// https://syzkaller.appspot.com/bug?id=341fd72c403ed36b9250aa464527f117e2457bc9 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 279 #endif #ifndef __NR_mmap #define __NR_mmap 222 #endif #ifndef __NR_mprotect #define __NR_mprotect 226 #endif #ifndef __NR_openat #define __NR_openat 56 #endif #ifndef __NR_quotactl #define __NR_quotactl 60 #endif #ifndef __NR_write #define __NR_write 64 #endif static unsigned long long procid; static __thread int clone_ongoing; static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { if (__atomic_load_n(&clone_ongoing, __ATOMIC_RELAXED) != 0) { exit(sig); } uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ ({ \ int ok = 1; \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } else \ ok = 0; \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ ok; \ }) //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } else if (strncmp(fs, "gfs2", 4) == 0 && (strstr(opts, "errors=panic") || strstr(opts, "debug"))) { strcat(opts, ",errors=withdraw"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; install_segv_handler(); intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // syz_mount_image$ext4 arguments: [ // fs: ptr[in, buffer] { // buffer: {65 78 74 32 00} (length 0x5) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 30 00} (length 0x8) // } // flags: mount_flags = 0x8012 (8 bytes) // opts: ptr[in, fs_options[ext4_options]] { // fs_options[ext4_options] { // elems: array[fs_opt_elem[ext4_options]] { // } // common: array[fs_opt_elem[fs_options_common]] { // } // null: const = 0x0 (1 bytes) // } // } // chdir: int8 = 0xfe (1 bytes) // size: len = 0x47f (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x47f) // } // ] // returns fd_dir NONFAILING(memcpy((void*)0x20000080, "ext2\000", 5)); NONFAILING(memcpy((void*)0x200000c0, "./file0\000", 8)); NONFAILING(*(uint8_t*)0x200011c0 = 0); NONFAILING(memcpy( (void*)0x20000980, "\x78\x9c\xec\xdc\xcf\x6f\x14\x55\x1c\x00\xf0\xef\x4c\x7f\xf2\x4b\x2a\xe2" "\x0f\x10\xb4\x8a\x46\xe2\x8f\x96\x96\x1f\x72\x30\x41\x8d\x26\x1e\x30\x31" "\xd1\x03\xc6\x53\x2d\x85\x54\x16\x6b\xa0\x07\x21\x44\xab\x07\x3c\x1a\x12" "\xef\xc6\xa3\x89\x7f\x81\x27\xbd\x18\xf5\x64\xe2\x55\x6f\x1e\x0c\x86\x18" "\x2e\xa2\xa7\x31\xb3\x3b\xbb\x5d\x97\xdd\x6d\x8b\xdb\x0e\x61\x3f\x9f\x64" "\xe0\xbd\x79\x6f\xfb\xde\x77\x66\x5e\xf7\xcd\xbc\xed\x06\xd0\xb7\xc6\xf3" "\x7f\x92\x88\xad\x11\xf1\xcb\x68\x6d\x5f\xd2\x5a\x61\xbc\xf6\xdf\x8d\xeb" "\x97\x66\xff\xbe\x7e\x69\x36\x89\x2c\x7b\xfd\xcf\xa4\x5a\xef\xaf\xeb\x97" "\x66\xeb\x55\xeb\xaf\xdb\x52\xcb\x64\x59\x91\x1f\x69\xd3\xee\xe5\xb7\x22" "\x66\x2a\x95\xb9\x73\x45\x7e\x72\xf1\xec\x7b\x93\xe7\x2f\x5c\x7c\x66\xfe" "\xec\xcc\xe9\xb9\xd3\x73\xef\x4e\x1f\x3d\x7a\xe8\xe0\xde\xe1\x23\xd3\x87" "\x7b\x12\xe7\xf6\xbc\xaf\xbb\x3f\x58\xd8\xb3\xeb\x95\x37\xaf\xbc\x3a\x7b" "\xe2\xca\xdb\x3f\x7c\x95\xf7\x77\x6b\x51\xde\x1c\x47\xaf\x8c\xd7\x8e\x6e" "\x5b\x8f\xf7\xba\xb1\x92\x6d\x6b\x4a\x27\x83\x25\x76\x84\x35\x19\x88\x88" "\xfc\x74\x0d\xe5\xe3\x3f\xb6\xc7\x40\x6c\x6a\x94\x6d\x8f\x97\x3f\xee\xf6" "\xda\x63\x1b\xd1\x41\x60\xdd\x64\x59\x96\x8d\x34\xbf\xe7\x67\x1f\x66\x55" "\xb5\xdc\x52\x06\xdc\xc1\x92\x28\xbb\x07\x40\x39\xea\x6f\xfb\xf9\xfd\x6f" "\x75\xcb\x92\x15\xe7\x0c\xbf\xad\xd7\x64\xa4\x04\xd7\x5e\xa8\xdd\x00\xe5" "\xb1\xdf\x28\xb6\x88\x78\x3e\xdf\x99\x16\x75\x86\x5a\xee\x6f\x7b\x69\x3c" "\x22\x4e\x2c\xfd\xf3\x79\xbe\xc5\x3a\x3d\x87\x00\x00\x68\xf6\x4d\x3e\xff" "\x79\xba\x69\xfe\xd7\x98\x7f\xa4\x71\x5f\x53\xbd\xbb\x8a\x35\x94\xb1\x88" "\xb8\x3b\x22\x76\x44\xc4\x3d\x11\xb1\x33\x22\xee\x8d\xa8\xd6\xbd\x3f\x22" "\x1e\x58\x63\xfb\xad\x2b\x24\x37\xcf\x7f\xd2\xab\xb7\x14\xd8\x2a\xe5\xf3" "\xbf\xe7\x8a\xb5\xad\xa6\xf9\x5f\x35\xfe\xc2\xd8\x40\x91\xdb\x56\x8d\x7f" "\x28\x39\x35\x5f\x99\x3b\x50\x1c\x93\xfd\x31\x34\x92\xe7\xa7\xba\xb4\xf1" "\xed\x4b\x3f\x7f\xda\x6e\xff\x52\xcb\xfc\x2f\xdf\xf2\xf6\xeb\x73\xc1\xa2" "\x1f\x57\x07\x9b\x16\xd0\xf2\xfa\x27\x67\x16\x67\x7a\x11\x7b\xee\xda\x47" "\x11\xbb\x07\xdb\xc5\x9f\x44\x7d\x19\x27\xbf\x23\xd8\x15\x11\xbb\x6f\xb1" "\x8d\xf9\x27\xbf\xdc\xd3\xa9\x6c\xe5\xf8\xbb\xe8\xc1\x3a\x53\xf6\x45\xc4" "\x13\xb5\xf3\xbf\x14\x2d\xf1\xd7\x25\x1d\xd7\x27\xa7\x9e\x3d\x32\x7d\x78" "\x72\x34\x2a\x73\x07\x26\xeb\x57\xc5\xcd\x7e\xfc\xe9\xf2\x6b\x9d\xda\xff" "\x5f\xf1\xf7\x40\x7e\xfe\x37\xb7\xbd\xfe\x1b\xf1\x8f\x25\xa3\x11\xe7\x2f" "\x5c\x3c\x53\x5d\xaf\x3d\xbe\xf6\x36\x2e\xff\xfa\x49\xc7\x7b\x9a\xb5\x5e" "\xff\x51\x5c\xff\xc3\xc9\x1b\xd5\xf4\x70\xb1\xef\xfd\x99\xc5\xc5\x73\x53" "\x11\xc3\xc9\xf1\xe5\xfd\x69\xb1\x7f\x7a\xf9\xb5\xf5\x7c\xbd\x7e\x1e\xff" "\xfe\x7d\x11\x37\x46\x6e\x1e\xff\x3b\x62\xf9\x48\x3c\x18\x11\xf9\x45\xbc" "\x37\x22\x1e\x8a\x88\x87\x8b\xbe\x3f\x12\x11\x8f\x46\xc4\xbe\x2e\xf1\x7f" "\xff\xe2\x63\xef\xac\x3d\xfe\x76\xab\xe6\xbd\x97\xc7\x7f\x72\xa5\xf3\x1f" "\x4d\xe7\x7f\x39\x51\x14\x2f\xb5\x29\xfa\x6f\x62\xe0\xcc\x77\x5f\x77\x6a" "\x7f\x75\xe7\xff\x50\x35\xb5\xbf\xd8\xb3\x9a\xdf\x7f\x5d\xba\xd3\x2e\x08" "\x00\x00\x00\xb8\xa3\xa5\xd5\xcf\xc0\x27\xe9\x44\x23\x9d\xa6\x13\x13\xb5" "\xcf\xf0\xef\x8c\xcd\x69\x65\xe1\xfc\xe2\x53\xa7\x16\x1a\x1f\x14\x18\x8b" "\xa1\xf4\xd4\x7c\x65\x6e\x53\xe3\x79\x70\xed\x79\xe8\x54\xf1\x6c\xb8\x9e" "\x9f\x6e\xc9\x1f\x2c\x9e\x1b\x7f\x36\xb0\xa9\x9a\x9f\x98\x5d\xa8\x9c\x2c" "\x39\x76\xe8\x77\x5b\x3a\x8c\xff\xdc\xef\x03\x65\xf7\x0e\x58\x77\xfe\x5e" "\x0b\xfa\x97\xf1\x0f\xfd\x6b\xa5\xf1\x9f\x6e\x50\x3f\x80\x8d\x96\x78\xff" "\x87\x3e\x66\xfc\x43\xff\x6a\x37\xfe\x47\x4b\xe8\x07\xb0\xf1\xf2\xf1\xff" "\x47\xd9\x9d\x00\x4a\x61\xfe\x0f\xfd\xcb\xf8\x87\xfe\x65\xfc\x43\x5f\xea" "\xf8\xb7\xf1\x69\xe7\x22\x89\x72\x12\x31\x58\x4e\xeb\xc7\xa2\x5d\x51\xa4" "\xb7\xc9\x61\xb9\xbd\x12\xb1\x14\xd1\xdb\x9f\x3c\xb8\xea\x2f\xb3\xb8\xb5" "\x44\x12\x6d\x8b\xba\xff\xde\x58\xf9\x5b\x42\x01\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x6e\x0f\xff\x06\x00\x00\xff\xff\x42\x21\xe7\x0e", 1151)); NONFAILING(syz_mount_image( /*fs=*/0x20000080, /*dir=*/0x200000c0, /*flags=MS_SYNCHRONOUS|MS_SILENT|MS_NOSUID*/ 0x8012, /*opts=*/0x200011c0, /*chdir=*/0xfe, /*size=*/0x47f, /*img=*/0x20000980)); // quotactl$Q_QUOTAON arguments: [ // cmd: quota_cmd_quota_on = 0xffffffff80000201 (8 bytes) // special: ptr[in, blockdev_filename] { // union blockdev_filename { // loop: loop_filename { // prefix: buffer: {2f 64 65 76 2f 6c 6f 6f 70} (length 0x9) // id: proc = 0x0 (1 bytes) // z: const = 0x0 (1 bytes) // } // } // } // id: uid (resource) // addr: nil // ] NONFAILING(memcpy((void*)0x20000180, "/dev/loop", 9)); NONFAILING(*(uint8_t*)0x20000189 = 0x30); NONFAILING(*(uint8_t*)0x2000018a = 0); syscall(__NR_quotactl, /*cmd=Q_QUOTAON_GRP*/ 0xffffffff80000201ul, /*special=*/0x20000180ul, /*id=*/(intptr_t)-1, /*addr=*/0ul); // mprotect arguments: [ // addr: VMA[0x3000] // len: len = 0x3000 (8 bytes) // prot: mmap_prot = 0x1 (8 bytes) // ] syscall(__NR_mprotect, /*addr=*/0x20000000ul, /*len=*/0x3000ul, /*prot=PROT_READ*/ 1ul); // openat$cgroup_ro arguments: [ // fd: fd_cgroup (resource) // file: ptr[in, buffer] { // buffer: {68 75 67 65 74 6c 62 2e 31 47 42 2e 75 73 61 67 65 5f 69 6e // 5f 62 79 74 65 73 00} (length 0x1b) // } // flags: const = 0x275a (4 bytes) // mode: const = 0x0 (2 bytes) // ] // returns fd NONFAILING(memcpy((void*)0x20000180, "hugetlb.1GB.usage_in_bytes\000", 27)); res = syscall(__NR_openat, /*fd=*/(intptr_t)-1, /*file=*/0x20000180ul, /*flags=*/0x275a, /*mode=*/0); if (res != -1) r[0] = res; // mmap arguments: [ // addr: VMA[0xb36000] // len: len = 0xb36000 (8 bytes) // prot: mmap_prot = 0xa (8 bytes) // flags: mmap_flags = 0x28011 (8 bytes) // fd: fd (resource) // offset: intptr = 0x0 (8 bytes) // ] syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0xb36000ul, /*prot=PROT_SEM|PROT_WRITE*/ 0xaul, /*flags=MAP_STACK|MAP_POPULATE|MAP_FIXED|MAP_SHARED*/ 0x28011ul, /*fd=*/r[0], /*offset=*/0ul); // syz_mount_image$msdos arguments: [ // fs: ptr[in, buffer] { // buffer: {6d 73 64 6f 73 00} (length 0x6) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 32 00} (length 0x8) // } // flags: mount_flags = 0x800884 (8 bytes) // opts: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYRES16: ANYRES16 (resource) // } // union ANYUNION { // ANYRES64: ANYRES64 (resource) // } // union ANYUNION { // ANYRESOCT: ANYRES64 (resource) // } // union ANYUNION { // ANYRES8: ANYRES8 (resource) // } // union ANYUNION { // ANYRES64: ANYRES64 (resource) // } // union ANYUNION { // ANYRES64: ANYRES64 (resource) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {10 8a d2 78 f4 ae 96 ce f5 96 fe b9 9d 6b 93 b2 // f5 08 bd 9a 1e 71 00 0d 49 8c fb 97 d9 a3 43 dd 9a 79 9a c7 80 23 // 62 ae eb 37 f1 bf 65 e0 ec 22 0a 0f e6 bc a8 36 7d ed 4e aa 48 e5 // 9e 09 56 98 3a 18 85 a7 0f 87 40 86 54 88 33 1e 8e 4d 0b ae 45 81 // 9e 76 a2 71 42 6b ac 0b 4d a5 e4 b5 ad 2b 6b f6 04 55 e2 57 4e 56 // a1 6b e7 2d 40 4a c9 71 9f 42 73 ca 46 43 c1 8b a5 b5 fc 12 bf 0f // 53 3a 13 65 88 87 b5 8d 02 18 80 31 0a b0 e3 55 38 0d 89 10 14 d6 // c3 4f dd 87 8f ef 89 05 35 16 93 dd a0 99 cf 46 88 90 fd f8 96 01 // 55 9f 0a 46 0a f6 2b 3d ad 16 f8 c8 ae 73 ef 35 06 93 56 96 86 a4 // 42 bd 46 c7 f6 6d 62 0a ac d9 c4 25 1a 62 a1 e3 0f 4d 0e 38 0c a3 // 4d 6b 5e 0e d6 fe 62 77 77 57 d7 39 d0 71 d8 a7 8f a7 87 d3 41 4b // a9 9b b6 f9 aa 68 50 c2 a7 0e 4f 3d d0 25 69 ed be 37 92 70 97 fd // ed 41 04 b0 f1 32 72 50 b4 2f c4 9f 7f ce 73 37 83 9e fb 1d bb 60 // b4 26 f1 26 3b 16 c4 86 bc 9f 45 f7 5c 73 e5 f6 8b 53 20 15 8f ba // ed 1f 30 ae 7c 2d 22 e4 c2 4c a9 04 1e f2 48 f8 1c a2 1b d8 7d cb // 3d 19 88 97 c6 fe 9c 01 9c 8c 64 51 26 da fd 00 29 7c e8 8d 78 aa // ed 93 8d 1b 96 41 f0 07 6a 64 28 8c 94 c1 29 39 7a a7 f2 b5 0f 56 // 6b d9 70 5b 6d 14 61 a9 b5 e2 50 a0 ee f2 e7 8b d2 7f f6 59 85 0e // 20 12 02 ca 80 a9 f3 44 b5 37 20 4e d5 99 8d b8 d5 2b 35 e0 a9 5d // 21 4f 08 2d 8c 41 af b3 57 d1 2b 68 e5 f4 fc 66 33 55 89 66 80 66 // 9c 94 89 d2 04 d9 f1 da 36 99 2e f8 1c aa 91 91 8d d5 22 57 7b 72 // de f5 94 74 53 09 6f bf 43 e9 1d bc c7 08 71 73 a9 90 f9 10 98 04 // 81 a7 bf f9 38 bb 2e a2 97 60 20 0e b8 ed 54 2f 11 5a 16 68 e9 80 // c5 a9 81 d0 27 fd c0 7a 60 08 87 dc 5d 2b b0 94 3a 2e b3 f3 42 87 // 69 a5 96 a5 8f 8c 2f 69 c0 d8 44 6d 69 f6 84 2c 2e 96 08 a6 20 c9 // dd e9 ec 8a 24 93 5e f6 97 c6 d1 d8 55 99 71 69 bf 67 7d 4e 2e 4b // f8 b3 fd 9d 8d 53 31 5e ff 0a c4 eb c4 a8 2f 22 62 4c 49 a8 a0 fe // 70 79 c1 e5 f8 db b6 52 8b 6b 26 f4 5b e5 6d 13 52 b1 a0 75 dc f8 // 52 f2 af bf 4b de 23 76 64 8b ff 21 ce 8b 4a ae a2 89 d5 29 99 de // 4d 24 d1 54 4b 35 93 aa cf 05 a1 f1 7f cf c2 4d e1 a7 a1 b5 81 da // 14 f2 9b b8 3b 9f 8f 02 fb 6e bd 4a af 1e b3 4a dd f0 50 a6 f5 e5 // 20 ce 3e 2a b4 68 ff 37 aa 2c fe 4d af 2a b8 51 25 99 3c d7 73 33 // 99 e1 1c e1 81 f5 5c 85 bc 7e eb d7 28 a6 45 d9 07 76 e4 f7 6a bb // ec 05 5c d4 18 e4 e2 20 28 db 07 53 83 a7 44 83 25 cb 70 d2 49 ca // 21 f2 a4 b3 41 dc 65 d1 12 0a b8 d4 d0 fb 0a 0b 2a 27 50 aa 14 ee // 04 e7 0d b1 f4 e5 af 71 11 c2 a1 17 d2 7d 9c cb c0 6b ff b3 1a 0a // 41 a8 5d e9 a1 a2 28 49 1b bf 3c 1d 49 d1 4a 76 30 b6 46 a7 77 15 // cf 49 51 49 f8 aa 89 2f 17 eb 21 f9 2e 72 fe bd 04 6d c5 33 4f cd // f0 48 a2 90 d8 55 f5 bd f3 7f 87 3f e8 37 ef e8 58 a9 73 15 ae 6c // b6 7e 60 32 72 b3 96 5e 35 02 e9 59 e3 e5 1c bb 02 7d 9e 98 45 0f // 14 31 b2 d2 80 13 ac 60 96 4d 10 6a 20 00 05 15 9d a0 a2 c3 a8 8b // 2b 90 a5 fe fd bb 1f 25 31 6e 39 61 0e 39 55 c4 59 4c 32 c3 d5 42 // 1c 6c 51 ff 9a e9 ae 9d 7c 2f ca 19 84 78 b9 18 9a c2 6d 59 4c 4c // ab 18 9c 03 ca 4e a7 1e 62 09 5b b7 d5 a2 fc 8d 53 40 6e ef 54 1a // 8e e0 dd b9 5b 66 11 ee da 8c 96 2b 38 ec ce cd e0 29 93 4c 81 de // 88 95 7a f5 69 cc 83 3d 3a e3 5f e2 e2 38 f6 e5 ea a8 84 fa 98 39 // df 65 d1 fa 65 fe 8a 1f f6 56 d2 4e 10 62 2c 6d fe 9e 4c 67 87 28 // cc 36 73 0f 1b 4c 11 48 43 8d 4e 8e 18 90 79 39 43 15 9b 93 f1 09 // 17 ca c4 dc 15 90 45 a8 df 64 00 d9 5b 80 98 bc bd 6f c9 ac dc 8c // bb 67 32 f7 bf b8 1a 21 a6 c8 59 e9 4d 7a 52 48 29 4f a6 4f 9b c6 // d3 1e cc bd 5b 19 63 60 27 06 b1 8b 10 9d fe 77 8e 1a 7d 47 ba 49 // 40 77 c5 b5 d5 24 aa e9 9b 69 71 a3 ba db 58 2d 03 c5 8f 19 c2 a3 // be 61 29 6b 73 22 c5 73 a5 1d d7 d3 9c 5d fc 99 eb ba e0 6e 61 b8 // c6 d6 ed f2 39 13 2c 67 f2 a8 de d3 49 f5 6f 1d c3 bf c1 6b bf 0e // 43 1a af 1d f4 62 e6 37 8e 66 15 f2 fd 0a 63 6f 83 74 0a 81 6b 10 // e4 e0 0c f5 a8 da 6d 9e fd 4b 8d 78 fb 1c 41 56 de ad e7 7f 2d 3a // 2d fc ae 22 cc b8 9d f6 a4 64 0a 77 97 a8 8a e2 42 25 c1 2a d5 08 // f1 6f bf 5f f9 55 99 62 86 2a 4b fb d0 7d be 1f f6 76 82 ee e5 de // a7 b4 2f 9a c7 38 44 75 29 30 0b c7 df 86 cd c9 4a aa bf d1 86 bb // 8f 2a bb ae c9 05 b8 ac c2 09 0e e7 42 b5 2e 2d 2a c4 83 ab 13 d4 // 0e 64 11 6c bc e0 6d f9 80 fb c2 2e 98 01 96 a2 7c f8 48 e3 fa 84 // 5b a0 10 41 16 0d 2f 02 58 2c 3a 7c c1 e0 aa bf d4 e7 a4 be bb 60 // 85 0a 1d fa 4b b1 5a c6 ed 23 c9 e0 ab 5f 01 70 12 1b ec 61 fd 21 // 60 a0 8e 61 98 1a 12 7a b4 3f 2a df c0 17 cc 07 d2 3d 0c 9a ec d5 // 9b 94 4a 4d 97 da 90 f3 59 04 08 a1 81 43 6b 17 bc 9e c7 60 02 b3 // 49 1d 92 19 2c de 2c 66 25 8b 0a 3d c0 29 5b cf f7 cb fe d4 91 3c // 74 f6 5c ab f6 b0 53 18 b7 b7 2f 5e 89 ab e0 46 6a 00 19 ab 50 32 // 0d 4d c8 66 5a 27 3c 6d 8d 82 79 51 04 bc 0c 20 71 7e 5f 3a d9 91 // 69 51 c1 ff ad ec 95 ca da cf bf 57 ad f7 48 42 f5 a1 20 29 9d c9 // 16 c4 44 51 5e 17 ee 2e 54 24 33 94 a1 16 c2 eb 61 20 14 f9 98 4c // ad 89 38 7b ee 3b 06 7f a1 14 0d 7c e6 72 50 e0 79 f4 7e b2 e6 41 // 8f 29 81 1f 4d bc 5e d9 fb fd 19 0f c8 58 e6 96 66 1d 6f 1f d6 1d // 41 c5 58 62 b1 52 79 f4 fe a1 b1 92 4a 44 76 e7 ef e9 c8 46 6c d2 // e4 f5 84 5f 30 3f c8 e5 2c e0 9b a9 7b f6 72 01 fc be 2a c5 9c b8 // 36 7c 0d e5 49 d1 2c b9 ff d1 71 a4 22 18 e8 ce d6 09 70 da 28 ef // ed 50 ff 2a ac 66 9a 40 37 fc 33 80 6a af e4 d7 57 c9 d0 6f 87 9f // 7b cd e1 2e bd a5 57 aa 45 64 41 27 da 52 42 c2 ea 18 bc 23 c2 27 // 0c c5 01 0a 18 1a a9 2c 03 f0 6d 2e e0 ff fd f8 23 81 a5 6e 9e e8 // 30 0d 5a 07 69 fd 4b 20 57 f2 3e 17 f5 36 27 19 ce 8d db da 47 24 // 14 51 e9 25 dc 71 d8 54 f7 9d 66 8b 09 18 88 65 d9 01 a5 3e c4 a9 // da e3 f3 0d db 5b d4 c4 4c 4a c0 22 b7 74 c3 82 bd 13 e3 ec be a0 // a0 27 16 3e 96 8f 47 60 88 d8 30 03 5f a2 31 9e 4b 49 86 19 cc 30 // 7c d7 dd 5f 2b 77 68 1b c1 b7 0a a3 8b d3 1c 13 74 49 ef 7b 1b e4 // be de 59 74 10 c0 09 c5 ef 77 a8 af 59 7b b8 0d fc c8 b6 b7 06 6c // bd f0 0d fd c5 fa 02 19 43 03 ef 2d 6a a3 c1 38 54 f8 f7 4b f4 d0 // 6f c1 e2 c0 66 86 65 63 49 67 e4 6a 3d d8 f3 f7 7f f3 18 e0 1e a5 // 26 7e c9 dc 44 f8 8e e6 62 f6 4e 93 a0 d8 fb e7 68 c9 d6 2a 51 e4 // 21 f6 b6 19 be 9e 07 52 b3 70 fc 13 ff ba cb ab ac f3 dd a0 7a ea // ab a7 06 f0 cb 66 11 04 97 c4 b0 db b2 18 45 67 ec 5b 72 70 29 32 // 7e 7c 3f ac f9 66 e2 96 0e b1 84 bc 6a 9d 24 c6 26 4e a2 c8 f5 ce // 23 c6 d8 ce e1 a7 df b0 04 1c 6e 57 29 ca 9d da 81 ef 0c 51 92 a9 // 75 52 f8 8e a4 a8 e1 1a 62 21 eb d5 fb 77 06 23 a1 8e 77 f6 7e 63 // 1d 91 06 5a 44 11 55 81 47 a2 44 f5 c0 25 79 67 de 79 29 ec 88 dd // 00 cd bf 7d 3c 3e bb b5 6b 9e fb a8 7b 0b 85 a4 0c 7f 89 84 1c 17 // 59 61 fc d5 f4 67 5f 37 31 95 82 2e 92 38 c4 31 82 1c df 47 11 18 // 55 95 64 79 06 fb 9b 8c 62 1d 18 33 06 7a 11 ca c4 9c 64 3d 79 33 // 4b 77 64 a9 bf ff fa fb 0e dd 1a aa c6 dc bf 46 6a a2 1a de 5c bf // c7 f5 cd f6 0f b9 37 56 f1 83 bb 7b 0d 13 10 9e de 38 a3 eb e9 de // ed 01 74 66 66 69 c1 97 99 a5 31 b0 1e d4 21 0f 05 b0 b2 ad 6d 9c // d6 15 f7 31 21 bd c0 b7 01 91 15 8c 36 ff 63 5f b5 65 c2 75 07 fe // 5c 7c 3d f7 38 53 87 6a d3 73 ed 72 c2 b0 5b 96 63 c8 03 78 c0 df // f9 e0 10 67 52 e4 72 26 f1 a9 41 db 64 2f e3 ef 7c 57 82 b0 76 6a // 6f 96 6b 48 66 8a 97 cb d7 93 a1 01 bd cf f7 de db b0 82 08 98 60 // c6 d0 5b ec 9f f1 28 e9 73 45 c2 80 2e 1f 75 c2 48 1f c7 42 80 40 // dc 47 4b 7b e1 ba b9 69 7b da b4 c8 81 50 d6 56 8b 5f bc ee 21 c4 // 15 e7 95 be 79 26 e4 ab 5e a5 3b 5d 66 6d 4c 16 bd d5 9b 47 c8 d3 // fd c3 bb 01 b5 b1 9d ea a4 35 3b 43 fa 09 b8 49 5c 0d 06 5b 82 8a // d6 2b bc 8b 35 67 ac ea 1a fa d3 29 22 e0 de 8e 99 3e 79 ed f7 53 // c4 d2 ec 7b 10 27 c0 37 47 2e 64 23 49 60 26 10 3a a4 6c 61 0b 4f // b5 ef 4a c9 45 4b 7c a8 08 4e 0e 99 26 8b 90 15 b5 1c fa 24 97 cf // cb 1a 41 69 0b bf fe 5e 28 dc 7c 8f 4b 24 47 1a 0c aa 65 3a 75 0d // 4b ca be 5f 2b 6a ba 69 64 8c cd fd 9e df ad ce b5 c7 8b 18 a5 7a // 02 53 8d 1f 08 84 ae 5c f7 53 c8 32 c8 a7 15 6a 2a 3a fa 53 d5 0c // 17 3f 00 a1 a1 f6 70 3f d3 11 c0 2f 0d 78 63 3c 02 35 a1 d0 c1 c7 // 25 32 83 1d 30 7d 97 de 33 46 c1 bd 2c 88 80 4d e5 95 31 a8 53 71 // 40 f3 f1 da 6a 4d b4 44 53 a3 71 d6 d6 4a 98 2e d9 3f ab d3 84 c6 // e3 25 9e fb 38 0c aa 6c 9c 4e b8 74 ae 5f 36 f8 16 75 41 96 5f 8f // 01 5a 12 f6 fd e0 b4 48 12 b7 af 8b 8c 9c ed bd 7a 40 4c 1a 0e 6a // 89 ba 6d e6 9f 39 21 4a c3 09 14 4d ab 2b 03 96 78 48 dd 1d 5d 5c // 2b a4 1e 57 85 0d 7f 24 19 4d 22 3b ee 52 f8 b3 44 5e 0c 29 ab 6a // 82 23 84 5a 64 f3 54 d6 cc ee bf 75 59 10 f5 80 b5 83 6d 1f d9 b5 // fe 22 b9 b6 af f2 05 17 ce 3e 73 66 e0 9f ac 78 7e fc b5 6e d0 57 // 20 13 43 48 55 bf 55 19 eb aa 61 53 82 61 54 63 d7 2e d7 17 1b ad // 42 60 4d 13 24 77 05 3a aa b0 08 38 93 76 e2 1f 13 24 8c c7 f9 ac // bc c7 79 7c a4 4b 5e 10 1c 1c 32 ea df cf 79 7b 52 06 0d 00 88 b9 // 2a d0 e5 37 4e 0a f1 b4 44 ba 2a ea 7f 8f f7 e4 a6 39 7a 81 c7 a6 // 1e 94 ec 21 0a c2 e0 c7 78 d8 df f1 ba 07 93 8f 10 55 03 81 75 2e // 19 96 da 1c 95 95 08 09 d6 03 69 f9 d9 c7 ca f1 3c 8b f7 f8 40 a9 // be 86 a0 9c ef 07 6a e8 8f e7 9d 5e db 31 ed bb d4 ee 33 2b 9b 9f // 09 78 d3 7b a5 24 86 dc e7 83 0b 89 60 6c 77 20 90 79 42 46 56 64 // 2f 8f be 37 0f 44 f9 e9 1a 0c c3 06 47 65 0a 7c 36 63 fa 3c 37 1f // 71 c5 16 a6 68 52 e0 a6 7c f2 e7 9f 97 61 54 ca 9f fa 07 db a5 6a // 2c ac 7c c6 af e2 80 36 ca 3e 11 a6 1e 79 da ea 94 45 15 a3 20 b7 // b6 31 de 1b f1 b9 35 96 8a 9a 69 82 8a ac b5 c0 18 84 ef 11 51 85 // d4 e8 bc 78 06 6e b7 2d 65 27 6f c6 d2 2b ea 12 a4 20 12 0e 3d 9c // 5c 28 8d fa 0e b6 a5 b5 ec bb 4d 45 66 e9 49 f2 b6 bb d7 c8 70 da // a5 46 42 5d 84 b3 d8 34 50 29 28 84 cb 59 3a a9 da 61 68 ae 92 e7 // 1e 88 15 79 91 9e 15 3e d5 25 f4 7d 06 1a 25 33 1d 4f 79 28 49 a8 // 6b 73 73 f1 5e c2 9c d4 50 84 ce 62 2f 55 8d 9f 26 a3 42 99 5b 1f // 94 60 8d ae 34 b0 50 2a f5 a5 ae 80 96 98 e9 96 29 de 87 17 55 d0 // 1b 93 24 04 33 0d 63 6b e3 b8 da 76 a8 06 46 6b 89 30 dd 0e 9e ae // 43 ae ea e1 67 96 67 9e d5 aa 49 95 43 ca 56 0a f9 18 01 a3 67 94 // b2 38 de bd 02 c2 94 3b f9 61 37 12 a9 4f 37 ea c3 85 59 77 4b 9a // 09 7b 52 0d ad 92 6b 11 5e 1d 99 9b 6d 4b 78 7e a1 b4 fe 92 0b 34 // af 0d 3f 4e 5a 3e d4 bb df 6d 43 db 56 b1 3d 93 2c c7 1f c6 ee 31 // 31 89 75 21 e2 02 60 9b f8 02 4b ec 85 7a 74 a3 7d 29 d3 8b cc 4d // b5 ca 0d c3 b0 f2 a7 c9 cd b1 05 19 d5 31 12 d6 85 ea 35 ee ea eb // 79 0c 4e 93 73 0b c1 82 fb 68 51 38 64 90 d9 29 0f 51 ae a2 1b 33 // d7 09 67 0f cc cd 49 26 5e 12 66 1b 12 83 d5 91 eb ff 1b 2e 9b 9a // 97 ae 0f bb 01 15 27 10 e4 d3 f6 e6 d1 b2 b1 58 86 2a e4 4a 96 f2 // c4 86 86 a0 b0 ce 8c 21 d6 43 8b 8e 9f a0 22 ea e7 75 fb d3 9c d9 // 05 95 d8 b9 1a 25 b9 6f 43 20 27 86 5a f1 78 c9 a6 99 f0 0d 90 b3 // b5 1b 80 08 ae 01 93 a7 d6 28 93 ad bd 5d dd 48 a3 31 c2 cb 2a ed // c1 71 56 09 bf d5 f2 44 e7 bd 2f b2 88 85 2a 54 bf e0 6d 2a 5c bb // a3 35 fb b3 1f 95 32 77 ea b6 ba 53 eb 1c 58 6e 57 8f f7 40 1b 7f // 52 a0 e3 9d 4c 24 69 87 26 01 73 93 b6 6b 19 0b ae 4d 24 04 83 fc // 33 16 dc 7d e6 ec 4d e0 22 e2 38 da ee 63 b7 a8 36 84 92 c9 b8 3d // 35 49 1c 8d 34 97 e7 7e ab 74 d0 cb 85 11 92 1f d3 07 46 45 d5 9f // 86 38 a9 c4 8f dd 07 03 b0 af 07 45 e3 21 b8 bd 70 35 04 e5 bf 51 // 23 fa 75 1d 4c 8a b9 8a e5 81 e8 f3 fd a0 b7 3d 49 aa 4b d1 6e 2e // cf eb d0 2e cb 88 8c b0 78 ec ac 88 c7 82 fe 27 41 4f cc 9c b2 9d // 1d 3f 13 75 ac d1 ee b4 1e 87 bf 60 40 d5 fd e4 89 eb 41 ad 13 36 // da 21 1f 58 55 ce 5c 3b 13 d7 95 c4 3c 0c f7 19 1b e4 fa 31 44 8c // 5b 70 30 4e 5e 45 c5 52 94 dd 5e 49 93 bf 6b fc cc c8 d3 00 bb ab // 1a a1 4d 72 f3 2b b6 6a 15 1d ca 12 f0 cc 8a a8 20 68 c6 a8 eb 93 // 82 d2 c6 aa 4c e7 ff 48 3c 3b 99 9f b1 2b 49 65 36 45 7f cc 86 d9 // 09 f9 b6 ee 35 fb c9 83 5f e5 cf 56 d3 b3 f5 bf 26 1e 67 0a 7d e0 // c2 07 ef ee 27 e0 d6 44 5e da b8 38 6d 67 b7 8d 8b 5a 0e d6 ff 9a // 24 f3 82 57 54 6b 6f 0c 2c 11 24 7b 2b 29 9a 38 c1 89 79 a0 78 c4 // 0e 00 3d 79 4f e9 d4 b2 56 36 ec 84 21 e7 cf c5 3b ad 36 64 07 7f // 72 c9 31 7c 57 7e 2f 99 25 e0 af f5 5f 99 58 5a 10 5e 42 72 56 41 // 3f 51 58 dd 81 7c 63 61 06 22 8d 81 51 fc 97 f8 d9 3f bf bd ae dd // 0e fb 19 9f 5b 88 64 9b f5 ef b1 be 60 fc 12 01 d2 5a ef 0d 23 bf // 85 4a 13 c7 c9 40 3f 2f c7 f0 ca e0 c3 61 9c fc 78 ce 79 67 2a 0d // 86 03 fd 5e 1c 54 83 98 21 0f 0f 0a 44 cf db ab cf 86 e2 56 47 37 // 74 48 51 7f 75 d4 5b 54 dd 0a 12 4b 81 36 4e 2d 62 60 aa a7 6f f1 // d2 d1 17 df 4c a9 91 a6 ab 35 cf e9 0c 8a da c6 25 16 33 f2 22 d4 // 9f 80 8f f1 1b 78 01 72 bd 66 1c 5c 9c 11 6e 86 e8 ed 0a 25 c0 87 // 6f d5 f4 d5 e6 a2 b7 6e 4f 05 cd 53 c8 3b 90 a2 3d 7a 0a 89 c5 16 // d3 1d 46 81 10 df d3 24 7a b3 14 7f a1 dc fc 56 4c 0c dc 4c e0 44 // 90 4a 3a 48 b7 ec 1f a2 cc e6 bf ad 44 16 dc c5 15 ec e6 16 bf 13 // e7 ca ea 4a 0f a3 f4 38 a4 7c 2a 9a 35 f2 1f cf 66 75 cc 1f fc 0b // 9d 89 18 27 c9 8f d3 5f 0e 69 0a 4c fc aa 1f 13 36 71 04 19 7c 86 // 9a cc ee c7 ca 5b 7e 04 8f 63 55 dc d9 b4 92 40 df ed 0e da 61 73 // df d0 d3 c7 a3 77 65 e5 62 a1 c5 d1 dd 91 d2 81 28 2a 86 98 3d 0b // 70 e2 cd 57 6c 81 2d f6 c7 cc 8f e8 67 50 78 e9 f4 56 ce d2 e4 74 // 11 a3 41 5b f0 32 25 9a 43 8a} (length 0x1000) // } // union ANYUNION { // ANYBLOB: buffer: {40 4f f8 b6 6e 99 c9 94 29 50 c4 9e cc 27 9a 94 // 91 e2 c0 1a bf ae 45 bf 2b 82 a8 93 9f fc fa 22 fb b5 29 e3 a8 ce // b1 41 9e 6d ca 7c 69 e8 a5 1b 57 07 be 9d 2a 12 99 27 66 eb 31 d6 // ab bf e1 2d a3 28 f5 99 20 cb 13 35 79 98 af e8 03 4b 25 f9 01 3e // dc 6c 69 06 39 61 42 12 e7 bc ae 4b 93 a6 5c 19 ee eb d1 3a 76 85 // 92 df a7 1d 01 2c 2a 81 20 96 6d de ca ea b6 fa c7 68 3c d9 66 f5 // 00 ad 56 f3 26 db 3a bf e5 4c 18 ce be f5 80 51 76 65 c6 18 30 7c // f6 59 67 96 70 24 19 9d ab 27 da 77 f4 1d 95 d8 ee 26 39 28 c1 de // 22 2a 04 93 95 08} (length 0xb0) // } // } // } // chdir: int8 = 0x5 (1 bytes) // size: len = 0x2af (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x2af) // } // ] // returns fd_dir NONFAILING(memcpy((void*)0x20000240, "msdos\000", 6)); NONFAILING(memcpy((void*)0x20000200, "./file2\000", 8)); NONFAILING(*(uint32_t*)0x20000b80 = -1); NONFAILING(*(uint16_t*)0x20000b84 = -1); NONFAILING(*(uint64_t*)0x20000b86 = -1); NONFAILING(sprintf((char*)0x20000b8e, "%023llo", (long long)-1)); NONFAILING(*(uint8_t*)0x20000ba5 = -1); NONFAILING(*(uint64_t*)0x20000ba6 = -1); NONFAILING(*(uint64_t*)0x20000bae = -1); NONFAILING(sprintf((char*)0x20000bb6, "0x%016llx", (long long)-1)); NONFAILING(memcpy( (void*)0x20000bc8, "\x10\x8a\xd2\x78\xf4\xae\x96\xce\xf5\x96\xfe\xb9\x9d\x6b\x93\xb2\xf5\x08" "\xbd\x9a\x1e\x71\x00\x0d\x49\x8c\xfb\x97\xd9\xa3\x43\xdd\x9a\x79\x9a\xc7" "\x80\x23\x62\xae\xeb\x37\xf1\xbf\x65\xe0\xec\x22\x0a\x0f\xe6\xbc\xa8\x36" "\x7d\xed\x4e\xaa\x48\xe5\x9e\x09\x56\x98\x3a\x18\x85\xa7\x0f\x87\x40\x86" "\x54\x88\x33\x1e\x8e\x4d\x0b\xae\x45\x81\x9e\x76\xa2\x71\x42\x6b\xac\x0b" "\x4d\xa5\xe4\xb5\xad\x2b\x6b\xf6\x04\x55\xe2\x57\x4e\x56\xa1\x6b\xe7\x2d" "\x40\x4a\xc9\x71\x9f\x42\x73\xca\x46\x43\xc1\x8b\xa5\xb5\xfc\x12\xbf\x0f" "\x53\x3a\x13\x65\x88\x87\xb5\x8d\x02\x18\x80\x31\x0a\xb0\xe3\x55\x38\x0d" "\x89\x10\x14\xd6\xc3\x4f\xdd\x87\x8f\xef\x89\x05\x35\x16\x93\xdd\xa0\x99" "\xcf\x46\x88\x90\xfd\xf8\x96\x01\x55\x9f\x0a\x46\x0a\xf6\x2b\x3d\xad\x16" "\xf8\xc8\xae\x73\xef\x35\x06\x93\x56\x96\x86\xa4\x42\xbd\x46\xc7\xf6\x6d" "\x62\x0a\xac\xd9\xc4\x25\x1a\x62\xa1\xe3\x0f\x4d\x0e\x38\x0c\xa3\x4d\x6b" "\x5e\x0e\xd6\xfe\x62\x77\x77\x57\xd7\x39\xd0\x71\xd8\xa7\x8f\xa7\x87\xd3" "\x41\x4b\xa9\x9b\xb6\xf9\xaa\x68\x50\xc2\xa7\x0e\x4f\x3d\xd0\x25\x69\xed" "\xbe\x37\x92\x70\x97\xfd\xed\x41\x04\xb0\xf1\x32\x72\x50\xb4\x2f\xc4\x9f" "\x7f\xce\x73\x37\x83\x9e\xfb\x1d\xbb\x60\xb4\x26\xf1\x26\x3b\x16\xc4\x86" "\xbc\x9f\x45\xf7\x5c\x73\xe5\xf6\x8b\x53\x20\x15\x8f\xba\xed\x1f\x30\xae" "\x7c\x2d\x22\xe4\xc2\x4c\xa9\x04\x1e\xf2\x48\xf8\x1c\xa2\x1b\xd8\x7d\xcb" "\x3d\x19\x88\x97\xc6\xfe\x9c\x01\x9c\x8c\x64\x51\x26\xda\xfd\x00\x29\x7c" "\xe8\x8d\x78\xaa\xed\x93\x8d\x1b\x96\x41\xf0\x07\x6a\x64\x28\x8c\x94\xc1" "\x29\x39\x7a\xa7\xf2\xb5\x0f\x56\x6b\xd9\x70\x5b\x6d\x14\x61\xa9\xb5\xe2" "\x50\xa0\xee\xf2\xe7\x8b\xd2\x7f\xf6\x59\x85\x0e\x20\x12\x02\xca\x80\xa9" "\xf3\x44\xb5\x37\x20\x4e\xd5\x99\x8d\xb8\xd5\x2b\x35\xe0\xa9\x5d\x21\x4f" "\x08\x2d\x8c\x41\xaf\xb3\x57\xd1\x2b\x68\xe5\xf4\xfc\x66\x33\x55\x89\x66" "\x80\x66\x9c\x94\x89\xd2\x04\xd9\xf1\xda\x36\x99\x2e\xf8\x1c\xaa\x91\x91" "\x8d\xd5\x22\x57\x7b\x72\xde\xf5\x94\x74\x53\x09\x6f\xbf\x43\xe9\x1d\xbc" "\xc7\x08\x71\x73\xa9\x90\xf9\x10\x98\x04\x81\xa7\xbf\xf9\x38\xbb\x2e\xa2" "\x97\x60\x20\x0e\xb8\xed\x54\x2f\x11\x5a\x16\x68\xe9\x80\xc5\xa9\x81\xd0" "\x27\xfd\xc0\x7a\x60\x08\x87\xdc\x5d\x2b\xb0\x94\x3a\x2e\xb3\xf3\x42\x87" "\x69\xa5\x96\xa5\x8f\x8c\x2f\x69\xc0\xd8\x44\x6d\x69\xf6\x84\x2c\x2e\x96" "\x08\xa6\x20\xc9\xdd\xe9\xec\x8a\x24\x93\x5e\xf6\x97\xc6\xd1\xd8\x55\x99" "\x71\x69\xbf\x67\x7d\x4e\x2e\x4b\xf8\xb3\xfd\x9d\x8d\x53\x31\x5e\xff\x0a" "\xc4\xeb\xc4\xa8\x2f\x22\x62\x4c\x49\xa8\xa0\xfe\x70\x79\xc1\xe5\xf8\xdb" "\xb6\x52\x8b\x6b\x26\xf4\x5b\xe5\x6d\x13\x52\xb1\xa0\x75\xdc\xf8\x52\xf2" "\xaf\xbf\x4b\xde\x23\x76\x64\x8b\xff\x21\xce\x8b\x4a\xae\xa2\x89\xd5\x29" "\x99\xde\x4d\x24\xd1\x54\x4b\x35\x93\xaa\xcf\x05\xa1\xf1\x7f\xcf\xc2\x4d" "\xe1\xa7\xa1\xb5\x81\xda\x14\xf2\x9b\xb8\x3b\x9f\x8f\x02\xfb\x6e\xbd\x4a" "\xaf\x1e\xb3\x4a\xdd\xf0\x50\xa6\xf5\xe5\x20\xce\x3e\x2a\xb4\x68\xff\x37" "\xaa\x2c\xfe\x4d\xaf\x2a\xb8\x51\x25\x99\x3c\xd7\x73\x33\x99\xe1\x1c\xe1" "\x81\xf5\x5c\x85\xbc\x7e\xeb\xd7\x28\xa6\x45\xd9\x07\x76\xe4\xf7\x6a\xbb" "\xec\x05\x5c\xd4\x18\xe4\xe2\x20\x28\xdb\x07\x53\x83\xa7\x44\x83\x25\xcb" "\x70\xd2\x49\xca\x21\xf2\xa4\xb3\x41\xdc\x65\xd1\x12\x0a\xb8\xd4\xd0\xfb" "\x0a\x0b\x2a\x27\x50\xaa\x14\xee\x04\xe7\x0d\xb1\xf4\xe5\xaf\x71\x11\xc2" "\xa1\x17\xd2\x7d\x9c\xcb\xc0\x6b\xff\xb3\x1a\x0a\x41\xa8\x5d\xe9\xa1\xa2" "\x28\x49\x1b\xbf\x3c\x1d\x49\xd1\x4a\x76\x30\xb6\x46\xa7\x77\x15\xcf\x49" "\x51\x49\xf8\xaa\x89\x2f\x17\xeb\x21\xf9\x2e\x72\xfe\xbd\x04\x6d\xc5\x33" "\x4f\xcd\xf0\x48\xa2\x90\xd8\x55\xf5\xbd\xf3\x7f\x87\x3f\xe8\x37\xef\xe8" "\x58\xa9\x73\x15\xae\x6c\xb6\x7e\x60\x32\x72\xb3\x96\x5e\x35\x02\xe9\x59" "\xe3\xe5\x1c\xbb\x02\x7d\x9e\x98\x45\x0f\x14\x31\xb2\xd2\x80\x13\xac\x60" "\x96\x4d\x10\x6a\x20\x00\x05\x15\x9d\xa0\xa2\xc3\xa8\x8b\x2b\x90\xa5\xfe" "\xfd\xbb\x1f\x25\x31\x6e\x39\x61\x0e\x39\x55\xc4\x59\x4c\x32\xc3\xd5\x42" "\x1c\x6c\x51\xff\x9a\xe9\xae\x9d\x7c\x2f\xca\x19\x84\x78\xb9\x18\x9a\xc2" "\x6d\x59\x4c\x4c\xab\x18\x9c\x03\xca\x4e\xa7\x1e\x62\x09\x5b\xb7\xd5\xa2" "\xfc\x8d\x53\x40\x6e\xef\x54\x1a\x8e\xe0\xdd\xb9\x5b\x66\x11\xee\xda\x8c" "\x96\x2b\x38\xec\xce\xcd\xe0\x29\x93\x4c\x81\xde\x88\x95\x7a\xf5\x69\xcc" "\x83\x3d\x3a\xe3\x5f\xe2\xe2\x38\xf6\xe5\xea\xa8\x84\xfa\x98\x39\xdf\x65" "\xd1\xfa\x65\xfe\x8a\x1f\xf6\x56\xd2\x4e\x10\x62\x2c\x6d\xfe\x9e\x4c\x67" "\x87\x28\xcc\x36\x73\x0f\x1b\x4c\x11\x48\x43\x8d\x4e\x8e\x18\x90\x79\x39" "\x43\x15\x9b\x93\xf1\x09\x17\xca\xc4\xdc\x15\x90\x45\xa8\xdf\x64\x00\xd9" "\x5b\x80\x98\xbc\xbd\x6f\xc9\xac\xdc\x8c\xbb\x67\x32\xf7\xbf\xb8\x1a\x21" "\xa6\xc8\x59\xe9\x4d\x7a\x52\x48\x29\x4f\xa6\x4f\x9b\xc6\xd3\x1e\xcc\xbd" "\x5b\x19\x63\x60\x27\x06\xb1\x8b\x10\x9d\xfe\x77\x8e\x1a\x7d\x47\xba\x49" "\x40\x77\xc5\xb5\xd5\x24\xaa\xe9\x9b\x69\x71\xa3\xba\xdb\x58\x2d\x03\xc5" "\x8f\x19\xc2\xa3\xbe\x61\x29\x6b\x73\x22\xc5\x73\xa5\x1d\xd7\xd3\x9c\x5d" "\xfc\x99\xeb\xba\xe0\x6e\x61\xb8\xc6\xd6\xed\xf2\x39\x13\x2c\x67\xf2\xa8" "\xde\xd3\x49\xf5\x6f\x1d\xc3\xbf\xc1\x6b\xbf\x0e\x43\x1a\xaf\x1d\xf4\x62" "\xe6\x37\x8e\x66\x15\xf2\xfd\x0a\x63\x6f\x83\x74\x0a\x81\x6b\x10\xe4\xe0" "\x0c\xf5\xa8\xda\x6d\x9e\xfd\x4b\x8d\x78\xfb\x1c\x41\x56\xde\xad\xe7\x7f" "\x2d\x3a\x2d\xfc\xae\x22\xcc\xb8\x9d\xf6\xa4\x64\x0a\x77\x97\xa8\x8a\xe2" "\x42\x25\xc1\x2a\xd5\x08\xf1\x6f\xbf\x5f\xf9\x55\x99\x62\x86\x2a\x4b\xfb" "\xd0\x7d\xbe\x1f\xf6\x76\x82\xee\xe5\xde\xa7\xb4\x2f\x9a\xc7\x38\x44\x75" "\x29\x30\x0b\xc7\xdf\x86\xcd\xc9\x4a\xaa\xbf\xd1\x86\xbb\x8f\x2a\xbb\xae" "\xc9\x05\xb8\xac\xc2\x09\x0e\xe7\x42\xb5\x2e\x2d\x2a\xc4\x83\xab\x13\xd4" "\x0e\x64\x11\x6c\xbc\xe0\x6d\xf9\x80\xfb\xc2\x2e\x98\x01\x96\xa2\x7c\xf8" "\x48\xe3\xfa\x84\x5b\xa0\x10\x41\x16\x0d\x2f\x02\x58\x2c\x3a\x7c\xc1\xe0" "\xaa\xbf\xd4\xe7\xa4\xbe\xbb\x60\x85\x0a\x1d\xfa\x4b\xb1\x5a\xc6\xed\x23" "\xc9\xe0\xab\x5f\x01\x70\x12\x1b\xec\x61\xfd\x21\x60\xa0\x8e\x61\x98\x1a" "\x12\x7a\xb4\x3f\x2a\xdf\xc0\x17\xcc\x07\xd2\x3d\x0c\x9a\xec\xd5\x9b\x94" "\x4a\x4d\x97\xda\x90\xf3\x59\x04\x08\xa1\x81\x43\x6b\x17\xbc\x9e\xc7\x60" "\x02\xb3\x49\x1d\x92\x19\x2c\xde\x2c\x66\x25\x8b\x0a\x3d\xc0\x29\x5b\xcf" "\xf7\xcb\xfe\xd4\x91\x3c\x74\xf6\x5c\xab\xf6\xb0\x53\x18\xb7\xb7\x2f\x5e" "\x89\xab\xe0\x46\x6a\x00\x19\xab\x50\x32\x0d\x4d\xc8\x66\x5a\x27\x3c\x6d" "\x8d\x82\x79\x51\x04\xbc\x0c\x20\x71\x7e\x5f\x3a\xd9\x91\x69\x51\xc1\xff" "\xad\xec\x95\xca\xda\xcf\xbf\x57\xad\xf7\x48\x42\xf5\xa1\x20\x29\x9d\xc9" "\x16\xc4\x44\x51\x5e\x17\xee\x2e\x54\x24\x33\x94\xa1\x16\xc2\xeb\x61\x20" "\x14\xf9\x98\x4c\xad\x89\x38\x7b\xee\x3b\x06\x7f\xa1\x14\x0d\x7c\xe6\x72" "\x50\xe0\x79\xf4\x7e\xb2\xe6\x41\x8f\x29\x81\x1f\x4d\xbc\x5e\xd9\xfb\xfd" "\x19\x0f\xc8\x58\xe6\x96\x66\x1d\x6f\x1f\xd6\x1d\x41\xc5\x58\x62\xb1\x52" "\x79\xf4\xfe\xa1\xb1\x92\x4a\x44\x76\xe7\xef\xe9\xc8\x46\x6c\xd2\xe4\xf5" "\x84\x5f\x30\x3f\xc8\xe5\x2c\xe0\x9b\xa9\x7b\xf6\x72\x01\xfc\xbe\x2a\xc5" "\x9c\xb8\x36\x7c\x0d\xe5\x49\xd1\x2c\xb9\xff\xd1\x71\xa4\x22\x18\xe8\xce" "\xd6\x09\x70\xda\x28\xef\xed\x50\xff\x2a\xac\x66\x9a\x40\x37\xfc\x33\x80" "\x6a\xaf\xe4\xd7\x57\xc9\xd0\x6f\x87\x9f\x7b\xcd\xe1\x2e\xbd\xa5\x57\xaa" "\x45\x64\x41\x27\xda\x52\x42\xc2\xea\x18\xbc\x23\xc2\x27\x0c\xc5\x01\x0a" "\x18\x1a\xa9\x2c\x03\xf0\x6d\x2e\xe0\xff\xfd\xf8\x23\x81\xa5\x6e\x9e\xe8" "\x30\x0d\x5a\x07\x69\xfd\x4b\x20\x57\xf2\x3e\x17\xf5\x36\x27\x19\xce\x8d" "\xdb\xda\x47\x24\x14\x51\xe9\x25\xdc\x71\xd8\x54\xf7\x9d\x66\x8b\x09\x18" "\x88\x65\xd9\x01\xa5\x3e\xc4\xa9\xda\xe3\xf3\x0d\xdb\x5b\xd4\xc4\x4c\x4a" "\xc0\x22\xb7\x74\xc3\x82\xbd\x13\xe3\xec\xbe\xa0\xa0\x27\x16\x3e\x96\x8f" "\x47\x60\x88\xd8\x30\x03\x5f\xa2\x31\x9e\x4b\x49\x86\x19\xcc\x30\x7c\xd7" "\xdd\x5f\x2b\x77\x68\x1b\xc1\xb7\x0a\xa3\x8b\xd3\x1c\x13\x74\x49\xef\x7b" "\x1b\xe4\xbe\xde\x59\x74\x10\xc0\x09\xc5\xef\x77\xa8\xaf\x59\x7b\xb8\x0d" "\xfc\xc8\xb6\xb7\x06\x6c\xbd\xf0\x0d\xfd\xc5\xfa\x02\x19\x43\x03\xef\x2d" "\x6a\xa3\xc1\x38\x54\xf8\xf7\x4b\xf4\xd0\x6f\xc1\xe2\xc0\x66\x86\x65\x63" "\x49\x67\xe4\x6a\x3d\xd8\xf3\xf7\x7f\xf3\x18\xe0\x1e\xa5\x26\x7e\xc9\xdc" "\x44\xf8\x8e\xe6\x62\xf6\x4e\x93\xa0\xd8\xfb\xe7\x68\xc9\xd6\x2a\x51\xe4" "\x21\xf6\xb6\x19\xbe\x9e\x07\x52\xb3\x70\xfc\x13\xff\xba\xcb\xab\xac\xf3" "\xdd\xa0\x7a\xea\xab\xa7\x06\xf0\xcb\x66\x11\x04\x97\xc4\xb0\xdb\xb2\x18" "\x45\x67\xec\x5b\x72\x70\x29\x32\x7e\x7c\x3f\xac\xf9\x66\xe2\x96\x0e\xb1" "\x84\xbc\x6a\x9d\x24\xc6\x26\x4e\xa2\xc8\xf5\xce\x23\xc6\xd8\xce\xe1\xa7" "\xdf\xb0\x04\x1c\x6e\x57\x29\xca\x9d\xda\x81\xef\x0c\x51\x92\xa9\x75\x52" "\xf8\x8e\xa4\xa8\xe1\x1a\x62\x21\xeb\xd5\xfb\x77\x06\x23\xa1\x8e\x77\xf6" "\x7e\x63\x1d\x91\x06\x5a\x44\x11\x55\x81\x47\xa2\x44\xf5\xc0\x25\x79\x67" "\xde\x79\x29\xec\x88\xdd\x00\xcd\xbf\x7d\x3c\x3e\xbb\xb5\x6b\x9e\xfb\xa8" "\x7b\x0b\x85\xa4\x0c\x7f\x89\x84\x1c\x17\x59\x61\xfc\xd5\xf4\x67\x5f\x37" "\x31\x95\x82\x2e\x92\x38\xc4\x31\x82\x1c\xdf\x47\x11\x18\x55\x95\x64\x79" "\x06\xfb\x9b\x8c\x62\x1d\x18\x33\x06\x7a\x11\xca\xc4\x9c\x64\x3d\x79\x33" "\x4b\x77\x64\xa9\xbf\xff\xfa\xfb\x0e\xdd\x1a\xaa\xc6\xdc\xbf\x46\x6a\xa2" "\x1a\xde\x5c\xbf\xc7\xf5\xcd\xf6\x0f\xb9\x37\x56\xf1\x83\xbb\x7b\x0d\x13" "\x10\x9e\xde\x38\xa3\xeb\xe9\xde\xed\x01\x74\x66\x66\x69\xc1\x97\x99\xa5" "\x31\xb0\x1e\xd4\x21\x0f\x05\xb0\xb2\xad\x6d\x9c\xd6\x15\xf7\x31\x21\xbd" "\xc0\xb7\x01\x91\x15\x8c\x36\xff\x63\x5f\xb5\x65\xc2\x75\x07\xfe\x5c\x7c" "\x3d\xf7\x38\x53\x87\x6a\xd3\x73\xed\x72\xc2\xb0\x5b\x96\x63\xc8\x03\x78" "\xc0\xdf\xf9\xe0\x10\x67\x52\xe4\x72\x26\xf1\xa9\x41\xdb\x64\x2f\xe3\xef" "\x7c\x57\x82\xb0\x76\x6a\x6f\x96\x6b\x48\x66\x8a\x97\xcb\xd7\x93\xa1\x01" "\xbd\xcf\xf7\xde\xdb\xb0\x82\x08\x98\x60\xc6\xd0\x5b\xec\x9f\xf1\x28\xe9" "\x73\x45\xc2\x80\x2e\x1f\x75\xc2\x48\x1f\xc7\x42\x80\x40\xdc\x47\x4b\x7b" "\xe1\xba\xb9\x69\x7b\xda\xb4\xc8\x81\x50\xd6\x56\x8b\x5f\xbc\xee\x21\xc4" "\x15\xe7\x95\xbe\x79\x26\xe4\xab\x5e\xa5\x3b\x5d\x66\x6d\x4c\x16\xbd\xd5" "\x9b\x47\xc8\xd3\xfd\xc3\xbb\x01\xb5\xb1\x9d\xea\xa4\x35\x3b\x43\xfa\x09" "\xb8\x49\x5c\x0d\x06\x5b\x82\x8a\xd6\x2b\xbc\x8b\x35\x67\xac\xea\x1a\xfa" "\xd3\x29\x22\xe0\xde\x8e\x99\x3e\x79\xed\xf7\x53\xc4\xd2\xec\x7b\x10\x27" "\xc0\x37\x47\x2e\x64\x23\x49\x60\x26\x10\x3a\xa4\x6c\x61\x0b\x4f\xb5\xef" "\x4a\xc9\x45\x4b\x7c\xa8\x08\x4e\x0e\x99\x26\x8b\x90\x15\xb5\x1c\xfa\x24" "\x97\xcf\xcb\x1a\x41\x69\x0b\xbf\xfe\x5e\x28\xdc\x7c\x8f\x4b\x24\x47\x1a" "\x0c\xaa\x65\x3a\x75\x0d\x4b\xca\xbe\x5f\x2b\x6a\xba\x69\x64\x8c\xcd\xfd" "\x9e\xdf\xad\xce\xb5\xc7\x8b\x18\xa5\x7a\x02\x53\x8d\x1f\x08\x84\xae\x5c" "\xf7\x53\xc8\x32\xc8\xa7\x15\x6a\x2a\x3a\xfa\x53\xd5\x0c\x17\x3f\x00\xa1" "\xa1\xf6\x70\x3f\xd3\x11\xc0\x2f\x0d\x78\x63\x3c\x02\x35\xa1\xd0\xc1\xc7" "\x25\x32\x83\x1d\x30\x7d\x97\xde\x33\x46\xc1\xbd\x2c\x88\x80\x4d\xe5\x95" "\x31\xa8\x53\x71\x40\xf3\xf1\xda\x6a\x4d\xb4\x44\x53\xa3\x71\xd6\xd6\x4a" "\x98\x2e\xd9\x3f\xab\xd3\x84\xc6\xe3\x25\x9e\xfb\x38\x0c\xaa\x6c\x9c\x4e" "\xb8\x74\xae\x5f\x36\xf8\x16\x75\x41\x96\x5f\x8f\x01\x5a\x12\xf6\xfd\xe0" "\xb4\x48\x12\xb7\xaf\x8b\x8c\x9c\xed\xbd\x7a\x40\x4c\x1a\x0e\x6a\x89\xba" "\x6d\xe6\x9f\x39\x21\x4a\xc3\x09\x14\x4d\xab\x2b\x03\x96\x78\x48\xdd\x1d" "\x5d\x5c\x2b\xa4\x1e\x57\x85\x0d\x7f\x24\x19\x4d\x22\x3b\xee\x52\xf8\xb3" "\x44\x5e\x0c\x29\xab\x6a\x82\x23\x84\x5a\x64\xf3\x54\xd6\xcc\xee\xbf\x75" "\x59\x10\xf5\x80\xb5\x83\x6d\x1f\xd9\xb5\xfe\x22\xb9\xb6\xaf\xf2\x05\x17" "\xce\x3e\x73\x66\xe0\x9f\xac\x78\x7e\xfc\xb5\x6e\xd0\x57\x20\x13\x43\x48" "\x55\xbf\x55\x19\xeb\xaa\x61\x53\x82\x61\x54\x63\xd7\x2e\xd7\x17\x1b\xad" "\x42\x60\x4d\x13\x24\x77\x05\x3a\xaa\xb0\x08\x38\x93\x76\xe2\x1f\x13\x24" "\x8c\xc7\xf9\xac\xbc\xc7\x79\x7c\xa4\x4b\x5e\x10\x1c\x1c\x32\xea\xdf\xcf" "\x79\x7b\x52\x06\x0d\x00\x88\xb9\x2a\xd0\xe5\x37\x4e\x0a\xf1\xb4\x44\xba" "\x2a\xea\x7f\x8f\xf7\xe4\xa6\x39\x7a\x81\xc7\xa6\x1e\x94\xec\x21\x0a\xc2" "\xe0\xc7\x78\xd8\xdf\xf1\xba\x07\x93\x8f\x10\x55\x03\x81\x75\x2e\x19\x96" "\xda\x1c\x95\x95\x08\x09\xd6\x03\x69\xf9\xd9\xc7\xca\xf1\x3c\x8b\xf7\xf8" "\x40\xa9\xbe\x86\xa0\x9c\xef\x07\x6a\xe8\x8f\xe7\x9d\x5e\xdb\x31\xed\xbb" "\xd4\xee\x33\x2b\x9b\x9f\x09\x78\xd3\x7b\xa5\x24\x86\xdc\xe7\x83\x0b\x89" "\x60\x6c\x77\x20\x90\x79\x42\x46\x56\x64\x2f\x8f\xbe\x37\x0f\x44\xf9\xe9" "\x1a\x0c\xc3\x06\x47\x65\x0a\x7c\x36\x63\xfa\x3c\x37\x1f\x71\xc5\x16\xa6" "\x68\x52\xe0\xa6\x7c\xf2\xe7\x9f\x97\x61\x54\xca\x9f\xfa\x07\xdb\xa5\x6a" "\x2c\xac\x7c\xc6\xaf\xe2\x80\x36\xca\x3e\x11\xa6\x1e\x79\xda\xea\x94\x45" "\x15\xa3\x20\xb7\xb6\x31\xde\x1b\xf1\xb9\x35\x96\x8a\x9a\x69\x82\x8a\xac" "\xb5\xc0\x18\x84\xef\x11\x51\x85\xd4\xe8\xbc\x78\x06\x6e\xb7\x2d\x65\x27" "\x6f\xc6\xd2\x2b\xea\x12\xa4\x20\x12\x0e\x3d\x9c\x5c\x28\x8d\xfa\x0e\xb6" "\xa5\xb5\xec\xbb\x4d\x45\x66\xe9\x49\xf2\xb6\xbb\xd7\xc8\x70\xda\xa5\x46" "\x42\x5d\x84\xb3\xd8\x34\x50\x29\x28\x84\xcb\x59\x3a\xa9\xda\x61\x68\xae" "\x92\xe7\x1e\x88\x15\x79\x91\x9e\x15\x3e\xd5\x25\xf4\x7d\x06\x1a\x25\x33" "\x1d\x4f\x79\x28\x49\xa8\x6b\x73\x73\xf1\x5e\xc2\x9c\xd4\x50\x84\xce\x62" "\x2f\x55\x8d\x9f\x26\xa3\x42\x99\x5b\x1f\x94\x60\x8d\xae\x34\xb0\x50\x2a" "\xf5\xa5\xae\x80\x96\x98\xe9\x96\x29\xde\x87\x17\x55\xd0\x1b\x93\x24\x04" "\x33\x0d\x63\x6b\xe3\xb8\xda\x76\xa8\x06\x46\x6b\x89\x30\xdd\x0e\x9e\xae" "\x43\xae\xea\xe1\x67\x96\x67\x9e\xd5\xaa\x49\x95\x43\xca\x56\x0a\xf9\x18" "\x01\xa3\x67\x94\xb2\x38\xde\xbd\x02\xc2\x94\x3b\xf9\x61\x37\x12\xa9\x4f" "\x37\xea\xc3\x85\x59\x77\x4b\x9a\x09\x7b\x52\x0d\xad\x92\x6b\x11\x5e\x1d" "\x99\x9b\x6d\x4b\x78\x7e\xa1\xb4\xfe\x92\x0b\x34\xaf\x0d\x3f\x4e\x5a\x3e" "\xd4\xbb\xdf\x6d\x43\xdb\x56\xb1\x3d\x93\x2c\xc7\x1f\xc6\xee\x31\x31\x89" "\x75\x21\xe2\x02\x60\x9b\xf8\x02\x4b\xec\x85\x7a\x74\xa3\x7d\x29\xd3\x8b" "\xcc\x4d\xb5\xca\x0d\xc3\xb0\xf2\xa7\xc9\xcd\xb1\x05\x19\xd5\x31\x12\xd6" "\x85\xea\x35\xee\xea\xeb\x79\x0c\x4e\x93\x73\x0b\xc1\x82\xfb\x68\x51\x38" "\x64\x90\xd9\x29\x0f\x51\xae\xa2\x1b\x33\xd7\x09\x67\x0f\xcc\xcd\x49\x26" "\x5e\x12\x66\x1b\x12\x83\xd5\x91\xeb\xff\x1b\x2e\x9b\x9a\x97\xae\x0f\xbb" "\x01\x15\x27\x10\xe4\xd3\xf6\xe6\xd1\xb2\xb1\x58\x86\x2a\xe4\x4a\x96\xf2" "\xc4\x86\x86\xa0\xb0\xce\x8c\x21\xd6\x43\x8b\x8e\x9f\xa0\x22\xea\xe7\x75" "\xfb\xd3\x9c\xd9\x05\x95\xd8\xb9\x1a\x25\xb9\x6f\x43\x20\x27\x86\x5a\xf1" "\x78\xc9\xa6\x99\xf0\x0d\x90\xb3\xb5\x1b\x80\x08\xae\x01\x93\xa7\xd6\x28" "\x93\xad\xbd\x5d\xdd\x48\xa3\x31\xc2\xcb\x2a\xed\xc1\x71\x56\x09\xbf\xd5" "\xf2\x44\xe7\xbd\x2f\xb2\x88\x85\x2a\x54\xbf\xe0\x6d\x2a\x5c\xbb\xa3\x35" "\xfb\xb3\x1f\x95\x32\x77\xea\xb6\xba\x53\xeb\x1c\x58\x6e\x57\x8f\xf7\x40" "\x1b\x7f\x52\xa0\xe3\x9d\x4c\x24\x69\x87\x26\x01\x73\x93\xb6\x6b\x19\x0b" "\xae\x4d\x24\x04\x83\xfc\x33\x16\xdc\x7d\xe6\xec\x4d\xe0\x22\xe2\x38\xda" "\xee\x63\xb7\xa8\x36\x84\x92\xc9\xb8\x3d\x35\x49\x1c\x8d\x34\x97\xe7\x7e" "\xab\x74\xd0\xcb\x85\x11\x92\x1f\xd3\x07\x46\x45\xd5\x9f\x86\x38\xa9\xc4" "\x8f\xdd\x07\x03\xb0\xaf\x07\x45\xe3\x21\xb8\xbd\x70\x35\x04\xe5\xbf\x51" "\x23\xfa\x75\x1d\x4c\x8a\xb9\x8a\xe5\x81\xe8\xf3\xfd\xa0\xb7\x3d\x49\xaa" "\x4b\xd1\x6e\x2e\xcf\xeb\xd0\x2e\xcb\x88\x8c\xb0\x78\xec\xac\x88\xc7\x82" "\xfe\x27\x41\x4f\xcc\x9c\xb2\x9d\x1d\x3f\x13\x75\xac\xd1\xee\xb4\x1e\x87" "\xbf\x60\x40\xd5\xfd\xe4\x89\xeb\x41\xad\x13\x36\xda\x21\x1f\x58\x55\xce" "\x5c\x3b\x13\xd7\x95\xc4\x3c\x0c\xf7\x19\x1b\xe4\xfa\x31\x44\x8c\x5b\x70" "\x30\x4e\x5e\x45\xc5\x52\x94\xdd\x5e\x49\x93\xbf\x6b\xfc\xcc\xc8\xd3\x00" "\xbb\xab\x1a\xa1\x4d\x72\xf3\x2b\xb6\x6a\x15\x1d\xca\x12\xf0\xcc\x8a\xa8" "\x20\x68\xc6\xa8\xeb\x93\x82\xd2\xc6\xaa\x4c\xe7\xff\x48\x3c\x3b\x99\x9f" "\xb1\x2b\x49\x65\x36\x45\x7f\xcc\x86\xd9\x09\xf9\xb6\xee\x35\xfb\xc9\x83" "\x5f\xe5\xcf\x56\xd3\xb3\xf5\xbf\x26\x1e\x67\x0a\x7d\xe0\xc2\x07\xef\xee" "\x27\xe0\xd6\x44\x5e\xda\xb8\x38\x6d\x67\xb7\x8d\x8b\x5a\x0e\xd6\xff\x9a" "\x24\xf3\x82\x57\x54\x6b\x6f\x0c\x2c\x11\x24\x7b\x2b\x29\x9a\x38\xc1\x89" "\x79\xa0\x78\xc4\x0e\x00\x3d\x79\x4f\xe9\xd4\xb2\x56\x36\xec\x84\x21\xe7" "\xcf\xc5\x3b\xad\x36\x64\x07\x7f\x72\xc9\x31\x7c\x57\x7e\x2f\x99\x25\xe0" "\xaf\xf5\x5f\x99\x58\x5a\x10\x5e\x42\x72\x56\x41\x3f\x51\x58\xdd\x81\x7c" "\x63\x61\x06\x22\x8d\x81\x51\xfc\x97\xf8\xd9\x3f\xbf\xbd\xae\xdd\x0e\xfb" "\x19\x9f\x5b\x88\x64\x9b\xf5\xef\xb1\xbe\x60\xfc\x12\x01\xd2\x5a\xef\x0d" "\x23\xbf\x85\x4a\x13\xc7\xc9\x40\x3f\x2f\xc7\xf0\xca\xe0\xc3\x61\x9c\xfc" "\x78\xce\x79\x67\x2a\x0d\x86\x03\xfd\x5e\x1c\x54\x83\x98\x21\x0f\x0f\x0a" "\x44\xcf\xdb\xab\xcf\x86\xe2\x56\x47\x37\x74\x48\x51\x7f\x75\xd4\x5b\x54" "\xdd\x0a\x12\x4b\x81\x36\x4e\x2d\x62\x60\xaa\xa7\x6f\xf1\xd2\xd1\x17\xdf" "\x4c\xa9\x91\xa6\xab\x35\xcf\xe9\x0c\x8a\xda\xc6\x25\x16\x33\xf2\x22\xd4" "\x9f\x80\x8f\xf1\x1b\x78\x01\x72\xbd\x66\x1c\x5c\x9c\x11\x6e\x86\xe8\xed" "\x0a\x25\xc0\x87\x6f\xd5\xf4\xd5\xe6\xa2\xb7\x6e\x4f\x05\xcd\x53\xc8\x3b" "\x90\xa2\x3d\x7a\x0a\x89\xc5\x16\xd3\x1d\x46\x81\x10\xdf\xd3\x24\x7a\xb3" "\x14\x7f\xa1\xdc\xfc\x56\x4c\x0c\xdc\x4c\xe0\x44\x90\x4a\x3a\x48\xb7\xec" "\x1f\xa2\xcc\xe6\xbf\xad\x44\x16\xdc\xc5\x15\xec\xe6\x16\xbf\x13\xe7\xca" "\xea\x4a\x0f\xa3\xf4\x38\xa4\x7c\x2a\x9a\x35\xf2\x1f\xcf\x66\x75\xcc\x1f" "\xfc\x0b\x9d\x89\x18\x27\xc9\x8f\xd3\x5f\x0e\x69\x0a\x4c\xfc\xaa\x1f\x13" "\x36\x71\x04\x19\x7c\x86\x9a\xcc\xee\xc7\xca\x5b\x7e\x04\x8f\x63\x55\xdc" "\xd9\xb4\x92\x40\xdf\xed\x0e\xda\x61\x73\xdf\xd0\xd3\xc7\xa3\x77\x65\xe5" "\x62\xa1\xc5\xd1\xdd\x91\xd2\x81\x28\x2a\x86\x98\x3d\x0b\x70\xe2\xcd\x57" "\x6c\x81\x2d\xf6\xc7\xcc\x8f\xe8\x67\x50\x78\xe9\xf4\x56\xce\xd2\xe4\x74" "\x11\xa3\x41\x5b\xf0\x32\x25\x9a\x43\x8a", 4096)); NONFAILING(memcpy( (void*)0x20001bc8, "\x40\x4f\xf8\xb6\x6e\x99\xc9\x94\x29\x50\xc4\x9e\xcc\x27\x9a\x94\x91\xe2" "\xc0\x1a\xbf\xae\x45\xbf\x2b\x82\xa8\x93\x9f\xfc\xfa\x22\xfb\xb5\x29\xe3" "\xa8\xce\xb1\x41\x9e\x6d\xca\x7c\x69\xe8\xa5\x1b\x57\x07\xbe\x9d\x2a\x12" "\x99\x27\x66\xeb\x31\xd6\xab\xbf\xe1\x2d\xa3\x28\xf5\x99\x20\xcb\x13\x35" "\x79\x98\xaf\xe8\x03\x4b\x25\xf9\x01\x3e\xdc\x6c\x69\x06\x39\x61\x42\x12" "\xe7\xbc\xae\x4b\x93\xa6\x5c\x19\xee\xeb\xd1\x3a\x76\x85\x92\xdf\xa7\x1d" "\x01\x2c\x2a\x81\x20\x96\x6d\xde\xca\xea\xb6\xfa\xc7\x68\x3c\xd9\x66\xf5" "\x00\xad\x56\xf3\x26\xdb\x3a\xbf\xe5\x4c\x18\xce\xbe\xf5\x80\x51\x76\x65" "\xc6\x18\x30\x7c\xf6\x59\x67\x96\x70\x24\x19\x9d\xab\x27\xda\x77\xf4\x1d" "\x95\xd8\xee\x26\x39\x28\xc1\xde\x22\x2a\x04\x93\x95\x08", 176)); NONFAILING(memcpy( (void*)0x20000340, "\x78\x9c\xec\xdd\x31\x6b\x13\x61\x18\x00\xe0\xb7\x49\xda\x5e\x3b\xd8\xce" "\xe2\x70\xe0\xe2\x54\xd4\xd9\xc1\x20\x15\xc4\x40\xa1\x92\x41\x5d\x0c\x54" "\x41\x12\x11\x92\x25\xed\x62\xfe\x82\x8b\xf8\x1b\xfc\x49\x0e\xfe\x06\xe9" "\xd4\x2d\x12\xef\x6c\x5a\x93\xb6\x88\xb9\xbb\x6a\x9e\x07\x92\x7b\x73\x6f" "\xf2\xdd\x7b\xc7\xe5\xbe\x1b\xbe\x2f\x79\x75\xeb\x5d\xf7\xe0\xfd\xe0\xcd" "\xf8\xeb\xe7\x48\x92\x34\x1a\x91\x44\x9c\x44\x6c\x47\x2d\xea\x91\x59\x99" "\x3c\x25\xbf\xe2\xb5\x38\x6b\x54\x3f\xf7\x32\xd6\xf3\x65\x23\x00\x80\xeb" "\x6a\x7f\xbf\xd3\xbc\x28\x37\x2a\xb7\x14\x16\x62\xf6\xce\xab\xdf\x6f\xae" "\x46\xc4\xe6\xfa\x4c\xa6\xfd\xa5\xa4\xa2\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x58\xb0\xd9\xf1\xff\x31\x9a\x3b\xfe\x3f\x22\x6a\xf3\xc6\xff\x97\x5e" "\x31\x00\xf0\xb7\x2e\x1b\xff\xcf\xff\xa1\xdf\x6f\x76\x36\xf3\xfb\xb7\xf3" "\x8c\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x73\x32" "\x1e\x6f\x8d\x2f\x79\x54\x5d\x1f\x00\xb0\x78\xfa\x7f\x00\x58\x3e\xfa\x7f" "\x00\x58\x3e\x67\xfa\xff\x88\x2b\xfa\xff\x7a\x75\x65\x02\x00\x0b\xf4\xec" "\xf9\x8b\xa7\xcd\x56\x6b\x77\x3f\x4d\x93\x88\xe3\xd1\xb0\x3d\x6c\x67\xcb" "\x2c\xff\xf8\x49\x6b\xf7\x6e\xfa\xd3\x76\x44\xd4\xb2\xb5\xc7\xc3\x61\xbb" "\x7e\x9a\xbf\x97\xe5\xd3\x69\xab\x93\xfc\x6a\x6c\xe6\xf9\xfb\x73\xf3\x6b" "\x71\xe7\x76\x96\x9f\xe4\x1e\xed\xb5\x7e\xcb\xaf\xc7\x41\x39\x87\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2a\xb7\x93\x9e" "\xda\x9e\xae\x9d\xce\xef\xdf\xd9\xd9\xfb\xf4\xed\xed\xbc\x7c\x16\xe5\xbf" "\x0f\x50\x8b\x99\xf9\xfd\x8d\xb8\xd9\x28\x6d\x37\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x9f\x36\x38\x3c\xea\x76\x7a\xbd" "\xd7\xfd\xe2\x83\x87\x83\xc3\xa3\x95\x88\x28\x68\x13\x8d\x3c\xa8\x17\xb7" "\x89\x4e\xaf\xb8\x96\x27\x41\x12\x85\xb4\x3c\x39\xe8\x8b\xaf\xf9\x63\x16" "\x44\x7c\xff\xf0\xe7\x1f\x7f\xf0\x32\xe2\xca\x37\xaf\x74\x37\x62\x26\xb5" "\x51\xee\x49\x5b\x7c\x30\xde\xca\xbe\x89\xd7\xa5\x9e\x1b\xf9\xd9\x72\xd1" "\x15\x63\xad\xc4\xab\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x2c\x97\xe9\xec\xdf\xaa\x2b\x01\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x80\xea\x4c\xff\xff\xbf\xb8\xa0\xea\x7d\x04\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x96\xc3\x8f\x00\x00\x00\xff\xff\xd3" "\xa8\x84\xc7", 687)); NONFAILING(syz_mount_image( /*fs=*/0x20000240, /*dir=*/0x20000200, /*flags=MS_I_VERSION|MS_NODIRATIME|MS_NODEV|MS_DIRSYNC*/ 0x800884, /*opts=*/0x20000b80, /*chdir=*/5, /*size=*/0x2af, /*img=*/0x20000340)); // openat arguments: [ // fd: fd_dir (resource) // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: open_flags = 0x193042 (4 bytes) // mode: open_mode = 0x0 (2 bytes) // ] // returns fd NONFAILING(memcpy((void*)0x20000100, "./file1\000", 8)); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x20000100ul, /*flags=O_SYNC|O_DIRECT|O_CREAT|O_CLOEXEC|FASYNC|0x2*/ 0x193042, /*mode=*/0); if (res != -1) r[1] = res; // write$FUSE_INIT arguments: [ // fd: fd_fuse (resource) // arg: ptr[in, fuse_out_t[fuse_unique, fuse_init_out]] { // fuse_out_t[fuse_unique, fuse_init_out] { // len: len = 0x50 (4 bytes) // err: fuse_errors = 0x0 (4 bytes) // unique: fuse_unique (resource) // payload: fuse_init_out { // major: const = 0x7 (4 bytes) // minor: const = 0x2b (4 bytes) // max_readahead: int32 = 0x0 (4 bytes) // flags: fuse_init_flags = 0x0 (4 bytes) // max_background: int16 = 0x0 (2 bytes) // congestion_threshold: int16 = 0x0 (2 bytes) // max_write: int32 = 0x0 (4 bytes) // time_gran: int32 = 0x4 (4 bytes) // max_pages: const = 0x0 (2 bytes) // map_alignment: const = 0x0 (2 bytes) // flags2: fuse_init_flags2 = 0x0 (4 bytes) // max_stack_depth: int32 = 0x0 (4 bytes) // unused: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // 00 00 00 00 00 00 00 00} (length 0x18) // } // } // } // len: bytesize = 0x50 (8 bytes) // ] NONFAILING(*(uint32_t*)0x20000000 = 0x50); NONFAILING(*(uint32_t*)0x20000004 = 0); NONFAILING(*(uint64_t*)0x20000008 = 0); NONFAILING(*(uint32_t*)0x20000010 = 7); NONFAILING(*(uint32_t*)0x20000014 = 0x2b); NONFAILING(*(uint32_t*)0x20000018 = 0); NONFAILING(*(uint32_t*)0x2000001c = 0); NONFAILING(*(uint16_t*)0x20000020 = 0); NONFAILING(*(uint16_t*)0x20000022 = 0); NONFAILING(*(uint32_t*)0x20000024 = 0); NONFAILING(*(uint32_t*)0x20000028 = 4); NONFAILING(*(uint16_t*)0x2000002c = 0); NONFAILING(*(uint16_t*)0x2000002e = 0); NONFAILING(*(uint32_t*)0x20000030 = 0); NONFAILING(*(uint32_t*)0x20000034 = 0); NONFAILING(memset((void*)0x20000038, 0, 24)); syscall(__NR_write, /*fd=*/r[1], /*arg=*/0x20000000ul, /*len=*/0x50ul); return 0; }