\x0a\xd7\x17\x90\x47\xf2\x3b\x04\x08" "\x8c\xb3\x63\x47\x56\xf6\x06\x43\x7d\x54\x91\x1e\xef\x14\x4c\xc5\xa6\x57" "\xcf\xe0\x20\x62\x8f\xa7\xb8\x0f\x01\x73\x0d\xe3\x69\x14\x37\x85\x95\xc6" "\x3b\xb1\x6d\xfd\xcc\x28\xdd\x4c\x30\x8e\xdf\xdd\x11\xbe\xd7\x73\xcb\xee" "\x3b\xa6\xfd\x5a\xe3\x31\x55\xdc\x9e\xf3\x9a\x92\xdd\xe7\x9d\xea\xb8\xcb" "\x2e\x48\x11\x54\x94\xa0\x8f\x6c\x94\xbf\x40\x33\x6c\xca\x46\xa0\xe2\x90" "\xa0\xe4\xa6\x1e\xf6\xa7\xfb\x6e\x8e\xcf\x63\x1a\xc9\x8e\x52\xa1\xa8\x51" "\x6e\x3c\x2c\x82\x13\x0d\x1f\x36\x18\x3b\x6f\x3a\xf8\xfd\xb2\x8c\xbc\x71" "\xa1\x81\xcf\xfb\xcb\x16\xa3\x45\xc4\x77\x18\x32\x48\x17\x13\xe6\xad\x32" "\x81\x28\x30\x23\xf3\xae\x95\x64\x45\x42\x07\xbb\x15\x86\xe1\x63\x21\x97" "\xf4\x84\xc0\xbf\xb4\x8e\x17\x60\x21\xc6\x55\x5e\xd0\xc4\x8a\x7b\xc0\xac" "\xee\x2a\x69\x13\x71\x06\x7c\x4f\xf9\xc5\x09\x85\xa9\x04\x8b\xcd\xc8\x83" "\x36\x34\xcd\x87\x0e\x43\xc3\x8f\x05\xa4\x6b\x6f\x0c\x99\x5c\x19\x77\xf4" "\x70\xde\x9b\x64\x73\x8b\x98\x67\xc1\xc2\x5b\xbd\xca\x44\x19\xc3\x2d\xb3" "\x0b\xea\x6e\x16\x6c\x43\x40\x79\x06\x48\x37\xdf\x3f\x08\xf1\xf0\xe6\x3a" "\xf9\x6a\x9b\x31\xf5\x8f\x88\x80\x35\x6c\x38\x3c\x38\x84\xf4\x47\x16\x04" "\x41\x56\x59\xa7\x04\x3d\x4e\x9a\x77\xa1\x17\x31\x5d\x01\xae\x59\x6e\x23" "\x71\x33\xed\xe7\xe6\xfd\x3a\xb2\xc9\xcf\x78\x72\x5f\xf8\x58\x92\x07\x17" "\x51\x00\x00\x00\x00\x00\x00\x00\x07\x91\xa7\xd2\x28\xa0\x3a\x01\x29\x29" "\xf8\x1a\x53\x97\x5b\x34\x20\xc7\x3e\xc9\x08\x84\x5c\x2a\x14\x31\xa5\x03" "\x7d\xb3\x0d\xef\xcb\x84\x36\x8f\x52\x9e\xa6\xfc\x22\xf7\x90\x05\x6c\x6f" "\x42\x0b\x11\x78\x31\x7e\x7c\x78\xd3\xea\x89\x6e\x29\x7c\x76\x8f\xa1\x3f" "\x64\xa6\xac\xd1\xed\xd1\x9b\xd7\xe1\x40\xa4\x7f\x34\xb2\x5c\x65\x57\xea" "\xc7\x2d\x57\xa5\x83\xdf\x26\x49\xef\x0e\x30\x73\xd6\x7b\xf1\x5e\xdf\x9a" "\x7f\x1a\x4b\xcd\x0d\xc5\x94\x96\xd9\x57\x0e\x01\xb4\x6f\xba\xd9\x0f\x31" "\x2c\x69\x2c\xdc\xd3\x92\xdb\x99\x32\x7e\x45\xf1\x90\xed\x07\x01\xf9\xe6" "\xe8\x6b\x53\xed\x54\xf5\xc2\xed\x71\x46\xbf\x5d\x0c\xf5\xf1\x03\x84\x57" "\x62\x19\x95\x35\xa7\x0e\x88\x44\x43\xd9\x28\x91\x42\xd5\xc2\x52\x9a\x40" "\xd7\x54\x61\xde\xab\xeb\x1b\x3e\xe5\xa7\xaa\x20\xbe\x5f\x45\xfe\xaa\x54" "\x0a\x65\xa5\xb9\x27\x05\xac\x76\x10\xa8\x29\x5d\x86\x74\x1d\x84\xcd\x54" "\x48\x19\xbf\x32\x97\x52\xac\x49\xbe\x70\x00\xe1\x38\x86\x37\x7b\xe5\x30" "\x56\x2f\x40\x77\x3f\xdd\x0d\xc4\x56\xc2\x3e\xfe\x13\x51\x6a\x6f\x62\xae" "\x41\xb1\x00\x5c\x59\xa2\x94\xec\x5f\xc8\xe5\xcc\xca\xc9\xad\x7c\x72\x56" "\x82\xb7\x93\x57\x1f\xce\x70\x71\x63\x99\x99\xd4\xe5\x20\xc7\x20\xaa\xc0" "\x9d\xaf\x2f\xb0\x25\x2b\xae\xeb\x7c\x13\x02\x42\xd1\x94\x37\xc0\x72\x6a" "\x27\xac\x46\xfb\x08\x9f\x0e\xbb\x99\x83\x54\xf9\xf5\x75\xdd\x42\x5a\x1f" "\xac\x25\x7f\x43\x7f\x1e\x5c\x9b\x93\xb4\xfd\x68\xb1\xc5\x1f\x96\x7a\x42" "\xb8\x7f\x8c\x94\x35\x8b\xaf\xfe\x90\x73\x4b\xac\x2f\xdf\x26\x31\x0c\x3f" "\x97\xac\xc7\x66\x21\xf1\x37\x61\xc6\xc4\x33\xa7\xda\x5e\xbc\xe7\xd0\x85" "\xfe\x6e\x06\x13\xd9\x8b\x00\x79\x90\xdb\x36\xbb\xe8\xae\xe5\x5a\x8e\xb0" "\x80\x0a\x9f\xba\x39\x8f\xf6\x9c\x20\x2e\x3b\xdb\xcf\xb4\x2e\xbc\x6f\x1b" "\x0f\x19\x1c\x00\xa6\xc2\x28\x4c\xf3\x75\x79\x2e\xb8\x60\xde\xdc\xf0\xbc" "\x19\x28\x9d\x27\x91\xad\x67\xef\x26\x9b\x2b\xf1\x0c\xa9\xb9\x72\xf8\xb6" "\x00\x2f\xa5\x1c\x96\x69\x9a\xc0\x72\xfc\xa1\x07\x3f\x9e\xa5\x7f\x1e\xf9" "\x8d\xc1\xb5\x2b\x2b\xfb\x18\xf7\xca\x36\xf1\xd1\x55\x17\x87\xef\x87\x8e" "\x8a\x4a\xa4\x41\xdf\xc8\xb8\x40\x56\x38\x17\x86\xf3\x37\x15\x06\x0d\x45" "\xbf\xa8\xbf\x5c\xd4\xab\xe7\x4c\x76\x6a\xdd\xce\xb7\xae\xdc\xae\xb6\xdd" "\xfa\xfa\x15\x02\x73\x5c\x1a\x23\xe6\xad\xb0\x8c\x7c\xf0\xb6\x38\xdf\x19" "\xc0\xb3\xcf\x89\xff\xcb\x37\x5e\xd6\x61\x62\x49\xd4\x92\x3e\x80\x51\xbd" "\xaf\x33\x41\xd3\x1b\x67\xed\x5e\xb0\xa3\x33\x92\x17\x43\x99\x2b\x3c\x3b" "\xfd\xc0\x05\x9e\x4d\x5e\x2c\x66\xa0\xbd\x14\x07\xa6\xc6\x2c\xe3\x5c\xc3" "\x3f\x94\xd2\x76\xf5\xf7\xb5\xde\x17\xb4\x2e\x9a\xcc\x4e\x44\x6a\x73\x45" "\x14\x3b\x28\xe4\x11\x34\x67\x5d\x2c\xe9\x00\xb9\x9c\x43\xc7\x83\x76\x81" "\x65\x2d\x06\xd5\x76\xcf\xea\x7e\x1c\x4c\x92\x6b\xc7\xb1\x5b\xe7\x4e\x87" "\x6c\x06\x15\x51\x0d\xac\x10\xfb\x83\x90\x7e\xfd\x4a\x79\xc7\xf9\x26\x17" "\xd9\x0a\x28\x53\xf4\x28\x29\x62\x0b\x6d\x2c\xc2\x6e\xa0\x81\x7c\x86\x1c" "\x8e\x0a\xf3\xf0\x59\xc0\x80\xda\x75\x84\xb2\x4a\x60\x41\x5b\x0f\x05\x62" "\xbb\x17\x05\x09\x36\xce\x9a\x67\x29\x59\x4d\x05\x36\xaa\x0b\x58\x76\xc6" "\x38\x8d\x4c\xda\x86\xb3\x1d\x4b\xd8\x54\x99\x82\x2d\xcd\x71\x6b\x7b\x79" "\x11\xfa\x93\xbf\x40\xfb\x1d\xbc\xe8\x20\xf9\xc3\x1c\xda\x3c\xa9\x05\xdb" "\xe5\x4a\x7c\xfc\x91\x63\x9e\xeb\xbe\xa9\x44\xdb\x90\x79\xa0\x88\x6c\xbd" "\x15\x96\x8a\x03\x82\xe7\xed\x16\x81\xa9\x9e\x10\xab\xb4\x22\x18\x8d\x88" "\x9a\xd2\x1b\xe0\xa2\xbf\x23\x32\xbc\x60\x22\x91\x01\xba\xf2\x21\xa9\xdd" "\x3d\x8b\x90\xd1\x5b\xf9\xe6\x86\x3f\x55\xe3\xa3\xb5\xaa\x62\x94\xc5\xd5" "\xd3\xfd\x07\x6e\xa3\x42\xb4\x54\xee\x24\xda\x95\xd3\x8a\xc1\x58\xbb\xd8" "\x08\x4a\x00\x54\x83\x44\x9d\x61\xb0\x96\xd5\x02\x6b\x55\xb8\xa7\x23\x86" "\x86\xf1\xb0\x9f\x5d\xb7\x42\xbf\xc0\x63\x5b\x89\x0b\xb1\x52\x5f\xa6\x64" "\x38\xe4\xb7\x77\xd5\xc1\xb8\xf6\x54\x2f\x7d\xd6\xaa\x9d\x69\xcc\xf4\xec" "\xae\x24\x6d\xe1\x40\x09\x18\x47\x64\x22\x3e\x8e\xb6\xba\x17\x0e\xad\x63" "\x87\x5c\x43\x05\x8a\x69\x4a\x02\x21\xed\x3d\xdd\xb0\x2b\x23\xc9\xbc\x46" "\x17\x83\xb2\x6c\xbe\x25\xbc\xa5\xee\x48\xf9\x85\xb0\xe5\x41\xfa\x34\xb6" "\x08\x35\x1a\x1e\x7e\x3e\x9c\x89\x9f\xa6\x0c\x82\xc3\x49\xf7\x27\xa7\x7c" "\x01\x3d\xc3\x81\xdb\x39\xb0\x11\x2c\x56\x4f\xf9\xde\x4c\x74\x3c\xbe\xe5" "\xe4\x76\x40\xc8\x68\x83\x95\x6e\x61\x03\xa6\x66\x04\x1a\x8d\xcd\x88\xaa" "\xfb\x72\x15\x31\x28\xcf\x9a\x0f\xaf\x4c\x79\x57\x3b\x09\xdc\x39\xdb\xe3" "\x6b\x2d\x28\xd9\xbf\xf5\x2a\x49\xc4\x7d\xc7\xaf\x65\x5e\x03\x2d\xa1\x32" "\x36\xd4\xac\x3b\x32\xb6\xf5\x8e\x91\xa6\x89\x7a\x5f\x9f\x40\x50\xd1\xb8" "\x82\x28\x48\x0d\xce\xbd\xe7\xe2\x5e\xc9\xb1\xdb\x5a\xaf\x52\xb7\xe6\x1d" "\x1d\xc2\xd5\x07\xc2\x82\xa2\xb1\x10\x6e\x76\xc7\xe4\x6e\xed\x5a\xec\x42" "\x5d\x7d\x16\x29\x35\x1e\xf5\x96\x79\xca\x5a\xfc\x6a\x99\x3d\x93\xe6\x96" "\x03\xa2\x24\x7f\xb4\xdd\x22\x3a\xf3\x7a\x10\x66\x74\xd0\xfd\x80\x58\x2c" "\x03\x3d\xaa\x6c\x9e\x60\x2b\xd9\xa8\xf8\xf7\xa0\x7c\x1c\x3c\xda\x3a\x51" "\x2a\xdd\xc3\x0e\x45\x1a\xc0\xaa\x53\xf7\x77\xa5\xec\x2d\x09\xec\x71\x85" "\x34\xe1\x4a\x5e\xc7\xa1\x74\x58\x4d\xb1\x72\xa1\x5e\x3c\x4e\xbc\x59\x65" "\x6c\xd9\xca\x28\x19\x57\x0d\x30\x30\x77\xe6\x7e\xb1\x7d\x71\x83\xa1\x18" "\xc1\x72\x25\x2f\x37\xe1\x07\x8b\x74\x01\x0f\x61\x8e\x0d\xc1\xd8\xc9\x52" "\x2e\x9c\x13\x34\x1f\x1b\xd7\x1b\x81\x64\x0c\x16\x28\x71\xaf\xca\x1e\x6d" "\xf7\x92\xfa\x1d\x89\x56\xed\xa3\xeb\x0b\xf9\x7b\xde\xbc\x00\xf3\x9d\x81" "\xe9\xcf\xe0\x67\x07\xbf\xc6\xb3\xfc\x5c\x68\x88\x1b\x7f\x71\x2d\x6e\x81" "\xf6\xb1\x0d\x07\xdf\x42\xf4\x96\x6f\x1c\x8c\x35\x68\x07\x62\x2e\xf9\x36" "\xfa\x5c\xbe\xe1\xb1\xda\x23\x1f\x37\x86\x59\xca\xe0\x83\xc6\x6b\x67\x3a" "\xfc\x3b\x99\x5f\x2d\xfa\x40\x68\x61\x00\xe6\x08\x6d\xc1\x07\xac\x79\xc7" "\x04\xef\x04\x5a\x7c\xe2\x8f\xfc\x8a\x58\x4e\xd9\x42\xc2\xd5\xee\x6f\x92" "\xb2\x04\xda\x05\xe2\xce\xcb\xdf\x5d\xdf\x5a\x16\x4a\x5c\x11\x60\x6b\x7e" "\xbd\x8b\x2d\x1b\x26\x5b\x04\xc5\x98\x95\x1f\xe6\x87\x70\x92\xf5\x9d\xbf" "\x7b\xd3\xac\x85\x4c\xc3\x90\x60\x92\x44\x53\x81\x02\xaa\x38\x8f\xb0\xa0" "\x40\x7c\x5f\xc0\x9e\xcc\xfd\xa0\x1a\x1d\xfb\x52\xd6\x35\x2b\x0d\xed\x98" "\xd3\x20\xd8\x6a\x33\xa6\xb1\xfb\xc5\x23\x3e\x19\xcd\x4a\xa3\xf3\x9b\xad" "\x2e\x25\xd9\x23\x05\x25\xf4\x9b\x2b\x36\xb0\x08\x8a\x7b\xeb\x5e\x90\xd2" "\x00\xf6\xc7\x1c\x70\x9f\x2b\x85\xad\xc6\xd8\x53\xfd\x6c\x6f\x62\x1d\xce" "\x3b\xe4\xd7\x82\xd5\x80\xb8\x42\x92\x59\xea\x1a\x65\x47\x45\x46\x84\x97" "\x9a\x82\x49\x83\xcb\x91\x0b\xca\xb8\x41\xe7\x76\x50\xba\x3b\x96\x53\xf0" "\xd4\x37\xb5\x5c\xb4\x39\xab\x40\x10\x05\xb1\x98\x6f\x80\xd8\x21\xc1\x8a" "\x5d\xe7\x84\x0a\xbd\x1e\x44\xb8\xeb\xe9\x7c\xb9\xa3\x80\x0b\xcd\xeb\x30" "\x52\x2b\x27\xe4\xfa\x06\x8d\x8f\x27\x36\x90\xa3\xd2\x94\x6b\x83\x26\xe0" "\x6c\x96\xbf\x9a\x02\xca\x63\x75\x23\x1a\x47\xdf\x03\x5b\x07\xa4\x04\xa2" "\xa5\x18\x4b\x29\x92\xe9\x58\x0c\x47\xb4\xa4\x20\xe6\xca\x7f\xae\x8a\x6f" "\x2f\x0f\x36\x66\xf3\xaa\xc1\x81\xfc\x1c\xc9\x13\x03\x49\x4c\x58\xf4\xfd" "\xbd\x09\xa2\x61\x50\x53\x5d\x1e\xd7\xa7\x18\x38\xc2\xc6\x43\x72\x35\xd0" "\x56\x95\xc8\x81\x09\xf5\xca\x8c\xb9\x08\xf3\x39\xc7\x55\xbb\x34\xab\xc4" "\xab\x93\x4e\x0c\x7a\x36\xff\xab\x62\xd0\xb1\x64\xfd\xd5\xa9\x4a\xb7\x07" "\x4c\x98\x82\x9e\x45\x10\x9b\xf8\x7c\x50\x57\x01\x3b\x18\x14\xab\x3d\xee" "\x8f\x90\x49\xe4\x8f\x4e\x31\x17\x15\x9f\x55\xb1\x65\x9c\x96\xe4\x74\xd9" "\x12\x91\x43\xa7\xf0\x34\x1f\x70\xbf\x31\x2e\x11\xcc\xb4\xab\xae\xfa\xa0" "\x3c\xb3\x0c\xf3\x71\xd7\x83\xe4\x6f\x28\x05\x05\xf3\xdc\x91\xa8\xd9\x0d" "\xc2\x48\xa8\xe3\xdc\xcf\x22\x51\x9c\xf4\x1d\xcc\xab\x15\xf8\x29\x56\x8b" "\x60\x45\x41\xee\x7a\xc0\x29\xb7\xbe\x15\xb6\x2a\xc6\x1c\x57\x9b\x19\x02" "\x37\xc7\x49\x21\xe8\x27\xfd\x12\x76\xfa\xfc\x69\x6b\x1d\x72\x39\xa8\xf2" "\x79\xcf\xbb\x8e\x5e\x6a\x89\x6e\x9c\xb6\x3b\x8d\x01\x3e\x2b\xc8\xaf\x43" "\xaf\xf2\xbb\xc7\x2c\x37\x45\x89\x13\x4e\x68\xf1\x88\xbf\x40\xe6\xc8\x8b" "\x9e\xfe\xfc\xee\xfa\xcb\xb0\x2b\x3c\x13\x3f\x42\x88\x3e\x71\xfd\x78\x91" "\xfa\xf2\x45\x91\x24\x44\xa4\x71\xa6\x59\x00\xe4\x35\x8d\xef\xc6\x32\x86" "\x6d\x00\x3d\x9e\xbf\xc4\x10\x51\x2c\x9a\xe9\x93\x2c\x25\x2e\x96\xb9\x5b" "\xc0\x4d\xd1\xdd\x13\x94\x80\xa7\xf4\x4d\x58\xf0\x8d\x1c\x22\x4b\xe9\x78" "\x91\xf7\x21\x42\xef\x75\x61\xb4\xe8\x2f\xeb\x2c\x0d\x94\x34\x14\xe7\xf7" "\x06\x58\xdc\x97\xb5\x54\x01\x30\x25\x2d\x47\x04\xd7\xf1\xd0\x78\x87\xd3" "\x70\xe6\xeb\xe2\x09\x05\x15\x1e\xf7\x7a\x08\xcd\xec\x6f\xa4\xfa\xd9\xaa" "\x42\x77\x80\x1e\x12\x3d\x93\xb7\xbc\x3f\x79\x9f\xaa\x27\x63\x8d\x78\xa4" "\xb1\x65\x09\x05\x80\x00\x8c\x03\xbe\xf7\x15\x00\x08\x83\x7f\x2c\xd0\x08" "\x86\x25\x69\x80\x07\x47\x0b\xcc\xab\x5a\xc2\xe4\x50\x9f\x3f\x5d\xc0\x0d" "\x9e\x62\xfe\xfa\x2a\x73\xa3\xe9\x71\x07\xcd\xfd\x60\x32\x3a\xe3\xd9\xd4" "\x77\x26\x95\x93\xe1\x5c\xd6\xf8\xd0\xb9\x85\x76\x71\xd8\xc0\x00\x48\x67" "\x86\x41\x4c\xa6\xe2\x92\x7f\x8b\xcf\x98\xe6\x03\x74\xd2\x43\x0b\x77\xd4" "\x55\x57\x3f\xe4\x65\x4b\x86\xeb\xc1\x90\x04\x13\x79\x3d\x9a\x26\x37\x24" "\xd2\x0b\xf8\xf6\x29\x94\xc5\x7d\x93\x67\xe3\x5e\xcc\xba\x98\xac\xe5\x76" "\x3e\x58\x39\x9f\xe5\x0e\x1e\xfa\xdc\x15\x63\x01\x96\xc6\xa3\xbf\x16\xde" "\xbc\xc2\x1f\x24\xd0\xf8\xc2\x01\x3d\x81\xa1\xba\x68\x9d\xad\x97\x4b\x0b" "\x69\x71\x73\x38\x6c\x1f\x7d\x53\x8d\x7d\x33\x9d\x39\x8e\x18\x08\x4b\x0d" "\xf5\x76\xa0\xd0\x2d\x7a\xff\x93\x96\x82\x76\x87\xeb\xcd\x1b\x47\xac\xf2" "\xa7\x2a\x63\xcd\xea\xf4\x19\xc4\xdf\xc7\x6d\xa3\xf5\x85\x6a\x55\x69\x7c" "\x15\x52\xb0\xe6\x25\x32\x6a\x3e\x4c\xdf\x13\xce\x16\xe7\x94\x46\x88\x82" "\x49\xf8\x81\x93\xe3\xef\xb8\x48\xac\x4f\x75\x11\xef\x3f\xb6\x5f\x09\x05" "\x0d\x10\xf0\x00\xff\x7f\x01\x09\x05\x03\x11\xb9\x02\x1f\x05\x01\x00\x25" "\x01\x03\x7f\x01\x00\x00\x25\x01\x83\x1f\x01\x00\x09\x05\x1a\x02\xf9\x03" "\x06\x03\x7f\x00\x02\x2d\x24\xb3\xa7\xe4\x10\xdf\x8b\x8c\xdb\x7f\x9d\xa9" "\x63\x69\x5e\xc3\x87\x1e\xa9\xb3\xfb\x76\xde\x1d\xf6\xe5\x88\x70\x78\x2e" "\x5d\xd3\xbd\x7a\xf1\x66\xf5\x5b\xd6\x5e\x1c\x09\x05\x0e\x02\x5c\x00\x05" "\x1f\x00\x09\x05\x03\x09\xe7\x02\x09\x37\x40\x00\x25\x01\x02\xf8\x08\x00" "\x09\x05\x02\x00\x41\x02\x02\x3f\x04\x00\x09\xe9\xcc\x94\x28\x8a\x7c\xb1" "\x3a\x66\x44\x8b\x7a\x3b\x69\xc6\xc3\xae\xda\x0c\xa1\x7a\x87\xb4\x71\x69" "\xd1\x8e\x01\xad\x32\xb1\x6f\xea\x95\xfc\x7b\x3b\x07\x8b\xde\x9d\x54\x47" "\xa7\xf8\x36\x9e\x39\x6f\x90\xab\xf0\xd2\xa4\x40\x1a\xa7\xae\x8d\x5b\x56" "\x48\x5f\xd5\x08\x81\xaa\x68\x6f\x57\xf1\x98\x3b\x0d\x59\x4a\x54\x27\x90" "\xf7\xc9\x26\xa8\x59\x5c\x0c\x39\x9a\x66\x8b\x05\x31\xeb\x89\x56\x2c\xc7" "\x31\x6f\x1b\x49\xad\x3c\xd0", 4759); syz_usb_connect(0, 0x56, 0x20001340, 0); } int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); for (procid = 0; procid < 6; procid++) { if (fork() == 0) { loop(); } } sleep(1000000); return 0; }