// autogenerated by syzkaller (https://github.com/google/syzkaller)#define _

1. // autogenerated by syzkaller (https://github.com/google/syzkaller)
2.  
3. #define _GNU_SOURCE
4.  
5. #include <arpa/inet.h>
6. #include <endian.h>
7. #include <errno.h>
8. #include <fcntl.h>
9. #include <net/if.h>
10. #include <netinet/in.h>
11. #include <sched.h>
12. #include <setjmp.h>
13. #include <stdbool.h>
14. #include <stddef.h>
15. #include <stdint.h>
16. #include <stdio.h>
17. #include <stdlib.h>
18. #include <string.h>
19. #include <sys/ioctl.h>
20. #include <sys/mman.h>
21. #include <sys/mount.h>
22. #include <sys/socket.h>
23. #include <sys/stat.h>
24. #include <sys/syscall.h>
25. #include <sys/types.h>
26. #include <unistd.h>
27.  
28. #include <linux/genetlink.h>
29. #include <linux/icmp.h>
30. #include <linux/ipv6.h>
31. #include <linux/icmpv6.h>
32. #include <linux/if_addr.h>
33. #include <linux/if_link.h>
34. #include <linux/igmp.h>
35. #include <linux/in6.h>
36. #include <linux/ip.h>
37. #include <linux/loop.h>
38. #include <linux/neighbour.h>
39. #include <linux/net.h>
40. #include <linux/netlink.h>
41. #include <linux/rtnetlink.h>
42. #include <linux/sched.h>
43. #include <linux/sctp.h>
44. #include <linux/tcp.h>
45. #include <linux/udp.h>
46. #include <linux/veth.h>
47. static long syz_proconfig_set__sys_devices_pci0000_00_0000_00_01_1_ata2_host1_target1_0_0_1_0_0_0_block_sr0_queue_iosched_read_expire(volatile long val)
48. {
49. char command[256];
50. sprintf(command, "echo %ld > /sys/devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0/queue/iosched/read_expire", val);
51. int ret = system(command);
52. if (ret != 0) {
53. return 0;
54. }
55. return 0;
56. }
57. static long syz_proconfig_reset__sys_devices_virtual_block_loop4_queue_iostats_passthrough()
58. {
59. char command[256];
60. sprintf(command, "echo 0 > /sys/devices/virtual/block/loop4/queue/iostats_passthrough");
61. int ret = system(command);
62. if (ret != 0) {
63. return 0;
64. }
65. return 0;
66. }
67. static long syz_sysconfig_set__proc_sys_net_ipv4_ip_unprivileged_port_start(volatile long val)
68. {
69. char command[256];
70. sprintf(command, "echo %ld > /proc/sys/net/ipv4/ip_unprivileged_port_start", val);
71. int ret = system(command);
72. if (ret != 0) {
73. return 0;
74. }
75. return 0;
76. }
77. static long syz_proconfig_set__sys_devices_pci0000_00_0000_00_01_1_ata2_host1_target1_0_0_1_0_0_0_cdl_enable(volatile long val)
78. {
79. char command[256];
80. sprintf(command, "echo %ld > /sys/devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/cdl_enable", val);
81. int ret = system(command);
82. if (ret != 0) {
83. return 0;
84. }
85. return 0;
86. }
87.  
88. #ifndef __NR_close_range
89. #define __NR_close_range 436
90. #endif
91. #ifndef __NR_getrandom
92. #define __NR_getrandom 318
93. #endif
94. #ifndef __NR_io_uring_register
95. #define __NR_io_uring_register 427
96. #endif
97. #ifndef __NR_io_uring_setup
98. #define __NR_io_uring_setup 425
99. #endif
100. #ifndef __NR_memfd_create
101. #define __NR_memfd_create 319
102. #endif
103. #ifndef __NR_pidfd_open
104. #define __NR_pidfd_open 434
105. #endif
106. #ifndef __NR_preadv2
107. #define __NR_preadv2 327
108. #endif
109. #ifndef __NR_pwritev2
110. #define __NR_pwritev2 328
111. #endif
112. #ifndef __NR_quotactl_fd
113. #define __NR_quotactl_fd 443
114. #endif
115.  
116. static unsigned long long procid;
117.  
118. #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off))
119. #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \
120. *(type*)(addr) = \
121. htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \
122. (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len))))
123.  
124. struct csum_inet {
125. uint32_t acc;
126. };
127.  
128. static void csum_inet_init(struct csum_inet* csum)
129. {
130. csum->acc = 0;
131. }
132.  
133. static void csum_inet_update(struct csum_inet* csum, const uint8_t* data,
134. size_t length)
135. {
136. if (length == 0)
137. return;
138. size_t i = 0;
139. for (; i < length - 1; i += 2)
140. csum->acc += *(uint16_t*)&data[i];
141. if (length & 1)
142. csum->acc += le16toh((uint16_t)data[length - 1]);
143. while (csum->acc > 0xffff)
144. csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16);
145. }
146.  
147. static uint16_t csum_inet_digest(struct csum_inet* csum)
148. {
149. return ~csum->acc;
150. }
151.  
152. struct nlmsg {
153. char* pos;
154. int nesting;
155. struct nlattr* nested[8];
156. char buf[4096];
157. };
158.  
159. static void netlink_init(struct nlmsg* nlmsg, int typ, int flags,
160. const void* data, int size)
161. {
162. memset(nlmsg, 0, sizeof(*nlmsg));
163. struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf;
164. hdr->nlmsg_type = typ;
165. hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
166. memcpy(hdr + 1, data, size);
167. nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size);
168. }
169.  
170. static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data,
171. int size)
172. {
173. struct nlattr* attr = (struct nlattr*)nlmsg->pos;
174. attr->nla_len = sizeof(*attr) + size;
175. attr->nla_type = typ;
176. if (size > 0)
177. memcpy(attr + 1, data, size);
178. nlmsg->pos += NLMSG_ALIGN(attr->nla_len);
179. }
180.  
181. static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type,
182. int* reply_len, bool dofail)
183. {
184. if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting)
185. exit(1);
186. struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf;
187. hdr->nlmsg_len = nlmsg->pos - nlmsg->buf;
188. struct sockaddr_nl addr;
189. memset(&addr, 0, sizeof(addr));
190. addr.nl_family = AF_NETLINK;
191. ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0,
192. (struct sockaddr*)&addr, sizeof(addr));
193. if (n != (ssize_t)hdr->nlmsg_len) {
194. if (dofail)
195. exit(1);
196. return -1;
197. }
198. n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0);
199. if (reply_len)
200. *reply_len = 0;
201. if (n < 0) {
202. if (dofail)
203. exit(1);
204. return -1;
205. }
206. if (n < (ssize_t)sizeof(struct nlmsghdr)) {
207. errno = EINVAL;
208. if (dofail)
209. exit(1);
210. return -1;
211. }
212. if (hdr->nlmsg_type == NLMSG_DONE)
213. return 0;
214. if (reply_len && hdr->nlmsg_type == reply_type) {
215. *reply_len = n;
216. return 0;
217. }
218. if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) {
219. errno = EINVAL;
220. if (dofail)
221. exit(1);
222. return -1;
223. }
224. if (hdr->nlmsg_type != NLMSG_ERROR) {
225. errno = EINVAL;
226. if (dofail)
227. exit(1);
228. return -1;
229. }
230. errno = -((struct nlmsgerr*)(hdr + 1))->error;
231. return -errno;
232. }
233.  
234. static int netlink_query_family_id(struct nlmsg* nlmsg, int sock,
235. const char* family_name, bool dofail)
236. {
237. struct genlmsghdr genlhdr;
238. memset(&genlhdr, 0, sizeof(genlhdr));
239. genlhdr.cmd = CTRL_CMD_GETFAMILY;
240. netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr));
241. netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name,
242. strnlen(family_name, GENL_NAMSIZ - 1) + 1);
243. int n = 0;
244. int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail);
245. if (err < 0) {
246. return -1;
247. }
248. uint16_t id = 0;
249. struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN +
250. NLMSG_ALIGN(sizeof(genlhdr)));
251. for (; (char*)attr < nlmsg->buf + n;
252. attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) {
253. if (attr->nla_type == CTRL_ATTR_FAMILY_ID) {
254. id = *(uint16_t*)(attr + 1);
255. break;
256. }
257. }
258. if (!id) {
259. errno = EINVAL;
260. return -1;
261. }
262. recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0);
263. return id;
264. }
265.  
266. const int kInitNetNsFd = 201;
267.  
268. #define SIZEOF_IO_URING_SQE 64
269. #define SIZEOF_IO_URING_CQE 16
270. #define SQ_HEAD_OFFSET 0
271. #define SQ_TAIL_OFFSET 64
272. #define SQ_RING_MASK_OFFSET 256
273. #define SQ_RING_ENTRIES_OFFSET 264
274. #define SQ_FLAGS_OFFSET 276
275. #define SQ_DROPPED_OFFSET 272
276. #define CQ_HEAD_OFFSET 128
277. #define CQ_TAIL_OFFSET 192
278. #define CQ_RING_MASK_OFFSET 260
279. #define CQ_RING_ENTRIES_OFFSET 268
280. #define CQ_RING_OVERFLOW_OFFSET 284
281. #define CQ_FLAGS_OFFSET 280
282. #define CQ_CQES_OFFSET 320
283.  
284. struct io_sqring_offsets {
285. uint32_t head;
286. uint32_t tail;
287. uint32_t ring_mask;
288. uint32_t ring_entries;
289. uint32_t flags;
290. uint32_t dropped;
291. uint32_t array;
292. uint32_t resv1;
293. uint64_t resv2;
294. };
295.  
296. struct io_cqring_offsets {
297. uint32_t head;
298. uint32_t tail;
299. uint32_t ring_mask;
300. uint32_t ring_entries;
301. uint32_t overflow;
302. uint32_t cqes;
303. uint64_t resv[2];
304. };
305.  
306. struct io_uring_params {
307. uint32_t sq_entries;
308. uint32_t cq_entries;
309. uint32_t flags;
310. uint32_t sq_thread_cpu;
311. uint32_t sq_thread_idle;
312. uint32_t features;
313. uint32_t resv[4];
314. struct io_sqring_offsets sq_off;
315. struct io_cqring_offsets cq_off;
316. };
317.  
318. #define IORING_OFF_SQ_RING 0
319. #define IORING_OFF_SQES 0x10000000ULL
320. #define IORING_SETUP_SQE128 (1U << 10)
321. #define IORING_SETUP_CQE32 (1U << 11)
322.  
323. static long syz_io_uring_setup(volatile long a0, volatile long a1,
324. volatile long a2, volatile long a3)
325. {
326. uint32_t entries = (uint32_t)a0;
327. struct io_uring_params* setup_params = (struct io_uring_params*)a1;
328. void** ring_ptr_out = (void**)a2;
329. void** sqes_ptr_out = (void**)a3;
330. setup_params->flags &= ~(IORING_SETUP_CQE32 | IORING_SETUP_SQE128);
331. uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params);
332. uint32_t sq_ring_sz =
333. setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t);
334. uint32_t cq_ring_sz = setup_params->cq_off.cqes +
335. setup_params->cq_entries * SIZEOF_IO_URING_CQE;
336. uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz;
337. *ring_ptr_out =
338. mmap(0, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE,
339. fd_io_uring, IORING_OFF_SQ_RING);
340. uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE;
341. *sqes_ptr_out = mmap(0, sqes_sz, PROT_READ | PROT_WRITE,
342. MAP_SHARED | MAP_POPULATE, fd_io_uring, IORING_OFF_SQES);
343. uint32_t* array =
344. (uint32_t*)((uintptr_t)*ring_ptr_out + setup_params->sq_off.array);
345. for (uint32_t index = 0; index < entries; index++)
346. array[index] = index;
347. return fd_io_uring;
348. }
349.  
350. static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
351. {
352. if (a0 == 0xc || a0 == 0xb) {
353. char buf[128];
354. sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
355. (uint8_t)a2);
356. return open(buf, O_RDWR, 0);
357. } else {
358. char buf[1024];
359. char* hash;
360. strncpy(buf, (char*)a0, sizeof(buf) - 1);
361. buf[sizeof(buf) - 1] = 0;
362. while ((hash = strchr(buf, '#'))) {
363. *hash = '0' + (char)(a1 % 10);
364. a1 /= 10;
365. }
366. return open(buf, a2, 0);
367. }
368. }
369.  
370. static long syz_open_procfs(volatile long a0, volatile long a1)
371. {
372. char buf[128];
373. memset(buf, 0, sizeof(buf));
374. if (a0 == 0) {
375. snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1);
376. } else if (a0 == -1) {
377. snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1);
378. } else {
379. snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1);
380. }
381. int fd = open(buf, O_RDWR);
382. if (fd == -1)
383. fd = open(buf, O_RDONLY);
384. return fd;
385. }
386.  
387. static long syz_init_net_socket(volatile long domain, volatile long type,
388. volatile long proto)
389. {
390. return syscall(__NR_socket, domain, type, proto);
391. }
392.  
393. static long syz_socket_connect_nvme_tcp()
394. {
395. return syscall(__NR_socket, -1, 0, 0);
396. }
397.  
398. static long syz_genetlink_get_family_id(volatile long name,
399. volatile long sock_arg)
400. {
401. int fd = sock_arg;
402. if (fd < 0) {
403. fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
404. if (fd == -1) {
405. return -1;
406. }
407. }
408. struct nlmsg nlmsg_tmp;
409. int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, false);
410. if ((int)sock_arg < 0)
411. close(fd);
412. if (ret < 0) {
413. return -1;
414. }
415. return ret;
416. }
417.  
418. //% This code is derived from puff.{c,h}, found in the zlib development. The
419. //% original files come with the following copyright notice:
420.  
421. //% Copyright (C) 2002-2013 Mark Adler, all rights reserved
422. //% version 2.3, 21 Jan 2013
423. //% This software is provided 'as-is', without any express or implied
424. //% warranty. In no event will the author be held liable for any damages
425. //% arising from the use of this software.
426. //% Permission is granted to anyone to use this software for any purpose,
427. //% including commercial applications, and to alter it and redistribute it
428. //% freely, subject to the following restrictions:
429. //% 1. The origin of this software must not be misrepresented; you must not
430. //% claim that you wrote the original software. If you use this software
431. //% in a product, an acknowledgment in the product documentation would be
432. //% appreciated but is not required.
433. //% 2. Altered source versions must be plainly marked as such, and must not be
434. //% misrepresented as being the original software.
435. //% 3. This notice may not be removed or altered from any source distribution.
436. //% Mark Adler [email protected]
437.  
438. //% BEGIN CODE DERIVED FROM puff.{c,h}
439.  
440. #define MAXBITS 15
441. #define MAXLCODES 286
442. #define MAXDCODES 30
443. #define MAXCODES (MAXLCODES + MAXDCODES)
444. #define FIXLCODES 288
445.  
446. struct puff_state {
447. unsigned char* out;
448. unsigned long outlen;
449. unsigned long outcnt;
450. const unsigned char* in;
451. unsigned long inlen;
452. unsigned long incnt;
453. int bitbuf;
454. int bitcnt;
455. jmp_buf env;
456. };
457. static int puff_bits(struct puff_state* s, int need)
458. {
459. long val = s->bitbuf;
460. while (s->bitcnt < need) {
461. if (s->incnt == s->inlen)
462. longjmp(s->env, 1);
463. val |= (long)(s->in[s->incnt++]) << s->bitcnt;
464. s->bitcnt += 8;
465. }
466. s->bitbuf = (int)(val >> need);
467. s->bitcnt -= need;
468. return (int)(val & ((1L << need) - 1));
469. }
470. static int puff_stored(struct puff_state* s)
471. {
472. s->bitbuf = 0;
473. s->bitcnt = 0;
474. if (s->incnt + 4 > s->inlen)
475. return 2;
476. unsigned len = s->in[s->incnt++];
477. len |= s->in[s->incnt++] << 8;
478. if (s->in[s->incnt++] != (~len & 0xff) ||
479. s->in[s->incnt++] != ((~len >> 8) & 0xff))
480. return -2;
481. if (s->incnt + len > s->inlen)
482. return 2;
483. if (s->outcnt + len > s->outlen)
484. return 1;
485. for (; len--; s->outcnt++, s->incnt++) {
486. if (s->in[s->incnt])
487. s->out[s->outcnt] = s->in[s->incnt];
488. }
489. return 0;
490. }
491. struct puff_huffman {
492. short* count;
493. short* symbol;
494. };
495. static int puff_decode(struct puff_state* s, const struct puff_huffman* h)
496. {
497. int first = 0;
498. int index = 0;
499. int bitbuf = s->bitbuf;
500. int left = s->bitcnt;
501. int code = first = index = 0;
502. int len = 1;
503. short* next = h->count + 1;
504. while (1) {
505. while (left--) {
506. code |= bitbuf & 1;
507. bitbuf >>= 1;
508. int count = *next++;
509. if (code - count < first) {
510. s->bitbuf = bitbuf;
511. s->bitcnt = (s->bitcnt - len) & 7;
512. return h->symbol[index + (code - first)];
513. }
514. index += count;
515. first += count;
516. first <<= 1;
517. code <<= 1;
518. len++;
519. }
520. left = (MAXBITS + 1) - len;
521. if (left == 0)
522. break;
523. if (s->incnt == s->inlen)
524. longjmp(s->env, 1);
525. bitbuf = s->in[s->incnt++];
526. if (left > 8)
527. left = 8;
528. }
529. return -10;
530. }
531. static int puff_construct(struct puff_huffman* h, const short* length, int n)
532. {
533. int len;
534. for (len = 0; len <= MAXBITS; len++)
535. h->count[len] = 0;
536. int symbol;
537. for (symbol = 0; symbol < n; symbol++)
538. (h->count[length[symbol]])++;
539. if (h->count[0] == n)
540. return 0;
541. int left = 1;
542. for (len = 1; len <= MAXBITS; len++) {
543. left <<= 1;
544. left -= h->count[len];
545. if (left < 0)
546. return left;
547. }
548. short offs[MAXBITS + 1];
549. offs[1] = 0;
550. for (len = 1; len < MAXBITS; len++)
551. offs[len + 1] = offs[len] + h->count[len];
552. for (symbol = 0; symbol < n; symbol++)
553. if (length[symbol] != 0)
554. h->symbol[offs[length[symbol]]++] = symbol;
555. return left;
556. }
557. static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode,
558. const struct puff_huffman* distcode)
559. {
560. static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13,
561. 15, 17, 19, 23, 27, 31, 35, 43, 51, 59,
562. 67, 83, 99, 115, 131, 163, 195, 227, 258};
563. static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2,
564. 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0};
565. static const short dists[30] = {
566. 1, 2, 3, 4, 5, 7, 9, 13, 17, 25,
567. 33, 49, 65, 97, 129, 193, 257, 385, 513, 769,
568. 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577};
569. static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3,
570. 4, 4, 5, 5, 6, 6, 7, 7, 8, 8,
571. 9, 9, 10, 10, 11, 11, 12, 12, 13, 13};
572. int symbol;
573. do {
574. symbol = puff_decode(s, lencode);
575. if (symbol < 0)
576. return symbol;
577. if (symbol < 256) {
578. if (s->outcnt == s->outlen)
579. return 1;
580. if (symbol)
581. s->out[s->outcnt] = symbol;
582. s->outcnt++;
583. } else if (symbol > 256) {
584. symbol -= 257;
585. if (symbol >= 29)
586. return -10;
587. int len = lens[symbol] + puff_bits(s, lext[symbol]);
588. symbol = puff_decode(s, distcode);
589. if (symbol < 0)
590. return symbol;
591. unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]);
592. if (dist > s->outcnt)
593. return -11;
594. if (s->outcnt + len > s->outlen)
595. return 1;
596. while (len--) {
597. if (dist <= s->outcnt && s->out[s->outcnt - dist])
598. s->out[s->outcnt] = s->out[s->outcnt - dist];
599. s->outcnt++;
600. }
601. }
602. } while (symbol != 256);
603. return 0;
604. }
605. static int puff_fixed(struct puff_state* s)
606. {
607. static int virgin = 1;
608. static short lencnt[MAXBITS + 1], lensym[FIXLCODES];
609. static short distcnt[MAXBITS + 1], distsym[MAXDCODES];
610. static struct puff_huffman lencode, distcode;
611. if (virgin) {
612. lencode.count = lencnt;
613. lencode.symbol = lensym;
614. distcode.count = distcnt;
615. distcode.symbol = distsym;
616. short lengths[FIXLCODES];
617. int symbol;
618. for (symbol = 0; symbol < 144; symbol++)
619. lengths[symbol] = 8;
620. for (; symbol < 256; symbol++)
621. lengths[symbol] = 9;
622. for (; symbol < 280; symbol++)
623. lengths[symbol] = 7;
624. for (; symbol < FIXLCODES; symbol++)
625. lengths[symbol] = 8;
626. puff_construct(&lencode, lengths, FIXLCODES);
627. for (symbol = 0; symbol < MAXDCODES; symbol++)
628. lengths[symbol] = 5;
629. puff_construct(&distcode, lengths, MAXDCODES);
630. virgin = 0;
631. }
632. return puff_codes(s, &lencode, &distcode);
633. }
634. static int puff_dynamic(struct puff_state* s)
635. {
636. static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5,
637. 11, 4, 12, 3, 13, 2, 14, 1, 15};
638. int nlen = puff_bits(s, 5) + 257;
639. int ndist = puff_bits(s, 5) + 1;
640. int ncode = puff_bits(s, 4) + 4;
641. if (nlen > MAXLCODES || ndist > MAXDCODES)
642. return -3;
643. short lengths[MAXCODES];
644. int index;
645. for (index = 0; index < ncode; index++)
646. lengths[order[index]] = puff_bits(s, 3);
647. for (; index < 19; index++)
648. lengths[order[index]] = 0;
649. short lencnt[MAXBITS + 1], lensym[MAXLCODES];
650. struct puff_huffman lencode = {lencnt, lensym};
651. int err = puff_construct(&lencode, lengths, 19);
652. if (err != 0)
653. return -4;
654. index = 0;
655. while (index < nlen + ndist) {
656. int symbol;
657. int len;
658. symbol = puff_decode(s, &lencode);
659. if (symbol < 0)
660. return symbol;
661. if (symbol < 16)
662. lengths[index++] = symbol;
663. else {
664. len = 0;
665. if (symbol == 16) {
666. if (index == 0)
667. return -5;
668. len = lengths[index - 1];
669. symbol = 3 + puff_bits(s, 2);
670. } else if (symbol == 17)
671. symbol = 3 + puff_bits(s, 3);
672. else
673. symbol = 11 + puff_bits(s, 7);
674. if (index + symbol > nlen + ndist)
675. return -6;
676. while (symbol--)
677. lengths[index++] = len;
678. }
679. }
680. if (lengths[256] == 0)
681. return -9;
682. err = puff_construct(&lencode, lengths, nlen);
683. if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1]))
684. return -7;
685. short distcnt[MAXBITS + 1], distsym[MAXDCODES];
686. struct puff_huffman distcode = {distcnt, distsym};
687. err = puff_construct(&distcode, lengths + nlen, ndist);
688. if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1]))
689. return -8;
690. return puff_codes(s, &lencode, &distcode);
691. }
692. static int puff(unsigned char* dest, unsigned long* destlen,
693. const unsigned char* source, unsigned long sourcelen)
694. {
695. struct puff_state s = {
696. .out = dest,
697. .outlen = *destlen,
698. .outcnt = 0,
699. .in = source,
700. .inlen = sourcelen,
701. .incnt = 0,
702. .bitbuf = 0,
703. .bitcnt = 0,
704. };
705. int err;
706. if (setjmp(s.env) != 0)
707. err = 2;
708. else {
709. int last;
710. do {
711. last = puff_bits(&s, 1);
712. int type = puff_bits(&s, 2);
713. err = type == 0 ? puff_stored(&s)
714. : (type == 1 ? puff_fixed(&s)
715. : (type == 2 ? puff_dynamic(&s) : -1));
716. if (err != 0)
717. break;
718. } while (!last);
719. }
720. *destlen = s.outcnt;
721. return err;
722. }
723.  
724. //% END CODE DERIVED FROM puff.{c,h}
725.  
726. #define ZLIB_HEADER_WIDTH 2
727.  
728. static int puff_zlib_to_file(const unsigned char* source,
729. unsigned long sourcelen, int dest_fd)
730. {
731. if (sourcelen < ZLIB_HEADER_WIDTH)
732. return 0;
733. source += ZLIB_HEADER_WIDTH;
734. sourcelen -= ZLIB_HEADER_WIDTH;
735. const unsigned long max_destlen = 132 << 20;
736. void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ,
737. MAP_PRIVATE | MAP_ANON, -1, 0);
738. if (ret == MAP_FAILED)
739. return -1;
740. unsigned char* dest = (unsigned char*)ret;
741. unsigned long destlen = max_destlen;
742. int err = puff(dest, &destlen, source, sourcelen);
743. if (err) {
744. munmap(dest, max_destlen);
745. errno = -err;
746. return -1;
747. }
748. if (write(dest_fd, dest, destlen) != (ssize_t)destlen) {
749. munmap(dest, max_destlen);
750. return -1;
751. }
752. return munmap(dest, max_destlen);
753. }
754.  
755. static int setup_loop_device(unsigned char* data, unsigned long size,
756. const char* loopname, int* loopfd_p)
757. {
758. int err = 0, loopfd = -1;
759. int memfd = syscall(__NR_memfd_create, "syzkaller", 0);
760. if (memfd == -1) {
761. err = errno;
762. goto error;
763. }
764. if (puff_zlib_to_file(data, size, memfd)) {
765. err = errno;
766. goto error_close_memfd;
767. }
768. loopfd = open(loopname, O_RDWR);
769. if (loopfd == -1) {
770. err = errno;
771. goto error_close_memfd;
772. }
773. if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
774. if (errno != EBUSY) {
775. err = errno;
776. goto error_close_loop;
777. }
778. ioctl(loopfd, LOOP_CLR_FD, 0);
779. usleep(1000);
780. if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
781. err = errno;
782. goto error_close_loop;
783. }
784. }
785. close(memfd);
786. *loopfd_p = loopfd;
787. return 0;
788.  
789. error_close_loop:
790. close(loopfd);
791. error_close_memfd:
792. close(memfd);
793. error:
794. errno = err;
795. return -1;
796. }
797.  
798. static void reset_loop_device(const char* loopname)
799. {
800. int loopfd = open(loopname, O_RDWR);
801. if (loopfd == -1) {
802. return;
803. }
804. if (ioctl(loopfd, LOOP_CLR_FD, 0)) {
805. }
806. close(loopfd);
807. }
808.  
809. static long syz_read_part_table(volatile unsigned long size,
810. volatile long image)
811. {
812. unsigned char* data = (unsigned char*)image;
813. int err = 0, res = -1, loopfd = -1;
814. char loopname[64];
815. snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
816. if (setup_loop_device(data, size, loopname, &loopfd) == -1)
817. return -1;
818. struct loop_info64 info;
819. if (ioctl(loopfd, LOOP_GET_STATUS64, &info)) {
820. err = errno;
821. goto error_clear_loop;
822. }
823. info.lo_flags |= LO_FLAGS_PARTSCAN;
824. if (ioctl(loopfd, LOOP_SET_STATUS64, &info)) {
825. err = errno;
826. goto error_clear_loop;
827. }
828. res = 0;
829. for (unsigned long i = 1, j = 0; i < 8; i++) {
830. snprintf(loopname, sizeof(loopname), "/dev/loop%llup%d", procid, (int)i);
831. struct stat statbuf;
832. if (stat(loopname, &statbuf) == 0) {
833. char linkname[64];
834. snprintf(linkname, sizeof(linkname), "./file%d", (int)j++);
835. if (symlink(loopname, linkname)) {
836. }
837. }
838. }
839. error_clear_loop:
840. if (res)
841. ioctl(loopfd, LOOP_CLR_FD, 0);
842. close(loopfd);
843. errno = err;
844. return res;
845. }
846.  
847. static long syz_mount_image(volatile long fsarg, volatile long dir,
848. volatile long flags, volatile long optsarg,
849. volatile long change_dir,
850. volatile unsigned long size, volatile long image)
851. {
852. unsigned char* data = (unsigned char*)image;
853. int res = -1, err = 0, need_loop_device = !!size;
854. char* mount_opts = (char*)optsarg;
855. char* target = (char*)dir;
856. char* fs = (char*)fsarg;
857. char* source = NULL;
858. char loopname[64];
859. if (need_loop_device) {
860. int loopfd;
861. memset(loopname, 0, sizeof(loopname));
862. snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
863. if (setup_loop_device(data, size, loopname, &loopfd) == -1)
864. return -1;
865. close(loopfd);
866. source = loopname;
867. }
868. mkdir(target, 0777);
869. char opts[256];
870. memset(opts, 0, sizeof(opts));
871. if (strlen(mount_opts) > (sizeof(opts) - 32)) {
872. }
873. strncpy(opts, mount_opts, sizeof(opts) - 32);
874. if (strcmp(fs, "iso9660") == 0) {
875. flags |= MS_RDONLY;
876. } else if (strncmp(fs, "ext", 3) == 0) {
877. bool has_remount_ro = false;
878. char* remount_ro_start = strstr(opts, "errors=remount-ro");
879. if (remount_ro_start != NULL) {
880. char after = *(remount_ro_start + strlen("errors=remount-ro"));
881. char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1);
882. has_remount_ro = ((before == '\0' || before == ',') &&
883. (after == '\0' || after == ','));
884. }
885. if (strstr(opts, "errors=panic") || !has_remount_ro)
886. strcat(opts, ",errors=continue");
887. } else if (strcmp(fs, "xfs") == 0) {
888. strcat(opts, ",nouuid");
889. }
890. res = mount(source, target, fs, flags, opts);
891. if (res == -1) {
892. err = errno;
893. goto error_clear_loop;
894. }
895. res = open(target, O_RDONLY | O_DIRECTORY);
896. if (res == -1) {
897. err = errno;
898. goto error_clear_loop;
899. }
900. if (change_dir) {
901. res = chdir(target);
902. if (res == -1) {
903. err = errno;
904. }
905. }
906.  
907. error_clear_loop:
908. if (need_loop_device)
909. reset_loop_device(loopname);
910. errno = err;
911. return res;
912. }
913.  
914. #define USLEEP_FORKED_CHILD (3 * 50 * 1000)
915.  
916. static long handle_clone_ret(long ret)
917. {
918. if (ret != 0) {
919. return ret;
920. }
921. usleep(USLEEP_FORKED_CHILD);
922. syscall(__NR_exit, 0);
923. while (1) {
924. }
925. }
926.  
927. static long syz_clone(volatile long flags, volatile long stack,
928. volatile long stack_len, volatile long ptid,
929. volatile long ctid, volatile long tls)
930. {
931. long sp = (stack + stack_len) & ~15;
932. long ret = (long)syscall(__NR_clone, flags & ~CLONE_VM, sp, ptid, ctid, tls);
933. return handle_clone_ret(ret);
934. }
935.  
936. static long syz_pidfd_open(volatile long pid, volatile long flags)
937. {
938. if (pid == 1) {
939. pid = 0;
940. }
941. return syscall(__NR_pidfd_open, pid, flags);
942. }
943.  
944. #define IPPROTO_L2TP 115
945. #define IPPROTO_GGP 3
946. #define IPPROTO_ST 5
947. #define IPPROTO_CBT 7
948. #define IPPROTO_OSPF 89
949. #define IPPROTO_VRRP 112
950. size_t get_proto_hdr_len(int protocol)
951. {
952. switch (protocol) {
953. case IPPROTO_IP:
954. return 0;
955. case IPPROTO_ICMP:
956. return sizeof(struct icmphdr);
957. case IPPROTO_ICMPV6:
958. return sizeof(struct icmp6hdr);
959. case IPPROTO_IGMP:
960. return sizeof(struct igmphdr);
961. case IPPROTO_IPIP:
962. return 4;
963. case IPPROTO_TCP:
964. return sizeof(struct tcphdr);
965. case IPPROTO_EGP:
966. return 12;
967. case IPPROTO_PUP:
968. return 4;
969. case IPPROTO_UDP:
970. return sizeof(struct udphdr);
971. case IPPROTO_IDP:
972. return 10;
973. case IPPROTO_TP:
974. return 4;
975. case IPPROTO_DCCP:
976. return 12;
977. case IPPROTO_IPV6:
978. return 40;
979. case IPPROTO_ROUTING:
980. return 8;
981. case IPPROTO_FRAGMENT:
982. return 8;
983. case IPPROTO_RSVP:
984. return 8;
985. case IPPROTO_GRE:
986. return 4;
987. case IPPROTO_ESP:
988. return 8;
989. case IPPROTO_AH:
990. return 12;
991. case IPPROTO_MTP:
992. return 4;
993. case IPPROTO_BEETPH:
994. return 4;
995. case IPPROTO_ENCAP:
996. return 4;
997. case IPPROTO_PIM:
998. return 4;
999. case IPPROTO_COMP:
1000. return 4;
1001. case IPPROTO_SCTP:
1002. return 12;
1003. case IPPROTO_UDPLITE:
1004. return 8;
1005. case IPPROTO_MPLS:
1006. return 4;
1007. case IPPROTO_RAW:
1008. return 0;
1009. case IPPROTO_L2TP:
1010. return 6;
1011. case IPPROTO_NONE:
1012. return 0;
1013. case IPPROTO_DSTOPTS:
1014. return 8;
1015. case IPPROTO_MH:
1016. return 8;
1017. case IPPROTO_GGP:
1018. return 8;
1019. case IPPROTO_ST:
1020. return 4;
1021. case IPPROTO_CBT:
1022. return 8;
1023. case IPPROTO_OSPF:
1024. return 24;
1025. case IPPROTO_VRRP:
1026. return 8;
1027. default:
1028. return 4;
1029. }
1030. }
1031. static long syz_emit_proto(volatile long proto, volatile long a0,
1032. volatile long a1, volatile long a2, volatile long a3)
1033. {
1034. if (!a0 || !a2)
1035. return -EINVAL;
1036. struct sockaddr* addr = (struct sockaddr*)a0;
1037. int addr_len = (int)a1;
1038. char* packet = (char*)a2;
1039. int ttl = (int)a3;
1040. int is_ipv6 = (addr->sa_family == AF_INET6);
1041. int domain = addr->sa_family;
1042. int protocol = (int)proto;
1043. if (!is_ipv6) {
1044. if (addr_len != sizeof(struct sockaddr_in)) {
1045. return -EINVAL;
1046. }
1047. } else {
1048. if (addr_len != sizeof(struct sockaddr_in6)) {
1049. return -EINVAL;
1050. }
1051. }
1052. int sock_type = (protocol == IPPROTO_TCP)
1053. ? SOCK_STREAM
1054. : (rand() % 2 ? SOCK_RAW : SOCK_DGRAM);
1055. int fd = socket(domain, sock_type, protocol);
1056. if (fd < 0)
1057. return fd;
1058. struct timeval tv = {.tv_sec = 0, .tv_usec = 1000};
1059. setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO_NEW, &tv, sizeof(tv));
1060. if (ttl > 0) {
1061. if (!is_ipv6) {
1062. if (setsockopt(fd, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)) < 0) {
1063. close(fd);
1064. return -errno;
1065. }
1066. } else {
1067. if (setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)) <
1068. 0) {
1069. close(fd);
1070. return -errno;
1071. }
1072. }
1073. }
1074. if (sock_type == SOCK_STREAM) {
1075. if (connect(fd, addr, addr_len) < 0) {
1076. close(fd);
1077. return -errno;
1078. }
1079. }
1080. size_t ip_hdr_len;
1081. size_t proto_len;
1082. void* hdr;
1083. char* payload;
1084. size_t plen;
1085. if (!is_ipv6) {
1086. struct iphdr* ip = (struct iphdr*)packet;
1087. ip_hdr_len = ip->ihl * 4;
1088. if (ip_hdr_len < sizeof(struct iphdr) || ip->protocol != protocol) {
1089. close(fd);
1090. return -EINVAL;
1091. }
1092. proto_len = ntohs(ip->tot_len) - ip_hdr_len;
1093. size_t hdr_len = get_proto_hdr_len(protocol);
1094. if (proto_len < hdr_len) {
1095. close(fd);
1096. return -EINVAL;
1097. }
1098. hdr = packet + ip_hdr_len;
1099. plen = proto_len - hdr_len;
1100. payload = (char*)hdr + hdr_len;
1101. } else {
1102. struct ipv6hdr* ip6 = (struct ipv6hdr*)packet;
1103. ip_hdr_len = sizeof(struct ipv6hdr);
1104. if (ip6->nexthdr != protocol) {
1105. close(fd);
1106. return -EINVAL;
1107. }
1108. proto_len = ntohs(ip6->payload_len);
1109. size_t hdr_len = get_proto_hdr_len(protocol);
1110. if (proto_len < hdr_len) {
1111. close(fd);
1112. return -EINVAL;
1113. }
1114. hdr = packet + ip_hdr_len;
1115. plen = proto_len - hdr_len;
1116. payload = (char*)hdr + hdr_len;
1117. }
1118. char final_pkt[4096] = {0};
1119. size_t total_len = 0;
1120. if (sock_type == SOCK_RAW) {
1121. total_len = ip_hdr_len + proto_len;
1122. memcpy(final_pkt, packet, total_len);
1123. } else {
1124. total_len = plen;
1125. memcpy(final_pkt, payload, plen);
1126. }
1127. struct iovec iov = {.iov_base = final_pkt, .iov_len = total_len};
1128. struct msghdr msg = {.msg_name = (sock_type == SOCK_STREAM) ? NULL : addr,
1129. .msg_namelen =
1130. (sock_type == SOCK_STREAM) ? 0 : (socklen_t)addr_len,
1131. .msg_iov = &iov,
1132. .msg_iovlen = 1};
1133. long ret = sendmsg(fd, &msg, MSG_DONTWAIT);
1134. close(fd);
1135. return ret;
1136. }
1137.  
1138. static long syz_receive_proto(volatile long proto, volatile long a0,
1139. volatile long a1, volatile long a2)
1140. {
1141. if (!a0 || !a2)
1142. return -EINVAL;
1143. int fd = (int)a0;
1144. char* buffer = (char*)a1;
1145. size_t buf_len = (size_t)a2;
1146. int sock_type;
1147. socklen_t len = sizeof(sock_type);
1148. if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &sock_type, &len) < 0) {
1149. return -errno;
1150. }
1151. if (sock_type != SOCK_RAW && sock_type != SOCK_DGRAM) {
1152. return -EINVAL;
1153. }
1154. struct timeval tv = {.tv_sec = 0, .tv_usec = 1000};
1155. setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO_NEW, &tv, sizeof(tv));
1156. struct sockaddr_storage src_addr;
1157. socklen_t addr_len = sizeof(src_addr);
1158. long ret = recvfrom(fd, buffer, buf_len, MSG_DONTWAIT,
1159. (struct sockaddr*)&src_addr, &addr_len);
1160. if (ret < 0) {
1161. return ret;
1162. }
1163. if (src_addr.ss_family == AF_INET) {
1164. struct iphdr* ip = (struct iphdr*)buffer;
1165. if (ip->protocol == proto) {
1166. }
1167. } else if (src_addr.ss_family == AF_INET6) {
1168. struct ipv6hdr* ip6 = (struct ipv6hdr*)buffer;
1169. if (ip6->nexthdr == proto) {
1170. }
1171. }
1172. return ret;
1173. }
1174.  
1175. uint64_t r[235] = {0xffffffffffffffff,
1176. 0xffffffffffffffff,
1177. 0xffffffffffffffff,
1178. 0xffffffffffffffff,
1179. 0xffffffffffffffff,
1180. 0xffffffffffffffff,
1181. 0xffffffffffffffff,
1182. 0xffffffffffffffff,
1183. 0xffffffffffffffff,
1184. 0xffffffffffffffff,
1185. 0xffffffffffffffff,
1186. 0xffffffffffffffff,
1187. 0xffffffffffffffff,
1188. 0xffffffffffffffff,
1189. 0xffffffffffffffff,
1190. 0x0,
1191. 0xffffffffffffffff,
1192. 0xffffffffffffffff,
1193. 0x0,
1194. 0xffffffffffffffff,
1195. 0xffffffffffffffff,
1196. 0xffffffffffffffff,
1197. 0xffffffffffffffff,
1198. 0xffffffffffffffff,
1199. 0xffffffffffffffff,
1200. 0xffffffffffffffff,
1201. 0xffffffffffffffff,
1202. 0xffffffffffffffff,
1203. 0xffffffffffffffff,
1204. 0xffffffffffffffff,
1205. 0x0,
1206. 0xffffffffffffffff,
1207. 0xffffffffffffffff,
1208. 0xffffffffffffffff,
1209. 0x0,
1210. 0x0,
1211. 0x0,
1212. 0x0,
1213. 0x0,
1214. 0x0,
1215. 0x0,
1216. 0x0,
1217. 0x0,
1218. 0xffffffffffffffff,
1219. 0xffffffffffffffff,
1220. 0xffffffffffffffff,
1221. 0xffffffffffffffff,
1222. 0x0,
1223. 0x0,
1224. 0x0,
1225. 0x0,
1226. 0xffffffffffffffff,
1227. 0xffffffffffffffff,
1228. 0xffffffffffffffff,
1229. 0xffffffffffffffff,
1230. 0xffffffffffffffff,
1231. 0xffffffffffffffff,
1232. 0x0,
1233. 0xffffffffffffffff,
1234. 0xffffffffffffffff,
1235. 0xffffffffffffffff,
1236. 0xffffffffffffffff,
1237. 0x0,
1238. 0xffffffffffffffff,
1239. 0x0,
1240. 0xffffffffffffffff,
1241. 0xffffffffffffffff,
1242. 0xffffffffffffffff,
1243. 0xffffffffffffffff,
1244. 0x0,
1245. 0xffffffffffffffff,
1246. 0xffffffffffffffff,
1247. 0xffffffffffffffff,
1248. 0xffffffffffffffff,
1249. 0xffffffffffffffff,
1250. 0xffffffffffffffff,
1251. 0xffffffffffffffff,
1252. 0xffffffffffffffff,
1253. 0xffffffffffffffff,
1254. 0xffffffffffffffff,
1255. 0xffffffffffffffff,
1256. 0xffffffffffffffff,
1257. 0xffffffffffffffff,
1258. 0xffffffffffffffff,
1259. 0xffffffffffffffff,
1260. 0xffffffffffffffff,
1261. 0xffffffffffffffff,
1262. 0x0,
1263. 0xffffffffffffffff,
1264. 0xffffffffffffffff,
1265. 0xffffffffffffffff,
1266. 0xffffffffffffffff,
1267. 0xffffffffffffffff,
1268. 0x0,
1269. 0xffffffffffffffff,
1270. 0x0,
1271. 0xffffffffffffffff,
1272. 0xffffffffffffffff,
1273. 0xffffffffffffffff,
1274. 0x0,
1275. 0xffffffffffffffff,
1276. 0xffffffffffffffff,
1277. 0xffffffffffffffff,
1278. 0xffffffffffffffff,
1279. 0xffffffffffffffff,
1280. 0xffffffffffffffff,
1281. 0xffffffffffffffff,
1282. 0xffffffffffffffff,
1283. 0xffffffffffffffff,
1284. 0xffffffffffffffff,
1285. 0xffffffffffffffff,
1286. 0xffffffffffffffff,
1287. 0x0,
1288. 0xffffffffffffffff,
1289. 0xffffffffffffffff,
1290. 0xffffffffffffffff,
1291. 0xffffffffffffffff,
1292. 0x0,
1293. 0xffffffffffffffff,
1294. 0xffffffffffffffff,
1295. 0xffffffffffffffff,
1296. 0xffffffffffffffff,
1297. 0xffffffffffffffff,
1298. 0xffffffffffffffff,
1299. 0xffffffffffffffff,
1300. 0xffffffffffffffff,
1301. 0xffffffffffffffff,
1302. 0xffffffffffffffff,
1303. 0xffffffffffffffff,
1304. 0x0,
1305. 0xffffffffffffffff,
1306. 0xffffffffffffffff,
1307. 0xffffffffffffffff,
1308. 0xffffffffffffffff,
1309. 0xffffffffffffffff,
1310. 0xffffffffffffffff,
1311. 0xffffffffffffffff,
1312. 0x0,
1313. 0xffffffffffffffff,
1314. 0xffffffffffffffff,
1315. 0xffffffffffffffff,
1316. 0x0,
1317. 0xffffffffffffffff,
1318. 0xffffffffffffffff,
1319. 0xffffffffffffffff,
1320. 0x0,
1321. 0x0,
1322. 0xffffffffffffffff,
1323. 0xffffffffffffffff,
1324. 0x0,
1325. 0x0,
1326. 0xffffffffffffffff,
1327. 0xffffffffffffffff,
1328. 0xffffffffffffffff,
1329. 0xffffffffffffffff,
1330. 0xffffffffffffffff,
1331. 0xffffffffffffffff,
1332. 0xffffffffffffffff,
1333. 0xffffffffffffffff,
1334. 0x0,
1335. 0x0,
1336. 0xffffffffffffffff,
1337. 0xffffffffffffffff,
1338. 0x0,
1339. 0xffffffffffffffff,
1340. 0xffffffffffffffff,
1341. 0xffffffffffffffff,
1342. 0x0,
1343. 0xffffffffffffffff,
1344. 0xffffffffffffffff,
1345. 0xffffffffffffffff,
1346. 0xffffffffffffffff,
1347. 0xffffffffffffffff,
1348. 0xffffffffffffffff,
1349. 0xffffffffffffffff,
1350. 0xffffffffffffffff,
1351. 0xffffffffffffffff,
1352. 0xffffffffffffffff,
1353. 0xffffffffffffffff,
1354. 0x0,
1355. 0x0,
1356. 0x0,
1357. 0xffffffffffffffff,
1358. 0xffffffffffffffff,
1359. 0xffffffffffffffff,
1360. 0x0,
1361. 0xffffffffffffffff,
1362. 0xffffffffffffffff,
1363. 0xffffffffffffffff,
1364. 0xffffffffffffffff,
1365. 0xffffffffffffffff,
1366. 0xffffffffffffffff,
1367. 0xffffffffffffffff,
1368. 0xffffffffffffffff,
1369. 0xffffffffffffffff,
1370. 0xffffffffffffffff,
1371. 0xffffffffffffffff,
1372. 0xffffffffffffffff,
1373. 0xffffffffffffffff,
1374. 0xffffffffffffffff,
1375. 0xffffffffffffffff,
1376. 0xffffffffffffffff,
1377. 0x0,
1378. 0xffffffffffffffff,
1379. 0xffffffffffffffff,
1380. 0xffffffffffffffff,
1381. 0xffffffffffffffff,
1382. 0xffffffffffffffff,
1383. 0x0,
1384. 0xffffffffffffffff,
1385. 0xffffffffffffffff,
1386. 0xffffffffffffffff,
1387. 0x0,
1388. 0xffffffffffffffff,
1389. 0xffffffffffffffff,
1390. 0xffffffffffffffff,
1391. 0xffffffffffffffff,
1392. 0xffffffffffffffff,
1393. 0xffffffffffffffff,
1394. 0xffffffffffffffff,
1395. 0xffffffffffffffff,
1396. 0xffffffffffffffff,
1397. 0xffffffffffffffff,
1398. 0xffffffffffffffff,
1399. 0xffffffffffffffff,
1400. 0x0,
1401. 0xffffffffffffffff,
1402. 0xffffffffffffffff,
1403. 0xffffffffffffffff,
1404. 0xffffffffffffffff,
1405. 0xffffffffffffffff,
1406. 0xffffffffffffffff,
1407. 0xffffffffffffffff,
1408. 0xffffffffffffffff,
1409. 0xffffffffffffffff};
1410.  
1411. int main(void)
1412. {
1413. syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
1414. /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
1415. /*offset=*/0ul);
1416. syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
1417. /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
1418. /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
1419. /*offset=*/0ul);
1420. syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
1421. /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
1422. /*offset=*/0ul);
1423. const char* reason;
1424. (void)reason;
1425. intptr_t res = 0;
1426. if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
1427. }
1428. memcpy((void*)0x200000000000, "/selinux/avc/cache_threshold\000", 29);
1429. syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul,
1430. /*flags=*/2, /*mode=*/0);
1431. syscall(__NR_arch_prctl, /*code=*/0x1023ul, /*arg=*/0x13ul);
1432. *(uint64_t*)0x200000000680 = 0;
1433. *(uint32_t*)0x200000000688 = 0x21;
1434. *(uint32_t*)0x20000000068c = 0;
1435. *(uint32_t*)0x200000000690 = 0;
1436. syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000680ul,
1437. /*timerid=*/0x200000000100ul);
1438. *(uint64_t*)0x20000006b000 = 0;
1439. *(uint64_t*)0x20000006b008 = 8;
1440. *(uint64_t*)0x20000006b010 = 0;
1441. *(uint64_t*)0x20000006b018 = 9;
1442. syscall(__NR_timer_settime, /*timerid=*/0, /*flags=*/0ul,
1443. /*new=*/0x20000006b000ul, /*old=*/0ul);
1444. syscall(__NR_getcwd, /*buf=*/0ul, /*size=*/0xffffffffffffff93ul);
1445. *(uint32_t*)0x20000001d000 = 2;
1446. *(uint32_t*)0x20000001d004 = 0x80;
1447. *(uint8_t*)0x20000001d008 = 0xb9;
1448. *(uint8_t*)0x20000001d009 = 0;
1449. *(uint8_t*)0x20000001d00a = 0;
1450. *(uint8_t*)0x20000001d00b = 0;
1451. *(uint32_t*)0x20000001d00c = 0;
1452. *(uint64_t*)0x20000001d010 = 0;
1453. *(uint64_t*)0x20000001d018 = 0;
1454. *(uint64_t*)0x20000001d020 = 0;
1455. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 0, 1);
1456. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 1, 1);
1457. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 2, 1);
1458. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 3, 1);
1459. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 4, 1);
1460. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 5, 1);
1461. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 6, 1);
1462. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 7, 1);
1463. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 8, 1);
1464. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 9, 1);
1465. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 10, 1);
1466. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 11, 1);
1467. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 12, 1);
1468. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 13, 1);
1469. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 14, 1);
1470. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 15, 2);
1471. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 17, 1);
1472. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 18, 1);
1473. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 19, 1);
1474. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 20, 1);
1475. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 21, 1);
1476. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 22, 1);
1477. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 23, 1);
1478. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 24, 1);
1479. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 25, 1);
1480. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 26, 1);
1481. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 27, 1);
1482. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 28, 1);
1483. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 29, 1);
1484. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 30, 1);
1485. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 31, 1);
1486. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 32, 1);
1487. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 33, 1);
1488. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 34, 1);
1489. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 35, 1);
1490. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 36, 1);
1491. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 37, 1);
1492. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 38, 26);
1493. *(uint32_t*)0x20000001d030 = 0;
1494. *(uint32_t*)0x20000001d034 = 0;
1495. *(uint64_t*)0x20000001d038 = 0;
1496. *(uint64_t*)0x20000001d040 = 0;
1497. *(uint64_t*)0x20000001d048 = 0;
1498. *(uint64_t*)0x20000001d050 = 0;
1499. *(uint32_t*)0x20000001d058 = 0;
1500. *(uint32_t*)0x20000001d05c = 0;
1501. *(uint64_t*)0x20000001d060 = 0;
1502. *(uint32_t*)0x20000001d068 = 0;
1503. *(uint16_t*)0x20000001d06c = 0;
1504. *(uint16_t*)0x20000001d06e = 0;
1505. *(uint32_t*)0x20000001d070 = 0;
1506. *(uint32_t*)0x20000001d074 = 0;
1507. *(uint64_t*)0x20000001d078 = 0;
1508. syscall(__NR_perf_event_open, /*attr=*/0x20000001d000ul, /*pid=*/0,
1509. /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul);
1510. *(uint32_t*)0x20000001d000 = 2;
1511. *(uint32_t*)0x20000001d004 = 0x80;
1512. *(uint8_t*)0x20000001d008 = 0xba;
1513. *(uint8_t*)0x20000001d009 = 0;
1514. *(uint8_t*)0x20000001d00a = 0;
1515. *(uint8_t*)0x20000001d00b = 0;
1516. *(uint32_t*)0x20000001d00c = 0;
1517. *(uint64_t*)0x20000001d010 = 0;
1518. *(uint64_t*)0x20000001d018 = 0;
1519. *(uint64_t*)0x20000001d020 = 0;
1520. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 0, 1);
1521. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 1, 1);
1522. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 2, 1);
1523. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 3, 1);
1524. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 4, 1);
1525. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 5, 1);
1526. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 6, 1);
1527. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 7, 1);
1528. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 8, 1);
1529. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 9, 1);
1530. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 10, 1);
1531. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 11, 1);
1532. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 12, 1);
1533. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 13, 1);
1534. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 14, 1);
1535. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 15, 2);
1536. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 17, 1);
1537. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 18, 1);
1538. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 19, 1);
1539. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 20, 1);
1540. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 21, 1);
1541. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 22, 1);
1542. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 23, 1);
1543. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 24, 1);
1544. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 25, 1);
1545. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 26, 1);
1546. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 27, 1);
1547. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 28, 1);
1548. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 29, 1);
1549. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 30, 1);
1550. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 31, 1);
1551. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 32, 1);
1552. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 33, 1);
1553. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 34, 1);
1554. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 35, 1);
1555. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 36, 1);
1556. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 37, 1);
1557. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 38, 26);
1558. *(uint32_t*)0x20000001d030 = 0;
1559. *(uint32_t*)0x20000001d034 = 0;
1560. *(uint64_t*)0x20000001d038 = 0;
1561. *(uint64_t*)0x20000001d040 = 0;
1562. *(uint64_t*)0x20000001d048 = 0;
1563. *(uint64_t*)0x20000001d050 = 0;
1564. *(uint32_t*)0x20000001d058 = 0;
1565. *(uint32_t*)0x20000001d05c = 0;
1566. *(uint64_t*)0x20000001d060 = 0;
1567. *(uint32_t*)0x20000001d068 = 0;
1568. *(uint16_t*)0x20000001d06c = 0;
1569. *(uint16_t*)0x20000001d06e = 0;
1570. *(uint32_t*)0x20000001d070 = 0;
1571. *(uint32_t*)0x20000001d074 = 0;
1572. *(uint64_t*)0x20000001d078 = 0;
1573. syscall(__NR_perf_event_open, /*attr=*/0x20000001d000ul, /*pid=*/0,
1574. /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul);
1575. res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0);
1576. if (res != -1)
1577. r[0] = res;
1578. syscall(__NR_shutdown, /*fd=*/r[0], /*how=SHUT_WR*/ 1ul);
1579. syscall(__NR_rt_sigtimedwait, /*these=*/0ul, /*info=*/0ul, /*ts=*/0ul,
1580. /*sigsetsize=*/0ul);
1581. memcpy((void*)0x200000000580, "ext4\000", 5);
1582. memcpy((void*)0x2000000005c0, "./file0\000", 8);
1583. memcpy((void*)0x200000000240, "debug", 5);
1584. *(uint8_t*)0x200000000245 = 0x2c;
1585. memcpy((void*)0x200000000246, "orlov", 5);
1586. *(uint8_t*)0x20000000024b = 0x2c;
1587. memcpy((void*)0x20000000024c, "nomblk_io_submit", 16);
1588. *(uint8_t*)0x20000000025c = 0x2c;
1589. memcpy((void*)0x20000000025d, "block_validity", 14);
1590. *(uint8_t*)0x20000000026b = 0x2c;
1591. memcpy((void*)0x20000000026c, "debug_want_extra_isize", 22);
1592. *(uint8_t*)0x200000000282 = 0x3d;
1593. sprintf((char*)0x200000000283, "0x%016llx", (long long)6);
1594. *(uint8_t*)0x200000000295 = 0x2c;
1595. memcpy((void*)0x200000000296, "init_itable", 11);
1596. *(uint8_t*)0x2000000002a1 = 0x3d;
1597. sprintf((char*)0x2000000002a2, "0x%016llx", (long long)0);
1598. *(uint8_t*)0x2000000002b4 = 0x2c;
1599. memcpy((void*)0x2000000002b5, "usrquota", 8);
1600. *(uint8_t*)0x2000000002bd = 0x2c;
1601. memcpy((void*)0x2000000002be, "usrquota", 8);
1602. *(uint8_t*)0x2000000002c6 = 0x2c;
1603. *(uint8_t*)0x2000000002c7 = 0;
1604. memcpy(
1605. (void*)0x200000001bc0,
1606. "\x78\x9c\xec\xdd\xcd\x6f\x54\x55\x1b\x00\xf0\xe7\x4c\x3f\x28\x94\xf7\x6d"
1607. "\x21\x46\xc5\x85\x34\x31\x06\x12\xa5\xa5\x05\x0c\x31\x2e\x60\x4f\x1a\xfc"
1608. "\x88\x1b\x37\x56\x5a\x08\x52\xa0\xa1\x35\x5a\x34\xb1\x24\xb8\x31\x31\x6e"
1609. "\x8c\x31\x71\xe5\x42\xfc\x2f\x94\xc8\x96\x95\xae\x5c\xb8\x71\x65\x48\x88"
1610. "\x1a\x96\x26\x8e\xb9\x33\x73\x4b\x5b\xee\xb4\xb4\x4c\x7b\x2b\xf7\xf7\x4b"
1611. "\x86\xde\x7b\xce\x5c\xce\x73\x3b\x7d\x7a\xee\x9c\x9e\x73\x27\x80\xca\x1a"
1612. "\xca\xfe\xa9\x45\xec\x8b\x88\x99\x14\x31\x90\x16\x16\xeb\xba\xa3\x55\x39"
1613. "\xd4\x7c\xde\xbd\xbf\x3e\x3a\x93\x3d\x52\xd4\xeb\xaf\xff\x91\x22\xb5\xca"
1614. "\xf2\xe7\xa7\xd6\xd7\xfe\xd6\xc1\x7d\x11\xf1\xd3\x8f\x29\xf6\x76\x3d\xd8"
1615. "\xee\xec\xfc\xd5\x0b\x13\xd3\xd3\x53\x57\x5a\xfb\x23\x73\x17\x67\x46\x66"
1616. "\xe7\xaf\x1e\x3a\x7f\x71\xe2\xdc\xd4\xb9\xa9\x4b\x63\x2f\x8d\x1d\x3f\x76"
1617. "\xf4\xd8\xf1\xd1\xc3\x1d\x3b\xd7\x53\xd7\xdf\x7d\x7f\xe0\xd3\xf1\xb7\xbe"
1618. "\xfd\xfa\xef\x34\xfa\xdd\xaf\xe3\x29\x4e\xc4\xee\x56\xdd\xd2\xf3\xe8\x94"
1619. "\xa1\x18\x6a\x7e\x4f\x76\x2c\x2f\xcf\xbe\xaf\xc7\x3b\xdd\x58\x49\xba\x5a"
1620. "\xe7\xb3\xf4\x25\x4e\xdd\x25\x06\xc4\xba\xe4\xaf\x5f\x4f\x44\x3c\x15\x03"
1621. "\xd1\x15\xf7\x5f\xbc\x81\xf8\xe4\xd5\x52\x83\x03\x36\x55\x3d\x45\xd4\x81"
1622. "\x8a\x4a\xf2\x1f\x2a\x2a\xbf\x0e\xc8\xdf\xdb\xaf\x7c\x1f\x5c\x2b\xe5\xaa"
1623. "\x04\xd8\x0a\x77\x4f\x36\x07\x00\x1e\xcc\xff\xee\xe6\xd8\x60\xf4\x35\xc6"
1624. "\x06\x76\xdd\x4b\xb1\x74\x58\x27\x45\x44\x27\x46\xe6\xb2\x36\x6e\xdf\x1a"
1625. "\xbf\x7e\xf6\xd6\xf8\xf5\xd8\xa4\x71\x38\xa0\xd8\xc2\xb5\x88\x78\xba\x28"
1626. "\xff\x53\x23\x37\x07\x1b\xa3\xf8\x59\xfe\xd7\x96\xe5\x7f\x76\x5d\x70\xba"
1627. "\xf5\x35\x2b\x7f\x6d\x83\xed\x0f\xad\xd8\x97\xff\xb0\x75\x9a\xf9\xdf\xb7"
1628. "\xa1\xfc\x7f\x7b\x49\xfe\xbf\xb3\xc1\xf6\xe5\x3f\x00\x00\x00\x00\x00\x00"
1629. "\x74\xce\xcd\x93\x11\xf1\x62\xd1\xdf\xff\x6b\x8b\xf3\x7f\xa2\x60\xfe\x4f"
1630. "\x7f\x44\x9c\xe8\x40\xfb\x6b\xff\xfd\xaf\x76\xa7\x03\xcd\x00\x05\xee\x9e"
1631. "\x8c\x78\xa5\x70\xfe\x6f\x2d\x9f\xfd\x3b\xd8\xd5\xda\xfa\x5f\x63\x3e\x40"
1632. "\x4f\x3a\x7b\x7e\x7a\xea\x70\x44\xfc\x3f\x22\x0e\x46\xcf\x8e\x6c\x7f\x74"
1633. "\x95\x36\x0e\x7d\xb6\xf7\xab\x76\x75\xf9\xfc\xbf\xfc\x91\xb5\x7f\xbb\x35"
1634. "\x17\xb0\x15\xc7\x9d\xee\x15\xeb\x67\x27\x27\xe6\x26\x1e\xf5\xbc\x81\x88"
1635. "\xbb\xd7\x22\x9e\x29\x9c\xff\x9b\x16\xfb\xff\x54\xd0\xff\x67\xbf\x0f\x66"
1636. "\x1e\xb2\x8d\xbd\xcf\xdf\x38\xdd\xae\x6e\xed\xfc\x07\x36\x4b\xfd\x9b\x88"
1637. "\x03\x85\xfd\x7f\x5a\x7c\x4e\x5a\xfd\xfe\x1c\x23\x8d\xeb\x81\x91\xfc\xaa"
1638. "\xe0\x41\xcf\x7e\xf8\xf9\xf7\xed\xda\x97\xff\x50\x9e\xac\xff\xdf\xb5\x7a"
1639. "\xfe\x0f\xa6\xa5\xf7\xeb\x99\x5d\x7f\x1b\x47\xe6\xbb\xeb\xed\xea\x36\x7a"
1640. "\xfd\xdf\x9b\xde\x68\xdc\x72\xa6\xb7\x55\xf6\xc1\xc4\xdc\xdc\x95\xd1\x88"
1641. "\xde\x74\xaa\x2b\x2b\x5d\x56\x3e\xb6\xfe\x98\xe1\x71\x94\xe7\x43\x9e\x2f"
1642. "\x59\xfe\x1f\x7c\x6e\xf5\xf1\xbf\xa2\xeb\xff\x9d\x11\xb1\xb0\xe2\xff\x4e"
1643. "\x7f\x2e\x5f\x53\x9c\x7b\xf2\x9f\xfe\xdf\xda\xc5\xa3\xff\x87\xf2\x64\xf9"
1644. "\x3f\xb9\xae\xfe\x7f\xfd\x1b\x63\x37\x06\x7f\x68\xd7\xfe\xc3\xf5\xff\x47"
1645. "\x1b\x7d\xfd\xc1\x56\x89\xf1\x3f\x68\xfa\x32\x4f\xd3\xde\xe5\xe5\x05\xe9"
1646. "\xd8\x5d\x54\xb5\xd5\xf1\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1647. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xe3\xa0\x16\x11"
1648. "\xbb\x23\xd5\x86\x17\xb7\x6b\xb5\xe1\xe1\x88\xfe\x88\x78\x22\x76\xd5\xa6"
1649. "\x2f\xcf\xce\xbd\x70\xf6\xf2\x7b\x97\x26\xb3\xba\xc6\xe7\xff\xd7\xf2\x4f"
1650. "\xfa\x1d\x68\xee\xa7\xfc\xf3\xff\x07\x97\xec\x8f\xad\xd8\x3f\x12\x11\x7b"
1651. "\x22\xe2\x8b\xae\x9d\x8d\xfd\xe1\x33\x97\xa7\x27\xcb\x3e\x79\x00\x00\x00"
1652. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\x26\xfa\xdb\xac\xff"
1653. "\xcf\xfc\xde\x55\x76\x74\xc0\xa6\xeb\x2e\x3b\x00\xa0\x34\x05\xf9\xff\x73"
1654. "\x19\x71\x00\x5b\x4f\xff\x0f\xd5\x25\xff\xa1\xba\xe4\x3f\x54\x97\xfc\x87"
1655. "\xea\x92\xff\x50\x5d\xf2\x1f\xaa\x4b\xfe\x43\x75\xc9\x7f\x00\x00\x00\x00"
1656. "\x00\x78\xac\xec\xd9\x7f\xf3\x97\x14\x11\x0b\x2f\xef\x6c\x3c\x32\xbd\xad"
1657. "\xba\x9e\x52\x23\x03\x36\x5b\xad\xec\x00\x80\xd2\xb8\xc5\x0f\x54\x97\xa9"
1658. "\x3f\x50\x5d\xde\xe3\x03\x69\x8d\xfa\xbe\xb6\x07\xad\x75\xe4\x6a\x66\xce"
1659. "\x3c\xc2\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x50\x39\x07\xf6\x59"
1660. "\xff\x0f\x55\x65\xfd\x3f\x54\x97\xf5\xff\x50\x5d\xf9\xfa\xff\xfd\x25\xc7"
1661. "\x01\x6c\x3d\xef\xf1\x81\x58\x63\x25\x7f\xe1\xfa\xff\x35\x8f\x02\x00\x00"
1662. "\x00\x00\x00\x00\x00\x00\x00\x00\x3a\x69\x76\xfe\xea\x85\x89\xe9\xe9\xa9"
1663. "\x2b\x36\xde\xdc\x1e\x61\x6c\xe5\x46\xbd\x5e\xff\x38\xfb\x29\xd8\x2e\xf1"
1664. "\xfc\xc7\x37\xf2\xa9\xf0\xdb\x25\x9e\x47\xda\x28\xf7\xf7\x12\x00\x00\x00"
1665. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1666. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1667. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1668. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1669. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1670. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1671. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1672. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1673. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1674. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1675. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1676. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1677. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1678. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1679. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1680. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1681. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1682. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1683. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1684. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1685. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1686. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x70\xdf\xbf\x01"
1687. "\x00\x00\xff\xff\x64\x22\x26\xa6",
1688. 1466);
1689. syz_mount_image(/*fs=*/0x200000000580, /*dir=*/0x2000000005c0,
1690. /*flags=MS_STRICTATIME|MS_SILENT*/ 0x1008000,
1691. /*opts=*/0x200000000240, /*chdir=*/1, /*size=*/0x5ba,
1692. /*img=*/0x200000001bc0);
1693. memcpy(
1694. (void*)0x200000000480,
1695. "\000\254="
1696. "\235\322\333\032\'\370\n\355cJ\216\204\324N\000\233\037\t\275\021+"
1697. "\206T\026\243\263\2560\2379?\357o\244k\0012>"
1698. "\241\234\206x\034\237\204\0315\336\227_\t~\363Y\022\"p^"
1699. "\000\002\264\375\336\344\266\274K#^\000}2\306:|"
1700. "R\004\302\270I\243\271\342\242\353w^I\0177i$\361\324\233\307\262\276D`"
1701. "\217\303\226\274#4\027\365\263\311\262\224\250_f!\337\220}"
1702. "\272\243\001\342\317\267\"S\a\004ry\000#"
1703. "4\207m\367\343\365\247\332\271\313U\276\006]\251\266R~\311l}"
1704. "\267I\376H\263\025\214\006d\370c\300{\v\322\235\216\\\256>"
1705. "\366qucC\3242e9\340\277\335\334\231\364\\\320\226:\373\214\022o\314-"
1706. "\023\024\276v\256\200Zp\225c]\230\214\001\217o\257jN\313\230\337\323["
1707. "V\275["
1708. "\271\020v\356\334\310G\320\3349\314O\367\265\274\317\373\351\024\000\000"
1709. "dU\000\000\000\b\373\265Z\260-"
1710. "\310\333\243f\364W\353\006\302\321\266\321%\312\217\0013|"
1711. "\216z\036o\030\266#@P&[\255\332\nmU\2023\\&P\334\274S\200\301dJ!"
1712. "LH\252\a\202\363\336\226\205\305\335\250\222\307\313\221\362["
1713. "Y\006\212\237N\020\271\364\354q\316\322\027\210\256\3147r\327\352z\316vR"
1714. "\312u\r\361\t\302$k\337\217\342\276\376\024AN\370\306\250`Fs[6kYH+"
1715. "\245\334xUY3<v\361\r\256i\240Xam\vN\177R\226.^"
1716. "\323\001VbON\303P\347\026\314\312\326\345\350\r\233\215."
1717. "\335\032\252\246*"
1718. "\355\314h\177\373\027\334MmX\352\317\3040\031\b\341\261\364\177\312\276g"
1719. "\261bEm[\004\tX8\025#\224\246M?\340\2071\200\305~_\022J\353 "
1720. "\000R\247=/\375:\257\303\030\020\f\241\032\247Yt\0251\307T",
1721. 495);
1722. res = syscall(__NR_memfd_create, /*name=*/0x200000000480ul, /*flags=*/0ul);
1723. if (res != -1)
1724. r[1] = res;
1725. memcpy((void*)0x200000000080, "ext3\000", 5);
1726. memcpy((void*)0x200000000480, "./file0\000", 8);
1727. memcpy((void*)0x200000000140, "jqfmt=vfsold", 12);
1728. *(uint8_t*)0x20000000014c = 0x2c;
1729. memcpy((void*)0x20000000014d, "resgid", 6);
1730. *(uint8_t*)0x200000000153 = 0x3d;
1731. sprintf((char*)0x200000000154, "0x%016llx", (long long)0xee00);
1732. *(uint8_t*)0x200000000166 = 0x2c;
1733. memcpy((void*)0x200000000167, "bh", 2);
1734. *(uint8_t*)0x200000000169 = 0x2c;
1735. memcpy((void*)0x20000000016a, "noload", 6);
1736. *(uint8_t*)0x200000000170 = 0x2c;
1737. memcpy((void*)0x200000000171, "data_err=ignore", 15);
1738. *(uint8_t*)0x200000000180 = 0x2c;
1739. memcpy((void*)0x200000000181, "usrjquota=", 10);
1740. *(uint8_t*)0x20000000018b = 0x2c;
1741. *(uint8_t*)0x20000000018c = 0;
1742. memcpy(
1743. (void*)0x2000000004c0,
1744. "\x78\x9c\xec\xdc\xcb\x6f\x1b\x45\x18\x00\xf0\x6f\xed\x24\x7d\x93\x50\xca"
1745. "\xa3\xa5\x85\x40\x41\x44\x3c\x92\x26\x7d\xd0\x03\x17\x10\x48\x1c\x40\x42"
1746. "\x82\x43\x11\xa7\x90\xa4\x55\xa8\xdb\xa0\x26\x48\xb4\x8a\x20\x70\x08\x47"
1747. "\x54\x89\x3b\xe2\x88\xc4\x5f\xc0\x09\x2e\x08\x38\x21\x71\x85\x3b\xaa\x54"
1748. "\xa1\x5c\x5a\x38\x19\xad\xbd\x9b\xba\x89\x9d\xc6\x89\x53\x97\xec\xef\x27"
1749. "\x6d\x3b\xe3\x1d\x6b\xe6\xdb\xdd\xb1\x67\x67\xbc\x09\xa0\xb0\x06\xd3\x7f"
1750. "\x92\x88\xbd\x11\xf1\x47\x44\xf4\xd7\xb3\xb7\x17\x18\xac\xff\x77\x73\x69"
1751. "\x7e\xe2\x9f\xa5\xf9\x89\x24\xaa\xd5\xb7\xff\x4e\x6a\xe5\x6e\x2c\xcd\x4f"
1752. "\xe4\x45\xf3\xf7\xed\xa9\x67\xaa\xd5\x2c\xbf\xa3\x49\xbd\x8b\xef\x45\x8c"
1753. "\x57\x2a\x53\x97\xb2\xfc\xc8\xdc\x85\x0f\x47\x66\x2f\x5f\x79\x61\xfa\xc2"
1754. "\xf8\xb9\xa9\x73\x53\x17\xc7\x4e\x9f\x3e\x71\xfc\x48\xdf\xa9\xb1\x93\x1d"
1755. "\x89\x33\x8d\xeb\xc6\xa1\x4f\x66\x0e\x1f\x7c\xfd\xdd\xab\x6f\x4e\x9c\xb9"
1756. "\xfa\xfe\x2f\xdf\xa5\xed\xdd\x9b\xed\x6f\x8c\xa3\x53\x06\xeb\x47\xb7\xa9"
1757. "\xa7\x3b\x5d\x59\x97\xed\x6b\x48\x27\x3d\x5d\x6c\x08\x6d\x29\x47\x44\x7a"
1758. "\xba\x7a\x6b\xfd\xbf\x3f\xca\xb1\x6b\x79\x5f\x7f\xbc\xf6\x79\x57\x1b\x07"
1759. "\x6c\xa9\x6a\xb5\x5a\x6d\xf6\xfd\x9c\x59\xa8\x02\xdb\x58\x12\xdd\x6e\x01"
1760. "\xd0\x1d\xf9\x17\x7d\x7a\xff\x9b\x6f\x77\x69\xe8\x71\x4f\xb8\xfe\x72\xfd"
1761. "\x06\x28\x8d\xfb\x66\xb6\xd5\xf7\xf4\x44\x29\x2b\xd3\xbb\xe2\xfe\xb6\x93"
1762. "\x06\x23\xe2\xcc\xc2\xbf\x5f\xa7\x5b\x6c\xd1\x3c\x04\x00\x40\xa3\x1f\xd2"
1763. "\xf1\xcf\xf3\xcd\xc6\x7f\xa5\x78\xa8\xa1\xdc\x7d\xd9\x1a\xca\x40\x44\xdc"
1764. "\x1f\x11\xfb\x23\xe2\x81\x88\x38\x10\x11\x0f\x46\xd4\xca\x3e\x1c\x11\x8f"
1765. "\xb4\x59\xff\xca\x15\x92\xd5\xe3\x9f\xd2\xb5\x0d\x05\xb6\x4e\xe9\xf8\xef"
1766. "\xa5\x6c\x6d\xeb\xf6\xf1\x5f\x3e\xfa\x8b\x81\x72\x96\xdb\x57\x8b\xbf\x37"
1767. "\x39\x3b\x5d\x99\x3a\x96\x1d\x93\xa1\xe8\xdd\x91\xe6\x47\xd7\xa8\xe3\xc7"
1768. "\x57\x7f\xff\xb2\xd5\xbe\xc6\xf1\x5f\xba\xa5\xf5\xe7\x63\xc1\xac\x1d\xd7"
1769. "\x7a\x56\x4c\xd0\x4d\x8e\xcf\x8d\x6f\x26\xe6\x46\xd7\x3f\x8b\x38\xd4\xd3"
1770. "\x2c\xfe\x24\xf2\x65\x9c\x24\x22\x0e\x46\xc4\xa1\x0d\xd6\x31\xfd\xec\xb7"
1771. "\x87\x5b\xed\xbb\x73\xfc\x6b\xe8\xc0\x3a\x53\xf5\x9b\x88\x67\xea\xe7\x7f"
1772. "\x21\x56\xc4\x9f\x4b\x5a\xae\x4f\x8e\xbe\x78\x6a\xec\xe4\xc8\xce\xa8\x4c"
1773. "\x1d\x1b\xc9\xaf\x8a\xd5\x7e\xfd\x6d\xf1\xad\x56\xf5\x6f\x2a\xfe\x0e\x48"
1774. "\xcf\xff\xee\xa6\xd7\xff\x72\xfc\x03\xc9\xce\x88\xd9\xcb\x57\xce\xd7\xd6"
1775. "\x6b\x67\xdb\xaf\x63\xf1\xcf\x2f\x5a\xde\xd3\x6c\xf4\xfa\xef\x4b\xde\xa9"
1776. "\xa5\xfb\xb2\xd7\x3e\x1e\x9f\x9b\xbb\x34\x1a\xd1\x97\xbc\xb1\xfa\xf5\xb1"
1777. "\x5b\xef\xcd\xf3\x79\xf9\x34\xfe\xa1\xa3\xcd\xfb\xff\xfe\xb8\x75\x24\x1e"
1778. "\x8d\x88\xf4\x22\x3e\x12\x11\x8f\x45\xc4\xe3\x59\xdb\x9f\x88\x88\x27\x23"
1779. "\xe2\xe8\x1a\xf1\xff\xfc\xca\x53\x1f\xb4\x1f\xff\x1a\xb3\xf2\x1d\x94\xc6"
1780. "\x3f\x79\xa7\xf3\x1f\x8d\xe7\xbf\xfd\x44\xf9\xfc\x4f\xdf\xb7\x1f\x7f\x2e"
1781. "\x3d\xff\x27\x6a\xa9\xa1\xec\x95\xf5\x7c\xfe\xad\xb7\x81\x9b\x39\x76\x00"
1782. "\x00\x00\xf0\x7f\x51\xaa\xfd\x06\x3e\x29\x0d\x2f\xa7\x4b\xa5\xe1\xe1\xfa"
1783. "\x6f\xf8\x0f\xc4\xee\x52\x65\x66\x76\xee\xb9\xb3\x33\x1f\x5d\x9c\xac\xff"
1784. "\x56\x7e\x20\x7a\x4b\xf9\x4c\x57\x7f\xc3\x7c\xe8\x68\x36\x37\x9c\xe7\xc7"
1785. "\x56\xe4\x8f\x67\xf3\xc6\x5f\x95\x77\xd5\xf2\xc3\x13\x33\x95\xc9\x6e\x07"
1786. "\x0f\x05\xb7\xa7\x45\xff\x4f\xfd\x55\xee\x76\xeb\x80\x2d\xe7\x79\x2d\x28"
1787. "\x2e\xfd\x1f\x8a\x4b\xff\x87\xe2\xd2\xff\xa1\xb8\xf4\x7f\x28\xae\x66\xfd"
1788. "\xff\xd3\x2e\xb4\x03\xb8\xfb\x7c\xff\x43\x71\xe9\xff\x50\x5c\xfa\x3f\x14"
1789. "\x97\xfe\x0f\x85\xd4\xf2\xd9\xf8\xd2\xa6\x1e\xf9\x97\xd8\xf6\x89\x28\xdd"
1790. "\x13\xcd\xd8\xfe\x89\x9e\x75\xff\x31\x8b\x0d\x26\x76\x34\xdd\xd5\xed\x4f"
1791. "\x26\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1792. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1793. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1794. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1795. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1796. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1797. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1798. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1799. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1800. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1801. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1802. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
1803. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\xce\xf8\x2f\x00\x00"
1804. "\xff\xff\x70\x88\xe4\x87",
1805. 1086);
1806. syz_mount_image(
1807. /*fs=*/0x200000000080, /*dir=*/0x200000000480,
1808. /*flags=MS_I_VERSION|MS_SLAVE|MS_PRIVATE|MS_POSIXACL|MS_RELATIME|MS_NOSUID|0xc0400004*/
1809. 0xc0ed0006, /*opts=*/0x200000000140, /*chdir=*/0xfe, /*size=*/0x43e,
1810. /*img=*/0x2000000004c0);
1811. memcpy((void*)0x200000000080, "blkio.throttle.io_service_bytes_recursive\000",
1812. 42);
1813. res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000080ul,
1814. /*flags=*/0x275a, /*mode=*/0);
1815. if (res != -1)
1816. r[2] = res;
1817. syscall(__NR_setsockopt, /*fd=*/-1, /*level=*/0, /*optname=*/0x29,
1818. /*optval=*/0ul, /*optlen=*/0ul);
1819. *(uint32_t*)0x200000000000 = -1;
1820. *(uint64_t*)0x200000000008 = 0;
1821. *(uint64_t*)0x200000000010 = 0x40;
1822. *(uint64_t*)0x200000000018 = 0;
1823. *(uint32_t*)0x200000000020 = 0xfffffffe;
1824. *(uint16_t*)0x200000000024 = 0;
1825. *(uint16_t*)0x200000000026 = 0;
1826. syscall(__NR_ioctl, /*fd=*/r[2], /*cmd=*/0x40286608,
1827. /*arg=*/0x200000000000ul);
1828. memset((void*)0x200000002000, 47, 1);
1829. syscall(__NR_write, /*fd=*/r[1], /*buf=*/0x200000002000ul, /*count=*/1ul);
1830. syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x3000ul,
1831. /*prot=PROT_SEM|PROT_EXEC*/ 0xcul,
1832. /*flags=MAP_FIXED|MAP_SHARED*/ 0x11ul, /*fd=*/r[1], /*offset=*/0ul);
1833. memcpy((void*)0x200000000000, "/selinux/avc/hash_stats\000", 24);
1834. res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
1835. /*file=*/0x200000000000ul, /*flags=*/0, /*mode=*/0);
1836. if (res != -1)
1837. r[3] = res;
1838. *(uint64_t*)0x2000000000c0 = 0x200000000040;
1839. *(uint16_t*)0x200000000040 = 0x10;
1840. *(uint16_t*)0x200000000042 = 0;
1841. *(uint32_t*)0x200000000044 = 0;
1842. *(uint32_t*)0x200000000048 = 1;
1843. *(uint32_t*)0x2000000000c8 = 0xc;
1844. *(uint64_t*)0x2000000000d0 = 0x200000000080;
1845. *(uint64_t*)0x200000000080 = 0x200000000240;
1846. *(uint32_t*)0x200000000240 = 0x198;
1847. *(uint16_t*)0x200000000244 = 0;
1848. *(uint16_t*)0x200000000246 = 0x100;
1849. *(uint32_t*)0x200000000248 = 0x70bd26;
1850. *(uint32_t*)0x20000000024c = 0x25dfdbfe;
1851. *(uint8_t*)0x200000000250 = 4;
1852. *(uint8_t*)0x200000000251 = 0;
1853. *(uint16_t*)0x200000000252 = 0;
1854. *(uint16_t*)0x200000000254 = 0x14;
1855. STORE_BY_BITMASK(uint16_t, , 0x200000000256, 9, 0, 14);
1856. STORE_BY_BITMASK(uint16_t, , 0x200000000257, 0, 6, 1);
1857. STORE_BY_BITMASK(uint16_t, , 0x200000000257, 1, 7, 1);
1858. *(uint16_t*)0x200000000258 = 8;
1859. *(uint16_t*)0x20000000025a = 1;
1860. *(uint32_t*)0x20000000025c = 0xc26;
1861. *(uint16_t*)0x200000000260 = 8;
1862. *(uint16_t*)0x200000000262 = 1;
1863. *(uint32_t*)0x200000000264 = 8;
1864. *(uint16_t*)0x200000000268 = 0x5c;
1865. STORE_BY_BITMASK(uint16_t, , 0x20000000026a, 7, 0, 14);
1866. STORE_BY_BITMASK(uint16_t, , 0x20000000026b, 0, 6, 1);
1867. STORE_BY_BITMASK(uint16_t, , 0x20000000026b, 1, 7, 1);
1868. *(uint16_t*)0x20000000026c = 8;
1869. *(uint16_t*)0x20000000026e = 2;
1870. *(uint32_t*)0x200000000270 = 0;
1871. *(uint16_t*)0x200000000274 = 8;
1872. *(uint16_t*)0x200000000276 = 1;
1873. *(uint32_t*)0x200000000278 = 7;
1874. *(uint16_t*)0x20000000027c = 0xc;
1875. *(uint16_t*)0x20000000027e = 3;
1876. *(uint64_t*)0x200000000280 = 5;
1877. *(uint16_t*)0x200000000288 = 0xc;
1878. *(uint16_t*)0x20000000028a = 4;
1879. *(uint64_t*)0x20000000028c = 0x42;
1880. *(uint16_t*)0x200000000294 = 8;
1881. *(uint16_t*)0x200000000296 = 1;
1882. *(uint32_t*)0x200000000298 = 2;
1883. *(uint16_t*)0x20000000029c = 0xc;
1884. *(uint16_t*)0x20000000029e = 3;
1885. *(uint64_t*)0x2000000002a0 = 3;
1886. *(uint16_t*)0x2000000002a8 = 0xc;
1887. *(uint16_t*)0x2000000002aa = 3;
1888. *(uint64_t*)0x2000000002ac = 0;
1889. *(uint16_t*)0x2000000002b4 = 8;
1890. *(uint16_t*)0x2000000002b6 = 1;
1891. *(uint32_t*)0x2000000002b8 = 1;
1892. *(uint16_t*)0x2000000002bc = 8;
1893. *(uint16_t*)0x2000000002be = 1;
1894. *(uint32_t*)0x2000000002c0 = 0xaf1;
1895. *(uint16_t*)0x2000000002c4 = 0x80;
1896. STORE_BY_BITMASK(uint16_t, , 0x2000000002c6, 4, 0, 14);
1897. STORE_BY_BITMASK(uint16_t, , 0x2000000002c7, 0, 6, 1);
1898. STORE_BY_BITMASK(uint16_t, , 0x2000000002c7, 1, 7, 1);
1899. *(uint16_t*)0x2000000002c8 = 0x13;
1900. *(uint16_t*)0x2000000002ca = 1;
1901. memcpy((void*)0x2000000002cc, "broadcast-link\000", 15);
1902. *(uint16_t*)0x2000000002dc = 0x3c;
1903. STORE_BY_BITMASK(uint16_t, , 0x2000000002de, 7, 0, 14);
1904. STORE_BY_BITMASK(uint16_t, , 0x2000000002df, 0, 6, 1);
1905. STORE_BY_BITMASK(uint16_t, , 0x2000000002df, 1, 7, 1);
1906. *(uint16_t*)0x2000000002e0 = 8;
1907. *(uint16_t*)0x2000000002e2 = 3;
1908. *(uint32_t*)0x2000000002e4 = 6;
1909. *(uint16_t*)0x2000000002e8 = 8;
1910. *(uint16_t*)0x2000000002ea = 4;
1911. *(uint32_t*)0x2000000002ec = 0xfffffffb;
1912. *(uint16_t*)0x2000000002f0 = 8;
1913. *(uint16_t*)0x2000000002f2 = 3;
1914. *(uint32_t*)0x2000000002f4 = 0xfffffffd;
1915. *(uint16_t*)0x2000000002f8 = 8;
1916. *(uint16_t*)0x2000000002fa = 2;
1917. *(uint32_t*)0x2000000002fc = 2;
1918. *(uint16_t*)0x200000000300 = 8;
1919. *(uint16_t*)0x200000000302 = 2;
1920. *(uint32_t*)0x200000000304 = 6;
1921. *(uint16_t*)0x200000000308 = 8;
1922. *(uint16_t*)0x20000000030a = 3;
1923. *(uint32_t*)0x20000000030c = 0x1000;
1924. *(uint16_t*)0x200000000310 = 8;
1925. *(uint16_t*)0x200000000312 = 3;
1926. *(uint32_t*)0x200000000314 = 0x7fffffff;
1927. *(uint16_t*)0x200000000318 = 9;
1928. *(uint16_t*)0x20000000031a = 1;
1929. memcpy((void*)0x20000000031c, "syz0\000", 5);
1930. *(uint16_t*)0x200000000324 = 9;
1931. *(uint16_t*)0x200000000326 = 1;
1932. memcpy((void*)0x200000000328, "syz0\000", 5);
1933. *(uint16_t*)0x200000000330 = 0x13;
1934. *(uint16_t*)0x200000000332 = 1;
1935. memcpy((void*)0x200000000334, "broadcast-link\000", 15);
1936. *(uint16_t*)0x200000000344 = 0x3c;
1937. STORE_BY_BITMASK(uint16_t, , 0x200000000346, 4, 0, 14);
1938. STORE_BY_BITMASK(uint16_t, , 0x200000000347, 0, 6, 1);
1939. STORE_BY_BITMASK(uint16_t, , 0x200000000347, 1, 7, 1);
1940. *(uint16_t*)0x200000000348 = 0x2c;
1941. STORE_BY_BITMASK(uint16_t, , 0x20000000034a, 7, 0, 14);
1942. STORE_BY_BITMASK(uint16_t, , 0x20000000034b, 0, 6, 1);
1943. STORE_BY_BITMASK(uint16_t, , 0x20000000034b, 1, 7, 1);
1944. *(uint16_t*)0x20000000034c = 8;
1945. *(uint16_t*)0x20000000034e = 2;
1946. *(uint32_t*)0x200000000350 = 9;
1947. *(uint16_t*)0x200000000354 = 8;
1948. *(uint16_t*)0x200000000356 = 4;
1949. *(uint32_t*)0x200000000358 = 7;
1950. *(uint16_t*)0x20000000035c = 8;
1951. *(uint16_t*)0x20000000035e = 3;
1952. *(uint32_t*)0x200000000360 = 9;
1953. *(uint16_t*)0x200000000364 = 8;
1954. *(uint16_t*)0x200000000366 = 2;
1955. *(uint32_t*)0x200000000368 = 7;
1956. *(uint16_t*)0x20000000036c = 8;
1957. *(uint16_t*)0x20000000036e = 2;
1958. *(uint32_t*)0x200000000370 = 2;
1959. *(uint16_t*)0x200000000374 = 9;
1960. *(uint16_t*)0x200000000376 = 1;
1961. memcpy((void*)0x200000000378, "syz1\000", 5);
1962. *(uint16_t*)0x200000000380 = 0xc;
1963. STORE_BY_BITMASK(uint16_t, , 0x200000000382, 6, 0, 14);
1964. STORE_BY_BITMASK(uint16_t, , 0x200000000383, 0, 6, 1);
1965. STORE_BY_BITMASK(uint16_t, , 0x200000000383, 1, 7, 1);
1966. *(uint16_t*)0x200000000384 = 8;
1967. *(uint16_t*)0x200000000386 = 6;
1968. *(uint32_t*)0x200000000388 = 6;
1969. *(uint16_t*)0x20000000038c = 0xc;
1970. STORE_BY_BITMASK(uint16_t, , 0x20000000038e, 9, 0, 14);
1971. STORE_BY_BITMASK(uint16_t, , 0x20000000038f, 0, 6, 1);
1972. STORE_BY_BITMASK(uint16_t, , 0x20000000038f, 1, 7, 1);
1973. *(uint16_t*)0x200000000390 = 8;
1974. *(uint16_t*)0x200000000392 = 1;
1975. *(uint32_t*)0x200000000394 = 5;
1976. *(uint16_t*)0x200000000398 = 0x14;
1977. STORE_BY_BITMASK(uint16_t, , 0x20000000039a, 9, 0, 14);
1978. STORE_BY_BITMASK(uint16_t, , 0x20000000039b, 0, 6, 1);
1979. STORE_BY_BITMASK(uint16_t, , 0x20000000039b, 1, 7, 1);
1980. *(uint16_t*)0x20000000039c = 8;
1981. *(uint16_t*)0x20000000039e = 2;
1982. *(uint32_t*)0x2000000003a0 = 9;
1983. *(uint16_t*)0x2000000003a4 = 8;
1984. *(uint16_t*)0x2000000003a6 = 2;
1985. *(uint32_t*)0x2000000003a8 = 2;
1986. *(uint16_t*)0x2000000003ac = 0x2c;
1987. STORE_BY_BITMASK(uint16_t, , 0x2000000003ae, 9, 0, 14);
1988. STORE_BY_BITMASK(uint16_t, , 0x2000000003af, 0, 6, 1);
1989. STORE_BY_BITMASK(uint16_t, , 0x2000000003af, 1, 7, 1);
1990. *(uint16_t*)0x2000000003b0 = 8;
1991. *(uint16_t*)0x2000000003b2 = 2;
1992. *(uint32_t*)0x2000000003b4 = 4;
1993. *(uint16_t*)0x2000000003b8 = 8;
1994. *(uint16_t*)0x2000000003ba = 2;
1995. *(uint32_t*)0x2000000003bc = 2;
1996. *(uint16_t*)0x2000000003c0 = 8;
1997. *(uint16_t*)0x2000000003c2 = 1;
1998. *(uint32_t*)0x2000000003c4 = 0xe;
1999. *(uint16_t*)0x2000000003c8 = 8;
2000. *(uint16_t*)0x2000000003ca = 2;
2001. *(uint32_t*)0x2000000003cc = 3;
2002. *(uint16_t*)0x2000000003d0 = 8;
2003. *(uint16_t*)0x2000000003d2 = 1;
2004. *(uint32_t*)0x2000000003d4 = 1;
2005. *(uint64_t*)0x200000000088 = 0x198;
2006. *(uint64_t*)0x2000000000d8 = 1;
2007. *(uint64_t*)0x2000000000e0 = 0;
2008. *(uint64_t*)0x2000000000e8 = 0;
2009. *(uint32_t*)0x2000000000f0 = 0x44000;
2010. syscall(__NR_sendmsg, /*fd=*/r[3], /*msg=*/0x2000000000c0ul,
2011. /*f=MSG_NOSIGNAL|MSG_EOR|0x10000*/ 0x14080ul);
2012. *(uint64_t*)0x200000000200 = 0;
2013. *(uint32_t*)0x200000000208 = 0;
2014. *(uint32_t*)0x20000000020c = 0;
2015. *(uint16_t*)0x200000000210 = 0;
2016. *(uint16_t*)0x200000000212 = 0;
2017. *(uint32_t*)0x200000000214 = -1;
2018. *(uint64_t*)0x200000000218 = 0;
2019. *(uint64_t*)0x200000000220 = 0;
2020. *(uint64_t*)0x200000000228 = 0;
2021. *(uint64_t*)0x200000000230 = 0;
2022. *(uint32_t*)0x200000000238 = 0;
2023. *(uint32_t*)0x20000000023c = -1;
2024. syscall(__NR_io_cancel, /*ctx=*/0ul, /*iocb=*/0x200000000200ul, /*res=*/0ul);
2025. memcpy((void*)0x200000000000, "net/unix\000", 9);
2026. res = -1;
2027. res = syz_open_procfs(/*pid=*/0, /*file=*/0x200000000000);
2028. if (res != -1)
2029. r[4] = res;
2030. memcpy((void*)0x200000001780, "/dev/rtc0\000", 10);
2031. res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
2032. /*file=*/0x200000001780ul, /*flags=*/0, /*mode=*/0);
2033. if (res != -1)
2034. r[5] = res;
2035. syscall(__NR_ioctl, /*fd=*/r[5], /*cmd=*/0x7003, 0);
2036. syscall(__NR_pread64, /*fd=*/r[5], /*buf=*/0x200000000000ul, /*count=*/0x76ul,
2037. /*pos=*/0ul);
2038. syscall(__NR_close_range, /*fd=*/r[4], /*max_fd=*/-1, /*flags=*/0ul);
2039. memcpy((void*)0x200000000000, "/dev/net/tun\000", 13);
2040. res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
2041. /*file=*/0x200000000000ul, /*flags=*/0, /*mode=*/0);
2042. if (res != -1)
2043. r[6] = res;
2044. syscall(__NR_socketpair, /*domain=*/1ul, /*type=SOCK_STREAM*/ 1ul,
2045. /*proto=*/0, /*fds=*/0x200000000040ul);
2046. memcpy((void*)0x2000000000c0, "syzkaller0\000\000\000\000\000\000", 16);
2047. *(uint16_t*)0x2000000000d0 = 2;
2048. syscall(__NR_ioctl, /*fd=*/r[6], /*cmd=*/0x400454ca,
2049. /*arg=*/0x2000000000c0ul);
2050. res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0);
2051. if (res != -1)
2052. r[7] = res;
2053. res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0);
2054. if (res != -1)
2055. r[8] = res;
2056. *(uint16_t*)0x200000000000 = 0xa;
2057. *(uint16_t*)0x200000000002 = htobe16(0x4e22);
2058. *(uint32_t*)0x200000000004 = htobe32(1);
2059. *(uint64_t*)0x200000000008 = htobe64(0);
2060. *(uint64_t*)0x200000000010 = htobe64(1);
2061. *(uint32_t*)0x200000000018 = 0x7f;
2062. syscall(__NR_bind, /*fd=*/r[8], /*addr=*/0x200000000000ul,
2063. /*addrlen=*/0x1cul);
2064. res = syscall(__NR_socket, /*domain=*/0xaul,
2065. /*type=SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_RAW*/ 0x80803ul,
2066. /*proto=*/0x87);
2067. if (res != -1)
2068. r[9] = res;
2069. *(uint16_t*)0x200000000040 = 0xa;
2070. *(uint16_t*)0x200000000042 = htobe16(0);
2071. *(uint32_t*)0x200000000044 = htobe32(0);
2072. *(uint64_t*)0x200000000048 = htobe64(0);
2073. *(uint64_t*)0x200000000050 = htobe64(1);
2074. *(uint32_t*)0x200000000058 = 0;
2075. syscall(__NR_connect, /*fd=*/r[9], /*addr=*/0x200000000040ul,
2076. /*addrlen=*/0x1cul);
2077. *(uint64_t*)0x200000000f80 = 0;
2078. *(uint32_t*)0x200000000f88 = 0;
2079. *(uint64_t*)0x200000000f90 = 0x200000000340;
2080. *(uint64_t*)0x200000000340 = 0x200000000080;
2081. memcpy((void*)0x200000000080, "\xdd\x77\x4f\xb7\x6d\x0d", 6);
2082. *(uint64_t*)0x200000000348 = 6;
2083. *(uint64_t*)0x200000000f98 = 0x27;
2084. *(uint64_t*)0x200000000fa0 = 0x2000000000c0;
2085. *(uint64_t*)0x2000000000c0 = 0x18;
2086. *(uint32_t*)0x2000000000c8 = 0x29;
2087. *(uint32_t*)0x2000000000cc = 0x37;
2088. *(uint8_t*)0x2000000000d0 = 0;
2089. *(uint8_t*)0x2000000000d1 = 0;
2090. memset((void*)0x2000000000d2, 0, 6);
2091. *(uint8_t*)0x2000000000d8 = 0;
2092. *(uint8_t*)0x2000000000d9 = 0;
2093. memcpy(
2094. (void*)0x2000000000da,
2095. "\x7e\x37\x9e\x31\xd0\x5f\x8d\xf4\xef\xb9\x5a\x20\x61\x41\x04\x71\x1d\x14"
2096. "\xfd\x28\x39\xf6\xf4\xe1\x77\xa9\x9d\x32\x18\xcf\x29\x29\x41\xbf\x8d\x56"
2097. "\x4c\x28\x74\x6d\x54\xfa\xb2\xc9\xac\x25\x47\xdf\xc1\x12\x74\xd2\xb6\x93"
2098. "\xba\x62\x29\x84\xae\x27\x8e\x7d\xf6\xdb\x7f\x6a\xc2\xc9\x2a\x58\xc8\xd0"
2099. "\x33\xde\xce\x9a\x13\x19\x8c\xc6\x1a\x44\x83\x4e\x70\x71\xd2\x4d\xeb\x43"
2100. "\x95\x92\xbb\xfa\x2b\xff\x2f\x08\x09\x8a\xfb\xb1\x98\x01",
2101. 104);
2102. *(uint64_t*)0x200000000fa8 = 0x18;
2103. *(uint32_t*)0x200000000fb0 = 0;
2104. *(uint32_t*)0x200000000fb8 = 0;
2105. syscall(__NR_sendmmsg, /*fd=*/r[9], /*mmsg=*/0x200000000f80ul,
2106. /*vlen=*/0x4000000000001edul, /*f=*/0ul);
2107. syscall(__NR_listen, /*fd=*/r[8], /*backlog=*/0);
2108. syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x800000ul,
2109. /*prot=PROT_GROWSDOWN|PROT_WRITE|PROT_EXEC*/ 0x1000006ul,
2110. /*flags=MAP_FIXED|MAP_PRIVATE*/ 0x12ul, /*fd=*/-1, /*offset=*/0ul);
2111. *(uint16_t*)0x200000000280 = 0xa;
2112. *(uint16_t*)0x200000000282 = htobe16(0x4e22);
2113. *(uint32_t*)0x200000000284 = htobe32(0);
2114. *(uint64_t*)0x200000000288 = htobe64(0);
2115. *(uint64_t*)0x200000000290 = htobe64(1);
2116. *(uint32_t*)0x200000000298 = 0;
2117. syscall(__NR_sendto, /*fd=*/r[7], /*buf=*/0ul, /*len=*/0ul,
2118. /*f=MSG_FASTOPEN|MSG_DONTROUTE*/ 0x20000004ul,
2119. /*addr=*/0x200000000280ul, /*addrlen=*/0x1cul);
2120. syscall(__NR_mmap, /*addr=*/0x200000166000ul, /*len=*/0x2000ul, /*prot=*/0ul,
2121. /*flags=MAP_SHARED_VALIDATE|MAP_FIXED*/ 0x13ul, /*fd=*/r[8],
2122. /*offset=*/0ul);
2123. syscall(__NR_sendto, /*fd=*/r[7], /*buf=*/0x2000000005c0ul,
2124. /*len=*/0xe0fffffful, /*f=MSG_DONTWAIT|0x200*/ 0x240ul, /*addr=*/0ul,
2125. /*addrlen=*/0xd8ul);
2126. memcpy((void*)0x20000000b540, "/dev/sg#\000", 9);
2127. res = -1;
2128. res = syz_open_dev(/*dev=*/0x20000000b540, /*id=*/0, /*flags=*/0);
2129. if (res != -1)
2130. r[10] = res;
2131. *(uint32_t*)0x200000000240 = 0x53;
2132. *(uint32_t*)0x200000000244 = 0;
2133. *(uint8_t*)0x200000000248 = 6;
2134. *(uint8_t*)0x200000000249 = 0;
2135. *(uint16_t*)0x20000000024a = 0;
2136. *(uint32_t*)0x20000000024c = 0;
2137. *(uint64_t*)0x200000000250 = 0;
2138. *(uint64_t*)0x200000000258 = 0x200000000100;
2139. memcpy((void*)0x200000000100, "\x2f\xbb\x81\x99\xf8\x33", 6);
2140. *(uint64_t*)0x200000000260 = 0;
2141. *(uint32_t*)0x200000000268 = 0;
2142. *(uint32_t*)0x20000000026c = 0;
2143. *(uint32_t*)0x200000000270 = 0;
2144. *(uint64_t*)0x200000000274 = 0;
2145. *(uint8_t*)0x20000000027c = 0;
2146. *(uint8_t*)0x20000000027d = 0;
2147. *(uint8_t*)0x20000000027e = 0;
2148. *(uint8_t*)0x20000000027f = 0;
2149. *(uint16_t*)0x200000000280 = 0;
2150. *(uint16_t*)0x200000000282 = 0;
2151. *(uint32_t*)0x200000000284 = 0;
2152. *(uint32_t*)0x200000000288 = 0;
2153. *(uint32_t*)0x20000000028c = 0;
2154. syscall(__NR_ioctl, /*fd=*/r[10], /*cmd=*/0x2285, /*arg=*/0x200000000240ul);
2155. memcpy((void*)0x200000000040, "ext4\000", 5);
2156. memcpy((void*)0x2000000000c0, "./file0\000", 8);
2157. *(uint8_t*)0x200000000180 = 0;
2158. memcpy(
2159. (void*)0x200000000800,
2160. "\x78\x9c\xec\xdd\xcd\x6b\x1c\xe5\x1f\x00\xf0\xef\x6c\x92\x26\xbf\xb4\x3f"
2161. "\x13\x41\xd0\x7a\x0a\x08\x1a\xa8\xdd\x98\x1a\x5b\x05\x0f\x15\x0f\x22\x58"
2162. "\x28\xe8\xd9\x74\xd9\x6c\x43\xcd\x26\x5b\xb2\x9b\xd2\x84\x40\x2d\x22\x78"
2163. "\x11\x54\x3c\x08\x7a\xe9\xd9\x97\x7a\xf3\xea\xcb\x55\xff\x0b\x0f\xd2\x52"
2164. "\x35\x2d\x56\x3c\x48\x64\x36\xb3\xed\xb6\xd9\x4d\x13\x9b\x6c\x52\xf7\xf3"
2165. "\x81\xa7\x7d\x9e\x99\x67\xf3\xcc\x77\x9f\x99\x79\x9e\xdd\x19\x76\x02\xe8"
2166. "\x5a\x23\xe9\x3f\xb9\x88\x83\x11\xf1\x41\x12\x31\x94\x2d\x4f\x22\xa2\xaf"
2167. "\x9e\xeb\x8d\x38\xbe\x56\xef\xe6\xca\x72\x31\x4d\x49\xac\xae\xbe\xfe\x5b"
2168. "\x52\xaf\x73\x63\x65\xb9\x18\x4d\xaf\x49\xed\xcf\x0a\x8f\x45\xc4\xf7\xef"
2169. "\x46\x1c\xca\x25\xeb\xda\xad\x2e\x2e\xcd\x14\xca\xe5\xd2\x7c\x56\x1e\xab"
2170. "\xcd\x9e\x1d\xab\x2e\x2e\x1d\x3e\x33\x5b\x98\x2e\x4d\x97\xe6\x8e\x8e\x4f"
2171. "\x4c\x1c\x39\xf6\xdc\xb1\xa3\xdb\x17\xeb\x1f\x3f\x2d\x1d\xb8\xfa\xe1\x2b"
2172. "\x4f\x7d\x75\xfc\xaf\x77\x1e\xbd\xfc\xfe\x0f\x49\x1c\x8f\x03\xd9\xba\xe6"
2173. "\x38\xb6\xcb\x48\x8c\x64\xef\x49\x5f\xfa\x16\xde\xe1\xe5\xed\x6e\x6c\x97"
2174. "\xad\xef\x61\x1e\x04\xb9\x88\xe8\x59\x3b\xca\xe3\x60\x0c\x45\x4f\x3d\x07"
2175. "\x00\xfc\x97\x5d\x88\x88\x55\x00\xa0\xcb\x24\xc6\x7f\x00\xe8\x32\x8d\xef"
2176. "\x01\x6e\xac\x2c\x17\x1b\x69\x77\xbf\x91\xe8\xac\x6b\x2f\x45\xc4\xc0\x5a"
2177. "\xfc\x8d\xeb\x9b\x6b\x6b\x7a\xb3\x6b\x76\x03\xf5\xeb\xa0\x83\x37\x92\x3b"
2178. "\xae\x8c\x24\x11\x31\xbc\x0d\xed\x8f\x44\xc4\x67\xdf\xbc\xf9\x45\x9a\x62"
2179. "\x87\xae\x43\x02\xb4\xf2\xf6\xc5\x88\x38\x35\x3c\xb2\xfe\xfc\x9f\xac\xbb"
2180. "\x67\x61\xab\x9e\xd9\x44\x9d\x91\xbb\xca\xce\x7f\xd0\x39\xdf\xa6\xf3\x9f"
2181. "\xe7\x5b\xcd\xff\x72\xb7\xe6\x3f\xd1\x62\xfe\xd3\xdf\xe2\xd8\xfd\x37\xee"
2182. "\x7d\xfc\xe7\xae\x6c\x43\x33\x6d\xa5\xf3\xbf\x17\x9b\xee\x6d\xbb\xd9\x14"
2183. "\x7f\x66\xb8\x27\x2b\xfd\xbf\x3e\xe7\xeb\x4b\x4e\x9f\x29\x97\xd2\x73\xdb"
2184. "\x43\x11\x31\x1a\x7d\xfd\x69\x79\x7c\x83\x36\x46\xaf\xff\x7d\xbd\xdd\xba"
2185. "\xe6\xf9\xdf\xef\x1f\xbd\xf5\x79\xda\x7e\xfa\xff\xed\x1a\xb9\x2b\xbd\xfd"
2186. "\x77\xbe\x66\xaa\x50\x2b\xdc\x4f\xcc\xcd\xae\x5d\x8c\x78\xbc\xb7\x55\xfc"
2187. "\xc9\xad\xfe\x4f\xda\xcc\x7f\x4f\x6e\xb2\x8d\x57\x5f\x78\xef\xd3\x76\xeb"
2188. "\xd2\xf8\xd3\x78\x1b\x69\x7d\xfc\x3b\x6b\xf5\x52\xc4\x93\x2d\xfb\xff\xf6"
2189. "\x1d\x6d\xc9\x86\xf7\x27\x8e\xd5\x77\x87\xb1\xc6\x4e\xd1\xc2\xd7\x3f\x7f"
2190. "\x32\xd8\xae\xfd\xe6\xfe\x4f\x53\xda\x7e\xe3\xb3\x40\x27\xa4\xfd\x3f\xb8"
2191. "\x71\xfc\xc3\x49\xf3\xfd\x9a\xd5\xad\xb7\xf1\xe3\xa5\xa1\xef\xda\xad\x6b"
2192. "\x19\xff\x85\xe6\x1a\xad\xf7\xff\x7d\xc9\x1b\xf5\xfc\xbe\x6c\xd9\xf9\x42"
2193. "\xad\x36\x3f\x1e\xb1\x2f\x79\x6d\xfd\xf2\x23\xb7\x5f\xdb\x28\x37\xea\xa7"
2194. "\xf1\x8f\x3e\xd1\xfa\xf8\xdf\x68\xff\x4f\x3f\x13\x9e\xda\x64\xfc\xbd\x57"
2195. "\x7f\xfd\x72\x4b\xf1\x77\xb8\xff\xa7\xb6\xd4\xff\x5b\xcf\x5c\xbe\x39\xd3"
2196. "\xd3\xae\xfd\x7b\xc7\x9f\xf6\xff\x44\x3d\x37\x9a\x2d\xd9\xcc\xf9\x6f\xb3"
2197. "\x1b\x78\x3f\xef\x1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2198. "\x00\x00\x00\x00\x00\x00\x6c\x56\x2e\x22\x0e\x44\x92\xcb\xdf\xca\xe7\x72"
2199. "\xf9\xfc\xda\x33\xbc\x1f\x89\xc1\x5c\xb9\x52\xad\x1d\x3a\x5d\x59\x98\x9b"
2200. "\x8a\xfa\xb3\xb2\x87\xa3\x2f\xd7\xf8\xa9\xcb\xa1\xa6\xdf\x43\x1d\xcf\x7e"
2201. "\x0f\xbf\x51\x3e\x72\x57\xf9\xd9\x88\x78\x38\x22\x3e\xee\xff\x5f\xbd\x9c"
2202. "\x2f\x56\xca\x53\xbb\x1d\x3c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2203. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2204. "\x00\x00\x64\xf6\xb7\x79\xfe\x7f\xea\x97\xfe\xdd\xde\x3a\x00\x60\xc7\x0c"
2205. "\xec\xf6\x06\x00\x00\x1d\x67\xfc\x07\x80\xee\x63\xfc\x07\x80\xee\x63\xfc"
2206. "\x07\x80\xee\x63\xfc\x07\x80\xee\x63\xfc\x07\x00\x00\x00\x00\x00\x00\x00"
2207. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2208. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2209. "\x00\x00\x00\x00\x00\x00\x00\x60\x87\x9d\x3c\x71\x22\x4d\xab\x7f\xae\x2c"
2210. "\x17\xd3\xf2\xd4\xb9\xc5\x85\x99\xca\xb9\xc3\x53\xa5\xea\x4c\x7e\x76\xa1"
2211. "\x98\x2f\x56\xe6\xcf\xe6\xa7\x2b\x95\xe9\x72\x29\x5f\xac\xcc\xde\xeb\xef"
2212. "\x95\x2b\x95\xb3\x13\x31\xb7\x70\x7e\xac\x56\xaa\xd6\xc6\xaa\x8b\x4b\x93"
2213. "\xb3\x95\x85\xb9\xda\xe4\x99\xd9\xc2\x74\x69\xb2\xd4\xd7\x91\xa8\x00\x00"
2214. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2215. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x60\x6b\xaa\x8b\x4b\x33\x85"
2216. "\x72\xb9\x34\xdf\x9d\x99\x81\xd8\x13\x9b\x21\xd3\xc1\xcc\xe4\xe8\xd3\xc9"
2217. "\x1e\xd8\x8c\xbd\x9e\xd9\xed\x33\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2218. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2219. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2220. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2221. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2222. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2223. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2224. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2225. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2226. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2227. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2228. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2229. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2230. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2231. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2232. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2233. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2234. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2235. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2236. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2237. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2238. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2239. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2240. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2241. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2242. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2243. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2244. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2245. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2246. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2247. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2248. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2249. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2250. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2251. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2252. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2253. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2254. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2255. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2256. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2257. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2258. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2259. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2260. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2261. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2262. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2263. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2264. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2265. "\xc0\x83\xe1\x9f\x00\x00\x00\xff\xff\x4a\x6a\x27\x06",
2266. 1903);
2267. res = -1;
2268. res = syz_mount_image(
2269. /*fs=*/0x200000000040, /*dir=*/0x2000000000c0,
2270. /*flags=MS_SYNCHRONOUS|MS_NOSUID|MS_NODIRATIME|MS_NOATIME*/ 0xc12,
2271. /*opts=*/0x200000000180, /*chdir=*/1, /*size=*/0x76f,
2272. /*img=*/0x200000000800);
2273. if (res != -1)
2274. r[11] = res;
2275. *(uint8_t*)0x200000000040 = 0;
2276. syscall(__NR_prctl, /*option=*/0x3bul, /*mode=*/1ul, /*offset=*/0ul,
2277. /*len=*/0ul, /*selector=*/0x200000000040ul);
2278. syscall(__NR_syslog, /*cmd=*/0ul, /*buf=*/0ul, /*len=*/0ul);
2279. memcpy((void*)0x200000000100, "memory.events.local\000", 20);
2280. res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000100ul,
2281. /*flags=*/0x275a, /*mode=*/0);
2282. if (res != -1)
2283. r[12] = res;
2284. memcpy((void*)0x200000000080, "./file0\000", 8);
2285. syscall(__NR_open, /*file=*/0x200000000080ul,
2286. /*flags=O_NOCTTY|O_DIRECTORY|O_DIRECT|O_CREAT|0x3000*/ 0x17140ul,
2287. /*mode=S_IWOTH|S_IROTH|S_IXUSR|S_IWUSR*/ 0xc6ul);
2288. res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
2289. if (res != -1)
2290. r[13] = res;
2291. res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
2292. if (res != -1)
2293. r[14] = res;
2294. memcpy((void*)0x200000000000,
2295. "lo\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16);
2296. res = syscall(__NR_ioctl, /*fd=*/r[14], /*cmd=*/0x8933,
2297. /*arg=*/0x200000000000ul);
2298. if (res != -1)
2299. r[15] = *(uint32_t*)0x200000000010;
2300. memcpy((void*)0x200000000140,
2301. "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
2302. *(uint64_t*)0x200000000150 = 0x200000000340;
2303. memcpy((void*)0x200000000340, "ip_vti0\000\000\000\000\000\000\000\000\000",
2304. 16);
2305. *(uint32_t*)0x200000000350 = r[15];
2306. *(uint16_t*)0x200000000354 = htobe16(0);
2307. *(uint16_t*)0x200000000356 = htobe16(0);
2308. *(uint32_t*)0x200000000358 = htobe32(0);
2309. *(uint32_t*)0x20000000035c = htobe32(0);
2310. STORE_BY_BITMASK(uint8_t, , 0x200000000360, 5, 0, 4);
2311. STORE_BY_BITMASK(uint8_t, , 0x200000000360, 4, 4, 4);
2312. STORE_BY_BITMASK(uint8_t, , 0x200000000361, 0, 0, 2);
2313. STORE_BY_BITMASK(uint8_t, , 0x200000000361, 0, 2, 6);
2314. *(uint16_t*)0x200000000362 = htobe16(0x14);
2315. *(uint16_t*)0x200000000364 = htobe16(0);
2316. *(uint16_t*)0x200000000366 = htobe16(0);
2317. *(uint8_t*)0x200000000368 = 0;
2318. *(uint8_t*)0x200000000369 = 0;
2319. *(uint16_t*)0x20000000036a = htobe16(0);
2320. *(uint32_t*)0x20000000036c = htobe32(0);
2321. *(uint32_t*)0x200000000370 = htobe32(0);
2322. struct csum_inet csum_1;
2323. csum_inet_init(&csum_1);
2324. csum_inet_update(&csum_1, (const uint8_t*)0x200000000360, 20);
2325. *(uint16_t*)0x20000000036a = csum_inet_digest(&csum_1);
2326. syscall(__NR_ioctl, /*fd=*/r[13], /*cmd=*/0x89f0, /*arg=*/0x200000000140ul);
2327. syscall(__NR_write, /*fd=*/r[12], /*data=*/0x200000000280ul, /*len=*/0x2bul);
2328. memcpy((void*)0x2000000005c0, "./bus\000", 6);
2329. res = syscall(
2330. __NR_open, /*file=*/0x2000000005c0ul,
2331. /*flags=O_SYNC|O_NONBLOCK|O_NOATIME|O_DIRECT|O_CREAT|0x2*/ 0x145842ul,
2332. /*mode=*/0ul);
2333. if (res != -1)
2334. r[16] = res;
2335. *(uint64_t*)0x200000000240 = 0x200000000000;
2336. memset((void*)0x200000000000, 133, 1);
2337. *(uint64_t*)0x200000000248 = 0xa000;
2338. syscall(__NR_pwritev2, /*fd=*/r[16], /*vec=*/0x200000000240ul, /*vlen=*/1ul,
2339. /*off_low=*/0x1400, /*off_high=*/0,
2340. /*flags=RWF_HIPRI|RWF_DSYNC*/ 3ul);
2341. syscall(__NR_ioctl, /*fd=*/r[11], /*cmd=*/2, /*arg=*/0x200000000140ul);
2342. memcpy((void*)0x200000000100, "./file0\000", 8);
2343. syscall(__NR_mkdir, /*path=*/0x200000000100ul, /*mode=*/0ul);
2344. memcpy((void*)0x200000027000, "./file0\000", 8);
2345. memcpy((void*)0x200000000040, "devpts\000", 7);
2346. syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000027000ul,
2347. /*type=*/0x200000000040ul, /*flags=*/0ul, /*data=*/0ul);
2348. memcpy((void*)0x2000000000c0, "./file0\000", 8);
2349. syscall(__NR_chroot, /*dir=*/0x2000000000c0ul);
2350. *(uint64_t*)0x200000000680 = 0;
2351. *(uint32_t*)0x200000000688 = 0x21;
2352. *(uint32_t*)0x20000000068c = 0;
2353. *(uint32_t*)0x200000000690 = 0;
2354. syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000680ul,
2355. /*timerid=*/0x200000000100ul);
2356. memcpy((void*)0x200000000040, ".\000", 2);
2357. res = syscall(__NR_open, /*file=*/0x200000000040ul, /*flags=*/0ul,
2358. /*mode=*/0ul);
2359. if (res != -1)
2360. r[17] = res;
2361. memcpy((void*)0x200000000240, "./file0\000", 8);
2362. syscall(__NR_mknodat, /*dirfd=*/r[17], /*file=*/0x200000000240ul,
2363. /*mode=S_IFIFO|0x2*/ 0x1002ul, /*dev=*/0x700);
2364. syscall(__NR_close_range, /*fd=*/r[17], /*max_fd=*/r[17],
2365. /*flags=CLOSE_RANGE_UNSHARE*/ 2ul);
2366. memcpy((void*)0x200000000080, "./file0\000", 8);
2367. syscall(__NR_open, /*file=*/0x200000000080ul,
2368. /*flags=O_EXCL|O_DIRECT|FASYNC|O_RDWR*/ 0x6082ul,
2369. /*mode=S_IWOTH|S_IRUSR*/ 0x102ul);
2370. *(uint64_t*)0x20000006b000 = 0;
2371. *(uint64_t*)0x20000006b008 = 8;
2372. *(uint64_t*)0x20000006b010 = 0;
2373. *(uint64_t*)0x20000006b018 = 9;
2374. syscall(__NR_timer_settime, /*timerid=*/0, /*flags=*/0ul,
2375. /*new=*/0x20000006b000ul, /*old=*/0ul);
2376. memcpy((void*)0x200000000ac0, "./file0\000", 8);
2377. memcpy((void*)0x200000000a80, "securityfs\000", 11);
2378. syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000ac0ul,
2379. /*type=*/0x200000000a80ul, /*flags=*/0ul, /*data=*/0ul);
2380. memcpy((void*)0x200000001980, "keyring\000", 8);
2381. memcpy((void*)0x2000000019c0, "syz", 3);
2382. *(uint8_t*)0x2000000019c3 = 0x21;
2383. *(uint8_t*)0x2000000019c4 = 0;
2384. res = syscall(__NR_add_key, /*type=*/0x200000001980ul,
2385. /*desc=*/0x2000000019c0ul, /*payload=*/0ul, /*paylen=*/0ul,
2386. /*keyring=*/0xfffffffe);
2387. if (res != -1)
2388. r[18] = res;
2389. syscall(__NR_keyctl, /*code=*/0x1dul, /*keyring=*/r[18], /*type=*/0ul,
2390. /*restriction=*/0ul, 0);
2391. memcpy((void*)0x200000000180, "keyring\000", 8);
2392. memcpy((void*)0x2000000001c0, "syz", 3);
2393. *(uint8_t*)0x2000000001c3 = 0x23;
2394. *(uint8_t*)0x2000000001c4 = 0;
2395. syscall(__NR_add_key, /*type=*/0x200000000180ul, /*desc=*/0x2000000001c0ul,
2396. /*payload=*/0ul, /*paylen=*/0ul, /*keyring=*/r[18]);
2397. *(uint64_t*)0x200000000000 = 0;
2398. res = syscall(__NR_signalfd4, /*fd=*/-1, /*mask=*/0x200000000000ul,
2399. /*size=*/8ul, /*flags=*/0ul);
2400. if (res != -1)
2401. r[19] = res;
2402. memcpy((void*)0x200000001100, "./bus\000", 6);
2403. res = syscall(
2404. __NR_open, /*file=*/0x200000001100ul,
2405. /*flags=O_TRUNC|O_SYNC|O_NOATIME|O_LARGEFILE|O_DIRECT|O_CREAT|0x3e*/
2406. 0x14d27eul, /*mode=*/0ul);
2407. if (res != -1)
2408. r[20] = res;
2409. memcpy((void*)0x200000000040, "./bus\000", 6);
2410. memcpy((void*)0x200000000080, "9p\000", 3);
2411. memcpy((void*)0x200000000b80, "trans=fd,rfdno=", 15);
2412. sprintf((char*)0x200000000b8f, "0x%016llx", (long long)r[20]);
2413. memcpy((void*)0x200000000ba1, ",wfdno=", 7);
2414. sprintf((char*)0x200000000ba8, "0x%016llx", (long long)r[19]);
2415. syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000040ul,
2416. /*type=*/0x200000000080ul, /*flags=*/0ul, /*opts=*/0x200000000b80ul);
2417. syz_io_uring_setup(/*entries=*/0xba7, /*params=*/0, /*ring_ptr=*/0,
2418. /*sqes_ptr=*/0);
2419. memcpy((void*)0x200000000080, "./file0\000", 8);
2420. memcpy((void*)0x2000000000c0, "./file0\000", 8);
2421. syscall(__NR_pivot_root, /*new_root=*/0x200000000080ul,
2422. /*put_old=*/0x2000000000c0ul);
2423. *(uint64_t*)0x200000000000 = 0x200000000280;
2424. *(uint32_t*)0x200000000008 = 0;
2425. *(uint64_t*)0x200000000010 = 0x1000;
2426. syscall(__NR_sigaltstack, /*ss=*/0x200000000000ul, /*oss=*/0ul);
2427. *(uint32_t*)0x200000000004 = 0;
2428. *(uint32_t*)0x200000000008 = 0;
2429. *(uint32_t*)0x20000000000c = 0;
2430. *(uint32_t*)0x200000000010 = 0;
2431. *(uint32_t*)0x200000000018 = -1;
2432. memset((void*)0x20000000001c, 0, 12);
2433. res = syscall(__NR_io_uring_setup, /*entries=*/0x6e2a,
2434. /*params=*/0x200000000000ul);
2435. if (res != -1)
2436. r[21] = res;
2437. syscall(__NR_getrandom, /*buf=*/0x200000000440ul,
2438. /*len=*/0x7591fcc76eda37b7ul, /*flags=*/0ul);
2439. memcpy((void*)0x200000000000, "blkio.throttle.io_serviced_recursive\000", 37);
2440. res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000000ul,
2441. /*flags=*/0x275a, /*mode=*/0);
2442. if (res != -1)
2443. r[22] = res;
2444. memcpy((void*)0x200000000400, "#! ", 3);
2445. *(uint8_t*)0x200000000403 = 0xa;
2446. syscall(__NR_write, /*fd=*/r[22], /*data=*/0x200000000400ul,
2447. /*len=*/0x6db6e571ul);
2448. syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x400000ul,
2449. /*prot=PROT_READ*/ 1ul,
2450. /*flags=MAP_NONBLOCK|MAP_FIXED|MAP_PRIVATE*/ 0x10012ul, /*fd=*/r[22],
2451. /*offset=*/0ul);
2452. *(uint32_t*)0x200000000100 = 0;
2453. *(uint32_t*)0x200000000104 = 0;
2454. *(uint64_t*)0x200000000108 = 0;
2455. *(uint64_t*)0x200000000110 = 0;
2456. *(uint64_t*)0x200000000118 = 0;
2457. syscall(__NR_io_uring_register, /*fd=*/r[21], /*opcode=*/0xeul,
2458. /*arg=*/0x200000000100ul, /*size=*/0x20ul);
2459. *(uint64_t*)0x200000000680 = 0;
2460. *(uint32_t*)0x200000000688 = 0x21;
2461. *(uint32_t*)0x20000000068c = 0;
2462. *(uint64_t*)0x200000000690 = 0;
2463. *(uint64_t*)0x200000000698 = 0;
2464. syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000680ul,
2465. /*timerid=*/0x200000000100ul);
2466. *(uint64_t*)0x20000006b000 = 0;
2467. *(uint64_t*)0x20000006b008 = 8;
2468. *(uint64_t*)0x20000006b010 = 0x77359400;
2469. *(uint64_t*)0x20000006b018 = 0;
2470. syscall(__NR_timer_settime, /*timerid=*/0, /*flags=*/0ul,
2471. /*new=*/0x20000006b000ul, /*old=*/0ul);
2472. memcpy((void*)0x2000000000c0, "/dev/sg#\000", 9);
2473. res = -1;
2474. res = syz_open_dev(/*dev=*/0x2000000000c0, /*id=*/0, /*flags=*/0);
2475. if (res != -1)
2476. r[23] = res;
2477. syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x3000ul, /*prot=*/0ul,
2478. /*flags=MAP_FIXED|MAP_PRIVATE*/ 0x12ul, /*fd=*/r[23], /*offset=*/0ul);
2479. syscall(__NR_ioctl, /*fd=*/r[23], /*cmd=*/0x2285, /*arg=*/0ul);
2480. res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
2481. if (res != -1)
2482. r[24] = res;
2483. res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
2484. if (res != -1)
2485. r[25] = res;
2486. memcpy((void*)0x200000000100, "nl80211\000", 8);
2487. res = -1;
2488. res = syz_genetlink_get_family_id(/*name=*/0x200000000100, /*fd=*/-1);
2489. if (res != -1)
2490. r[26] = res;
2491. *(uint64_t*)0x2000000002c0 = 0;
2492. *(uint32_t*)0x2000000002c8 = 0;
2493. *(uint64_t*)0x2000000002d0 = 0x200000000300;
2494. *(uint64_t*)0x200000000300 = 0x200000000380;
2495. memcpy((void*)0x200000000380, ",\000\000\000", 4);
2496. *(uint16_t*)0x200000000384 = r[26];
2497. memcpy((void*)0x200000000386,
2498. "\x8b\x33\x00\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x08\x00\x03"
2499. "\x00",
2500. 18);
2501. *(uint32_t*)0x200000000398 = 0;
2502. memcpy(
2503. (void*)0x20000000039c,
2504. "\xfe\x07\x48\xe2\x77\x53\x38\x9f\x5f\x5f\x6e\x89\x39\xe6\xbc\x1c\xf1\xce"
2505. "\x2d\xb3\x55\xe2\x82\x24\x20\xc4\x21\x94\x10\x3d\x02\x12\xa8\xca\x67\xfe"
2506. "\x35\x7e\x3b\x49\x7b\x3b\xe2\xbd\x85\x95\x51\x51\x9b\x36\xbf\xa3\xa9\x6c"
2507. "\x67\xb1\x40\x13\x72\xd5\x87\x56\x81\x00\x71\x3d\xe9\x4b\x01\xe3\x55\x60"
2508. "\xf1\xaa\x1a\x56\xe3\xd6\x3c\xec\x39\xc1\xab\x8c\x02\xe4\xec\x6a\xa3\x3c"
2509. "\x0f\x12\xb7\x2e\x46\x44\xca\x29\xfa\x4d\x2f\x1f\x92\xfb\x0e\x0c\xd7\x3e"
2510. "\x1e\x79\x46\x52\x8e\x15\x7b\xc2\xa1\xf1\x6c\x3a\xdd\x11\x42\xcd\xbf\x71"
2511. "\x88\xf2\x18\x68\x7e\x4e\x15\x15\x0d\x68\x41\xcd\xe1\x31\x2c\x8c\x79\x29"
2512. "\x8e\x94\x3e\x45\x08\x7f\x90\xf9\xe2\xc4\xe9\x28\x59\x9f\x69\x2d",
2513. 160);
2514. *(uint64_t*)0x200000000308 = 0x2c;
2515. *(uint64_t*)0x2000000002d8 = 1;
2516. *(uint64_t*)0x2000000002e0 = 0;
2517. *(uint64_t*)0x2000000002e8 = 0;
2518. *(uint32_t*)0x2000000002f0 = 0x8000;
2519. syscall(__NR_sendmsg, /*fd=*/r[25], /*msg=*/0x2000000002c0ul, /*f=*/0ul);
2520. memcpy((void*)0x2000000000c0,
2521. "wlan1\000\000\000\000\000\000\000\000\000\000\000", 16);
2522. res =
2523. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8933, /*arg=*/0x2000000000c0ul);
2524. if (res != -1)
2525. r[27] = *(uint32_t*)0x2000000000d0;
2526. *(uint64_t*)0x2000000001c0 = 0x200000000080;
2527. *(uint16_t*)0x200000000080 = 0x10;
2528. *(uint16_t*)0x200000000082 = 0;
2529. *(uint32_t*)0x200000000084 = 0;
2530. *(uint32_t*)0x200000000088 = 0;
2531. *(uint32_t*)0x2000000001c8 = 0xc;
2532. *(uint64_t*)0x2000000001d0 = 0x200000000180;
2533. *(uint64_t*)0x200000000180 = 0x200000000100;
2534. memcpy((void*)0x200000000100, "\xb9\x06\x00\x00", 4);
2535. *(uint16_t*)0x200000000104 = r[26];
2536. memcpy((void*)0x200000000106,
2537. "\x00\x01\x2b\xbd\x70\x00\xfd\xdb\xdf\x25\x54\x00\x00\x00\x08\x00\x03"
2538. "\x00",
2539. 18);
2540. *(uint32_t*)0x200000000118 = r[27];
2541. memcpy((void*)0x20000000011c,
2542. "\x0a\x00\x06\x00\x08\x02\x11\x00\x00\x01\x00\x00\x0a\x00\x06\x00\x07"
2543. "\xff\xff\xff\xff\xff\x00\x00\x0a\x00\x06\x00\x08\x02\x11\x00\x00\x00"
2544. "\x00\x00\x0a\x00\x06\x00\x08\x02\x11\x00\x00\x00\x00\x00\x0a\x00\x06"
2545. "\x00\x08\x02\x11\x00\xa8\x22\x00\x00\x0a\x00\x06\x00\xff\xff\xff\xff"
2546. "\xff\xff\x00\x00\x0a\x00\x06\x00\x08\x02\x11\x00\x00\x01\x00\x00\x0a"
2547. "\x00\x06\x00\xff\xff\xff\xff\xff\xff\x00\x00",
2548. 96);
2549. *(uint64_t*)0x200000000188 = 0x7c;
2550. *(uint64_t*)0x2000000001d8 = 1;
2551. *(uint64_t*)0x2000000001e0 = 0;
2552. *(uint64_t*)0x2000000001e8 = 0;
2553. *(uint32_t*)0x2000000001f0 = 0x804;
2554. syscall(__NR_sendmsg, /*fd=*/r[24], /*msg=*/0x2000000001c0ul,
2555. /*f=MSG_ZEROCOPY|MSG_BATCH|MSG_MORE|MSG_DONTROUTE*/ 0x4048004ul);
2556. syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6);
2557. syscall(__NR_ftruncate, /*fd=*/-1, /*len=*/0ul);
2558. memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15);
2559. res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
2560. /*file=*/0x200000000000ul, /*flags=*/0, 0);
2561. if (res != -1)
2562. r[28] = res;
2563. *(uint32_t*)0x2000000001c0 = 1;
2564. *(uint32_t*)0x2000000001c4 = 0;
2565. *(uint32_t*)0x2000000001c8 = 0;
2566. *(uint32_t*)0x2000000001cc = 0;
2567. *(uint32_t*)0x2000000001d0 = 0;
2568. memset((void*)0x2000000001d4, 0, 32);
2569. syscall(__NR_ioctl, /*fd=*/r[28], /*cmd=*/0x40345410,
2570. /*arg=*/0x2000000001c0ul);
2571. syscall(__NR_ioctl, /*fd=*/r[28], /*cmd=*/0x54a0, 0);
2572. *(uint32_t*)0x200000000040 = 4;
2573. *(uint32_t*)0x200000000044 = 9;
2574. *(uint32_t*)0x200000000048 = 0;
2575. *(uint32_t*)0x20000000004c = 0;
2576. *(uint32_t*)0x200000000050 = 0;
2577. memset((void*)0x200000000054, 0, 60);
2578. syscall(__NR_ioctl, /*fd=*/r[28], /*cmd=*/0x40505412,
2579. /*arg=*/0x200000000040ul);
2580. syscall(__NR_sendfile, /*fdout=*/-1, /*fdin=*/-1, /*off=*/0ul, /*count=*/5ul);
2581. syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
2582. syscall(__NR_shmat, /*shmid=*/0, /*addr=*/0x200000000000ul,
2583. /*flags=SHM_RDONLY|SHM_RND*/ 0x3000ul);
2584. syscall(__NR_shmdt, /*addr=*/0ul);
2585. syscall(__NR_mlockall, /*flags=*/0ul);
2586. syscall(__NR_shmat, /*shmid=*/0, /*addr=*/0x2000000ff000ul, /*flags=*/0ul);
2587. syscall(__NR_mlockall, /*flags=*/0ul);
2588. res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0);
2589. if (res != -1)
2590. r[29] = res;
2591. *(uint32_t*)0x2000000000c0 = 1;
2592. syscall(__NR_setsockopt, /*fd=*/r[29], /*level=*/6,
2593. /*optname=TCP_THIN_LINEAR_TIMEOUTS|TCP_CORK*/ 0x13,
2594. /*optval=*/0x2000000000c0ul, /*optlen=*/4ul);
2595. *(uint16_t*)0x200000000080 = 2;
2596. *(uint16_t*)0x200000000082 = htobe16(0x4e21);
2597. *(uint8_t*)0x200000000084 = 0xac;
2598. *(uint8_t*)0x200000000085 = 0x14;
2599. *(uint8_t*)0x200000000086 = 0x14;
2600. *(uint8_t*)0x200000000087 = 0xaa;
2601. syscall(__NR_bind, /*fd=*/r[29], /*addr=*/0x200000000080ul,
2602. /*addrlen=*/0x10ul);
2603. *(uint32_t*)0x200000000140 = 2;
2604. syscall(__NR_setsockopt, /*fd=*/r[29], /*level=*/6, /*optname=*/0x14,
2605. /*optval=*/0x200000000140ul, /*optlen=*/4ul);
2606. syscall(__NR_setsockopt, /*fd=*/-1, /*level=*/6,
2607. /*optname=TCP_FASTOPEN*/ 0x17, /*optval=*/0ul, /*optlen=*/0ul);
2608. *(uint16_t*)0x200000000180 = 2;
2609. *(uint16_t*)0x200000000182 = htobe16(0x4e21);
2610. *(uint8_t*)0x200000000184 = 0xac;
2611. *(uint8_t*)0x200000000185 = 0x14;
2612. *(uint8_t*)0x200000000186 = 0x14;
2613. *(uint8_t*)0x200000000187 = 0xaa;
2614. syscall(__NR_connect, /*fd=*/r[29], /*addr=*/0x200000000180ul,
2615. /*addrlen=*/0x10ul);
2616. *(uint64_t*)0x200000000d80 = 0;
2617. *(uint32_t*)0x200000000d88 = 0;
2618. *(uint64_t*)0x200000000d90 = 0x200000000240;
2619. *(uint64_t*)0x200000000240 = 0x200000000200;
2620. memset((void*)0x200000000200, 161, 1);
2621. *(uint64_t*)0x200000000248 = 1;
2622. *(uint64_t*)0x200000000d98 = 1;
2623. *(uint64_t*)0x200000000da0 = 0;
2624. *(uint64_t*)0x200000000da8 = 0;
2625. *(uint32_t*)0x200000000db0 = 0;
2626. *(uint32_t*)0x200000000db8 = 0;
2627. syscall(__NR_sendmmsg, /*fd=*/r[29], /*mmsg=*/0x200000000d80ul, /*vlen=*/1ul,
2628. /*f=MSG_BATCH|MSG_OOB|MSG_EOR|MSG_DONTWAIT*/ 0x400c1ul);
2629. memset((void*)0x200000000280, 169, 1);
2630. syscall(__NR_sendto, /*fd=*/r[29], /*buf=*/0x200000000280ul, /*len=*/1ul,
2631. /*f=*/0ul, /*addr=*/0ul, /*addrlen=*/0ul);
2632. syscall(__NR_fcntl, /*fd=*/-1, /*cmd=*/9ul, 0);
2633. res = syscall(__NR_fcntl, /*fd=*/-1, /*cmd=*/9ul, 0);
2634. if (res != -1)
2635. r[30] = res;
2636. syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6);
2637. memcpy((void*)0x200000000100, "status\000", 7);
2638. res = -1;
2639. res = syz_open_procfs(/*pid=*/r[30], /*file=*/0x200000000100);
2640. if (res != -1)
2641. r[31] = res;
2642. syscall(__NR_read, /*fd=*/r[31], /*data=*/0x200000000040ul, /*len=*/0x82ul);
2643. memcpy((void*)0x200000000140, "./file0\000", 8);
2644. syscall(__NR_mkdir, /*path=*/0x200000000140ul, /*mode=*/0ul);
2645. memcpy((void*)0x200000000000, "./file0\000", 8);
2646. memcpy((void*)0x200000000040, "ramfs\000", 6);
2647. syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000000ul,
2648. /*type=*/0x200000000040ul, /*flags=*/0ul, /*data=*/0ul);
2649. memcpy((void*)0x200000000280, "./file0\000", 8);
2650. syscall(__NR_chdir, /*dir=*/0x200000000280ul);
2651. memcpy((void*)0x200000000280, "./file0\000", 8);
2652. syscall(__NR_chdir, /*dir=*/0x200000000280ul);
2653. memcpy((void*)0x200000000240, "./file0\000", 8);
2654. syscall(__NR_creat, /*file=*/0x200000000240ul, /*mode=*/0ul);
2655. memcpy((void*)0x200000000000, "./file0\000", 8);
2656. syscall(__NR_truncate, /*file=*/0x200000000000ul, /*len=*/0ul);
2657. memcpy((void*)0x200000000000, "./file0\000", 8);
2658. syscall(__NR_truncate, /*file=*/0x200000000000ul, /*len=*/0ul);
2659. memcpy((void*)0x200000000000,
2660. "\xac\x4b\x28\xa7\x1a\xaf\xfb\x12\xdc\x0f\xdf\xd1\x01\x0c\x24\x42\x31"
2661. "\xf4\x54\x5d\xc1\x18\x69\xa4\x8a\xab\xc0\xda\xae\x45\x25\x83\x45\x4e"
2662. "\x48\x9c\x68\x12\xdc\x2f\x0b\x3d\x86\x69\xb4\x1b\x16\x3b\xdc\xd0\xc2"
2663. "\x81\x33\xbf\xdc\xf1\x95\xa4\xb1\x38",
2664. 60);
2665. syscall(__NR_sendto, /*fd=*/r[31], /*buf=*/0x200000000000ul, /*len=*/0x3cul,
2666. /*f=MSG_CONFIRM*/ 0x800ul, /*addr=*/0ul, /*addrlen=*/0ul);
2667. *(uint8_t*)0x200000000040 = 0;
2668. syscall(__NR_prctl, /*option=*/0x3bul, /*mode=*/1ul, /*offset=*/0ul,
2669. /*len=*/0ul, /*selector=*/0x200000000040ul);
2670. memcpy((void*)0x2000000001c0, "./file0\000", 8);
2671. syscall(__NR_mkdir, /*path=*/0x2000000001c0ul, /*mode=*/0ul);
2672. for (int i = 0; i < 64; i++) {
2673. syscall(__NR_mkdir, /*path=*/0x2000000001c0ul, /*mode=*/0ul);
2674. }
2675. memcpy((void*)0x200000000100, "./file0\000", 8);
2676. res = syscall(__NR_open, /*file=*/0x200000000100ul, /*flags=*/0ul,
2677. /*mode=*/0ul);
2678. for (int i = 0; i < 64; i++) {
2679. syscall(__NR_open, /*file=*/0x200000000100ul, /*flags=*/0ul, /*mode=*/0ul);
2680. }
2681. if (res != -1)
2682. r[32] = res;
2683. syscall(__NR_getdents64, /*fd=*/r[32], /*ent=*/0x200000000000ul,
2684. /*count=*/0xf3ul);
2685. memcpy((void*)0x200000000040, "ext4\000", 5);
2686. memcpy((void*)0x200000000100, "./file1\000", 8);
2687. memcpy((void*)0x200000000240, "inode_readahead_blks", 20);
2688. *(uint8_t*)0x200000000254 = 0x3d;
2689. sprintf((char*)0x200000000255, "0x%016llx", (long long)0);
2690. *(uint8_t*)0x200000000267 = 0x2c;
2691. memcpy((void*)0x200000000268, "errors=continue", 15);
2692. *(uint8_t*)0x200000000277 = 0x2c;
2693. memcpy((void*)0x200000000278, "inlinecrypt", 11);
2694. *(uint8_t*)0x200000000283 = 0x2c;
2695. memcpy((void*)0x200000000284, "dioread_nolock", 14);
2696. *(uint8_t*)0x200000000292 = 0x2c;
2697. memcpy((void*)0x200000000293, "max_batch_time", 14);
2698. *(uint8_t*)0x2000000002a1 = 0x3d;
2699. sprintf((char*)0x2000000002a2, "0x%016llx", (long long)8);
2700. *(uint8_t*)0x2000000002b4 = 0x2c;
2701. memcpy((void*)0x2000000002b5, "nombcache", 9);
2702. *(uint8_t*)0x2000000002be = 0x2c;
2703. *(uint8_t*)0x2000000002bf = 0;
2704. memcpy(
2705. (void*)0x2000000004c0,
2706. "\x78\x9c\xec\xdb\xcd\x6f\x1b\x45\x1b\x00\xf0\x67\xd7\x71\xfb\xf6\xeb\x4d"
2707. "\x28\xe5\xa3\xa5\x80\xa1\x20\x22\x3e\x92\x26\x2d\xd0\x03\x17\x10\x48\x1c"
2708. "\x40\x42\x82\x43\x39\x86\x24\xad\x4a\xdd\x06\x35\x41\xa2\x55\x05\x05\xa1"
2709. "\x72\x44\x45\xdc\x11\x47\x24\xfe\x02\x4e\x70\x41\xc0\x09\x89\x2b\xdc\x51"
2710. "\xa5\x0a\xf5\xd2\x8a\x93\xd1\xda\xbb\x89\xe3\xda\x21\x4e\xec\xb8\xd4\xbf"
2711. "\x9f\xb4\xf5\xcc\xee\xb8\x33\xcf\xce\x8e\x33\x3b\x6b\x07\x30\xb4\x2a\xd9"
2712. "\x3f\x49\xc4\xee\x88\xf8\x3d\x22\x46\x1b\xd9\xd5\x05\x2a\x8d\x97\x9b\xd7"
2713. "\x2f\xce\x6e\xcf\x77\xbf\xf9\x57\x52\x2f\x77\xe3\xfa\xc5\xd9\xa2\x68\xf1"
2714. "\xbe\x5d\x79\x66\x3c\x8d\x48\x3f\x4d\x5a\xfe\xc3\x86\xc5\xf3\x17\x4e\xcf"
2715. "\x54\xab\xf3\xe7\xf2\xfc\xe4\xd2\x99\xf7\x26\x17\xcf\x5f\x78\xe6\xd4\x99"
2716. "\x99\x93\xf3\x27\xe7\xcf\x4e\x1f\x3b\x76\xf4\xc8\xd4\xf3\xcf\x4d\x3f\xdb"
2717. "\x93\x38\xb3\xb8\x6e\x1c\xf8\x70\xe1\xe0\xfe\x57\xdf\xbe\xf2\xfa\xec\xf1"
2718. "\x2b\xef\xfc\xfc\x6d\xd6\xac\xdd\xf9\xf1\xe6\x38\x7a\xa5\x12\x95\x76\xa1"
2719. "\xd7\x3d\xde\xeb\xca\x06\x6c\x4f\x53\x3a\x19\x19\x60\x43\xe8\x4a\x29\x22"
2720. "\xb2\xee\x2a\xd7\xc7\xff\x68\x94\x62\xa5\xf3\x46\xe3\x95\x4f\x06\xda\x38"
2721. "\xa0\xaf\x6a\xb5\x5a\x6d\x7b\xe7\xc3\x97\x6a\xc0\x1d\x2c\x89\x41\xb7\x00"
2722. "\x18\x8c\xe2\x0f\x7d\x76\xff\x5b\x6c\x5b\x34\xf5\xb8\x2d\x5c\x7b\xb1\x71"
2723. "\x03\x94\xc5\x7d\x33\xdf\x1a\x47\x46\x22\xcd\xcb\x94\x5b\xee\x6f\x7b\xa9"
2724. "\x12\x11\xc7\x2f\xfd\xfd\x55\xb6\x45\x9f\xd6\x21\x00\x00\x9a\x7d\x9f\xcd"
2725. "\x7f\x9e\x6e\x37\xff\x4b\xe3\xde\xa6\x72\xff\xcf\x9f\xa1\x8c\x45\xc4\x5d"
2726. "\x11\xb1\x37\x22\xee\x8e\x88\x7d\x11\x71\x4f\x44\xbd\xec\x7d\x11\x71\x7f"
2727. "\x97\xf5\x57\x5a\xf2\xb7\xce\x7f\xd2\xab\x1b\x0a\x6c\x9d\xb2\xf9\xdf\x0b"
2728. "\xf9\xb3\xad\xd5\xf3\xbf\x62\xf6\x17\x63\xa5\x3c\xb7\xa7\x1e\x7f\x39\x39"
2729. "\x71\xaa\x3a\x7f\x38\x3f\x27\xe3\x51\xde\x9e\xe5\xa7\xd6\xa8\xe3\x87\x97"
2730. "\x7f\xfb\xbc\xd3\xb1\xe6\xf9\x5f\xb6\x65\xf5\x17\x73\xc1\xbc\x1d\x57\x47"
2731. "\x5a\x16\xe8\xe6\x66\x96\x66\x36\x13\x73\xb3\x6b\x1f\x47\x1c\x18\x69\x17"
2732. "\x7f\xb2\xfc\x24\x20\x89\x88\xfd\x11\x71\x60\x83\x75\x9c\x7a\xf2\x9b\x83"
2733. "\x9d\x8e\xfd\x7b\xfc\x6b\x68\x3d\x31\x1b\x50\xfb\x3a\xe2\x89\x46\xff\x5f"
2734. "\x8a\x96\xf8\x0b\xc9\xda\xcf\x27\x27\xff\x17\xd5\xf9\xc3\x93\xc5\x55\x71"
2735. "\xab\x5f\x7e\xbd\xfc\x46\xa7\xfa\x37\x15\x7f\x0f\x64\xfd\xbf\xb3\xed\xf5"
2736. "\xbf\x1c\xff\x58\xd2\xfc\xbc\x76\x31\x22\xbe\xe8\xae\x8e\xcb\x7f\x7c\xd6"
2737. "\xf1\x9e\x66\xa3\xd7\xff\xb6\xe4\xad\x7a\x7a\x5b\xbe\xef\x83\x99\xa5\xa5"
2738. "\x73\x53\x11\xdb\x92\xd7\xea\xf9\x1d\xcd\xfb\xa7\x57\xde\x5b\xe4\x8b\xf2"
2739. "\x59\xfc\xe3\x87\xda\x8f\xff\xbd\xb1\x72\x26\x1e\x88\x88\xec\x22\x7e\x30"
2740. "\x22\x1e\x8a\x88\x87\xf3\xb6\x3f\x12\x11\x8f\x46\xc4\xa1\x35\xe2\xff\xe9"
2741. "\xa5\xc7\xde\xdd\x78\xfc\xfd\x95\xc5\x3f\xd7\x55\xff\x77\x9f\x28\x9d\xfe"
2742. "\xf1\xbb\x4e\xf5\xaf\xaf\xff\x8f\xd6\x53\xe3\xf9\x9e\xf5\x7c\xfe\xad\xb7"
2743. "\x81\x9b\x39\x77\x00\x00\x00\xf0\x5f\x91\xd6\xbf\x03\x9f\xa4\x13\xcb\xe9"
2744. "\x34\x9d\x98\x68\x7c\x87\x7f\x5f\xec\x4c\xab\x0b\x8b\x4b\x4f\x9d\x58\x78"
2745. "\xff\xec\x5c\xe3\xbb\xf2\x63\x51\x4e\x8b\x95\xae\xd1\xa6\xf5\xd0\xa9\x7c"
2746. "\x6d\xb8\xc8\x4f\xb7\xe4\x8f\xe4\xeb\xc6\x5f\x96\x76\xd4\xf3\x13\xb3\x0b"
2747. "\xd5\xb9\x41\x07\x0f\x43\x6e\x57\x87\xf1\x9f\xf9\xb3\x34\xe8\xd6\x01\x7d"
2748. "\xd7\xcd\xef\xb5\xca\x7d\x6c\x07\xb0\xf5\xfc\x5e\x13\x86\x97\xf1\x0f\xc3"
2749. "\xcb\xf8\x87\xe1\x65\xfc\xc3\xf0\x6a\x37\xfe\x3f\x1a\x40\x3b\x80\xad\x37"
2750. "\xb2\xea\x05\x18\x26\x06\x3e\x0c\x2f\xe3\x1f\x86\x97\xf1\x0f\x43\x69\x33"
2751. "\xbf\xeb\x97\xb8\x53\x13\xe5\x75\x94\x89\xf4\xb6\x68\xaa\x44\x9f\x12\x83"
2752. "\xfe\x64\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2753. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2754. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2755. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2756. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2757. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2758. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2759. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2760. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2761. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2762. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2763. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
2764. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\x8d\x7f\x02"
2765. "\x00\x00\xff\xff\x38\x18\xe1\xe6",
2766. 1070);
2767. syz_mount_image(/*fs=*/0x200000000040, /*dir=*/0x200000000100, /*flags=*/0,
2768. /*opts=*/0x200000000240, /*chdir=*/0, /*size=*/0x42e,
2769. /*img=*/0x2000000004c0);
2770. res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
2771. for (int i = 0; i < 32; i++) {
2772. syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
2773. }
2774. if (res != -1)
2775. r[33] = res;
2776. memcpy((void*)0x200000000040, "ethtool\000", 8);
2777. res = -1;
2778. res = syz_genetlink_get_family_id(/*name=*/0x200000000040, /*fd=*/-1);
2779. for (int i = 0; i < 32; i++) {
2780. syz_genetlink_get_family_id(/*name=*/0x200000000040, /*fd=*/-1);
2781. }
2782. if (res != -1)
2783. r[34] = res;
2784. *(uint32_t*)0x2000000000c0 = 0xc;
2785. res = syscall(__NR_getsockopt, /*fd=*/-1, /*level=*/0, /*optname=*/8,
2786. /*optval=*/0x200000000080ul, /*optlen=*/0x2000000000c0ul);
2787. if (res != -1)
2788. r[35] = *(uint32_t*)0x200000000080;
2789. memcpy((void*)0x200000000180, "syztnl2\000\000\000\000\000\000\000\000\000",
2790. 16);
2791. *(uint64_t*)0x200000000190 = 0x200000000100;
2792. memcpy((void*)0x200000000100, "syztnl1\000\000\000\000\000\000\000\000\000",
2793. 16);
2794. *(uint32_t*)0x200000000110 = 0;
2795. *(uint8_t*)0x200000000114 = 4;
2796. *(uint8_t*)0x200000000115 = 0x66;
2797. *(uint8_t*)0x200000000116 = 0x72;
2798. *(uint32_t*)0x200000000118 = htobe32(9);
2799. *(uint32_t*)0x20000000011c = 4;
2800. *(uint8_t*)0x200000000120 = -1;
2801. *(uint8_t*)0x200000000121 = 1;
2802. memset((void*)0x200000000122, 0, 13);
2803. *(uint8_t*)0x20000000012f = 1;
2804. *(uint8_t*)0x200000000130 = -1;
2805. *(uint8_t*)0x200000000131 = 1;
2806. memset((void*)0x200000000132, 0, 13);
2807. *(uint8_t*)0x20000000013f = 1;
2808. *(uint16_t*)0x200000000140 = htobe16(0x40);
2809. *(uint16_t*)0x200000000142 = htobe16(0x80);
2810. *(uint32_t*)0x200000000144 = htobe32(0xf7e9);
2811. *(uint32_t*)0x200000000148 = htobe32(3);
2812. res =
2813. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f3, /*arg=*/0x200000000180ul);
2814. if (res != -1)
2815. r[36] = *(uint32_t*)0x200000000110;
2816. memcpy((void*)0x200000000240, "ip6gre0\000\000\000\000\000\000\000\000\000",
2817. 16);
2818. *(uint64_t*)0x200000000250 = 0x2000000001c0;
2819. memcpy((void*)0x2000000001c0, "syztnl0\000\000\000\000\000\000\000\000\000",
2820. 16);
2821. *(uint32_t*)0x2000000001d0 = 0;
2822. *(uint8_t*)0x2000000001d4 = 4;
2823. *(uint8_t*)0x2000000001d5 = 8;
2824. *(uint8_t*)0x2000000001d6 = 0x95;
2825. *(uint32_t*)0x2000000001d8 = htobe32(6);
2826. *(uint32_t*)0x2000000001dc = 0x40;
2827. *(uint8_t*)0x2000000001e0 = -1;
2828. *(uint8_t*)0x2000000001e1 = 1;
2829. memset((void*)0x2000000001e2, 0, 13);
2830. *(uint8_t*)0x2000000001ef = 1;
2831. *(uint8_t*)0x2000000001f0 = 0xfe;
2832. *(uint8_t*)0x2000000001f1 = 0x88;
2833. memset((void*)0x2000000001f2, 0, 12);
2834. *(uint8_t*)0x2000000001fe = 0;
2835. *(uint8_t*)0x2000000001ff = 1;
2836. *(uint16_t*)0x200000000200 = htobe16(0x7800);
2837. *(uint16_t*)0x200000000202 = htobe16(0x8000);
2838. *(uint32_t*)0x200000000204 = htobe32(1);
2839. *(uint32_t*)0x200000000208 = htobe32(0x43b);
2840. res =
2841. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f1, /*arg=*/0x200000000240ul);
2842. if (res != -1)
2843. r[37] = *(uint32_t*)0x2000000001d0;
2844. *(uint32_t*)0x2000000002c0 = 0x14;
2845. res = syscall(__NR_getsockname, /*fd=*/-1, /*addr=*/0x200000000280ul,
2846. /*addrlen=*/0x2000000002c0ul);
2847. for (int i = 0; i < 64; i++) {
2848. syscall(__NR_getsockname, /*fd=*/-1, /*addr=*/0x200000000280ul,
2849. /*addrlen=*/0x2000000002c0ul);
2850. }
2851. if (res != -1)
2852. r[38] = *(uint32_t*)0x200000000284;
2853. memcpy((void*)0x200000000300,
2854. "vcan0\000\000\000\000\000\000\000\000\000\000\000", 16);
2855. res =
2856. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8933, /*arg=*/0x200000000300ul);
2857. for (int i = 0; i < 64; i++) {
2858. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8933, /*arg=*/0x200000000300ul);
2859. }
2860. if (res != -1)
2861. r[39] = *(uint32_t*)0x200000000310;
2862. memcpy((void*)0x200000000340, "ip6gre0\000\000\000\000\000\000\000\000\000",
2863. 16);
2864. res =
2865. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8933, /*arg=*/0x200000000340ul);
2866. if (res != -1)
2867. r[40] = *(uint32_t*)0x200000000350;
2868. memcpy((void*)0x200000000380, "veth0_to_hsr\000\000\000\000", 16);
2869. res =
2870. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8933, /*arg=*/0x200000000380ul);
2871. if (res != -1)
2872. r[41] = *(uint32_t*)0x200000000390;
2873. *(uint64_t*)0x2000000004c0 = 0x200000000000;
2874. *(uint16_t*)0x200000000000 = 0x10;
2875. *(uint16_t*)0x200000000002 = 0;
2876. *(uint32_t*)0x200000000004 = 0;
2877. *(uint32_t*)0x200000000008 = 0x20;
2878. *(uint32_t*)0x2000000004c8 = 0xc;
2879. *(uint64_t*)0x2000000004d0 = 0x200000000480;
2880. *(uint64_t*)0x200000000480 = 0x2000000003c0;
2881. *(uint32_t*)0x2000000003c0 = 0xac;
2882. *(uint16_t*)0x2000000003c4 = r[34];
2883. *(uint16_t*)0x2000000003c6 = 0x100;
2884. *(uint32_t*)0x2000000003c8 = 0x70bd2d;
2885. *(uint32_t*)0x2000000003cc = 0x25dfdbff;
2886. *(uint8_t*)0x2000000003d0 = 0x15;
2887. *(uint8_t*)0x2000000003d1 = 0;
2888. *(uint16_t*)0x2000000003d2 = 0;
2889. *(uint16_t*)0x2000000003d4 = 0x18;
2890. STORE_BY_BITMASK(uint16_t, , 0x2000000003d6, 1, 0, 14);
2891. STORE_BY_BITMASK(uint16_t, , 0x2000000003d7, 0, 6, 1);
2892. STORE_BY_BITMASK(uint16_t, , 0x2000000003d7, 1, 7, 1);
2893. *(uint16_t*)0x2000000003d8 = 0x14;
2894. *(uint16_t*)0x2000000003da = 2;
2895. memcpy((void*)0x2000000003dc, "veth0_vlan\000\000\000\000\000\000", 16);
2896. *(uint16_t*)0x2000000003ec = 0x48;
2897. STORE_BY_BITMASK(uint16_t, , 0x2000000003ee, 1, 0, 14);
2898. STORE_BY_BITMASK(uint16_t, , 0x2000000003ef, 0, 6, 1);
2899. STORE_BY_BITMASK(uint16_t, , 0x2000000003ef, 1, 7, 1);
2900. *(uint16_t*)0x2000000003f0 = 8;
2901. *(uint16_t*)0x2000000003f2 = 1;
2902. *(uint32_t*)0x2000000003f4 = r[35];
2903. *(uint16_t*)0x2000000003f8 = 8;
2904. *(uint16_t*)0x2000000003fa = 3;
2905. *(uint32_t*)0x2000000003fc = 0x377659ab;
2906. *(uint16_t*)0x200000000400 = 8;
2907. *(uint16_t*)0x200000000402 = 3;
2908. *(uint32_t*)0x200000000404 = 3;
2909. *(uint16_t*)0x200000000408 = 0x14;
2910. *(uint16_t*)0x20000000040a = 2;
2911. memcpy((void*)0x20000000040c,
2912. "hsr0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
2913. *(uint16_t*)0x20000000041c = 8;
2914. *(uint16_t*)0x20000000041e = 3;
2915. *(uint32_t*)0x200000000420 = 0;
2916. *(uint16_t*)0x200000000424 = 8;
2917. *(uint16_t*)0x200000000426 = 3;
2918. *(uint32_t*)0x200000000428 = 1;
2919. *(uint16_t*)0x20000000042c = 8;
2920. *(uint16_t*)0x20000000042e = 1;
2921. *(uint32_t*)0x200000000430 = r[36];
2922. *(uint16_t*)0x200000000434 = 0x14;
2923. STORE_BY_BITMASK(uint16_t, , 0x200000000436, 1, 0, 14);
2924. STORE_BY_BITMASK(uint16_t, , 0x200000000437, 0, 6, 1);
2925. STORE_BY_BITMASK(uint16_t, , 0x200000000437, 1, 7, 1);
2926. *(uint16_t*)0x200000000438 = 8;
2927. *(uint16_t*)0x20000000043a = 1;
2928. *(uint32_t*)0x20000000043c = r[37];
2929. *(uint16_t*)0x200000000440 = 8;
2930. *(uint16_t*)0x200000000442 = 3;
2931. *(uint32_t*)0x200000000444 = 0;
2932. *(uint16_t*)0x200000000448 = 0x24;
2933. STORE_BY_BITMASK(uint16_t, , 0x20000000044a, 1, 0, 14);
2934. STORE_BY_BITMASK(uint16_t, , 0x20000000044b, 0, 6, 1);
2935. STORE_BY_BITMASK(uint16_t, , 0x20000000044b, 1, 7, 1);
2936. *(uint16_t*)0x20000000044c = 8;
2937. *(uint16_t*)0x20000000044e = 1;
2938. *(uint32_t*)0x200000000450 = r[38];
2939. *(uint16_t*)0x200000000454 = 8;
2940. *(uint16_t*)0x200000000456 = 1;
2941. *(uint32_t*)0x200000000458 = r[39];
2942. *(uint16_t*)0x20000000045c = 8;
2943. *(uint16_t*)0x20000000045e = 1;
2944. *(uint32_t*)0x200000000460 = r[40];
2945. *(uint16_t*)0x200000000464 = 8;
2946. *(uint16_t*)0x200000000466 = 1;
2947. *(uint32_t*)0x200000000468 = r[41];
2948. *(uint64_t*)0x200000000488 = 0xac;
2949. *(uint64_t*)0x2000000004d8 = 1;
2950. *(uint64_t*)0x2000000004e0 = 0;
2951. *(uint64_t*)0x2000000004e8 = 0;
2952. *(uint32_t*)0x2000000004f0 = 0x8800;
2953. syscall(__NR_sendmsg, /*fd=*/r[33], /*msg=*/0x2000000004c0ul,
2954. /*f=MSG_CONFIRM*/ 0x800ul);
2955. memcpy((void*)0x200000003280, "syztnl0\000\000\000\000\000\000\000\000\000",
2956. 16);
2957. *(uint64_t*)0x200000003290 = 0x200000003200;
2958. memcpy((void*)0x200000003200, "ip6gre0\000\000\000\000\000\000\000\000\000",
2959. 16);
2960. *(uint32_t*)0x200000003210 = r[37];
2961. *(uint8_t*)0x200000003214 = 0x29;
2962. *(uint8_t*)0x200000003215 = 0;
2963. *(uint8_t*)0x200000003216 = 0x7f;
2964. *(uint32_t*)0x200000003218 = htobe32(0xff);
2965. *(uint32_t*)0x20000000321c = 1;
2966. *(uint8_t*)0x200000003220 = 0xfc;
2967. *(uint8_t*)0x200000003221 = 1;
2968. memset((void*)0x200000003222, 0, 13);
2969. *(uint8_t*)0x20000000322f = 1;
2970. *(uint64_t*)0x200000003230 = htobe64(0);
2971. *(uint64_t*)0x200000003238 = htobe64(1);
2972. *(uint16_t*)0x200000003240 = htobe16(0xff08);
2973. *(uint16_t*)0x200000003242 = htobe16(0x8000);
2974. *(uint32_t*)0x200000003244 = htobe32(9);
2975. *(uint32_t*)0x200000003248 = htobe32(0);
2976. res =
2977. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f1, /*arg=*/0x200000003280ul);
2978. if (res != -1)
2979. r[42] = *(uint32_t*)0x200000003210;
2980. *(uint64_t*)0x200000005a40 = 0x200000000500;
2981. *(uint16_t*)0x200000000500 = 2;
2982. *(uint16_t*)0x200000000502 = htobe16(0x4e24);
2983. *(uint32_t*)0x200000000504 = htobe32(0xe0000002);
2984. *(uint32_t*)0x200000005a48 = 0x10;
2985. *(uint64_t*)0x200000005a50 = 0x200000001b40;
2986. *(uint64_t*)0x200000001b40 = 0x200000000540;
2987. memcpy(
2988. (void*)0x200000000540,
2989. "\xdc\xf5\x42\x96\xcf\x24\x48\x70\xbf\xc1\x5e\xc9\x41\x2b\xd5\x66\x77\x31"
2990. "\x5c\x27\x42\xf1\xb3\xf6\x52\xb2\xc8\x96\xea\xc2\x9e\xaf\x2d\xcf\x5b\xfe"
2991. "\xcf\xf8\x0c\x22\x74\x23\xa0\xaa\x76\x9c\x71\x94\xa1\x94\xc5\x6d\xc9\x92"
2992. "\x09\xec\x87\xe3\x90\xd4\xe9\x6e\x66\x4b\x04\x86\x94\x36\xd1\x1f\xf5\xf5"
2993. "\x88\x9f\xe9\xa4\x07\xfa\x39\x80\x66\x38\xfa\x5a\x23\x79\x00\x1d\x58\x85"
2994. "\xcb\x1b\x91\x49\xb4\xe5\x72\x6f\x2e\x10\x8b\xfb\xd2\x37\x78\x5f\xd1\x5b"
2995. "\xcd\x27\x76\xf6\x42\x7f\xcb\xb0\x79\x91\xb8\xb4\x4d\xab\xac\x00\xc5\x4c"
2996. "\x41\x39\xf8\x8b\x37\x70\x12\x62\xaa\x09\xc5\x6f\x13\x6e\x96\x8f\x6d\x10"
2997. "\xb7\xd5\xa1\x16\x5d\x05\x75\xc4\x20\x5f\x94\x5e\xf8\x3a\x25\x8a\xd1\x72"
2998. "\x7e\x93\x4e\x1b\xc7\x3d\xac\xde\x1f\x61\xec\x90\x08\xf3\xe5\x41\x3c\xd9"
2999. "\x06\x41\xed\x6c\x15\x75\xe9\x5a\xb3\xa5\x12\x0f\xf1\x1e\xe7\x82\x9e\xaa"
3000. "\xb5\x0b\x2c\xc0\xcb\x3f\x7c\x93\x65\xf8\xe5\x7b\xaa\x0d\xa2\xc1\x69\x1c"
3001. "\xa5\x40\xd4\x55\xc1\x84\xa9\x41\xea\x93\xc2\x22\x32\x7b\x60\xcd\xee\xe6"
3002. "\xb8\x3c\x78\x69\xfb\x56\x56\x4d\x5c\x44\x83\xa9\x3a\x6b\x4b\x3e\xe8\xb6"
3003. "\x92\xbc\x89\x2d\xbd\x6d\x50\xc8\x68\x63\x4b\x45\x22\xf7\xc3\x20\x72\xb8"
3004. "\x9b\x9b\x6d\x60\xf4\x60\x39\x23\xe7\x0b\xf1\x4a\x67\xf9\x40\x9c\x2f\xdf"
3005. "\x2f\x09\x78\xd6\xcb\xfe\xb8\x9e\x96\x8f\x04\x53\x68\xcb\x63\x6b\x12\x3c"
3006. "\xaf\x35\xe3\xd6\x2d\x08\xa7\x62\x84\xbc\xfa\xac\xfc\xea\xf8\x0a\xb2\x3c"
3007. "\x27\xd8\xcc\x55\x13\x04\x77\x95\x00\xea\xce\x7c\x33\xff\x0e\x3f\x5f\x7b"
3008. "\x5f\xbe\xfd\x01\xb5\x3a\x81\x5f\x36\xfa\xed\xb7\x3f\xd3\xeb\x47\xce\x89"
3009. "\x75\x0a\x8c\x77\x67\xe5\xfe\xf7\x75\xa5\xa6\xd8\x4b\xeb\x9c\xa0\xc9\x73"
3010. "\xf8\xe3\x08\x97\xf8\xee\xb4\x0c\xa2\x61\x04\x1c\x84\x92\xa2\x39\xca\x48"
3011. "\xb9\x51\x9f\xfc\xa5\x9a\x61\x5b\x28\x8f\x25\x9c\xa2\x03\xaa\xc5\x3c\xa2"
3012. "\x7a\x28\xb7\x3a\xa7\xb4\x4c\x0b\x1d\xe8\x16\xd6\x87\xa1\x81\x36\x4f\x1e"
3013. "\x34\xfd\xd7\x7d\x9f\x89\x3c\xd1\x4f\x1d\x44\xf3\x60\xd7\x5c\xee\xb0\x17"
3014. "\xf0\xe6\x90\x73\xa2\x18\x68\x42\x89\xc7\x2b\x84\xa6\x72\xf0\x8c\x45\x31"
3015. "\x56\x5b\x4c\xd8\x33\x91\xf4\xe3\xfa\x72\x66\xd7\x79\x20\x1a\x89\xda\x01"
3016. "\xe7\xb5\x71\x48\xc6\x1e\xbb\x8c\xad\x3a\x49\x9b\x2b\xe1\x04\xb3\xcc\xab"
3017. "\xf7\x65\x40\x97\x8c\x90\x7d\x54\x63\xf5\xa5\x3f\x67\xf0\x28\x2b\x8b\x8a"
3018. "\x78\xe1\x36\xd5\xf6\xea\xd3\x8c\x58\xe7\x32\x1b\x7c\xac\x67\xe4\x5e\x15"
3019. "\x86\x15\xf1\x97\x34\xc6\x7e\x8a\x5c\x1b\xac\xd8\x91\x66\x56\x8b\xf4\xb4"
3020. "\xea\x58\x36\x3f\x23\xf8\x49\xe6\x96\x02\xed\xa6\x85\x54\xee\xdc\x2e\x56"
3021. "\xc4\x87\x52\x87\x3b\x02\x76\x46\x2e\xd0\xa9\xdb\x9a\x70\x70\xc1\xa4\x03"
3022. "\x6b\xe8\x7b\x1e\x8b\xa2\x45\xe9\xb4\x38\x3d\xeb\xc5\xaa\x71\x75\x96\xde"
3023. "\x64\xa8\xeb\x1e\x7f\x5c\xcb\xf7\x66\x57\xc6\xad\x2b\x4a\xdf\x81\xc5\x9e"
3024. "\x3e\x20\x3c\x3d\xa1\x76\x39\x05\x95\x2c\xc7\xd1\xa3\x75\xd1\x57\x0e\x10"
3025. "\xc3\x6a\x1e\x6e\x80\x79\x2b\x99\x83\x79\x79\x6b\xf4\x0d\x09\x0c\x76\x32"
3026. "\x0e\xb4\xb7\x1f\x9d\xa4\x82\x39\xd0\x33\x7a\x1d\x85\xae\x3c\x8c\xa7\xb2"
3027. "\xbf\x75\x23\xe0\x60\xb1\x94\xca\x2d\x4c\x29\x75\x6e\xe2\xf1\x18\xea\x36"
3028. "\x1b\xc1\x8e\x63\x0d\x63\x79\x71\xc1\xb5\x31\x20\x79\x11\x1b\xd7\xce\x9f"
3029. "\x6d\x7b\xc7\x6a\x78\x48\x27\xf0\xc3\x15\x43\x4e\x14\x6c\xbd\x9e\xfe\x28"
3030. "\xfc\x57\x94\x00\x65\x12\x47\x47\xff\x8b\x72\x68\x83\x1d\xac\x1a\x36\x78"
3031. "\x8e\x50\xc5\x07\x15\x05\xa6\xbe\x59\xe0\x16\x7e\xac\xc7\x2e\x79\xfc\xcb"
3032. "\xf0\x78\x8a\x17\xc7\x2d\x28\x95\x83\x63\x96\xa0\xcf\xab\x81\x55\x5d\x3d"
3033. "\xa0\x74\xe5\x2c\x87\x49\xe4\xe7\x08\xba\x0e\xf7\x92\xe8\x26\xa8\x6c\x33"
3034. "\x24\xda\xa8\xeb\x0d\xd6\x13\xde\xd4\x20\x4b\xc5\x38\x52\x18\x65\xbc\x18"
3035. "\x10\x9e\xf5\xd4\xeb\xf8\x61\x56\x73\xa9\xb3\x85\xe8\xa6\xe2\xfe\xbd\xe9"
3036. "\x33\x84\xa3\x21\xcc\xd6\x30\x76\x6e\xc2\x85\x16\x87\x3c\x98\x23\x9d\x2d"
3037. "\x2e\xf5\xcc\xd4\x4c\xc6\x63\xad\x9a\x09\x0a\x26\xf0\xd9\x86\x32\x0a\x66"
3038. "\xd5\xcf\x01\x4c\xb3\xdc\x68\xe7\x55\x0c\x93\x95\x36\xf5\xb7\xa4\x20\xab"
3039. "\x7f\x7e\x3d\xd4\xb0\x40\x91\x09\x42\x9d\x71\xa8\x68\x76\x07\x86\x4b\xfe"
3040. "\x60\xb5\x72\x47\x27\x18\x1b\x7d\x64\x24\xa4\x35\xb6\xa1\x43\xc1\x63\x1c"
3041. "\x11\xed\xc8\x0e\x9e\x85\x9c\xd0\xa3\x91\x79\x30\xae\xd9\xdb\x82\xaf\xf2"
3042. "\xc6\x29\x12\xf6\x6f\x10\x98\x9f\x85\x80\x12\xfb\xd6\x9f\x80\xfa\x59\x59"
3043. "\xfe\xe8\x2d\x91\x66\x34\x3b\x59\x4f\x15\x12\x8b\x28\x29\x04\x81\xa9\x13"
3044. "\xc5\x82\xab\x0f\xdd\xcc\x86\xfd\xda\xc9\x2a\x8e\x5d\xfc\xa0\xb3\x68\x63"
3045. "\x38\x60\x83\x25\xe6\xb9\x9d\x07\x16\xf2\x0c\x3c\x2e\xed\x90\x3a\x57\x54"
3046. "\xce\x82\x84\xac\x38\xdc\xdd\x9c\xa7\x28\xf4\xa8\xff\x4a\x7c\x83\x45\xcd"
3047. "\x03\x38\x9c\x3f\x96\xce\x0b\x27\x04\x85\x83\x33\x7a\x87\x87\x5f\x1f\x23"
3048. "\x6d\xc6\x80\x29\x3c\x10\xb0\x2d\xbc\xd5\x74\x4d\xec\x65\x53\xde\xc0\x5a"
3049. "\x39\x60\x16\x1e\x4d\x0f\xc2\x87\xf6\x2e\x68\xaf\x22\x32\x7b\xa9\x9a\xdf"
3050. "\x84\x77\xa4\xbd\xd8\x3e\x6f\x16\xd9\x65\x09\x40\x55\xaa\xea\x29\x3d\x6f"
3051. "\x8e\x3b\x3e\x96\x7a\x48\x60\x34\xc6\x59\xa1\xf9\x4c\xfd\xf8\xbe\x11\x8f"
3052. "\x0d\x70\xb9\x87\xdd\xff\xef\xc8\x73\xcb\x92\xf8\x1e\x90\x3c\xe1\x70\xba"
3053. "\xf9\x89\xf0\x32\xea\xae\x24\x45\x42\xbf\x72\x4a\xc0\x7d\xed\x6d\x35\xda"
3054. "\x9c\x6a\x91\x15\x80\x2a\x7a\x35\x95\x7f\xe6\x71\xf3\x36\x30\xbb\xfd\x42"
3055. "\x89\xc2\x44\x8e\x86\x1c\x23\xc1\x88\x8b\x3e\x08\x28\x0f\x1e\x31\xc0\xce"
3056. "\x64\xa8\x06\xc5\x25\x06\xf9\x64\x2f\x0e\x45\x39\x6f\xde\xd9\x99\xf8\x5b"
3057. "\xde\x7b\xe9\x2d\x80\xd8\xa4\x9b\x5b\x78\x20\x4a\x1f\x50\x1c\x13\xdd\x21"
3058. "\x71\x93\x5e\x93\x14\xf5\x62\x0a\xaa\x0d\xb1\x5d\x25\xd6\xf5\x47\x97\x84"
3059. "\xfb\xd5\xad\x48\xfb\x25\x7b\xd2\xd9\x8f\x09\x50\xfc\x38\x43\x14\x1c\x3d"
3060. "\x58\xeb\x9d\x09\x93\xfe\x42\x6b\x67\xda\x94\xbe\xa5\xcc\xb1\x51\xce\xf1"
3061. "\xec\xec\x1f\xfc\xcf\xae\x21\xa6\xbf\xcf\xb5\x91\x5e\x10\x6a\x8e\xad\x8a"
3062. "\xe7\xbe\x3f\xc4\xee\xce\x60\x10\xe0\x26\xfe\xd2\x24\xf1\xaf\x42\xf1\x00"
3063. "\xa8\x47\x14\x31\xdb\xc3\x78\x50\x7d\x6e\xcc\xbb\xfd\x71\xa5\x80\x65\xb8"
3064. "\xf1\x08\xa1\x39\xec\x89\x86\xd0\x2d\x6f\xa1\x2d\xa6\xf6\xff\xe8\x3a\x90"
3065. "\xaf\x41\x9e\xdd\x58\xbb\x3c\x84\x06\x9e\x90\xd6\x31\xf9\xb9\xe0\xc2\xb2"
3066. "\x56\x66\x04\x11\x9e\xd5\x37\x4a\xf4\xe1\x89\x24\x96\x41\x6e\x32\x2a\x7f"
3067. "\x08\xf6\x76\x16\x2b\xc8\x7f\x6f\xe7\x16\x71\xdf\xfe\xb6\xd3\xc7\x7b\x4a"
3068. "\xb7\x83\x99\xce\xaa\x3c\xf8\x23\x00\x3d\xaa\xfe\xd8\x82\xe8\xb6\x52\xd8"
3069. "\x65\x97\x30\x10\x14\x45\x9a\x68\xd0\x5d\x33\x53\x69\x19\xf6\x97\x57\xfc"
3070. "\x91\x2e\xb8\xf7\x84\xc9\xa5\x0e\x58\xbc\xe4\x26\xb9\x6d\xfe\xf4\xe4\x6b"
3071. "\xf8\x24\x7c\xfe\xb2\x10\xec\x15\xdf\x80\x97\x3a\x75\x1b\x09\x71\x2a\x8c"
3072. "\x75\x61\x43\x34\x87\x7d\xc2\xb7\xce\x5b\x3f\x7b\x23\xa0\xc8\x5c\x25\xcc"
3073. "\x54\x6e\x2b\xb4\x31\xd0\x3b\x7d\x6b\x69\x91\xf5\x0b\x11\x13\x98\x1e\x1c"
3074. "\x5f\xb3\x01\x5f\xf9\x51\x7e\xb1\xc6\xbf\x93\x3d\xac\x1a\x3d\xc4\x47\xe1"
3075. "\x99\xb9\x0d\xfc\x7c\x17\x39\x41\xd7\x1e\xee\x17\xcc\x5b\xe7\xb7\xc2\x21"
3076. "\x62\x67\x90\x72\x6d\x31\xf8\xa6\x4d\xa2\xa1\x19\x28\xb4\x7a\x8c\xa1\xd1"
3077. "\xc3\xe9\xe3\x36\xd3\x51\x50\x17\xf7\x64\x92\x89\x3a\xc4\x54\xcf\x01\x8c"
3078. "\x0e\x78\xfd\x82\x11\x3e\xc0\x38\xc0\x18\x04\xe5\xd1\x05\x1b\x81\x96\x8b"
3079. "\x3a\x03\xc0\x07\xfb\xad\x76\x1a\x76\x16\x0a\x85\xc4\x70\xb0\x2b\xa2\x38"
3080. "\xc5\x18\x2d\x57\x69\x92\x86\x58\x06\xb8\x08\x4b\x6c\x94\x0f\xce\x38\x50"
3081. "\xaf\xcd\xd9\x5a\xeb\x87\x45\x19\x5c\xbe\xa9\x14\x05\xf7\xea\x17\x6b\xaa"
3082. "\x42\xda\xad\xc4\xcb\xeb\x64\x18\x2d\xd2\x4e\xa8\x70\xaa\x40\x14\xd5\x20"
3083. "\xd7\x3e\xd1\xad\xb1\x01\x7e\xcc\x6f\x73\xcc\x9b\x1c\x2e\x76\x7d\x40\xc0"
3084. "\xf5\xc2\xef\x3f\xfd\x39\x51\x69\xef\x85\x91\x0e\xcc\xc2\x8e\xa7\xb0\x71"
3085. "\xdf\xb7\x30\x58\x87\x59\xf1\xd0\xc7\x9d\xcd\x69\x4b\xf2\x97\x73\xf5\xdb"
3086. "\xf4\xd3\x34\x6b\xef\x0e\xf7\xd1\xa0\x28\xf6\x4f\x3a\x90\xc3\x65\x4e\xf4"
3087. "\x1f\x4f\xd2\xb8\x21\xb6\x7f\x48\xfa\xb0\x24\x03\x35\xdc\xe5\xb5\xb5\x49"
3088. "\x87\xa0\x02\xe9\xee\x11\x26\x24\x07\x6b\x38\x68\xab\x1a\xb7\x50\xa0\x9a"
3089. "\xb4\x41\xdd\xe8\x3e\x40\x68\x22\x61\x9d\xe3\x86\x8d\xf8\xe5\xb2\xe0\x63"
3090. "\xcb\x41\x46\xc9\xc8\x53\x35\xec\xf5\x12\xdb\xd0\x7a\xcd\x92\xb6\x88\x68"
3091. "\x8f\x66\xbd\xbd\xdf\xb1\xbc\x8c\x82\x15\xb9\x2a\xc3\x13\xac\x87\x47\x8f"
3092. "\x81\x03\xdb\x6d\xf7\x94\x94\xf9\x27\x45\x5e\x8f\xe9\x8d\x5e\xe7\x0c\x50"
3093. "\xf4\x7c\x5e\xe8\x08\x07\xd3\x0e\x77\x03\x4d\xdd\x55\x5c\xd1\x6e\x0e\xaf"
3094. "\x7f\xd8\xf7\xa1\xde\x55\xc5\xa0\x79\x27\x6c\x45\x08\xf7\x72\xe3\x6d\x7f"
3095. "\xda\xc4\xde\x84\xe7\xe3\xe8\xc8\xa3\xf0\xe6\xb4\x42\xef\x09\xab\x59\xfd"
3096. "\x9c\x99\x60\x8f\xf4\xd8\x2d\x0f\x79\xf4\x5c\x4e\xbe\x51\x5b\x19\x29\xc5"
3097. "\xda\xe3\xfa\xbf\x48\x7a\x7f\xc9\x5c\x09\x99\x93\x8b\x3f\xb0\x11\xe4\x2c"
3098. "\x9e\x5b\xf1\x04\xae\x73\xda\x58\xf8\x7d\xb5\xa9\x04\x7c\xdc\xba\x0c\xce"
3099. "\x39\x7c\x45\xfb\x60\x80\x16\x2e\x33\x0a\x4a\xb2\x37\xe8\x74\xd0\xd3\x2d"
3100. "\x7c\xe7\xbb\xd4\x99\xba\x7c\x1e\x9b\x5f\x03\xf2\x1c\xd5\x5f\xc2\x09\xc2"
3101. "\x3b\x75\x4a\xdb\xe9\xa5\x4a\xee\xc5\xca\x98\x1c\x72\xae\xd3\xd4\x5f\x6d"
3102. "\xa2\x46\x17\x20\x8d\x7c\xb7\xfa\x38\x67\xfe\x4d\x88\x8a\x9a\x66\xec\xf9"
3103. "\xfa\x50\xb2\x57\xfd\x36\x3c\x57\x2b\x1c\xbc\x5e\x68\xca\x97\x63\x12\x3c"
3104. "\x1a\x45\xa8\x0c\xfd\xc2\x0e\xf7\xae\x66\x16\x45\x09\xdb\xaa\x0a\xf6\x98"
3105. "\xc2\xcc\x78\xaa\xc1\xdd\x03\x3d\x6f\x3f\x5d\x20\x9f\x51\x32\xbd\x02\x1a"
3106. "\x33\x4b\x1f\x5d\xc1\xfc\x39\x03\x51\x85\xe9\xa8\xe2\x0e\x99\xef\xc8\xdd"
3107. "\x58\x83\x0c\xed\x6c\x6d\x63\x02\xa6\xa7\x91\x45\x62\xbd\x42\xea\xed\x58"
3108. "\x38\x8b\x02\xba\x3b\xf2\x25\xb4\x22\x11\xd3\xbe\xe5\xe7\x96\x63\x58\x4d"
3109. "\x85\x48\xf1\x57\xf7\xe5\xb9\xaa\xb0\xad\x57\x3c\x49\xce\xad\x98\x69\xdf"
3110. "\x15\x66\x26\x27\x66\x80\x9d\x0f\x97\x63\x55\x44\xc1\xaa\x9e\x26\x25\xdc"
3111. "\xfc\xa9\x14\x93\xfd\xf3\x18\x2e\x9c\x82\xde\x7a\x81\x6a\xc7\xbc\xd4\x6d"
3112. "\x57\xe9\xfe\x9a\xfb\xfe\xa5\x1a\x80\x9b\x4a\xf2\x95\xd3\x97\x4c\x46\xab"
3113. "\xbf\x5a\x47\x15\x72\xfc\x89\x72\xe3\x8b\x84\x9b\xb6\x7a\xc1\x32\xd3\x46"
3114. "\x4d\x92\x27\x3f\x35\x4d\x46\xcc\x14\x25\xfc\x6c\x5b\xf9\x80\x11\x42\x60"
3115. "\x58\x19\x47\xd9\xa6\x65\xe8\x9e\xb1\x66\x36\x06\x0a\x45\xcc\xca\x99\x2b"
3116. "\xad\x6d\xda\x69\x48\x99\x83\x59\x50\x8b\x03\x9b\xeb\x70\x5b\x43\x5b\x85"
3117. "\xd6\xdd\x3a\x11\xba\xe4\xbb\xa9\xab\x2d\x77\x79\x28\xf4\x0f\x78\xc9\x98"
3118. "\xa0\x3e\x63\xea\xd5\x44\x66\xc9\xf8\xcb\xff\xdb\x8d\x9b\x16\x98\x23\x1f"
3119. "\xbd\x04\x0d\xe2\xe2\x76\x75\x49\xb5\xa5\x6b\xa3\x42\x0a\x18\x3d\x46\x9a"
3120. "\x19\xed\x69\x63\xf4\x6f\xfa\xfc\x6e\xc7\xa3\xbd\x33\x7c\x70\x71\x0a\x53"
3121. "\x73\x81\x62\x2e\xfb\x43\x61\xf7\xd9\x1f\xb9\x07\xcf\x70\x49\xe4\xf7\x87"
3122. "\x00\xee\x02\x5f\xef\x45\x56\x18\x87\x1b\x53\x46\x41\x45\x87\x40\xa6\x81"
3123. "\x2b\x56\x7a\x99\x29\xe5\x41\xc9\xeb\x0b\x66\x02\x74\x9e\xff\x2b\xb0\x5f"
3124. "\xb6\x8e\x39\x7b\x5b\xcc\x27\x71\xb2\x4b\x61\x39\x15\xe6\xa2\x06\x8c\x8c"
3125. "\x4a\x26\x6c\x97\x7b\xe0\x52\x2a\x93\x4a\x97\xdf\xf2\xd7\x48\x9d\x18\x95"
3126. "\xba\xba\xd6\x24\xee\x72\x23\xe6\x80\x77\x15\xa9\xd2\xd3\xf6\xe0\x53\xcf"
3127. "\xc4\xa7\x7b\xce\xed\x4b\x77\x50\x5b\x76\x88\x8e\x4a\xc9\xcb\x8c\x75\x75"
3128. "\xa1\x0b\x4b\x39\x82\xb3\x5a\x7a\xf3\xfc\x55\x51\x0b\x5e\x60\x94\xfe\xa9"
3129. "\x15\xbc\x0e\xf0\x82\x0e\xf4\x78\x3c\x4f\x78\x6d\x22\x99\x05\xbc\x88\x74"
3130. "\xe9\x70\x6f\xd1\x0e\xa3\x28\x65\xb7\x43\xb8\xda\x2c\x10\xe9\x04\x05\x15"
3131. "\x44\x19\xf5\x09\x76\x73\xfd\xd3\xd8\x33\x6b\x35\xb7\xa1\xf7\xdc\x74\x09"
3132. "\xb6\x36\xde\xce\x5b\xef\xbb\xbe\x60\x98\x64\xb7\xfc\xb1\xf6\x6d\xef\x70"
3133. "\xf9\xdf\xc6\xd3\x48\xad\x9c\x0c\x2c\xdb\x9a\xcc\xf8\x7c\xc3\x49\x6f\xb0"
3134. "\x52\x9f\x3e\x58\x63\x10\xd4\xff\x4b\xd5\x0b\xbe\x68\xa6\x18\x8d\xe6\x02"
3135. "\xe2\x91\x88\xde\xb8\x01\x80\x66\x1d\xce\xd0\xcd\x35\x45\x04\x4a\x9d\xfd"
3136. "\xee\xc1\x4e\xac\xe9\x61\x7c\x84\xcd\xfc\x5e\xc5\x19\xb3\x57\x81\xc8\x47"
3137. "\x1a\x33\xde\x2b\x0b\xbe\xbe\x57\x0f\xed\x7c\x9a\x57\x6e\x8c\xea\x51\x85"
3138. "\x03\xb5\x79\xd9\xbd\x91\xdf\x32\xc0\xec\xd3\xe1\xa3\x29\xce\xed\x48\xc1"
3139. "\x09\xb4\x9c\x26\xcd\x96\x9c\xfa\x1e\x59\x2f\xb4\x65\x95\x84\x35\x44\x64"
3140. "\x03\xc6\x90\x9c\xac\x55\x40\x5d\xee\xeb\x19\x5b\x28\xef\x62\xfe\xc4\xb4"
3141. "\x0a\x7c\x98\x60\x61\x67\x6a\x51\x30\x66\xd1\x6e\xcf\x4e\x35\xd4\x8e\x32"
3142. "\xd2\x79\x83\xe6\xb9\x4e\x8d\xd2\x33\x0e\xb4\xb3\xc4\x0e\xd7\x3b\x20\xc2"
3143. "\x71\x2e\x20\x52\xb8\xa3\x75\xcc\x81\x07\x13\x5d\xdb\x6b\xb7\x31\x85\xc7"
3144. "\x14\x9c\xb8\xad\x1f\x63\x35\x44\xb8\x92\x9e\x62\x2c\x75\x17\x36\x2c\x02"
3145. "\xaf\xa1\xa2\x85\xf2\x4e\x4b\x8f\x0d\xf0\x22\x8b\xb0\x0f\xc3\x2a\xab\xe4"
3146. "\x03\xaa\x2f\xc4\xb4\x40\xfc\x0c\x47\x94\x20\x1e\xdf\x2b\x8f\xff\xb6\x69"
3147. "\xd8\xfe\x7c\x9a\xc2\x63\x6a\x11\x69\x7d\xf1\x34\xde\xb2\x49\x23\xf1\x2b"
3148. "\xba\x36\x3d\x0e\x05\xc3\x3f\xa4\xa7\x1c\x1d\x6f\x3b\xf2\xe5\x3f\x56\x6a"
3149. "\xae\x57\x4e\x04\x06\x74\x5f\x6d\x55\xa1\xc9\xe4\x01\xb8\x2c\x43\x10\x61"
3150. "\x26\x69\x5c\x33\x1c\x8b\x79\xa4\x72\xdb\xa9\x79\x54\xa7\xaa\x6f\x57\xbe"
3151. "\x2f\x58\xa7\x99\xef\xc5\x26\x11\x55\x8b\xfd\x97\x94\xfe\x03\x7c\x9d\x2d"
3152. "\xc5\x2e\x11\x13\xff\xde\x07\x99\x5a\xd4\xf0\x32\x0d\x39\x9e\x64\x51\x6f"
3153. "\x60\xc7\xce\xb9\x5a\xe4\x7d\xff\x9c\xf7\x70\x07\x86\xec\xcf\x0c\x8d\xc3"
3154. "\x5c\x42\xbd\x77\x7c\x40\xe4\x01\x13\x0c\x6c\x28\xad\xa3\x36\xc7\xc4\x7f"
3155. "\x78\xa6\x5b\xdc\xe5\x49\xa4\x7b\xc5\x89\x42\xe5\x72\x1a\x49\x2b\x4e\x51"
3156. "\x43\x1a\xcd\x92\x97\xec\xa7\xa3\xad\xf1\x91\xd6\xe7\xfc\xc4\x4a\xe8\x5e"
3157. "\xba\xcf\xfc\xbe\x85\xea\xe8\x2d\xec\x8d\xfe\xe3\x6d\x6a\x42\xfe\x8a\x32"
3158. "\x08\x48\x34\x24\x79\x82\x8b\xce\x8a\x18\xd3\x0e\x94\x5e\x83\x47\x02\x32"
3159. "\x11\xd8\xf1\xa8\xe6\x4f\x8c\x11\x3b\x7d\xe2\xd1\x28\x58\x1c\x02\x99\x06"
3160. "\xa9\x50\xe9\x30\x18\xb8\x2f\xc4\x21\x42\x6f\x61\xbf\xe6\x33\x2c\xde\xb1"
3161. "\x76\x23\x35\x5e\x21\xb8\x53\xfe\x09\xc7\x98\xbc\x0a\xc1\x2a\x2b\x64\x12"
3162. "\xb2\x10\xe4\xcc\xfa\xd2\xeb\xcd\xc1\xca\xa6\x68\x26\x07\xf1\xed\xa3\xcc"
3163. "\x31\xe5\xa4\xf7\x86\xb5\x7b\x27\x5c\x44\x60\x2f\x91\x07\xdf\xaa\xc3\xf3"
3164. "\xe2\x7e\xd0\x65\x9b\x07\xde\x32\x85\x48\x72\x5a\xb7\x0e\xfd\xf7\xc2\xa3"
3165. "\xb7\x0d\x34\xfe\x9d\xc8\x68\xd4\x2c\x70\x81\xe6\xe5\x60\xb0\x32\x75\x06"
3166. "\x5e\x13\x7d\x90\xf1\x0b\x50\xeb\x77\x1c\x7e\x45\xfc\xf6\x77\x5b\xd1\x4c"
3167. "\x2a\x3a\x39\xf1\x09\xab\xdf\xf7\x5a\xcb\xe2\xca\x85\x42\xd2\x4b\x92\x02"
3168. "\x74\x26\x6e\xac\x9d\xd9\x77\xc3\x8b\x96\x8d\x82\xfa\x53\x98\x0e\xcb\x88"
3169. "\x0e\x0d\x29\x7a\x11\x8e\x44\xb1\x86\xe8\x4b\xb0\x0a\x5a\xe9\xfb\x4f\x1f"
3170. "\x29\x40\x04\x46\xa3\xb9\xa2\xfe\xfc\xfb\xfc\x8e\xd1\x5c\x19\x51\x46\x54"
3171. "\xea\x0c\xa8\x53\x08\x49\x2c\xef\x5a\x34\x8e\xff\x76\x95\x8b\x60\xd5\x82"
3172. "\xdb\xc7\x91\x7a\xbc\xcf\x9f\x28\x14\xb7\x1a\x35\x4e\x07\x98\x0a\x91\x10"
3173. "\x94\x26\x2d\x26\xa2\x64\xd9\xdf\x17\x10\x03\xce\x7c\xd6\xd4\x24\xfa\x30"
3174. "\x9c\x43\x90\xff\xc3\x0b\x03\x0f\x3f\xef\x10\xff\x32\xed\x4d\xc0\xb9\x7e"
3175. "\x6a\x03\x57\xda\xb6\xba\x9e\xe8\x06\x64\x99\xb0\x74\x42\xda\x43\xcc\xec"
3176. "\x7a\x6b\x83\xa9\x32\xe9\x12\xe5\xc7\x2b\x3a\x2a\x8a\x0a\xea\x2a\x13\xe3"
3177. "\xce\xda\xde\x33\x18\xf8\x29\xd6\x3d\xa3\xfe\x47\x91\xba\x04\xdf\xb4\x10"
3178. "\x51\xd8\x10\xea\x78\x42\x59\xb2\x2a\x93\x5e\x89\x47\x0f\xd1\x33\x8d\xd1"
3179. "\xf8\x0e\x83\xf0\x6f\xf2\xf1\x4c\x16\xa2\x5c\x30\x2d\x75\x05\xe7\xd3\xb2"
3180. "\x37\xbe\xaf\xfe\xa2\x54\x1d\x7d\xf3\xf7\xd3\xe2\xda\x5a\xe5\x61\xfa\x72"
3181. "\x95\xdf\x17\xc8\x91\x6f\xc4\xcf\xbd\x99\x0f\x68\x48\x39\x7b\x39\x04\x7c"
3182. "\x1f\x11\xf0\xd1\x57\x57\x60\x44\x9d\xc5\x37\xb0\x35\x90\x22\xd3\x47\xd8"
3183. "\xbf\xf1\x70\xca\xc8\x38\x91\x9f\x92\xa4\x07\x9c\xf7\xb4\xec\x56\x86\xb5"
3184. "\x99\x45\x2d\x80\xe8\xd3\xf4\x65\x35\xef\x20\xde\xa7\x7a\x09\xb1\xf4\xd9"
3185. "\xc1\x76\x30\x7e\xcc\x01\xde\x38\xb8\xa6\x7b\x9a\x29\xc1\xbc\xe2\x70\x18"
3186. "\x2f\x4d\xed\x44\xe1\x98\x86\x15\x83\xcb\x53\xac\xa3\xef\xc6\x45\x4e\xe6"
3187. "\x45\x52\x82\x77\xbf\x01\x81\x42\xbc\x6f\x35\xa1\x7a\x77\x78\x0b\x7e\x14"
3188. "\x4b\x75\x11\xa8\x33\x9a\x4e\x4f\x07\x0f\xa7\xdb\x90\x7c\x75\xd8\xb3\xb9"
3189. "\x6e\x9f\xab\x62\xcc\xd2\xe5\x35\x25\x4d\x3a\x8d\x40\x54\x1a\xff\x7f\xe4"
3190. "\xac\x61\x21\x17\xf5\xe9\xb0\x9d\xb7\x63\x33\xef\xc2\x53\x80\x70\x00\x5f"
3191. "\x2e\xb5\x1a\x67\xf8\x82\x8d\xa0\x54\x54\xe3\x52\x5e\x42\x73\xbf\x2e\x64"
3192. "\xac\x9f\xb1\x58\xf3\xb2\x42\xad\x56\xad\x1e\x40\xd6\x0f\x1f\x83\x63\xeb"
3193. "\x2f\x41\x22\x8c\x56\xf3\xbb\xa0\x9b\x76\xb5\xc4\x99\x08\xd9\x31\x3f\xea"
3194. "\xec\xbc\x96\x1a\x50\xf2\x52\x2e\xd9\x24\x78\xf5\x53\xd3\x54\x62\xd4\x26"
3195. "\xa0\x27\xb0\x41\x86\x47\xbb\xac\x16\x47\xa8\x58\x0a\x85\xf3\xbf\x26\xe0"
3196. "\x33\xe6\x3f\x57\xaa\xbd\x30\xb7\x76\xb5\xbc\x60\x66\x41\x4d\xec\x30\x01"
3197. "\xef\x80\xa4\x7b\x56\x51\x01\xe8\x5f\x3f\xef\x60\xb8\x1a\x2f\x06\xf6\xbd"
3198. "\xda\x26\x0a\x45\x39\xe2\x24\x7f\x46\x8f\x96\x54\x47\xbf\xaa\x2b\xb3\x89"
3199. "\x1e\xee\x89\xc5\xb6\xae\x67\xcd\x34\xa4\x97\xab\xf5\x7f\xf1\x25\x0a\xfa"
3200. "\xbd\x44\xc5\x38\x92\xaf\xc3\xc8\xf7\x56\x94\x8a\xf3\xa6\xd5\x62\xb3\xc6"
3201. "\x8d\x4f\x10\x89\x18\xd0\x0f\x66\xdb\x58\x60\x15\xcd\xc8\xd2\x11\x9b\x64"
3202. "\x1e\xc6\xaa\xd0\xe8\x0f\xf9\xb9\x54\x1a\x50\x88\xf8\x44\xaf\xa4\xf2\x89"
3203. "\x9a\xc3\xc5\xd1\x5e\x5d\x59\x3d\xf5\x38\x4b\x57\x2e\xd0\x1c\x94\xc3\x19"
3204. "\x92\x55\xb8\x6b\x9a\xa8\xf0\x9d\x2f\xfe\x86\x6b\xa1\x24\x9a\xe9\xa8\x22"
3205. "\x48\xac\xd4\x07\x95\xb0\x16\x6c\x7e\x3c\xfe\x8c\xe6\x0e\xb6\x54\xce\x3c"
3206. "\x40\xa0\x88\x42\x6d\x35\x9c\x47\x8a\x26\xaa\xe5\x64\x78\x78\x8b\x68\x15"
3207. "\x23\x07\x43\xc3\xaf\xb4\x27\x70\x88\x16\xd2\x51\xdd\xba\x83\x66\x0f\xe2"
3208. "\x8e\x66\xfa\x6e\x30\x33\x8b\x88\xe0\x08\x60\x54\xf4\x20\xc8\xf0\xe2\x8f"
3209. "\xec\xde\xd2\xf3\x20\x2f\xcb\xc5\x34\x2d\x72\xa6\x11\xf3\x61\xd7\x7d\x86"
3210. "\x4b\xe6\x0c\x67\x52\xeb\x6c\x10\x51\xa6\xd7\x2a\x2a\x77\x32\xe9\xb9\x0c"
3211. "\xb8\x50\xb6\x70\x89\x3e\x9e\x3b\x78\x35\x97\x2b\xc6\x0d\x39\x76\x2b\xc6"
3212. "\x2e\x8a\xb4\x1a\x13\x03\x05\x9e\x60\xd2\x1c\xec\x10\xe8\x6f\x3c\x0a\x9e"
3213. "\xf8\xe7\x0a\xf1\xc8\x67\x76\x67\x58\x29\x66\x1a\x41\xce\x12\xf7\xbe\x4c"
3214. "\x80\xd0\x07\x12\xe6\x5c\xa8\x91\x09\x4d\x2f\x2f\x17\x2d\x8b\x0d\x47\x82"
3215. "\x94\xcf\xca\x7b\xde\xd4\xa0\xdb\xe8\x3f\x02\xfc\xd3\xb3\x9b\xe4\x78\x2d"
3216. "\xba\x13\x0b\x2b\x15\x47\x3a\x4e\x60\x31",
3217. 4096);
3218. *(uint64_t*)0x200000001b48 = 0x1000;
3219. *(uint64_t*)0x200000001b50 = 0x200000001540;
3220. memcpy((void*)0x200000001540,
3221. "\x20\x07\x3e\x92\x9b\x49\x2c\x04\xb0\x6a\xb2\x6c\xdf\xc3\xe6\x0f\xda"
3222. "\xcf\xea\xcd\x25\xc5\x97\x78\xe6\xee\xd0\xb2\xe6\xb0\x06\xd8\x63\xee"
3223. "\xe9\x11\x0c\xcd\x5f\x4e\xe8\x95\xa2\x51\x4b\xfc\x34\x06\xc3",
3224. 49);
3225. *(uint64_t*)0x200000001b58 = 0x31;
3226. *(uint64_t*)0x200000001b60 = 0x200000001580;
3227. memcpy((void*)0x200000001580,
3228. "\x9f\x16\xb5\xb9\x8f\x68\x7c\x82\x2e\x38\xcb\x78\x27\xb3\x38\x9f\xdd"
3229. "\xb1\xcc\x23\x43\xdf\x68\x86\x75\x55\x50\x7e\xfd\x0f\xbe\xe4\xe8\xad"
3230. "\x14\x53\x09\x3a\xf6\x5b\x76\x21\xab\x26\xb7\x65\x2a\x16\xea\x9f\x3f"
3231. "\x31\x9c\x48\x3c\xd0\x40\xf0\x89\x1d\x4f\x39\xf4\x17\xb4\xb3\x34\xfc"
3232. "\x71\x87\xa6\x87\x5f\xed\x0d\xb6\x16\x37\xbd\xd9\x93\x2d\xa3\x42\x06"
3233. "\xe2\xe3\x83\x4b\x36\x35\x8d\xa0\x5c\x2c\x5a\x5a\x5a\x0a\x26\xa0\x3b"
3234. "\xef\xb9\xb0\x2d\xdf\xcf\x80\x0a\x83\xc9\xdc\xcf\x26\x9b\xfb\xb9\x0f"
3235. "\xfe\xd4\xb0\x5f\x4d\xbe\xbe\xdb\x21",
3236. 128);
3237. *(uint64_t*)0x200000001b68 = 0x80;
3238. *(uint64_t*)0x200000001b70 = 0x200000001600;
3239. memcpy(
3240. (void*)0x200000001600,
3241. "\x99\x8f\x6a\xe6\x66\xc9\x00\x6a\xde\xac\x0b\xde\xcf\xa0\xbd\x08\xa8\xa7"
3242. "\x03\xbf\x2e\x5c\xcd\xd2\x0c\x82\xe7\x1c\x3b\xca\xc9\x2d\x4f\x06\x41\xf2"
3243. "\x0f\x99\x3e\x79\xf9\x97\x18\xaf\x6a\xf0\xe2\x9c\x51\x30\x2d\x62\x15\x57"
3244. "\x84\x35\xca\x78\x3a\x0b\x85\x87\xdc\x44\x15\xee\xc7\x19\x40\xf2\x7d\x77"
3245. "\x2e\xf2\x35\x79\x16\x19\x53\xfb\x8c\xce\x61\x6a\x55\x57\xee\x15\x48\x3c"
3246. "\x65\x41\x21\xb7\x1a\x90\xbb\x9b\x05\xb2\x71\x16\x0b\x76\x70\x2e\xc8\x59"
3247. "\xb0\x83\xd3\x2c\x65\xac\x8b\x86\x7b\xa8\x65\xa1\x2c\xe3\x5e\xac\x2e\xd6"
3248. "\x45\x60\x0e\x12\xb1\x8d\xf8\xe5\xd5\xef\xda\xdb\x26\x1d\x74\x0d\xef\x26"
3249. "\x3f\xd2\x5f\x77\xe3\x5d\x87\x99\xe1\x45\xf0\x86\x4a\x3b\x42\xd0\x92\xce"
3250. "\x14\xc7\x77\x80\x2f\xa9\x6a\xcf\x85\x07\x02\x94\x8d\x9f\x9d\xed\xcc\x00"
3251. "\xc8\xba\xd3\x7b\xe8\x1b\xef\xb0\x82\x45\xba\xbc\xd3\xf4\xb5\xdb\x92\x89"
3252. "\xac\x8b\x31\x0e\xed\x68\xf3\x9e\x20\x55\x58\x96\x5a\x30\xc9\xd0\x0c\xc1"
3253. "\x14\x4c\xc6\x4e\x2a\x58\xd0\x2b\x2f\x28\x14\x98\x37\x52\x88\x77\xd5",
3254. 233);
3255. *(uint64_t*)0x200000001b78 = 0xe9;
3256. *(uint64_t*)0x200000001b80 = 0x200000001700;
3257. memcpy((void*)0x200000001700,
3258. "\x61\xf6\xa1\xe4\x31\xd1\x86\xa0\x68\x32\x3c\x96\xf4\xf3\x87\x4e\x47"
3259. "\x79\x91\xf7\x96\x24\x12\x8b\x60\xdc\x8f\x33\xc6\x5d\xa0\x4d\x42\x1b"
3260. "\x34\x9d\x1c\x25\x17\x4a\xee\xc7\x1e\xf5\x8a\xa7\x9d\xee\x6e\xbb\x7e"
3261. "\x8f\xfc\xc8\xd6\xce\x85\x63\x8a\x3f\x78\x1e\x76\x48\xf4\xb8\x51\x15"
3262. "\x14\x5b\x6e\x93\xdd\x7b\xa9\x90\x1f\xd0\xc1\x43\x27\x9d\xd9\x9c\xa8"
3263. "\x09\x80\xe3\xd3\x9f\x95\x23\x71\x43\xae\xd1\x37\x4c\x94\x15\xbb\x40"
3264. "\xb4\xf6\xa4\xf5\x0c\x91\x7b\x34\x90\x95\x4c\x32\x05\x64\xe3\xfb\x0a"
3265. "\x6c\x08\x4e\x3f\xf9\x07\x11\xa4\xdb\xa8\x7a\xe0\x81\xaa\xfd\x69\x17"
3266. "\xa9\x2f\x63\x8c\x47\x77\x40\xae\xb6\x58\x15\xdd\x7a\x94\xdb\xa2\xb3"
3267. "\x06\xb5\xad\x24\xc1\xb2\x28\x27\x0d\xab\xe5\x3b\xf7\x51\xb4\x8a\xcb"
3268. "\x98\x71\xd3\x52\x09\xe1\x31\x80\x39\x04\x6e\x7a\x21\xc0\xa9\x1e\x80"
3269. "\xb8\xb9\xe8\x84\x83\x21\x94\x68\x46\x80\xfd\x80\x81\xa7",
3270. 201);
3271. *(uint64_t*)0x200000001b88 = 0xc9;
3272. *(uint64_t*)0x200000001b90 = 0x200000001800;
3273. memcpy((void*)0x200000001800,
3274. "\x84\x3a\xb9\x52\x2d\xc8\x2b\x05\x86\x8c\xbd\x7f\xe7\x78\xc1\xab\xde"
3275. "\xd7\x05\x01\xbc\x4f\xa4\x09\xa4\x69\x96\x07\x26\x8e\xbd\xb2\x4f\x9b"
3276. "\xbc\x6e\x08\x0a\x54\xd9\xe5\xc1\x13\xdc\x5e\x01\x9c\x84\xe9\xc8\x84"
3277. "\x66\x2b\xdb\x24\xf3\x6f\x0f\x90\x9b\x0e\x8c",
3278. 62);
3279. *(uint64_t*)0x200000001b98 = 0x3e;
3280. *(uint64_t*)0x200000001ba0 = 0x200000001840;
3281. memcpy((void*)0x200000001840,
3282. "\xe5\xd4\xc8\xb2\x0f\x0b\xf4\xed\x6c\xc8\xe1\x16\x8a\xde\x62\x4d\x59"
3283. "\x1e\x9e\x38\xe7\xb8\xc2\x93\xdf\x60\xe3\xcc\x51\x65\xad\x83\xff\x52"
3284. "\xb8\x01\xf5\x50\x31\x0e\xa4\xcc\x9f\xa9\xdb\xd4\xd5\x0b\xc2\x64\x77"
3285. "\x81\x9b\x5f\xc1\x96\xde\xab\x5a\x1a\xbb\x98\x17\xe0\xd4\x4a\xd0\xa2"
3286. "\x4e\xc3\x78\xb5\x4f\x4b\x28\x43\x0b\x5a\x79\x11\x2a\x54\x8b\x1f\xf6"
3287. "\xc3\x75\x98\x62\x18\x7f\xb8\x84\xff\xe3\xe1\x2f\x1e\xcf\x98\xa4\x35"
3288. "\x2e\xa5\x25\x27\x1a\xc0\xa5\x5f\xeb\x3e\x87\x12\x60\x35",
3289. 116);
3290. *(uint64_t*)0x200000001ba8 = 0x74;
3291. *(uint64_t*)0x200000001bb0 = 0x2000000018c0;
3292. memcpy(
3293. (void*)0x2000000018c0,
3294. "\x0b\xe7\xbb\x38\xc9\xd6\x20\x4b\x7b\xee\x2e\xdf\xa6\x71\xa7\x30\x88\xec"
3295. "\xef\x79\xb0\xe8\xa8\x5c\x23\x5f\x27\xaa\x9f\x98\xf4\x66\x0d\xa7\xf7\xf1"
3296. "\xfa\x38\x3c\x7f\x26\x5f\xcc\x38\xaf\x03\x52\xc0\xd4\x03\x10\x92\xa6\x07"
3297. "\x43\xc7\x63\x08\xcc\x1f\xfb\x84\x7b\xc5\xd3\xcf\xe4\x76\x18\x97\x34\xc9"
3298. "\xf4\x1f\x2a\xa5\x3a\x3c\x25\x24\xe2\x85\xaf\xf1\x98\xb3\xb2\xd6\x6d\x4d"
3299. "\x93\x69\xd6\x00\xf5\x91\xb1\x11\x12\x39\x27\x4c\x1a\xed\x8e\x3c\x83\x34"
3300. "\xd7\x02\xaf\xb2\x1b\x56\xf7\x8e\xed\xfc\x7e\x97\x8e\x76\xb9\x30\x7c\xf8"
3301. "\x31\x93\xac\x45\x39\xf6\x3a\xe5\x9a\x7d\xca\xd9\x4f\xcf\xa2\x6d\xab\xb7"
3302. "\xc2\x84\xd6\x08\x1b\x3d\x36\x0d\xd5\xf9\xed\xd7\x5c\x3f\xae\xa9\xe1\xb9"
3303. "\x6c\x90\x9c\xe9\x05\xc6\x7e\x3d\x0a\xa0\xe3\xf3",
3304. 174);
3305. *(uint64_t*)0x200000001bb8 = 0xae;
3306. *(uint64_t*)0x200000001bc0 = 0x200000001980;
3307. memcpy((void*)0x200000001980,
3308. "\x49\xbb\xf2\x6c\x78\xdd\x97\xbb\x71\x68\x45\x57\x22\x4b\xa9\xc7\x68"
3309. "\xd4\x95\x70\xb6\x9d\xe9\x21\xd2\x10\x8e\xcf\x51\xc7\x8f\xe9\xaa\x77"
3310. "\xe2\xac\xa2\x32\x6e\x2d\xc4\x9d\xac\xc7\x43\x32\xf4\x4a\x3b\xf0\xb4"
3311. "\x5a\x80\xa1\x4f\x6d\x99\x78\x9b\x04\xb0\xed\x59\x99\xab\xee\x79\x5b"
3312. "\x47\xb8\xc5\x40\x81\x7d\x61\xeb\xcd\x41\x52\x54\xbd\x6f\x15\xe2\xdf"
3313. "\x9a\xea\x92\xdb\x75\x81\x1c\xb4\x99\x37\x76\xe1\xb5\x40\x9b\x53\x16"
3314. "\x98\x69\xf2\x37\x22\x97\xf8\x86\xbb\x8c\xf7\x7f\xcc\xf5\x5a\x79\xc8"
3315. "\x2d\xe5\xa3\x4e\x48\x79\x34\x9d\x6f\x8e\x8a\xca\x90\x8f\x5b\xad\xc3"
3316. "\xd5\x31\x04\x84\x44\x19\x0d\x01\x89\xf9\xb5\x87\xb3\x99\xbe\xfb\xf4"
3317. "\x9e\x19\x52\x01\xe8\x5f\xc0\xdd\x3b\xed\xc4\x57\x90\x3b\xdb\x98\xfb"
3318. "\xd2\x1f\x1a\xbd\xd0\x21\x4c\x9d\x58\x20\xfb\x40\xfa",
3319. 183);
3320. *(uint64_t*)0x200000001bc8 = 0xb7;
3321. *(uint64_t*)0x200000001bd0 = 0x200000001a40;
3322. memcpy((void*)0x200000001a40,
3323. "\x49\xc1\xec\xde\x6f\x26\x8d\xb4\xc5\x40\xdc\xfa\x3e\xae\x40\x65\xab"
3324. "\x41\x82\xe7\xeb\xa9\x6d\x0a\x81\x5a\x85\x6d\x52\xea\x97\x58\xea\xb1"
3325. "\xb5\xfd\x9f\x0d\xcd\x06\xe2\x15\xba\x9e\x54\x66\x4e\x5c\x71\x63\x0a"
3326. "\xb4\x2c\xb4\x42\x05\x7e\x44\x81\x7c\xbb\x47\x8f\x4c\x1a\x9f\x88\x45"
3327. "\x34\x35\x9f\x39\x54\x08\x5d\x94\xe3\x9e\x84\x3e\xc7\xf0\x87\xfc\x48"
3328. "\xf6\x4d\x51\xe1\x81\x29\x2a\x2c\x33\x78\xdf\x71\x4f\xab\xfb\x31\x6a"
3329. "\xdb\x45\x33\x96\x0c\x3a\x86\xb1\xa6\x39\x3b\x6a\xf4\x45\x37\x9e\x7a"
3330. "\x45\x86\x6f\x4f\xa9\xa7\x53\x01\x8c\x50\xbb\xd3\x38\x20\x60\x12\x1d"
3331. "\x06\x3e\x38\xe3\xef\xa9\x8b\x37\xb1\x83\xbd\x73\x81\x39\xf9\x8e\xba"
3332. "\xcb\xc1\xf4\x3b\xc5\x92\x3a\x7e\x56\x3b\xfe\x50\xf7\x20\x5d\x19\xf1"
3333. "\xb6\xb4\xa6\xac\xf7\x52\xf6\x1c\x7b\x75\x2f\x16\x22\x3c\xd0\xfc\x34"
3334. "\x6a\xf6\x6c\xb3\xc2\xd9\x71\x5b\x70\x3c\x0b\xd8\x1f\xc3\xd8\x50\xd4"
3335. "\x8a\xf2\x81\x70\xc2\x45\x0b\xee\xcd\xff\x88\x0d\x43\x4e\x8f\x72\x3c"
3336. "\xdd\xe2\xa5\xc9\xa8\xba\x73\xbe\x33\x28\xa4\xb9\x5a\xe7\x9e\xd7\x46"
3337. "\x0e\x54\xd4\x23\x8e\xaf\xf3\x46\x7b\x15\x04\xc3\xe4\xa2",
3338. 252);
3339. *(uint64_t*)0x200000001bd8 = 0xfc;
3340. *(uint64_t*)0x200000005a58 = 0xa;
3341. *(uint64_t*)0x200000005a60 = 0x200000001c00;
3342. *(uint64_t*)0x200000001c00 = 0xc8;
3343. *(uint32_t*)0x200000001c08 = 0;
3344. *(uint32_t*)0x200000001c0c = 7;
3345. *(uint8_t*)0x200000001c10 = 0x83;
3346. *(uint8_t*)0x200000001c11 = 0xf;
3347. *(uint8_t*)0x200000001c12 = 0xb5;
3348. *(uint32_t*)0x200000001c13 = htobe32(0x64010100);
3349. *(uint8_t*)0x200000001c17 = 0xac;
3350. *(uint8_t*)0x200000001c18 = 0x14;
3351. *(uint8_t*)0x200000001c19 = 0x14;
3352. *(uint8_t*)0x200000001c1a = 0xaa;
3353. *(uint32_t*)0x200000001c1b = htobe32(0xe0000001);
3354. *(uint8_t*)0x200000001c1f = 0x44;
3355. *(uint8_t*)0x200000001c20 = 0x2c;
3356. *(uint8_t*)0x200000001c21 = 0x6e;
3357. STORE_BY_BITMASK(uint8_t, , 0x200000001c22, 3, 0, 4);
3358. STORE_BY_BITMASK(uint8_t, , 0x200000001c22, 8, 4, 4);
3359. *(uint32_t*)0x200000001c23 = htobe32(0x64010100);
3360. *(uint32_t*)0x200000001c27 = htobe32(0x7f);
3361. *(uint32_t*)0x200000001c2b = htobe32(0xe0000001);
3362. *(uint32_t*)0x200000001c2f = htobe32(5);
3363. *(uint8_t*)0x200000001c33 = 0xac;
3364. *(uint8_t*)0x200000001c34 = 0x14;
3365. *(uint8_t*)0x200000001c35 = 0x14;
3366. *(uint8_t*)0x200000001c36 = 0xbb;
3367. *(uint32_t*)0x200000001c37 = htobe32(0x80);
3368. *(uint8_t*)0x200000001c3b = 0xac;
3369. *(uint8_t*)0x200000001c3c = 0x14;
3370. *(uint8_t*)0x200000001c3d = 0x14;
3371. *(uint8_t*)0x200000001c3e = 0xbb;
3372. *(uint32_t*)0x200000001c3f = htobe32(4);
3373. *(uint32_t*)0x200000001c43 = htobe32(0x7f000001);
3374. *(uint32_t*)0x200000001c47 = htobe32(4);
3375. *(uint8_t*)0x200000001c4b = 0x44;
3376. *(uint8_t*)0x200000001c4c = 0x1c;
3377. *(uint8_t*)0x200000001c4d = 0xc3;
3378. STORE_BY_BITMASK(uint8_t, , 0x200000001c4e, 3, 0, 4);
3379. STORE_BY_BITMASK(uint8_t, , 0x200000001c4e, 2, 4, 4);
3380. *(uint8_t*)0x200000001c4f = 0xac;
3381. *(uint8_t*)0x200000001c50 = 0x1e;
3382. *(uint8_t*)0x200000001c51 = 1;
3383. *(uint8_t*)0x200000001c52 = 1;
3384. *(uint32_t*)0x200000001c53 = htobe32(0x1a);
3385. *(uint8_t*)0x200000001c57 = 0xac;
3386. *(uint8_t*)0x200000001c58 = 0x1e;
3387. *(uint8_t*)0x200000001c59 = 1;
3388. *(uint8_t*)0x200000001c5a = 1;
3389. *(uint32_t*)0x200000001c5b = htobe32(6);
3390. *(uint8_t*)0x200000001c5f = 0xac;
3391. *(uint8_t*)0x200000001c60 = 0x1e;
3392. *(uint8_t*)0x200000001c61 = 1;
3393. *(uint8_t*)0x200000001c62 = 1;
3394. *(uint32_t*)0x200000001c63 = htobe32(0x55e);
3395. *(uint8_t*)0x200000001c67 = 0x44;
3396. *(uint8_t*)0x200000001c68 = 4;
3397. *(uint8_t*)0x200000001c69 = 0xa5;
3398. STORE_BY_BITMASK(uint8_t, , 0x200000001c6a, 1, 0, 4);
3399. STORE_BY_BITMASK(uint8_t, , 0x200000001c6a, 5, 4, 4);
3400. *(uint8_t*)0x200000001c6b = 0x89;
3401. *(uint8_t*)0x200000001c6c = 0x17;
3402. *(uint8_t*)0x200000001c6d = 0xbc;
3403. *(uint32_t*)0x200000001c6e = htobe32(0xe0000001);
3404. *(uint32_t*)0x200000001c72 = htobe32(0xe0000001);
3405. *(uint8_t*)0x200000001c76 = 0xac;
3406. *(uint8_t*)0x200000001c77 = 0x1e;
3407. *(uint8_t*)0x200000001c78 = 0;
3408. *(uint8_t*)0x200000001c79 = 1;
3409. *(uint8_t*)0x200000001c7a = 0xac;
3410. *(uint8_t*)0x200000001c7b = 0x14;
3411. *(uint8_t*)0x200000001c7c = 0x14;
3412. *(uint8_t*)0x200000001c7d = 0xbb;
3413. *(uint8_t*)0x200000001c7e = 0xac;
3414. *(uint8_t*)0x200000001c7f = 0x14;
3415. *(uint8_t*)0x200000001c80 = 0x14;
3416. *(uint8_t*)0x200000001c81 = 0xaa;
3417. *(uint8_t*)0x200000001c82 = 0x86;
3418. *(uint8_t*)0x200000001c83 = 0x35;
3419. *(uint32_t*)0x200000001c84 = htobe32(2);
3420. *(uint8_t*)0x200000001c88 = 5;
3421. *(uint8_t*)0x200000001c89 = 0xa;
3422. memcpy((void*)0x200000001c8a, "\xad\x2d\xd8\x91\xa0\xa2\xe4\xc6", 8);
3423. *(uint8_t*)0x200000001c92 = 1;
3424. *(uint8_t*)0x200000001c93 = 5;
3425. memcpy((void*)0x200000001c94, "\xd6\x79\xbd", 3);
3426. *(uint8_t*)0x200000001c97 = 6;
3427. *(uint8_t*)0x200000001c98 = 0xb;
3428. memcpy((void*)0x200000001c99, "\xa4\x4f\xba\x77\xfb\x8c\x7a\x43\x7a", 9);
3429. *(uint8_t*)0x200000001ca2 = 7;
3430. *(uint8_t*)0x200000001ca3 = 5;
3431. memcpy((void*)0x200000001ca4, "\x33\x65\x87", 3);
3432. *(uint8_t*)0x200000001ca7 = 1;
3433. *(uint8_t*)0x200000001ca8 = 7;
3434. memcpy((void*)0x200000001ca9, "\xb3\xbe\x5a\x43\x90", 5);
3435. *(uint8_t*)0x200000001cae = 5;
3436. *(uint8_t*)0x200000001caf = 9;
3437. memcpy((void*)0x200000001cb0, "\x86\x99\xf4\xd2\x31\xb2\xbb", 7);
3438. *(uint8_t*)0x200000001cb7 = 0x94;
3439. *(uint8_t*)0x200000001cb8 = 4;
3440. *(uint16_t*)0x200000001cb9 = 1;
3441. *(uint8_t*)0x200000001cbb = 1;
3442. *(uint8_t*)0x200000001cbc = 0x83;
3443. *(uint8_t*)0x200000001cbd = 0xb;
3444. *(uint8_t*)0x200000001cbe = 0x89;
3445. *(uint32_t*)0x200000001cbf = htobe32(0xe0000001);
3446. *(uint32_t*)0x200000001cc3 = htobe32(-1);
3447. *(uint64_t*)0x200000001cc8 = 0x14;
3448. *(uint32_t*)0x200000001cd0 = 0;
3449. *(uint32_t*)0x200000001cd4 = 1;
3450. *(uint32_t*)0x200000001cd8 = 0x100;
3451. *(uint64_t*)0x200000001ce0 = 0x1c;
3452. *(uint32_t*)0x200000001ce8 = 0;
3453. *(uint32_t*)0x200000001cec = 8;
3454. *(uint32_t*)0x200000001cf0 = r[36];
3455. *(uint32_t*)0x200000001cf4 = htobe32(0xe0000001);
3456. *(uint32_t*)0x200000001cf8 = htobe32(0);
3457. *(uint64_t*)0x200000001d00 = 0x14;
3458. *(uint32_t*)0x200000001d08 = 0;
3459. *(uint32_t*)0x200000001d0c = 1;
3460. *(uint32_t*)0x200000001d10 = 7;
3461. *(uint64_t*)0x200000005a68 = 0x118;
3462. *(uint32_t*)0x200000005a70 = 0;
3463. *(uint32_t*)0x200000005a78 = 0;
3464. *(uint64_t*)0x200000005a80 = 0x200000001d40;
3465. *(uint16_t*)0x200000001d40 = 2;
3466. *(uint16_t*)0x200000001d42 = htobe16(0x4e20);
3467. *(uint32_t*)0x200000001d44 = htobe32(0);
3468. *(uint32_t*)0x200000005a88 = 0x10;
3469. *(uint64_t*)0x200000005a90 = 0x200000002100;
3470. *(uint64_t*)0x200000002100 = 0x200000001d80;
3471. memcpy(
3472. (void*)0x200000001d80,
3473. "\xe7\x6f\x88\x63\x22\x5d\x49\xc4\xf9\xd0\x09\x54\x57\x8b\x3b\xad\xaa\xdf"
3474. "\x08\x75\x0b\x85\x5f\x2b\x6f\x63\x14\xb1\x6b\x58\x50\xe3\x50\xbd\x54\x99"
3475. "\x72\xf1\xa5\x98\x04\x25\xba\x0e\xf9\x04\x3f\x84\xfa\x0d\x18\x3d\x9b\x61"
3476. "\xf8\x63\x86\xcd\xf9\x99\xb1\x8b\xe4\x86\xa8\x6f\x37\xc4\x4b",
3477. 69);
3478. *(uint64_t*)0x200000002108 = 0x45;
3479. *(uint64_t*)0x200000002110 = 0x200000001e00;
3480. memcpy((void*)0x200000001e00,
3481. "\xfb\xd6\x5a\x11\x67\x1f\x4c\x75\x7c\x86\xe7\x3a\xb7\x85\xf1\x53\xbc"
3482. "\x72\xd8\xe7\x5e\x42\x60\x4a\xc1\xf3\xc8\xe2\x40\x60\xa4\x0e\xec\x5a"
3483. "\x78\x71\xd5\x9e\xb2\xb9\x13\x21\xab\x16\x84\x27\x9e\xe6\x6c\x7a\x1c"
3484. "\xa3\xa1\x6e\x40\x77\x1d\xd5\x6d\x24\x5e\xd5\x8c\x28\x8d\x9e\x27\x3c"
3485. "\x9c\xd3\x4f\xa1\xfe\xfe\x4d\xda\x0a\x15\x51\x7c",
3486. 80);
3487. *(uint64_t*)0x200000002118 = 0x50;
3488. *(uint64_t*)0x200000002120 = 0x200000001e80;
3489. memcpy(
3490. (void*)0x200000001e80,
3491. "\x16\x8d\x1b\xa8\xda\x20\x13\x74\x38\x1b\xd5\xf5\x99\x47\x5a\x1b\x5d\x55"
3492. "\xc4\xb0\xcd\x95\x02\xcb\xb3\x26\x69\x49\xcc\x5b\x1c\xa0\x32\xe6\xb5\x9e"
3493. "\x80\x06\xa8\xcd\x2a\x7f\x42\x1a\x45\xf8\xd8\x99\xcc\x95\x3a\x03\xe8\xd9"
3494. "\xbd\x2f\x3c\x4d\x9a\x7e\x29\x05\xb2\xac\xeb\xfe\xed\xdc\x49\x11\xcc\xb8"
3495. "\xe6\xc2\xd1\xe9\xc0\xc1\x3b\x9e\x6b\x0b\x07\x8e\xb0\x5d\xff\xb5\x0b\x7d"
3496. "\x44\x84\x07\xba\xbf\x08\xad\x02\xe4\x53\x4b\x86\xe4\x36\x9e\xb0\x95\x07"
3497. "\x01\x9b\x99\x27\xb7\xcd\x86\xd5\x6d\xe9\xa1\xca\x6f\x02\xf9\xa3\x58\x18"
3498. "\xcd\xf3\x97\x04\x4a\xd2\xb7\xc3\xaf\xa3\xec\x18\x17\xb0\x69\xa3\x12\xa7"
3499. "\xdb\xfd\xb1\x14\x60\xa9\x9f\xfe\x1d\xf2\xd6\x4b\x1a\xf1\x9f\x07\x71\x61"
3500. "\xe4\x1a\x5d\x02\xa8\x0c\x95\x99\xbc\x00\x74\xdc\x9c\x7c\x8d\xdc\x6d\x7a"
3501. "\x9f\x86\x59\xf8\xd5\x12\x1b\xac\x62\x07\x4e\x45\x86\x8b\x37\x8e\x3f\xb9"
3502. "\x9b\x00\x30\xbe\x4a\xf9\x82\x47\x53\x1f\x61\x16\xf5\xf4\xc4\x7e\x5f\x26"
3503. "\xbf\x3a\x2a\x69\x80\x06\x0f\x75\x0d\x8b\xcc\xe4\xfa\x92\x73\xc2\xcd\x61"
3504. "\xa7\x48\xc1\x9e\x82\x43",
3505. 240);
3506. *(uint64_t*)0x200000002128 = 0xf0;
3507. *(uint64_t*)0x200000002130 = 0x200000001f80;
3508. memcpy((void*)0x200000001f80,
3509. "\x0c\x2e\x54\x5b\xb3\x6c\xe6\x17\x78\x78\xd1\xe8\x08\xa7\x7b\x44\x4a"
3510. "\xf3\x73\x7d\x17\x7e\x64\x0f\x74\x52\xf1\x8f\xa2\x06\xc1\x95\xd7\x1d"
3511. "\x5d\x81\xd7\x1a\x95\x9b\x76\x36\x72\x30\xeb\x85\xda\x6f\x9e\x7e\x70"
3512. "\x4e\xf2\x0f\xb3\x88\x97\xfc\xf8\x76\xc1\xc6\x7c\x11\x81\x92\x6c\x01"
3513. "\xdb\x76\x83\x30\xf0\x47\x1e\x89\x79\x3c\xb1\x5b\xf3\xcf\x9e\xa6\x8d"
3514. "\xbe\xdb\x23\x14\x3c\xaf\x28\xfa\x90\xf5\x5e\xc7\x69\x4e\xfb\x3f\xe7"
3515. "\x88\x5a\x8b\xf3\x20\x4c\x58\x42\xbb\xc6\x7f\x8a\x3d\xd7\x43\x2f\xaa"
3516. "\xbf\x68\xef\x24\x2f\x33\x3b\x12\x89\x5c\x41\x4d\xf0\x6f\x3c\xf3\x63"
3517. "\x53\x61\x45\x2c\x30\x11\xc4\x95\x02\x78\xab\x6f\x3a\xbe\x41\x34\xac"
3518. "\x5e\xe7\x89\x57\xb1\x5d\x2b\x20\xce\x73\x75\x07\x7d\x69\x25\x16\x12"
3519. "\x96\xb3\xac\x72\x5e\xd5\xef\x50\x3d\x64\x48\xb8\xaf\x78\x20\x48",
3520. 186);
3521. *(uint64_t*)0x200000002138 = 0xba;
3522. *(uint64_t*)0x200000002140 = 0x200000002040;
3523. memcpy((void*)0x200000002040,
3524. "\x1e\xc5\x23\x5d\xbc\x44\x11\xe6\x65\xbf\xb9\xb3\xcf\xf3\xda\xf6\x44"
3525. "\x2e\x20\xb2\x62\x0f\x0e\xbd\x1b\x32\x5b\xe0\xa6\x32\x11\xa3\x9c\x12"
3526. "\xc7\xe5\x39\x1e\xc1\x11\x0c\xb5\x1e\x75\x69\xe5\x5b\x05\x8a\xb9\x66"
3527. "\xd9\x44\x81\xd3\xf9\x98\xb0\xdf\xc2\x6d\xa5\xc1\x1e\x6e\x12\xcb\x51"
3528. "\xdf\x08\xab\xb1\x5e\x2f\x5a\x0b\xcf\x8f\x98\x1b\xf4\x48\xc2\x40\xb5"
3529. "\x9d\x8b\x20\xfe\xbe\x91\x67\x74\x4f\x2b\xfa\x6f\xc7\xc8\xb9\xc7\x7a"
3530. "\x5a\xb7\xcf\x04\x56\x62\x31\xc4\xca\x76\x01\x48\x21\xdf\x98\x11\x25"
3531. "\x63\x17\x7b\x39\xa9\x63\x90\xeb\xa1\xc0\x23\x8c\x28\xb2\xa0\x1b\x65"
3532. "\x76\x37\x51\x6e\x03\x77\x15\x1a\x63\x35\xbd\x88\x9e\x68\xda\x26\x3a"
3533. "\x4c\x10\x58\x7d\xe6\x45\xc6\x16\x0f\x00\xfd\xf1\xce\xeb\x80\x98\xd3"
3534. "\x2d\xa0\xc6\x35\x9f\x3e\x87\xac\x9d\x39",
3535. 180);
3536. *(uint64_t*)0x200000002148 = 0xb4;
3537. *(uint64_t*)0x200000005a98 = 5;
3538. *(uint64_t*)0x200000005aa0 = 0x200000002180;
3539. *(uint64_t*)0x200000002180 = 0x1c;
3540. *(uint32_t*)0x200000002188 = 0;
3541. *(uint32_t*)0x20000000218c = 7;
3542. *(uint8_t*)0x200000002190 = 0x89;
3543. *(uint8_t*)0x200000002191 = 7;
3544. *(uint8_t*)0x200000002192 = 0x99;
3545. *(uint32_t*)0x200000002193 = htobe32(0xe0000002);
3546. *(uint8_t*)0x200000002197 = 0x94;
3547. *(uint8_t*)0x200000002198 = 4;
3548. *(uint16_t*)0x200000002199 = 0;
3549. *(uint64_t*)0x2000000021a0 = 0x14;
3550. *(uint32_t*)0x2000000021a8 = 0;
3551. *(uint32_t*)0x2000000021ac = 1;
3552. *(uint32_t*)0x2000000021b0 = 0x2b;
3553. *(uint64_t*)0x2000000021b8 = 0x1c;
3554. *(uint32_t*)0x2000000021c0 = 0;
3555. *(uint32_t*)0x2000000021c4 = 8;
3556. *(uint32_t*)0x2000000021c8 = r[35];
3557. *(uint32_t*)0x2000000021cc = htobe32(0x7f000001);
3558. *(uint8_t*)0x2000000021d0 = 0xac;
3559. *(uint8_t*)0x2000000021d1 = 0x14;
3560. *(uint8_t*)0x2000000021d2 = 0x14;
3561. *(uint8_t*)0x2000000021d3 = 0xaa;
3562. *(uint64_t*)0x2000000021d8 = 0x11;
3563. *(uint32_t*)0x2000000021e0 = 0;
3564. *(uint32_t*)0x2000000021e4 = 1;
3565. *(uint8_t*)0x2000000021e8 = 1;
3566. *(uint64_t*)0x2000000021f0 = 0x64;
3567. *(uint32_t*)0x2000000021f8 = 0;
3568. *(uint32_t*)0x2000000021fc = 7;
3569. *(uint8_t*)0x200000002200 = 0x44;
3570. *(uint8_t*)0x200000002201 = 0x54;
3571. *(uint8_t*)0x200000002202 = 0xa0;
3572. STORE_BY_BITMASK(uint8_t, , 0x200000002203, 1, 0, 4);
3573. STORE_BY_BITMASK(uint8_t, , 0x200000002203, 7, 4, 4);
3574. *(uint32_t*)0x200000002204 = htobe32(0);
3575. *(uint32_t*)0x200000002208 = htobe32(0);
3576. *(uint32_t*)0x20000000220c = htobe32(0xe0000001);
3577. *(uint32_t*)0x200000002210 = htobe32(9);
3578. *(uint8_t*)0x200000002214 = 0xac;
3579. *(uint8_t*)0x200000002215 = 0x14;
3580. *(uint8_t*)0x200000002216 = 0x14;
3581. *(uint8_t*)0x200000002217 = 0xbb;
3582. *(uint32_t*)0x200000002218 = htobe32(6);
3583. *(uint8_t*)0x20000000221c = 0xac;
3584. *(uint8_t*)0x20000000221d = 0x14;
3585. *(uint8_t*)0x20000000221e = 0x14;
3586. *(uint8_t*)0x20000000221f = 0xbb;
3587. *(uint32_t*)0x200000002220 = htobe32(6);
3588. *(uint32_t*)0x200000002224 = htobe32(0);
3589. *(uint32_t*)0x200000002228 = htobe32(5);
3590. *(uint32_t*)0x20000000222c = htobe32(0xe0000001);
3591. *(uint32_t*)0x200000002230 = htobe32(1);
3592. *(uint32_t*)0x200000002234 = htobe32(0xe0000001);
3593. *(uint32_t*)0x200000002238 = htobe32(0x3ff);
3594. *(uint32_t*)0x20000000223c = htobe32(0);
3595. *(uint32_t*)0x200000002240 = htobe32(0);
3596. *(uint32_t*)0x200000002244 = htobe32(0x7f000001);
3597. *(uint32_t*)0x200000002248 = htobe32(3);
3598. *(uint32_t*)0x20000000224c = htobe32(0xe0000001);
3599. *(uint32_t*)0x200000002250 = htobe32(0xff);
3600. *(uint64_t*)0x200000002258 = 0x1c;
3601. *(uint32_t*)0x200000002260 = 0;
3602. *(uint32_t*)0x200000002264 = 8;
3603. *(uint32_t*)0x200000002268 = r[36];
3604. *(uint32_t*)0x20000000226c = htobe32(-1);
3605. *(uint32_t*)0x200000002270 = htobe32(0x7f000001);
3606. *(uint64_t*)0x200000002278 = 0x5c;
3607. *(uint32_t*)0x200000002280 = 0;
3608. *(uint32_t*)0x200000002284 = 7;
3609. *(uint8_t*)0x200000002288 = 0x94;
3610. *(uint8_t*)0x200000002289 = 4;
3611. *(uint16_t*)0x20000000228a = 0;
3612. *(uint8_t*)0x20000000228c = 0x94;
3613. *(uint8_t*)0x20000000228d = 4;
3614. *(uint16_t*)0x20000000228e = 0;
3615. *(uint8_t*)0x200000002290 = 0x11;
3616. *(uint8_t*)0x200000002291 = 0xe;
3617. memcpy((void*)0x200000002292,
3618. "\x32\x80\x53\x2d\x28\x54\x88\x14\x40\x4b\x1b\x2f", 12);
3619. *(uint8_t*)0x20000000229e = 0x89;
3620. *(uint8_t*)0x20000000229f = 7;
3621. *(uint8_t*)0x2000000022a0 = 0xfb;
3622. *(uint8_t*)0x2000000022a1 = 0xac;
3623. *(uint8_t*)0x2000000022a2 = 0x1e;
3624. *(uint8_t*)0x2000000022a3 = 1;
3625. *(uint8_t*)0x2000000022a4 = 1;
3626. *(uint8_t*)0x2000000022a5 = 0x94;
3627. *(uint8_t*)0x2000000022a6 = 4;
3628. *(uint16_t*)0x2000000022a7 = 1;
3629. *(uint8_t*)0x2000000022a9 = 0;
3630. *(uint8_t*)0x2000000022aa = 0x83;
3631. *(uint8_t*)0x2000000022ab = 0x27;
3632. *(uint8_t*)0x2000000022ac = 0x26;
3633. *(uint8_t*)0x2000000022ad = 0xac;
3634. *(uint8_t*)0x2000000022ae = 0x14;
3635. *(uint8_t*)0x2000000022af = 0x14;
3636. *(uint8_t*)0x2000000022b0 = 0xbb;
3637. *(uint32_t*)0x2000000022b1 = htobe32(0xa010101);
3638. *(uint32_t*)0x2000000022b5 = htobe32(0xe0000002);
3639. *(uint32_t*)0x2000000022b9 = htobe32(0x64010102);
3640. *(uint8_t*)0x2000000022bd = 0xac;
3641. *(uint8_t*)0x2000000022be = 0x14;
3642. *(uint8_t*)0x2000000022bf = 0x14;
3643. *(uint8_t*)0x2000000022c0 = 0xbb;
3644. *(uint8_t*)0x2000000022c1 = 0xac;
3645. *(uint8_t*)0x2000000022c2 = 0x1e;
3646. *(uint8_t*)0x2000000022c3 = 0;
3647. *(uint8_t*)0x2000000022c4 = 1;
3648. *(uint8_t*)0x2000000022c5 = 0xac;
3649. *(uint8_t*)0x2000000022c6 = 0x14;
3650. *(uint8_t*)0x2000000022c7 = 0x14;
3651. *(uint8_t*)0x2000000022c8 = 0xbb;
3652. *(uint8_t*)0x2000000022c9 = 0xac;
3653. *(uint8_t*)0x2000000022ca = 0x1e;
3654. *(uint8_t*)0x2000000022cb = 1;
3655. *(uint8_t*)0x2000000022cc = 1;
3656. *(uint32_t*)0x2000000022cd = htobe32(0xe0000002);
3657. *(uint64_t*)0x200000005aa8 = 0x158;
3658. *(uint32_t*)0x200000005ab0 = 0;
3659. *(uint32_t*)0x200000005ab8 = 0;
3660. *(uint64_t*)0x200000005ac0 = 0x200000002300;
3661. *(uint16_t*)0x200000002300 = 2;
3662. *(uint16_t*)0x200000002302 = htobe16(0x4e23);
3663. *(uint8_t*)0x200000002304 = 0xac;
3664. *(uint8_t*)0x200000002305 = 0x14;
3665. *(uint8_t*)0x200000002306 = 0x14;
3666. *(uint8_t*)0x200000002307 = 0xaa;
3667. *(uint32_t*)0x200000005ac8 = 0x10;
3668. *(uint64_t*)0x200000005ad0 = 0x200000002800;
3669. *(uint64_t*)0x200000002800 = 0x200000002340;
3670. memcpy(
3671. (void*)0x200000002340,
3672. "\xf4\x70\x6e\xe6\x6a\xe5\xa7\x48\x7f\x91\x56\xd7\xa6\x00\x1d\x84\xbb\x96"
3673. "\x69\x54\xdd\xc8\xf6\x33\xb5\x65\x03\x39\xc1\x84\x1d\xa6\xea\x04\x63\x7e"
3674. "\x18\x3e\xf2\x30\xf1\x84\x39\xcc\x8b\xdf\x2b\x72\x43\x77\x65\xc6\x92\x9f"
3675. "\x1f\x6f\x55\xc7\xd6\xb3\x1b\xa9\x21\x3e\x97\x1c\x82\xc4\x9a\x87\xac\x6d"
3676. "\xfd\x0c\xda\x0b\x25\x6a\xb4\x66\xa3\xc2\x2c\xda\x12\xe4\x23\xda\x45",
3677. 89);
3678. *(uint64_t*)0x200000002808 = 0x59;
3679. *(uint64_t*)0x200000002810 = 0x2000000023c0;
3680. memcpy((void*)0x2000000023c0,
3681. "\x78\xd9\x7d\xf9\x76\xc2\x23\x93\x22\x1a\x85\x65\x22\xa5\x0a\x3b\x21"
3682. "\x52\x41\x5f\x5b\xbc\xd4\x10\xb8\xa3\xf9\x4e\x27\x00\x7b\x9a\x2c\x57"
3683. "\x59\xce\x7c\x39\x0b\x3e\x97\xc0\xf4\xc1\x34\x9c\x82\xcb\xd7\x06\xd3"
3684. "\x06\xb2\xf1\x1e\xef\x3e\x17\x4f\x3a\x78\x1e\xcc\x28\xff\x95\xd7\x2b"
3685. "\x1e\x04\xe7\x2c\x38\xa0\x64\x8f\x43\xd6\x46\xc2\xcb\xf7\xa4\xb0\xe9"
3686. "\x6d\x66\x6e\x79\xff\x05\xce\xff\xc1\xc2\x61\x50\x54\x18\x14\x25\x70"
3687. "\xd5\xcb\xb1\x93\x8e\xfa\x11\x26\x80\x66\x30\xc4\x4d\x8c\x8e\x26\x34"
3688. "\x74\x87\x40\x94\x8f\x68\xbe\x06\x89\x6f\xe4\xf2\xd0\x82\x67\x31\xf1"
3689. "\xcf\x95\x7d\x04\x52\x5f\x71\x91\x75\x0b\xf7\xde\xe7\x8f\x66\xd7\xc1"
3690. "\x19\x21\x29\x4e\xa2\xa6\xa1\xb0\x1b\xb9\x5e\xf7\x89",
3691. 166);
3692. *(uint64_t*)0x200000002818 = 0xa6;
3693. *(uint64_t*)0x200000002820 = 0x200000002480;
3694. memcpy((void*)0x200000002480,
3695. "\x05\x9e\xb8\x39\xd8\x56\x60\x5f\xb4\x0b\x14\x21\x6e\xca\x26\xb5\x6e"
3696. "\x3b\x0a\x7a\x44\x5c\xcc\xd9\xef\x22",
3697. 26);
3698. *(uint64_t*)0x200000002828 = 0x1a;
3699. *(uint64_t*)0x200000002830 = 0x2000000024c0;
3700. memcpy((void*)0x2000000024c0,
3701. "\xbc\xcd\x6c\x58\x02\x9f\x97\x45\x51\xa4\xf9\xe5\x11\x46\x59\x8b\x1f"
3702. "\xc9\xf5\x4f\x90\x61\x34\x68\x9a\x54\x2f\xc1\x9c\xb4\x10\xac\x51\x8b"
3703. "\x00\xde\xaf\x77\xec\x3b\x0c\x9c\xca\x2b\xaa\x1f\x30\x66\x08\x03\x5c"
3704. "\x6d\xb4\x4c\x34\x32\xac\x19\x92\xd2\x07\xed\x4e\x21\x85\x60\x35\xd0"
3705. "\x63\x17\xad\x94\x41\xce\x54\x7f\x45\x11\x0e\x03\xcb\xae\xfd\xbb\x0e"
3706. "\x11\x28\x2e\x6a\x6c\x55\x12\x04\x4b\xc3\x45\xd8\xf0\xff\x37\xb0\xa3"
3707. "\x9a\x61\xdf\x73\x60\x78\x1f\xd7\xaa\xb2\x14\xb7\xc7\xf1\x81\x51\x73"
3708. "\x45\x30\xf6\x21\x75\x40\x48\x38\x4d\x1d\x79\xb9\x8d\x6a\x35\x13\xc6"
3709. "\x53\xeb\xe0\x79\x81\x5c\x77\x6e\xf7\x57\xf2\x36\xd4\xe4\x69\x4c\xbc"
3710. "\x86\x79\xce\x10\x13\x95\x8a\xe8\x16\x05\x74\xc5\xc0\x1d\x69\xdc\x55"
3711. "\x25\x1c\x58\xa6\xb1\x29\x49\x53\x8b\xc6\x69\x42\xf3\x85\x4d\x29\x0f"
3712. "\x17\xa9\xcb\x35\x77\xe7\xe2\x9e\xab\xa7\x1c\xa8\xe3\x4b\x3c\x8c\xab",
3713. 204);
3714. *(uint64_t*)0x200000002838 = 0xcc;
3715. *(uint64_t*)0x200000002840 = 0x2000000025c0;
3716. memcpy((void*)0x2000000025c0,
3717. "\x66\xe7\x22\xdd\x3e\x91\x76\xb8\x5f\x0b\xa3\x12\xc8\x38\x20\x33\x70"
3718. "\xa3\xa6\x22\xdc\x48\xef\x11\xba\xad\xcb\x99\x12\xde\x1a\x25\x05\x20"
3719. "\xca\x4d\x35\x71\x92\x27\xfc\x6d\x08\xe6\x06\x0a\x13\x86\x83\xe9\x55"
3720. "\x9c\xcf\x6d\x14\xb4\xfe\x28\x87\x58\xd0\x2c\x08\x5a\x15\x03\xa1\x6b"
3721. "\xae\x3d\xbc\x4f\x0a\x4c\x4a\xd1\x87\xed\x98\x01\x7f\xef\x09",
3722. 83);
3723. *(uint64_t*)0x200000002848 = 0x53;
3724. *(uint64_t*)0x200000002850 = 0x200000002640;
3725. memcpy(
3726. (void*)0x200000002640,
3727. "\xa3\x6e\xba\x24\x6d\x4b\x4d\x03\x88\x91\x0a\xc8\x98\x97\x51\xa4\x38\xa2"
3728. "\x52\x2b\xf9\xdf\x24\x85\x9e\x8f\x9f\x4c\x72\xe8\x04\xb6\x34\xde\x8a\x0a"
3729. "\x53\x19\xb0\x56\xc3\x84\xb8\x75\x62\x28\x2b\x03\x18\x7c\xb1\xcd\x03\x53"
3730. "\x72\x26\x30\x15\x71\x81\xe4\xed\xef\xec\x00\x96\x62\xfb\xf6\x4c\x80\x84"
3731. "\x48\xc3\x28\x0c\x6b\x8f\x1e\xa7\x05\x6a\x70\x15\xfb\x1d\x82\xb7\xb7\xf3"
3732. "\x2d\x77\xae\x3f\x74\x5e\x7e\x5e\x4e\x50\x56\x60\xd5\xdc\xe4\x0a\x65\x27"
3733. "\x30\x5e\xdc\x67\xb0\x3b\x38\x6d\xcb\xc4\x5e\x72\xf8\x1f\x9b\x01\x19\x71"
3734. "\x78\x9b\xf7\x89\x74\x87\xde\xd8\xba\x2d\x6c\xd0\x6a\x9a\xa0\xb9\xff\xc3"
3735. "\xed\xc1\x98\x03\x09\xac\x7e\xea\xd4\xe0\xbc\x68\xe0\x13\x7f\x87\x9e\xde"
3736. "\x76\x51\x24\x30\xe3\x1e\x5b\xbd\x53\x66\x26\xfa\xee\xe6\x1f\x3b\x75\x0c"
3737. "\x4a\xd2\x63\xd7\xd1\xbc\x3a\x93\x20\xc2\x42\xce\xd5\x4d\xff\x21\xd6\x9a"
3738. "\xb6\x79\x22\x8d\x99\xde\x1c\xa5\x27",
3739. 207);
3740. *(uint64_t*)0x200000002858 = 0xcf;
3741. *(uint64_t*)0x200000002860 = 0x200000002740;
3742. memcpy(
3743. (void*)0x200000002740,
3744. "\xd4\x1b\xfe\x20\xb2\x27\x04\x8b\xfa\xd1\xd1\x5e\xdc\x30\x82\xb8\xa7\x63"
3745. "\x9e\xcd\x33\x93\x99\x39\xbb\xf8\x71\x96\x31\x5e\xd5\xd2\xba\x88\x97\x6c"
3746. "\x4a\xa0\xae\x70\x8b\x07\xd3\x37\xe8\xb3\x8f\x1b\xc0\x9c\xc1\x55\xc9\x66"
3747. "\xd5\x27\x67\x56\xb1\x22\xb1\x3d\x1e\x45\x14\x5b\xd4\x88\x05\xab\xfa\x12"
3748. "\xfb\x25\xe3\x9e\x36\x0a\xdd\x10\xf8\xb3\x8a\xae\xea\x38\xa6\x0d\x5a\xc5"
3749. "\x02\xe1\x24\x0e\x30\x78\x3a\x57\xe3\x42\x3b\xac\x73\x8f\x41\x85\xe2\xbb"
3750. "\x2a\xcb\x9a\x5e\xce\x55\xc7\xe8\x65\xb8\x7f\xbb\x35\x3b\x77\x34\x7d\x51"
3751. "\x20\x69\x31\xb6\x2b\xb7\xe9\x34\x95\xf4\x14\xb3\x0c\x49\x3e\x96\x93\x41"
3752. "\x77\x0d\xdf\x26\xc7\xa1\xe7\x1d\xfb\x30\xd3\x1c\xf4\xc0\x93\xb0\x0b\x67"
3753. "\xe3\x28\x68\xc3\x2a\x05\x90\xc5\x5d\x00\xc2\xf3\x15\x44\x7d",
3754. 177);
3755. *(uint64_t*)0x200000002868 = 0xb1;
3756. *(uint64_t*)0x200000005ad8 = 7;
3757. *(uint64_t*)0x200000005ae0 = 0x200000002880;
3758. *(uint64_t*)0x200000002880 = 0xac;
3759. *(uint32_t*)0x200000002888 = 0;
3760. *(uint32_t*)0x20000000288c = 7;
3761. *(uint8_t*)0x200000002890 = 0;
3762. *(uint8_t*)0x200000002891 = 0x83;
3763. *(uint8_t*)0x200000002892 = 0x13;
3764. *(uint8_t*)0x200000002893 = 0x54;
3765. *(uint32_t*)0x200000002894 = htobe32(0x7f000001);
3766. *(uint32_t*)0x200000002898 = htobe32(0);
3767. *(uint8_t*)0x20000000289c = 0xac;
3768. *(uint8_t*)0x20000000289d = 0x14;
3769. *(uint8_t*)0x20000000289e = 0x14;
3770. *(uint8_t*)0x20000000289f = 0xaa;
3771. *(uint8_t*)0x2000000028a0 = 0xac;
3772. *(uint8_t*)0x2000000028a1 = 0x14;
3773. *(uint8_t*)0x2000000028a2 = 0x14;
3774. *(uint8_t*)0x2000000028a3 = 0x43;
3775. *(uint8_t*)0x2000000028a4 = 1;
3776. *(uint8_t*)0x2000000028a5 = 0x86;
3777. *(uint8_t*)0x2000000028a6 = 0x25;
3778. *(uint32_t*)0x2000000028a7 = htobe32(1);
3779. *(uint8_t*)0x2000000028ab = 5;
3780. *(uint8_t*)0x2000000028ac = 0xd;
3781. memcpy((void*)0x2000000028ad, "\xd2\x95\xd1\xfb\xe3\x0f\x6d\x72\x9a\x71\x2b",
3782. 11);
3783. *(uint8_t*)0x2000000028b8 = 5;
3784. *(uint8_t*)0x2000000028b9 = 0xa;
3785. memcpy((void*)0x2000000028ba, "\x23\xf9\xe6\x8e\x60\xec\xc3\x54", 8);
3786. *(uint8_t*)0x2000000028c2 = 0;
3787. *(uint8_t*)0x2000000028c3 = 8;
3788. memcpy((void*)0x2000000028c4, "\x97\x26\x37\x21\x0a\x85", 6);
3789. *(uint8_t*)0x2000000028ca = 7;
3790. *(uint8_t*)0x2000000028cb = 0xb;
3791. *(uint8_t*)0x2000000028cc = 0x61;
3792. *(uint8_t*)0x2000000028cd = 0xac;
3793. *(uint8_t*)0x2000000028ce = 0x14;
3794. *(uint8_t*)0x2000000028cf = 0x14;
3795. *(uint8_t*)0x2000000028d0 = 0xbb;
3796. *(uint8_t*)0x2000000028d1 = 0xac;
3797. *(uint8_t*)0x2000000028d2 = 0x14;
3798. *(uint8_t*)0x2000000028d3 = 0x14;
3799. *(uint8_t*)0x2000000028d4 = 0xbb;
3800. *(uint8_t*)0x2000000028d5 = 0x94;
3801. *(uint8_t*)0x2000000028d6 = 4;
3802. *(uint16_t*)0x2000000028d7 = 0;
3803. *(uint8_t*)0x2000000028d9 = 0;
3804. *(uint8_t*)0x2000000028da = 7;
3805. *(uint8_t*)0x2000000028db = 0x1f;
3806. *(uint8_t*)0x2000000028dc = 0x98;
3807. *(uint8_t*)0x2000000028dd = 0xac;
3808. *(uint8_t*)0x2000000028de = 0x14;
3809. *(uint8_t*)0x2000000028df = 0x14;
3810. *(uint8_t*)0x2000000028e0 = 0xaa;
3811. *(uint8_t*)0x2000000028e1 = 0xac;
3812. *(uint8_t*)0x2000000028e2 = 0x14;
3813. *(uint8_t*)0x2000000028e3 = 0x14;
3814. *(uint8_t*)0x2000000028e4 = 0x1e;
3815. *(uint32_t*)0x2000000028e5 = htobe32(0xe0000002);
3816. *(uint32_t*)0x2000000028e9 = htobe32(0xe0000002);
3817. *(uint32_t*)0x2000000028ed = htobe32(0x64010101);
3818. *(uint8_t*)0x2000000028f1 = 0xac;
3819. *(uint8_t*)0x2000000028f2 = 0x14;
3820. *(uint8_t*)0x2000000028f3 = 0x14;
3821. *(uint8_t*)0x2000000028f4 = 0xaa;
3822. *(uint32_t*)0x2000000028f5 = htobe32(0xe0000002);
3823. *(uint8_t*)0x2000000028f9 = 0x86;
3824. *(uint8_t*)0x2000000028fa = 0x33;
3825. *(uint32_t*)0x2000000028fb = htobe32(-1);
3826. *(uint8_t*)0x2000000028ff = 6;
3827. *(uint8_t*)0x200000002900 = 0x12;
3828. memcpy((void*)0x200000002901,
3829. "\x8e\xe9\x99\x45\xca\x0d\x79\x8e\x6b\xa1\x4e\xd8\xf3\xe0\xf4\xe7",
3830. 16);
3831. *(uint8_t*)0x200000002911 = 0;
3832. *(uint8_t*)0x200000002912 = 0x10;
3833. memcpy((void*)0x200000002913,
3834. "\x18\x0f\xc8\x31\xda\x7d\x00\x99\x91\xb8\xfd\xbf\x2a\xf6", 14);
3835. *(uint8_t*)0x200000002921 = 2;
3836. *(uint8_t*)0x200000002922 = 0xb;
3837. memcpy((void*)0x200000002923, "\xa0\xc2\xaf\xb3\x6e\x44\x07\x88\x93", 9);
3838. *(uint64_t*)0x200000005ae8 = 0xb0;
3839. *(uint32_t*)0x200000005af0 = 0;
3840. *(uint32_t*)0x200000005af8 = 0;
3841. *(uint64_t*)0x200000005b00 = 0x200000002940;
3842. *(uint16_t*)0x200000002940 = 2;
3843. *(uint16_t*)0x200000002942 = htobe16(0x4e21);
3844. *(uint8_t*)0x200000002944 = 0xac;
3845. *(uint8_t*)0x200000002945 = 0x14;
3846. *(uint8_t*)0x200000002946 = 0x14;
3847. *(uint8_t*)0x200000002947 = 0xbb;
3848. *(uint32_t*)0x200000005b08 = 0x10;
3849. *(uint64_t*)0x200000005b10 = 0x200000002e00;
3850. *(uint64_t*)0x200000002e00 = 0x200000002980;
3851. memcpy((void*)0x200000002980,
3852. "\xff\xab\x3e\xcb\x8b\x04\x20\xc0\xda\x8d\x9e\x02\x78\xba\x72\xc6\xa0"
3853. "\xbc\xad\x4b\x5e\xee\x76\x39\xe6\x6c\x70\xec\x04\xab\x65\x31\x86\x6a"
3854. "\x6e\x19\xd7\xd3\x28\x9f\x1d\xba\x5e\x81\x93\x7e\x2b\x48\xe3\x7b\xf3"
3855. "\xee\x89\x04\xdb\x70\xc6\x11\x80\x5a\x34\x72\x3a\x85\xf2\x7e\xd0\x37"
3856. "\xee\xc1\x81\x20\x27\x21\xe9\x2d\x5d\x76\x25\xc9\x19\xbe\x14\xe9\xb9"
3857. "\x7e\x6f\x0d\xcf\x65\x9c\x28\xe6\x38\x83\x49\xc3\xfe\xa3\xb4\xa4\x30"
3858. "\x13\x30\x4a\x34\x65\xcd\x48\x76\x55\x35\xbd\xd1\x0a\x2c\xfd\x1a\x14"
3859. "\x5e\x32\x53\x5a\x24\x4a\x36\x4c\xe0\xeb\x41\xcd\x03\xfe\xf3\x8e\xb0"
3860. "\xac\xa8\xe8\x5e\x55\xd2\x18\x9a\x79\x47\x15\x68\xe3\x54\x59\xaa\x60"
3861. "\xb4\x98\xd5\xc0\x05\x4d\x39\x95\x95\xb5\x62\xdc\x1f\x66\xfd\x9a\x59"
3862. "\x2a\x00\x56\xd4\xd2\xbb\x1b\x77\x47\x97\x85\x03\x5d\x89\x7b",
3863. 185);
3864. *(uint64_t*)0x200000002e08 = 0xb9;
3865. *(uint64_t*)0x200000002e10 = 0x200000002a40;
3866. memcpy((void*)0x200000002a40,
3867. "\x78\x1b\xf0\xc0\x2e\xa8\x78\x70\x27\xe0\x9e\xab\x6b\x10\xfd\xff\x64"
3868. "\x03\xb0\x76\x32\x24\xe7\xb3\xa1\x39\xb4\x53\x22\xf4\xf1\x01\xa7\x0f"
3869. "\x6b\xab\xcb\xd1\x04\x24\x4f\x48\x92\x81\xd8\x3d\x1b\xce\xcc\x24\x51"
3870. "\x37\x7a\x22\x68\x47\x93\x2f\x24\x0b\x7d\xb8\x38\x2e\xfa\x54\x1d\xb4"
3871. "\x93\x8f\x67\x1a\xd8\x44\x88\x02\xdc\x41\x6d\x6e\xf0\xb4\xab\x24\x20"
3872. "\x55\x5c\x61\x7d\xc8\x22\x65\xd5\x35\x62\x27\x08\x24\xb5\x84\xc1\xc5"
3873. "\xa0\x4c\x81\x68\xcb\x87\x31\x99\xf7\x1e\xd7\x3d\x52\x72\x8b\x4c\x6d"
3874. "\x4f\x3e\xe6\x03\xa0\xda\x74\x9d\xa0\xbd\x40\xf1\xbb\x89\x68\x5d\xae"
3875. "\x19\x54\x9e\x3a\x3e\x1b\xd8\x68\xbf\xed\xf1\xf6\xba\x2e\xf5\x04\xb4"
3876. "\x3f\xe1\xea\x51\xde\x4c\xa1\x16\x92\x0b\x19\xde\xcd\xca\x5e\x27\x50"
3877. "\x12\xb0\x84\xdc\x45\xc3\xf0\x87\x20\xa1\x44\xf4\xd2\xbf\xa8\x65\xc4"
3878. "\xc3\x3b\xb2\x17\x8d\x36\x0b\xa1\x5b\xc6\x83\x2e\x0a\xee",
3879. 201);
3880. *(uint64_t*)0x200000002e18 = 0xc9;
3881. *(uint64_t*)0x200000002e20 = 0x200000002b40;
3882. memcpy(
3883. (void*)0x200000002b40,
3884. "\xdb\x39\x15\xa6\x2e\xba\xb7\x49\xcb\x35\x3f\xa2\x84\x88\xb7\xb3\xa4\x8d"
3885. "\x85\xda\x3b\x5b\xc3\xca\x43\xd3\xe2\xed\xd1\x86\xb2\xa8\x4b\x6c\x18\x19"
3886. "\xa1\x15\x9a\xd5\x2e\x0a\xc5\x87\xf7\xad\x1a\x4a\x0c\x07\xcb\xc5\x71\x81"
3887. "\x2b\x7b\x95\xe9\x97\xfa\xfc\xa8\xfc\x43\x18\xdc\xb2\x2c\x1d\x38\x6a\x30"
3888. "\x74\xc0\x2e\xd0\x07\x4d\x18\xbf\xb5\xf1\xab\xa2\xaa\x2e\x12\x5d\xeb",
3889. 89);
3890. *(uint64_t*)0x200000002e28 = 0x59;
3891. *(uint64_t*)0x200000002e30 = 0x200000002bc0;
3892. memcpy(
3893. (void*)0x200000002bc0,
3894. "\x1f\x89\x02\x65\xe1\x4b\x35\x0b\x7a\x00\xe7\x98\x80\x1a\x2e\x9c\xec\x6d"
3895. "\x6c\x9b\x87\xa9\xb0\xd1\x44\xca\xec\x61\x58\x18\xb9\x84\x85\xe1\x36\xde"
3896. "\x28\x75\xcd\x7b\x4e\xfe\x47\x32\x0c\x41\x74\x7a\xe3\x37\xb0\x77\x29\x40"
3897. "\xef\xf7\xfd\xd9\x4d\xf0\xef\x2e\xcf\xea\xcc\x1f\x17\xfb\x58\xb6\x2a\x4a"
3898. "\x8e\x29\xf5\xb5\xb7\x87\x38\xb8\x5b\x49\x99\xa6\x05\x32\x32\x88\xd7\xd5"
3899. "\xfd\x7c\x69\x3c\xae\x3e\x9e\x76\xa9\x33\x41\x9c\x24\x51\x0f\x01\x48\x7a"
3900. "\x4f\x6d\x59\xee\xa7\x00\x70\x43\xe5\x57\x43\x27\x3e",
3901. 121);
3902. *(uint64_t*)0x200000002e38 = 0x79;
3903. *(uint64_t*)0x200000002e40 = 0x200000002c40;
3904. memcpy(
3905. (void*)0x200000002c40,
3906. "\xa1\xf9\xf9\x80\x08\xd5\x00\xbb\x77\xef\xe1\xc5\x5b\x88\x59\xab\xd6\x8b"
3907. "\x19\x29\x4c\x9e\x89\xf9\x1d\xf5\xc9\x49\x6f\x55\xb8\xa6\x0b\xb3\x0d\xaa"
3908. "\x92\xd1\x04\xe2\x7d\x99\x33\xaa\x0c\x62\x53\x84\xd6\xb9\x71\xb7\x0e\xc9"
3909. "\x61\xf5\x6a\x5b\x93\x4a\x18\x68\x3f\xaa\xc7\x9c\x6d\x2e\x63\x05\xa8\xdf"
3910. "\xd4\x8e\xba\xe3\x50\x60\x24\xdd\x88\x58\xbc\x9b\x6c\x40\x93\x81\x0d\xe8"
3911. "\x95\xfe\x52\x24\x5f\x5e\xd4\xd1\xbe\x69\xb8\x0a\xdd\x64\x7e\x72\xd5\x13"
3912. "\x3c\xc7\xb7\xe8\x4c\xa0\x15\x94\x15\x10\x07\x2f\x96\x72\x00\xfc\x63\x6a"
3913. "\x18\x55\x71\x42\xc3\x2c\xc3\x96\xfe\xc4\x68\x9e\x4f\x01\x75\xc2\xc9\x8b"
3914. "\xa5\x01\x49\xed\xce\x78\x34\x62\x1a\x79\x21\xf5\x10\xc8\x39\x7d\x2e\x35"
3915. "\x7c\x0a\xbb\x53\x6b\x07\xf4\xb1\xaa\x06\xa6\x16\x86\x08\xd9\x9f\xaf\x3e"
3916. "\x87\xe2\x6a\xb2\xa4\x91\x3f\x45\x96\x3e\xbe\x76\xdb\x85\xb2\x9b\x5a\x82"
3917. "\xe3\x1c\x88\x26\x3f\x54\xfa\xae\x4f\x7f\x15\xd7\xe1\x70\x24\x81\x72\x39"
3918. "\xef\x4a\xb7\xd1\x59\xfa\xd5\xc1\x87\xbc\xab\x87\x01\xee\xca\x72\xe3\x21"
3919. "\x00\xfe\xad\x28\x0c\x78",
3920. 240);
3921. *(uint64_t*)0x200000002e48 = 0xf0;
3922. *(uint64_t*)0x200000002e50 = 0x200000002d40;
3923. memcpy((void*)0x200000002d40,
3924. "\x42\x6e\xc2\x82\x27\xeb\x79\xcb\x1f\xa5\x2c\xb5\xdb\x09\xb7\x88\x31"
3925. "\x32\x30\x02\x4c\x84\x52\xc5\x33\xdb\xe9\xe2\xc7\x46\xfd\x5a\x77\x49"
3926. "\x2b\x3b\xd5\xf1\xda\x17\xe9\xe9\x11\x0d\x1a\x71\x76\xd7\x9a\x91\x18"
3927. "\x26\xba\x93\x14\x14\xa0\x87\xc1\xc8\x44\xf2\x79\x02\x4c\x90\x96\x72"
3928. "\xdf\x57\x1b\x3a\xf1\xeb\xfe\x1e\xdd\xed\x34\x67\x8b\x0b\xad\x03\xa0"
3929. "\x11\x43\xc4\x53\x37\x0a\x5e\xfa\xd8\xbc\xa0\x22\x6e\x45\xef\xfa\xbd"
3930. "\x21\x2f\xd0\x76\x5c\x79\x03\xaa\x53\xb6\xe4\xeb\x7f\xf1\x18\x5e\x53"
3931. "\xab\x85\x86\x72\xc5\xa4\x52\xa6\x90\x66\xce\x7c",
3932. 131);
3933. *(uint64_t*)0x200000002e58 = 0x83;
3934. *(uint64_t*)0x200000005b18 = 6;
3935. *(uint64_t*)0x200000005b20 = 0x200000002e80;
3936. *(uint64_t*)0x200000002e80 = 0x54;
3937. *(uint32_t*)0x200000002e88 = 0;
3938. *(uint32_t*)0x200000002e8c = 7;
3939. *(uint8_t*)0x200000002e90 = 0x88;
3940. *(uint8_t*)0x200000002e91 = 0xa;
3941. memcpy((void*)0x200000002e92, "\x04\x85\x45\x69\xe3\x68\xac\x18", 8);
3942. *(uint8_t*)0x200000002e9a = 0x86;
3943. *(uint8_t*)0x200000002e9b = 8;
3944. memcpy((void*)0x200000002e9c, "\x47\xb5\x7b\x49\xa2\x51", 6);
3945. *(uint8_t*)0x200000002ea2 = 0x83;
3946. *(uint8_t*)0x200000002ea3 = 0xf;
3947. *(uint8_t*)0x200000002ea4 = 0x60;
3948. *(uint8_t*)0x200000002ea5 = 0xac;
3949. *(uint8_t*)0x200000002ea6 = 0x14;
3950. *(uint8_t*)0x200000002ea7 = 0x14;
3951. *(uint8_t*)0x200000002ea8 = 0xbb;
3952. *(uint8_t*)0x200000002ea9 = 0xac;
3953. *(uint8_t*)0x200000002eaa = 0x14;
3954. *(uint8_t*)0x200000002eab = 0x14;
3955. *(uint8_t*)0x200000002eac = 0xaa;
3956. *(uint8_t*)0x200000002ead = 0xac;
3957. *(uint8_t*)0x200000002eae = 0x1e;
3958. *(uint8_t*)0x200000002eaf = 0;
3959. *(uint8_t*)0x200000002eb0 = 1;
3960. *(uint8_t*)0x200000002eb1 = 1;
3961. *(uint8_t*)0x200000002eb2 = 7;
3962. *(uint8_t*)0x200000002eb3 = 0x17;
3963. *(uint8_t*)0x200000002eb4 = 0xc4;
3964. *(uint32_t*)0x200000002eb5 = htobe32(-1);
3965. *(uint32_t*)0x200000002eb9 = htobe32(0xa010102);
3966. *(uint32_t*)0x200000002ebd = htobe32(0);
3967. *(uint32_t*)0x200000002ec1 = htobe32(0xa010100);
3968. *(uint32_t*)0x200000002ec5 = htobe32(0x64010101);
3969. *(uint8_t*)0x200000002ec9 = 1;
3970. *(uint8_t*)0x200000002eca = 1;
3971. *(uint8_t*)0x200000002ecb = 0x94;
3972. *(uint8_t*)0x200000002ecc = 4;
3973. *(uint16_t*)0x200000002ecd = 0;
3974. *(uint8_t*)0x200000002ecf = 0x94;
3975. *(uint8_t*)0x200000002ed0 = 4;
3976. *(uint16_t*)0x200000002ed1 = 1;
3977. *(uint64_t*)0x200000002ed8 = 0x14;
3978. *(uint32_t*)0x200000002ee0 = 0;
3979. *(uint32_t*)0x200000002ee4 = 1;
3980. *(uint32_t*)0x200000002ee8 = 0xe;
3981. *(uint64_t*)0x200000005b28 = 0x70;
3982. *(uint32_t*)0x200000005b30 = 0;
3983. *(uint32_t*)0x200000005b38 = 0;
3984. *(uint64_t*)0x200000005b40 = 0x200000002f00;
3985. *(uint16_t*)0x200000002f00 = 2;
3986. *(uint16_t*)0x200000002f02 = htobe16(0x4e24);
3987. *(uint32_t*)0x200000002f04 = htobe32(0x64010101);
3988. *(uint32_t*)0x200000005b48 = 0x10;
3989. *(uint64_t*)0x200000005b50 = 0x2000000031c0;
3990. *(uint64_t*)0x2000000031c0 = 0x200000002f40;
3991. memcpy(
3992. (void*)0x200000002f40,
3993. "\x8a\x64\x90\x57\x56\x08\x24\xa5\xa1\xab\x9c\xb8\xf5\x1a\x1d\xed\x5f\xc2"
3994. "\x1d\x7e\x31\x6c\x69\xe3\xa7\x2b\x8d\x74\x49\xc3\x0d\x29\xda\xd2\xf5\x15"
3995. "\xe8\x27\x96\x60\x26\x93\x8b\x1b\x24\xa6\x12\xdf\xc7\xc4\xa1\xa9\x2f\x33"
3996. "\xe4\x2b\xbe\x2b\xed\xc5\x9d\xeb\x76\x84\x3d\x32\x80\xa1\xb7\xa0\xc2\x39"
3997. "\xc9\xb3\x7c\x7b\x6c\x49\xf2\x33\x78\x6d\x4a\x46\x22\x0f\x8b\x7c\xf1\xe9"
3998. "\xf8\x55\x6b\x02\x10\xde\xfa\x00\xf3\xd2\x3d\xa9\xf7\x6e\x00\x67\xe9\x9e"
3999. "\xe6\x8b\x58\xcf\x07\x50\x8f\xc3\x7c\x02\x83\x75\x78\x0e\x0d\x28\x9c\x1a"
4000. "\xda\x3f\x19\xd1\x57\x60\x50\x23\x37\xd3\x5e\x4b\xb2\x4a\x40\x0d\x6e\x73"
4001. "\x62\xf9\x36\xdd\x31\xba\xcd\xe7\x3b\xd4",
4002. 154);
4003. *(uint64_t*)0x2000000031c8 = 0x9a;
4004. *(uint64_t*)0x2000000031d0 = 0x200000003000;
4005. memcpy(
4006. (void*)0x200000003000,
4007. "\x30\x98\xf6\xc4\x7b\x80\xf8\xe0\x49\x4d\x5d\x5a\x1e\x31\x0b\xd1\xc9\xeb"
4008. "\x81\x16\x15\x64\x1b\x22\x5c\x5c\x07\x02\x2f\x68\x64\x31\xe6\xe6\x6a\x09"
4009. "\x72\x39\x46\x5e\x74\x7e\x95\x3a\x1c\xea\xe3\xd4\xb3\xe2\x3f\xbb\xde\xbc"
4010. "\x07\x05\xaf\xbc\xef\xb3\xbc\xf5\x8f\x53\x20\xc7\x96\x56\xe0\x76\xf9\x36"
4011. "\x18\x50\xe7\x38\xaa\x37\x5c\x35\x3e\xad\x4c\x98\xb1\x3d\xab\x0b\x1f\x79"
4012. "\x2e\x89\x01\xce\xa6\x1a\x66\xfa\x0c\xbe\xc2\x8a\x58\xc0\x13\xeb\x60\x75"
4013. "\x7e\x03\xc6\x9b\x99\x5b\x4f\xa2\x63\x04\x40\x96\xde\xea\x8f\x57\x45\x3c"
4014. "\xdb\xfe\x8c\x59\xdc\x63\x3a\x47\xd0\x19\x8c\xee\x4c\xff\x30\x52\xcd\xc8"
4015. "\x44\x71\x5d\xa9\xef\xa9\xd7\x85\x0d\xa8\x09\x9a\x16\xdd\x43\xed\x7e\xa0"
4016. "\xe8\xa0\x4e\x81\x4d\x31\x31\x21\xaf\x9e\xa2\x4c\xed\xc4\x4a\x13\x82\xfc"
4017. "\xdc\x03\x04\xe4\x26\x63\x45\x60\xb5\x2d\x47\x9a\x12\x76\xa8\x0f\x82\x24"
4018. "\xd2\x78\x55\x3f\x8d\xc9\x76\x3b\xbe\x88\x46\xeb\xf3\xa5\x41\xfe\x4e\x49"
4019. "\x86\xd4\x32\x44\xf1\x41\x00\x88\xd0\x9d\x65\xe9\x79\xc6\x66\x5e\x0d\x1a"
4020. "\xa9\x2f\x0b\x23\x22\xc9\x24\xdb\xa3\x83\x0c\x4a\x59",
4021. 247);
4022. *(uint64_t*)0x2000000031d8 = 0xf7;
4023. *(uint64_t*)0x2000000031e0 = 0x200000003100;
4024. memcpy((void*)0x200000003100,
4025. "\xaa\xb2\xb5\x67\xed\x3b\x2b\x0b\x8d\x51\x4f\x2d\x9e\x68\x3d\x67\xd1"
4026. "\x88\x4c\x18\x03\x4f\x2e\x3a\xf6\xf1\x9d\x37\x21\x1b\x4e\x8e\x3c\x57"
4027. "\x18\x40\x60\xdc\x48\x25\x65\x84\xc1\x68\x1b\x00\x0e\xdb\x4e\x20\x61"
4028. "\x82\x13\xe9\xb7\x58\xac\x0e\x5c\x19\xca\xac\x2c\xf1\x4c\xae\x50\xb2"
4029. "\xeb\xef\xf4\x91\x05\xbc\x27\x59\x67\x0b\x8b\xf4\x26\xd2\x1b\x69\x0d"
4030. "\xbf\x0a\x3b\x7b\x7b\xe2\x92\x5b\x41\xeb\x94\x9a\x8a\x89\x98\xb0\xe7"
4031. "\x92\x77\x3a\x59\xf7\x38\x2d\xc6\x7f\xa0\x9b\xad\x58\x34\x62\x69\x26"
4032. "\x12\x98\x74\x46\xb6\x47\xcc\x77\xe9\x89\xd8\x84\x3e\x7b\xe2\x23\x6b"
4033. "\xee\x6b\x94\xd4\x9e\xec\x7e\x62\x10\x12\xe6\x9c\xfa\x39\x7c\x8d\xc8"
4034. "\x0f\x99\x44\x9d\x8b\x03\xff\x2f\xe5\x0d\x64\x1b\xb8\x4b\x51\x7d\x98"
4035. "\x0a\x0e\xfa\xd8\x7f\x33\x8f\x5d\x20\x3b\x33\x76\xc0\xbf\x34",
4036. 185);
4037. *(uint64_t*)0x2000000031e8 = 0xb9;
4038. *(uint64_t*)0x200000005b58 = 3;
4039. *(uint64_t*)0x200000005b60 = 0x2000000032c0;
4040. *(uint64_t*)0x2000000032c0 = 0x1c;
4041. *(uint32_t*)0x2000000032c8 = 0;
4042. *(uint32_t*)0x2000000032cc = 8;
4043. *(uint32_t*)0x2000000032d0 = r[42];
4044. *(uint32_t*)0x2000000032d4 = htobe32(0);
4045. *(uint32_t*)0x2000000032d8 = htobe32(0x7f000001);
4046. *(uint64_t*)0x2000000032e0 = 0x14;
4047. *(uint32_t*)0x2000000032e8 = 0;
4048. *(uint32_t*)0x2000000032ec = 7;
4049. *(uint8_t*)0x2000000032f0 = 1;
4050. *(uint8_t*)0x2000000032f1 = 1;
4051. *(uint64_t*)0x2000000032f8 = 0x1c;
4052. *(uint32_t*)0x200000003300 = 0;
4053. *(uint32_t*)0x200000003304 = 8;
4054. *(uint32_t*)0x200000003308 = r[41];
4055. *(uint32_t*)0x20000000330c = htobe32(0xa010100);
4056. *(uint32_t*)0x200000003310 = htobe32(0xe0000002);
4057. *(uint64_t*)0x200000003318 = 0x14;
4058. *(uint32_t*)0x200000003320 = 0;
4059. *(uint32_t*)0x200000003324 = 2;
4060. *(uint32_t*)0x200000003328 = 0x40;
4061. *(uint64_t*)0x200000003330 = 0x14;
4062. *(uint32_t*)0x200000003338 = 0;
4063. *(uint32_t*)0x20000000333c = 2;
4064. *(uint32_t*)0x200000003340 = 4;
4065. *(uint64_t*)0x200000005b68 = 0x88;
4066. *(uint32_t*)0x200000005b70 = 0;
4067. *(uint32_t*)0x200000005b78 = 0;
4068. *(uint64_t*)0x200000005b80 = 0;
4069. *(uint32_t*)0x200000005b88 = 0;
4070. *(uint64_t*)0x200000005b90 = 0x200000003480;
4071. *(uint64_t*)0x200000003480 = 0x200000003380;
4072. memcpy((void*)0x200000003380,
4073. "\x2e\x89\x1f\x2e\xc4\xf7\x72\x7d\x65\xbc\x69\xed\xe4\x00\x4f\x98\x61"
4074. "\x9b\xf3\xf8\x5e\x67\xf4\xfe\xf2\x04\x8b\x22\xd9\x72\x2f\xfb\x11\x17"
4075. "\x60\x3e\x57\x01\x00\xf6\xfc\xda\x72\xa4\x8e\x49\xee\xb9\xbc\x95\x6a"
4076. "\x79\xd2\x14\x8e\x4f\xbd\x12\x5b\x89\x23\x87\xa2\xcb\x16\xbc\x65\x48"
4077. "\x4f\x91\x1c\x0a\xad\x8c\x14\xbc\x4a\x0d\x23\xa5\xc3\x67\x13\x2f\xc4"
4078. "\x62\x26\xcc\x28\x9c\xda\x4e",
4079. 92);
4080. *(uint64_t*)0x200000003488 = 0x5c;
4081. *(uint64_t*)0x200000003490 = 0x200000003400;
4082. memcpy((void*)0x200000003400,
4083. "\xcd\x07\x76\xef\x1a\x00\x13\xe4\xa9\x86\x92\x7a\xb6\xdc\xeb\x37\xda"
4084. "\x1c\x6a\x9a\x5a\x65",
4085. 22);
4086. *(uint64_t*)0x200000003498 = 0x16;
4087. *(uint64_t*)0x2000000034a0 = 0x200000003440;
4088. memcpy((void*)0x200000003440,
4089. "\xd6\xb5\x19\x1a\x51\xae\xbd\x90\x2c\xc7\x56\x9a\x70\xcc\x7e\xf6\xc8"
4090. "\xd4\xc4\xec\xd0\x87\x15\x29\x05\x81\xd1\xd9\x8e\xdd\x87\x02\xeb\xcd"
4091. "\xca\x38\xf7\x98\x23\x4a\x2c\xd9\x6c\xaf\xbb\x94",
4092. 46);
4093. *(uint64_t*)0x2000000034a8 = 0x2e;
4094. *(uint64_t*)0x200000005b98 = 3;
4095. *(uint64_t*)0x200000005ba0 = 0x2000000034c0;
4096. *(uint64_t*)0x2000000034c0 = 0x14;
4097. *(uint32_t*)0x2000000034c8 = 0;
4098. *(uint32_t*)0x2000000034cc = 1;
4099. *(uint32_t*)0x2000000034d0 = 5;
4100. *(uint64_t*)0x2000000034d8 = 0x14;
4101. *(uint32_t*)0x2000000034e0 = 0;
4102. *(uint32_t*)0x2000000034e4 = 1;
4103. *(uint32_t*)0x2000000034e8 = 0x7f;
4104. *(uint64_t*)0x2000000034f0 = 0x14;
4105. *(uint32_t*)0x2000000034f8 = 0;
4106. *(uint32_t*)0x2000000034fc = 1;
4107. *(uint32_t*)0x200000003500 = 6;
4108. *(uint64_t*)0x200000003508 = 0x11;
4109. *(uint32_t*)0x200000003510 = 0;
4110. *(uint32_t*)0x200000003514 = 1;
4111. *(uint8_t*)0x200000003518 = 4;
4112. *(uint64_t*)0x200000003520 = 0x1c;
4113. *(uint32_t*)0x200000003528 = 0;
4114. *(uint32_t*)0x20000000352c = 8;
4115. *(uint32_t*)0x200000003530 = r[38];
4116. *(uint8_t*)0x200000003534 = 0xac;
4117. *(uint8_t*)0x200000003535 = 0x14;
4118. *(uint8_t*)0x200000003536 = 0x14;
4119. *(uint8_t*)0x200000003537 = 0x14;
4120. *(uint32_t*)0x200000003538 = htobe32(0);
4121. *(uint64_t*)0x200000005ba8 = 0x80;
4122. *(uint32_t*)0x200000005bb0 = 0;
4123. *(uint32_t*)0x200000005bb8 = 0;
4124. *(uint64_t*)0x200000005bc0 = 0;
4125. *(uint32_t*)0x200000005bc8 = 0;
4126. *(uint64_t*)0x200000005bd0 = 0x200000004840;
4127. *(uint64_t*)0x200000004840 = 0x200000003540;
4128. memcpy((void*)0x200000003540, "\x96\x0a\x21\xc1\xa5\xf5\xd9\x09\x92\x28", 10);
4129. *(uint64_t*)0x200000004848 = 0xa;
4130. *(uint64_t*)0x200000004850 = 0x200000003580;
4131. memcpy(
4132. (void*)0x200000003580,
4133. "\x39\x8b\x76\xcc\xe6\xad\xd6\x6e\x07\x1f\x6e\x0e\xa5\xee\x81\x83\xcf\xf6"
4134. "\x3e\x2a\xca\xf0\x53\xb2\x77\xf4\x33\xb9\xfb\x9f\x45\x01\x81\xe6\x42\x3f"
4135. "\xf7\x89\x9b\x01\xa6\x7c\x7b\xe3\xf2\x38\x2d\xb3\x60\x7f\x50\x52\x43\x0a"
4136. "\x68\x7b\x7e\xc7\xbf\x68\x4a\xa7\x8e\xb3\x05\xff\x4e\xd6\x1f\x04\xeb\xb8"
4137. "\x44\x2c\x91\x6d\xc9\x8a\xab\xfb\x7c\x13\x14\x67\x8e\x79\x4e\xf2\x9d\x2e"
4138. "\x1e\xf5\xc0\x33\xcb\xa0\x07\xf9\x1c\x72\xb2\x9e\x37\x99\x4f\xb8\xd9\x13"
4139. "\x6a\x64\x71\xa7\x03\x4d\x29\xa6\x1d\xa1\xfb\x9f\x78\x23",
4140. 122);
4141. *(uint64_t*)0x200000004858 = 0x7a;
4142. *(uint64_t*)0x200000004860 = 0x200000003600;
4143. memcpy((void*)0x200000003600,
4144. "\xad\x97\xbb\x74\x58\xaf\x57\x07\xc0\xca\x1e\x4d\x26\x90\xa8\x65\x43"
4145. "\xcf\x40\x32\x36\x15\x35\xfa\x56\x7c\x8e\xc6\x3b\xe1\xd4\x66\x4a\x77"
4146. "\x76\xc1\x72\xcc\x51\x2c\xd2\xa0\xf0\xe1\x66\x03\x7c\x99\xba\xed\x5c"
4147. "\x15\xc5\x8e\x30\x7c\xac\x09\x41\xc5\xac\x0f\xa0\x3c\xd5",
4148. 65);
4149. *(uint64_t*)0x200000004868 = 0x41;
4150. *(uint64_t*)0x200000004870 = 0x200000003680;
4151. memcpy((void*)0x200000003680,
4152. "\x68\x80\x63\xf5\x44\x7c\x49\x1c\xd7\x89\xb9\x49\x9b\x08\xaa\x0a\xe6"
4153. "\x26\x12\xe8\x3d\x83\xa4\xfb\x54\x4f\x88\x1e\xe1\x5c\x13\x46\x7d\x27"
4154. "\xdc\xfe\x1b\x6f\x8b\x24\xc2\x69\x49\x5d\x28\xae\x47\xa1\x4d\xd7\x8a"
4155. "\xbb\xa4\x7b\xc0\xcd\xb7\x85\xbd\x7b\xc7\x67\xf4\x92\xb2\x61\x3d\x24"
4156. "\xee\xbf\xa8\x33\x2a\x33\x16\x9b\xf4\x63\xa4\x78\xa7\xae\xd8\x84\xe5"
4157. "\x82\x40\x9b\x08\x76\xad\xf0\xde\xd5\x3b\xda\xba\x7c\xc0\xc0\x3a\xb5"
4158. "\x18\x4c\xce\xdb\xa9\x99\xe2\x9a\x0c\xd2\x8e\x4d\xe9\xdb\xa8\xed\xc5"
4159. "\x8c\xc9\x72\x15\x26\x2c\x12\x02\xd0\x31\x3f\x5d\x91\xec\x23\x3d\x7f"
4160. "\x2c\xc9\xba\xd7\x65\x2b\xec\xe1\x36\xd3\x85\x04\x7e\x88\xe6\x54\xda",
4161. 153);
4162. *(uint64_t*)0x200000004878 = 0x99;
4163. *(uint64_t*)0x200000004880 = 0x200000003740;
4164. memcpy((void*)0x200000003740,
4165. "\x83\xe3\x66\x7b\x1e\x97\x19\xc8\x9b\xaf\x44\xd7\x0d\xa3\xe9\x08\x7e"
4166. "\xc2\x6f\xe2\xbe\x20\x09\xa7\xc9\xcb\xed\xad\xd4\x9c\xf7\x96\xee\xb9"
4167. "\xcd\xd5\x8c\x6d\x58\x6b\x15\x13\x79\x05\x34\x8d\x66\x1e\x42\xfd\x2f"
4168. "\x1c\x0f\x4b\xa7\xb5\x6f\xb5\xc9\x11\x52\xb1\xb2\x81\xd8\x73\xcb\x51"
4169. "\x4a\x96\x54\x8c\xfc\x56\x73\x8b\xa1\xad\x86\x63\xaf\x39\x30\x32\x57"
4170. "\xdc\x46\x24\x40\x60\xf0\xae\xf3\xc2\x8c\x9f\x20",
4171. 97);
4172. *(uint64_t*)0x200000004888 = 0x61;
4173. *(uint64_t*)0x200000004890 = 0x2000000037c0;
4174. memcpy((void*)0x2000000037c0,
4175. "\xd2\x2b\xd6\x80\x0d\xc8\x13\xee\x51\xc1\xcb\xeb\x49\xf9\xff\x24\x01"
4176. "\x7b\xaf\x28\x57\x6b\x49\x72\xb8\xb1\xd7\x62\xb7\xb1\xd5\xb2\x80\xd6"
4177. "\x41\x13\xfb\x22\x2c\x2a\x8e\xcf\x05\x65\x09\x19\x36\x30\xb0\x17\x81"
4178. "\x42\x96\x05\x9e\x62\xda\xdc\x83\x9b\x0b\xe5\x3f\x73\x68\xa3\x71\xfa"
4179. "\x88\x22\x72\x89\xa1\x7b\x71\x8e\x03\xdd\x91\xfa\x13\x84\x3a\xcb\x02"
4180. "\x75\xc1\x93\x00\xf5\x6b\x0e\x34\x17\xad\xd0\x51\x13\x5d\x93\x18\x47"
4181. "\x93\xf3\x98\x23\x58\xda\x1e\x17\xed\x46\xfe\x6d",
4182. 114);
4183. *(uint64_t*)0x200000004898 = 0x72;
4184. *(uint64_t*)0x2000000048a0 = 0x200000003840;
4185. memcpy(
4186. (void*)0x200000003840,
4187. "\x54\x6a\x87\xbe\xab\xd0\xc8\x83\x63\xac\xb0\xe6\x8a\x31\x31\x5e\xf8\xa0"
4188. "\x71\x65\x1e\x9a\xd2\x19\x03\x8d\x23\xdb\xc8\x49\x7e\x52\x92\x19\x16\x89"
4189. "\xbf\xf2\x18\x8b\xe0\x64\x77\x58\x02\xba\x33\xda\xec\x8f\x06\xc3\xe8\x21"
4190. "\x2d\xe3\x07\xb3\x5c\xba\x49\x61\x0a\x1b\x4d\x26\x39\x0b\xc6\x9f\x89\x4e"
4191. "\x80\x43\x56\x24\xfe\x18\x93\x42\xcb\x71\x69\x28\xb8\x8f\x30\xc4\xa1\x19"
4192. "\x4d\x25\xdf\xb0\x62\xd3\x90\x92\x41\xc5\x9d\xd8\x0e\xad\xf5\x02\x2f\x6b"
4193. "\xe5\x6a\xab\xa1\x27\xf9\xf5\xa3\xbf\x7b\x3c\x2c\xd4\xef\xde\x65\xb2\x24"
4194. "\xcd\xda\xef\xf4\xa1\xa9\x97\x6e\xb9\x2e\x50\x40\x2a\x4f\xc9\x8f\xe4\x5c"
4195. "\xda\xb0\xa8\x88\x06\x2c\xf1\x10\xc8\x60\x06\x9b\x79\x49\x77\x7b\xad\x41"
4196. "\x37\x67\x8b\x02\x79\x82\x05\x6d\x57\xd3\x59\x83\x70\xf2\x76\xb9\x6f\x02"
4197. "\x60\x17\x1b\x32\xf7\xe4\x0b\xc8\xb6\xd0\x97\x8f\x8a\xe9\x67\x0c\x62\x36"
4198. "\x50\xdc\x7f\xdb\xa9\xfd\x01\x44\x53\xe2\x87\xe6\x05\x65\x56\x75\x3d\x89"
4199. "\x67\xfb\x05\x01\x98\x20\x1e\x03\xc9\xe8\x1f\x98\x41\xb8\x47\xe8\x63\x77"
4200. "\xf9\x7b\x76\x79\x7f\x48\x4c\x91\x99\x1d\xb9\x3e\x06\x16\xdf\x22\x94\xf6"
4201. "\x63\xfc\x9b\x17\xbc\x43\xe8\x43\x21\x41\x3a\x37\x32\x5d\x6b\x6d\xda\x6b"
4202. "\x61\x22\x3f\x79\x2d\xf1\x08\x08\xf8\x77\xcb\x05\xf9\x88\x70\x45\xd6\xac"
4203. "\x1f\xc5\x58\xf6\x23\x99\x62\x39\x0e\x96\x3f\x85\x18\xed\x38\x3e\xfb\xc6"
4204. "\x43\x4a\x9f\x5a\xe6\x7b\x2f\x58\x0b\x26\x31\x86\x9f\xb5\x1b\x87\x98\x7c"
4205. "\x70\xd9\x00\x03\x1e\xe1\x6d\xd8\x7a\x0a\x9c\xc0\x34\x9a\xf5\x15\xb4\x60"
4206. "\x82\x24\x5a\x52\xd2\xa3\x0e\xd9\xc0\x80\x08\x58\x3a\xdb\x3d\xdf\xbb\x42"
4207. "\xc6\x72\x4b\x8d\x83\x70\x9d\x86\x10\x10\xbe\x0b\x7f\x74\x3e\x39\x9a\xd7"
4208. "\x38\x03\xf1\xe9\xe8\x34\x87\x7c\xd3\x72\xe2\x21\xff\x20\x92\x50\x0e\x76"
4209. "\x7f\x7a\xc0\x7d\x1f\xc7\x01\x44\x93\xa0\xec\x7c\x9e\x32\xfe\x4b\x58\x70"
4210. "\x59\xaf\x49\x87\x85\x45\x7f\x9d\x1a\xab\xde\x9e\xed\x73\xf3\xe4\x5e\x8b"
4211. "\xf5\xb3\x76\xc5\xcd\xaa\x44\x76\xb2\x22\x7c\xa3\x7b\x0f\xf2\x25\xbb\x87"
4212. "\x0b\x21\xb5\xe2\xf0\x8e\xfd\x48\x2f\xa2\x1c\x43\xcd\xee\x02\x15\x8a\x15"
4213. "\x93\xc6\xe5\x89\x0d\xb1\x32\x86\x43\x26\x85\xb4\xd2\x36\xda\xc7\xf2\xf6"
4214. "\x96\x9a\x41\xd9\xcd\x30\xd8\x18\x2e\xe7\x17\xb8\x3a\xe0\x64\x2c\x02\x40"
4215. "\xe7\x88\x78\x75\x2b\x9e\xd0\xea\x92\xbe\x4a\x4a\xf5\x1c\xf5\xb8\xec\x91"
4216. "\xa3\x6a\x38\x76\xf7\xbd\x43\xe7\xd2\xb8\x48\x86\x4b\x54\x6e\x62\x0d\x82"
4217. "\xee\x1c\x02\x67\xc0\xa1\x54\x0a\x75\xa3\x14\xdd\xb7\x3e\x6d\x9d\xfa\x6a"
4218. "\xcd\xf9\x1f\xa8\x67\xd4\x68\xb1\x9c\x3f\xca\x08\xaa\xc3\xbf\xe4\xef\xad"
4219. "\x00\x8f\xc6\x38\xb5\xad\x8f\xfe\x29\xff\xa9\x1f\x84\xc5\x9f\xe7\x49\x0e"
4220. "\x20\xbb\xd4\x4a\xf7\x17\xf1\x64\xdf\xda\x1e\x2d\xbe\xf1\x2a\xbc\x58\xa1"
4221. "\xe6\x7d\xe3\xe6\xd0\x0a\x38\x5c\xd5\x3f\x37\xb9\x21\x7a\xbd\x58\x76\x0f"
4222. "\xf9\xbf\xd0\xe9\x4d\x13\xd7\x01\xc3\x30\x9f\x27\x99\x7d\xfd\x97\xff\x1e"
4223. "\x9e\x11\x2f\x3b\xbd\x24\xc3\xd5\xc4\x8d\x3f\xbc\x93\x10\x04\x06\xd3\xef"
4224. "\x0a\x58\xd7\x89\x96\x0d\xa4\x59\xd2\xc7\xe4\x1c\xee\x6c\xbf\xf5\x57\xfc"
4225. "\x63\xeb\xb3\x24\x20\xb3\xaf\x3e\xd4\xaf\x62\xbc\xc4\x2c\xc3\xcc\x24\x56"
4226. "\xb7\xee\x1d\x36\x78\x13\x9e\xdb\x57\x3a\x79\xe2\x8e\x61\x0d\x27\xb0\x1a"
4227. "\x1e\xb1\x2b\xcb\x9d\xf1\x0e\xc4\x7e\xdc\xae\xe1\xc7\xea\x1e\xbc\xe2\xa4"
4228. "\xbf\x22\x83\x4c\xf4\x35\xc9\x37\x00\xfc\x15\x27\x82\x5f\x64\x7b\xbe\xe1"
4229. "\xf4\xe4\x07\x5e\xfb\x48\x75\x47\x79\x50\x94\xdc\x28\x4f\x1f\xc5\xe3\xde"
4230. "\xaf\x07\xae\x3f\x5b\xd2\xf8\x9b\x91\x46\xa3\x01\xc0\xab\x62\x10\x4e\xec"
4231. "\x9d\xf8\x59\x59\x3b\xcf\x06\x81\xa6\xab\xf3\x35\xee\x98\x63\xcb\x2f\x17"
4232. "\x60\x0f\xc7\x42\xff\x89\x4d\xc6\x07\xab\x80\xb3\x2d\x7b\xd9\xbc\x40\x05"
4233. "\xbe\x18\x6e\x96\xe1\x3e\x41\xa8\x8c\xb0\x99\x00\xb7\xc4\x83\x20\x3c\x3e"
4234. "\x2d\x3c\x3f\x99\xac\x80\x77\xbc\xc3\x6e\x20\xbd\xf6\x0d\x1b\x1f\xdc\x5b"
4235. "\x2b\x31\x51\x42\xfd\x0e\x82\x29\x75\x5c\xd2\xba\x45\x80\x50\xfd\x6a\x58"
4236. "\xad\x60\xaa\xde\xf5\xae\xeb\xca\x92\xa8\xa2\xab\xec\x57\x7f\x79\x70\xe0"
4237. "\xf2\xd8\x49\x07\x55\x0f\x6e\x65\x01\x0f\x40\xbe\xf6\xe3\x71\x38\xd8\xe4"
4238. "\x13\x2e\x76\xaa\x38\x60\xc2\x5d\xda\xdf\x5d\x5c\x0a\xb0\x95\x94\x13\x22"
4239. "\xe7\x40\xc7\x85\x63\x73\x4a\xca\xa7\x99\x6f\x87\x28\x66\x40\x48\xbe\x91"
4240. "\x98\x65\xd6\x24\x6c\xbb\x7c\x5b\x8f\xed\x1d\x8f\xf1\x28\x2e\x10\xb9\x47"
4241. "\x3c\xc2\xdc\xc8\xfe\xdc\x41\xf7\x87\xdc\x15\xf1\x11\xb2\xe5\x7f\x4b\xf6"
4242. "\x5b\x37\x96\xf2\x23\x0d\xec\x9c\x12\xa1\x14\x8d\x52\x2e\x5c\x87\x67\x3e"
4243. "\x83\xe4\xe9\x53\xc3\x6f\xc8\x93\x68\xc8\x82\x59\x6c\x6f\xd7\xcc\xe6\xea"
4244. "\xc0\x3d\x7f\x0f\x8f\xe6\xfc\xe8\xbb\x69\x2b\xd7\xdb\x89\x8f\x9e\x15\xec"
4245. "\x6f\x28\x54\x61\x29\x2a\xe2\xd7\xe1\xeb\xc1\x4d\xce\xaf\x23\x75\x8d\x52"
4246. "\x9e\x4b\x35\xcc\x9a\x76\x9c\x08\xbd\x09\x97\x31\xc0\x86\xfb\xd4\x21\x70"
4247. "\x7d\x62\x9e\xa4\x35\x4d\xf6\xd2\xbf\x27\x8d\xfa\xa1\x16\x4d\x6e\x54\xa6"
4248. "\xec\x18\x1e\xec\xff\x86\x4e\x1b\x1e\xa6\xd5\x8e\xf1\x81\x88\x30\x39\xae"
4249. "\xbf\x0d\x29\xbf\xfa\x89\xe4\xa2\x9c\x6c\x75\xb0\x00\xc4\x28\x2e\x84\x13"
4250. "\xdc\x20\x43\xfd\xe9\x9a\xc9\x49\x63\xf0\x8c\x82\xdf\xc0\xd7\x47\xe7\x11"
4251. "\x9f\xbf\x62\x23\x04\xbe\xbc\xac\xed\x58\x68\x8c\x13\x6f\xa5\x0b\x00\xe6"
4252. "\x4d\xd9\x91\x8f\x18\x14\x0f\x00\xd3\x2e\x4a\xf0\xbd\x40\x4d\xbd\x1b\x27"
4253. "\xe5\x67\xe3\x3d\x2e\x20\xc9\xbc\x26\x61\x45\x23\xed\x7e\x17\xde\xfb\x8c"
4254. "\xab\x05\x87\xc7\x1a\xe6\xb3\x21\x65\x74\x87\x00\x3a\x55\x04\x0b\x4c\x11"
4255. "\x53\xf7\xed\x6d\xa4\x0d\xdd\x8e\x35\x3a\xb4\x05\xfc\x16\x4f\xc1\x12\x7b"
4256. "\x24\x90\x49\x00\xf3\x7b\xf0\x97\x5a\x3e\x8f\x87\xfa\xb3\x03\x40\xed\xa3"
4257. "\xa4\x0f\xcb\x1f\xc5\xd6\xae\xb7\x1e\xf1\xa2\xe5\x90\x1f\xe5\x29\xb8\xf2"
4258. "\x95\x0c\x97\x55\xac\xcd\x6f\xb1\xdc\x88\x88\xbf\xc5\xe6\x45\x20\x93\xf8"
4259. "\x7f\x96\x28\x94\xec\xe1\xcb\x54\x12\xc0\xb5\xdf\xbf\xe3\xc5\xf9\xc0\x08"
4260. "\xb1\xb3\xc8\xc7\x62\xcd\x43\xb7\x8c\xef\xfe\x91\x05\xe0\xfe\xf9\x7a\xc0"
4261. "\x67\x9b\x17\x1c\x27\xe3\xae\x61\x61\xbb\xc4\xa0\xad\x57\x54\x44\xd3\xf0"
4262. "\x09\xeb\xa8\x7e\x5e\xb3\xcb\xb8\xac\x5b\x4d\x7d\x09\x82\xde\xa9\x75\x49"
4263. "\xb6\xc9\xed\x66\x69\xb3\xc8\x28\xd6\x6e\xe1\x02\x84\x84\x96\x9f\xc0\xe4"
4264. "\x02\x32\x4a\x50\x54\xcd\xc1\xbb\x34\x46\xb2\xea\x59\x12\xa8\x5a\x1d\x63"
4265. "\xfe\x8a\x95\x83\xcb\x36\x32\xd7\x33\x2c\x14\x92\x08\xec\x91\xa6\x03\xd7"
4266. "\xd1\x35\xd7\xa7\x6a\xe3\xd6\x31\x3a\x95\x69\x2d\x5e\x26\xa5\x82\x06\x86"
4267. "\x49\x41\x8f\xda\x8a\x2b\x90\xcf\xd8\x93\x20\x10\x6d\x77\x2c\xfc\xda\xfa"
4268. "\x3d\x92\xe4\xa9\xd6\x03\xfa\x25\x2e\xe5\xdb\x02\xbd\x70\x54\x3f\xc0\x15"
4269. "\xed\x7d\xb6\x21\x61\x59\x81\x60\x66\x03\x1f\xd0\xcd\x35\x61\xe5\x34\xfa"
4270. "\xba\x38\xdb\xe6\x9f\x90\x19\x90\x65\x5d\x07\xa6\x1a\xa7\xde\x46\x1d\xa5"
4271. "\xd1\x81\xe1\x25\x9f\x89\xbe\xe9\x5f\x62\xd0\x32\x23\xa3\xb6\x71\x5e\x3b"
4272. "\xa1\xaf\x01\x7e\xee\x29\x7b\xcf\x86\x43\x4c\x32\x13\x89\x26\x58\xa5\x48"
4273. "\x9d\x02\xbd\x3c\xa5\x07\xdc\xd4\x33\xb0\xfa\x9b\x1a\x21\x24\x9b\x0a\xb1"
4274. "\xdb\x10\x54\x0e\x83\x45\x24\xde\x09\xfa\x64\xcc\x07\xf2\xa2\x9b\xab\xc4"
4275. "\xd5\x01\xff\x39\x90\xde\xb8\x73\x7f\x29\x37\xd8\xe6\x59\xc9\x9c\xd2\x22"
4276. "\x07\x67\x5d\x7a\x3d\x2b\xaa\x79\x12\x0a\xe9\xc9\xf9\x48\x84\x96\xaa\x17"
4277. "\xb3\x9c\x83\x72\xb3\x2b\xd7\xcb\x22\xa3\x84\x93\x45\x0d\xba\x88\x91\x6e"
4278. "\x8f\x72\x31\x72\x32\x19\x3d\x44\x3c\x58\xc6\xec\x5b\x50\x2a\xd8\xe5\xc0"
4279. "\xc9\xa3\xbb\xe3\x1d\x0b\x9e\x22\x7c\xe4\x31\xc1\x99\x51\x35\x8e\xdf\x43"
4280. "\xd0\xba\x6c\xbc\x94\x2c\xb5\x8c\xbd\x2d\xac\x55\x9d\x91\xf4\xa6\x90\xc7"
4281. "\xf3\xf9\xa9\x90\x5d\x65\xa2\x0c\xf9\x24\xa0\x8e\x3c\x56\x46\x7d\x12\xa5"
4282. "\x09\x55\xa2\x68\xe7\x64\x69\x7b\xad\x19\xff\x12\x42\xe0\x1e\x97\x36\x27"
4283. "\x86\xbe\x9c\xd9\xff\x59\x5a\xd6\xc8\x23\x53\xb2\xf8\xb8\x23\x00\x6e\x3e"
4284. "\xda\x89\x5e\x50\x6e\x42\xa3\x41\x1a\x59\xa8\x4e\x14\xbf\x8f\x30\x58\x65"
4285. "\xa3\xf0\xa7\xa8\x90\x43\x73\xb3\x00\xbe\x9b\x65\x43\x55\x80\xac\x37\xf6"
4286. "\x5a\x2d\xa5\xa5\xaf\x2c\x16\x5d\xca\x0c\xa6\x7a\x89\xb5\x9a\x06\xe0\xe4"
4287. "\x92\x28\xf7\xc7\x10\x46\xa2\xdc\xa7\x93\xae\x81\xd0\xf8\x37\x9b\x50\x41"
4288. "\x3e\x58\x6a\x02\x77\x44\x3d\xe0\x5c\xe1\xe0\x80\xc1\x4e\x92\x08\x8e\xc8"
4289. "\xa9\xe8\x3f\x11\x4a\x08\x14\x7f\x5c\x73\xa0\x1b\x75\x89\x5c\x50\xf2\x95"
4290. "\x17\x9b\x5b\x2f\x40\x8f\xc0\x8b\x91\xbc\xb4\x6d\xcd\xdc\xe7\xb2\x79\x8f"
4291. "\x72\x80\xda\x26\x58\xff\x5f\xcd\x4b\x8f\xa3\xca\xfc\x7e\xd5\x90\x9d\x30"
4292. "\x63\x19\xc9\x90\x24\x0c\x31\x79\x12\x1c\xeb\xb6\x9b\x04\x29\x6e\xa1\xa7"
4293. "\x69\x5c\xc2\xa2\x33\xe6\x52\xf2\xfc\x03\x3e\xfc\x60\x78\xa0\x23\x17\x8d"
4294. "\xa6\x29\x78\x56\x93\xba\x75\x23\xeb\x9d\x1c\xf6\xa5\x99\x5d\xb0\x6e\x5c"
4295. "\x72\x8d\xa5\x31\x75\x31\x5c\x41\x84\x09\xd0\x91\x1d\xb6\x40\x46\x0f\x52"
4296. "\x5a\x5c\x7f\xa0\x54\xf6\x0e\x66\xe7\x81\xb5\x6f\x6d\x57\x58\x2a\xbc\xaf"
4297. "\x30\xdb\xcd\xe0\xc4\x83\x6b\x6b\xe8\xff\x1a\x6d\xfd\x02\x45\x8c\x31\x72"
4298. "\x64\xf7\xe2\xbb\x04\x4f\xc3\x58\x6b\x02\x30\xe5\x87\x51\x3d\x8d\x3c\xef"
4299. "\x37\xa0\x16\x0d\xb5\x72\xe3\x76\x2f\x35\xe8\x1d\x30\x79\x83\xec\x66\xf9"
4300. "\x13\x2f\x97\xdd\x85\x10\xd6\xef\x69\x18\x35\x06\x45\xe5\xa7\xd2\x2f\x0a"
4301. "\xd8\xc7\xc6\x33\xc1\xc6\xb6\x1d\xa3\x42\x59\xa4\x06\xe4\x0d\x6e\x5f\x71"
4302. "\x0a\xdb\x09\xc0\x0d\xd3\xca\xce\xb7\xf7\x1c\x67\xa8\x9c\xff\x86\x19\x99"
4303. "\xf4\xd2\xa2\xa5\x5b\x89\xd3\x44\x79\x9e\xc5\x91\xdc\x9a\xb8\x9c\x35\x32"
4304. "\x98\xa8\x58\x0e\x45\x47\xb7\x65\xb0\xf2\xc6\x79\x19\x72\x9d\x57\xae\xfc"
4305. "\xda\xb0\x7f\x76\xfe\x2b\x62\x63\x32\x76\xfc\xf0\xf7\x56\x1c\xce\x5a\xd6"
4306. "\xdb\xf5\x5f\xf9\xc4\x26\x58\x6c\x89\x86\x25\xf0\xd8\x41\xcc\xb9\xbb\x7a"
4307. "\x98\x7a\x05\x97\xca\xc4\x2b\x3f\x2d\x55\x14\x1c\xce\xc7\xc6\xef\x13\xac"
4308. "\xb3\xc6\x86\x73\x56\x27\x6e\x3b\xd8\xf4\x8e\xa8\xc7\x14\xfe\x60\xb1\x30"
4309. "\x01\xd0\x01\x26\x53\xb0\x2e\x79\x14\x3f\xbf\xbe\xbf\x23\x5d\x02\x13\x9a"
4310. "\xdc\x18\xd6\x84\x97\x8e\xfa\x6e\x79\xe1\xd7\x2e\x21\x84\x2d\xa1\x28\xf4"
4311. "\x71\xe7\x1e\x7d\xff\x03\x33\x9a\x04\xc9\xee\x78\xef\x45\xe1\x9f\xc9\x8b"
4312. "\x43\xf9\xf4\x6c\x33\x94\xcc\x1f\xd4\x95\x44\xce\xbf\xe4\x11\xb9\xe5\x63"
4313. "\x98\xcf\x94\xe0\xdc\x14\x7d\x9d\xa0\xf8\xe7\x4a\x46\x01\xa0\xf3\x0d\xd1"
4314. "\xba\xf1\x7b\xf5\xce\xc2\x63\x53\x04\xd7\x1d\xc0\xfc\xdb\x16\xd9\x0a\xe0"
4315. "\x51\x08\x05\x0d\x53\x38\x6c\xc2\x66\x1c\x6c\x7c\xbd\x3f\x5c\xe8\x4d\x8e"
4316. "\x37\x98\x85\x85\xe0\xc6\x46\x03\xa6\xd4\xb4\xda\x6a\xe0\x62\xa3\xbd\x0c"
4317. "\xc7\xb9\x47\xd2\xfe\x5d\x72\x06\x8b\xed\xce\x25\x35\xf6\xf0\x07\xec\x6d"
4318. "\xc9\xbc\xda\x0f\x2b\x4b\xf4\x70\x48\x62\x75\xd2\x04\x69\x81\x83\x42\x49"
4319. "\xe0\xa8\xe5\x98\x67\xf4\x74\x88\x9c\x37\x11\xe7\xe9\x20\xa7\xbe\x18\x4d"
4320. "\x83\xc4\x59\xa4\xbc\x26\xf1\x88\xe1\xfd\x69\x12\x5a\x8e\x18\xef\x1e\x2d"
4321. "\x14\xfd\xb2\x82\x89\x0d\x7b\x94\x1e\x90\x07\xda\xc7\x64\x48\x42\x44\x43"
4322. "\xfd\xf8\x5b\xf5\x5c\xe5\x18\x8b\x12\xbe\x47\xbc\x1e\xbd\x04\x0e\xd8\x11"
4323. "\xf8\x27\x2c\x0f\x3a\x26\x8f\xcc\xb0\xcb\x8c\xca\x89\xa5\x44\x22\x44\x3e"
4324. "\xef\x71\xbb\x93\x8c\xb5\x93\x20\x8c\x15\x2b\x8d\xce\x32\x3e\x9a\x49\xb5"
4325. "\x02\x73\x68\x27\xa8\x7a\x4f\x94\x0c\xcf\xff\x17\x12\x3b\x48\xeb\x15\x52"
4326. "\xad\x59\x6d\x83\x03\x09\x33\x9b\x08\x5d\x08\xa6\x70\x58\xd5\xb2\xe7\x15"
4327. "\x86\x1b\x7d\x40\xfc\x33\x69\x93\x0c\x6c\x43\xec\x23\xea\xf8\x38\x3b\xa5"
4328. "\x73\x5b\x86\x84\x6c\xb1\xd7\x81\xad\xdb\x4e\x0f\x55\x5a\xd7\xeb\x32\x16"
4329. "\x24\x6a\x12\x3e\xfb\x4c\x86\xec\x78\xa4\x99\x14\x2a\x77\x1c\x7b\x7c\x6b"
4330. "\xd0\x18\x47\x38\x89\xbb\x7c\xc0\x8f\xc5\xec\x22\xcc\x9c\x57\x8b\x1f\x20"
4331. "\x6c\xb8\xfa\x1f\x98\xa0\xf3\xde\xc8\x8c\x90\xd8\x46\x19\xd1\x4d\x9c\x67"
4332. "\xf2\x80\x65\x32\xbc\x78\xb7\x85\xaf\xb0\x94\xc7\xdc\x06\xc6\x4b\x04\xa6"
4333. "\x7a\xd0\xe4\xf9\xf1\xc2\x2c\x5b\xc4\x78\x5d\xaf\x5c\x88\x01\x9c\x46\x07"
4334. "\x93\x18\x38\x4a\xc1\x1b\x9f\xac\xd9\x1b\x5b\xcc\x41\xea\xae\xb0\x54\x68"
4335. "\x84\xce\x6a\x27\x07\xb3\x48\xc3\x0a\xff\xf6\x40\x6e\x73\xed\x64\x4f\x26"
4336. "\xc2\xe9\xfc\xcc\xf4\xce\xea\x32\xa9\x7a\x1b\x37\x29\xfc\xac\x69\x0a\xa4"
4337. "\xcc\x17\x88\x77\x97\x20\x86\x38\x7f\xd1\x28\x48\xf0\xdf\x64\x77\xcc\x4a"
4338. "\x55\x90\x76\xa9\x1a\xf2\x89\x53\x99\x2c\x24\x5f\xc7\x66\x7b\x08\x1c\x42"
4339. "\x4e\xa7\xa2\x22\xe8\xb8\x84\x84\x0c\xb0\xee\xe6\xec\x07\x83\x2d\x2c\x02"
4340. "\xc0\xa2\x22\x8b\xf9\x8e\x18\x80\xbb\x1b\x4d\xc7\x4a\x98\x92\x17\xd3\x12"
4341. "\xaf\x40\x91\xdb\xaf\x82\xa0\xd2\xd0\xfa\x8b\x1b\x0a\xbc\x6c\xf7\xcc\x2b"
4342. "\xd9\x55\x50\x5f\x0f\x0b\xe8\xc4\x47\x68\xf3\xbe\x9c\x45\xbd\x24\x11\x4b"
4343. "\xe8\x69\x1e\x87\x9a\x46\x42\x2c\xd4\x34\x84\xc0\x76\x2a\x27\x2c\xde\x6f"
4344. "\x79\x2d\x85\x9e\x4c\xea\x6d\x1d\xd1\xb4\x8d\xa0\x98\x0a\xfb\x48\xf5\x1c"
4345. "\x7f\xb0\x05\xd4\xe1\x36\xb1\x79\x00\x5e\x5f\x58\x50\x30\x1c\xc1\x09\x8a"
4346. "\x1f\xeb\x40\x41\x4e\x3e\xee\x58\x85\x04\x98\xad\xef\x28\xa7\xdb\xf9\xae"
4347. "\x61\x19\x05\x92\x79\x4c\x7d\x02\x79\x58\x79\xbc\x81\x4f\xb9\x58\xfb\x95"
4348. "\x0e\x67\xfa\x7e\xa7\x01\xb9\xee\x9e\x43\x35\xcf\x59\xae\xb7\x61\x95\x54"
4349. "\xd4\xb3\xc9\xf9\x35\xa5\xc6\x7f\x5a\xfb\x95\x26\xaa\x92\x65\xc7\x6f\x8f"
4350. "\x76\x9b\x6c\x2b\xa2\x1f\x01\x72\x94\xab\x66\xc7\x0c\xbd\xfa\xb6\x46\xec"
4351. "\xc1\xc2\x2c\x4d\xd6\xcb\xf1\x2a\xc5\xdb\x39\x96\xe8\xe5\xf4\x04\x0b\xd8"
4352. "\xb4\xfe\x15\x15\x7a\xfd\x49\x9b\x89\x07\xbb\xc2\x1a\x08\xf0\xd6\x77\xcc"
4353. "\x6b\x40\xd3\xf2\xc7\x88\x90\x03\x13\x31\x11\xb1\x79\xa7\x23\x21\x0a\x38"
4354. "\x2e\x0e\xca\x2f\xa4\x0b\x34\x43\x47\x9c\x73\x2a\xde\x03\xe4\x9e\x89\x0c"
4355. "\x3b\xa7\x97\xde\x32\x29\x65\xc1\xf2\x60\xc3\x00\x5f\x4b\xc0\xa5\x8d\xee"
4356. "\xfc\xeb\x9e\xc2\xff\xd8\x98\xce\x3f\xa5\xe0\xa9\x0b\x83\x42\x36\xcc\xa6"
4357. "\x1e\x5b\xf8\x8a\x20\xdc\x2a\x99\xb1\x2d\xe6\x8b\xa6\xe2\x30\x58\xd9\x49"
4358. "\xda\xa4\x6b\x74\x7f\x4a\x15\x69\x79\x80\xc6\x1e\xea\x86\x33\xde\x51\xcf"
4359. "\xa7\x2e\x03\x85\xfd\x85\xb5\x5e\x26\xb5\x08\xe6\x06\x3b\xfa\x06\x8e\xff"
4360. "\x52\x28\xb8\x87\x0d\x0e\x7a\x52\x8f\x86\x2b\xe7\x73\xe6\x74\xce\x70\x18"
4361. "\xf4\x73\x1e\x2b\x57\x83\x2e\x71\x29\xe6\x90\xc0\xa9\x0c\x09\x76\xac\x14"
4362. "\x8c\xd0\x2f\x0f\xf4\x53\xa1\xcf\xa6\x55\xed\xac\x6e\x9d\x27\x94\x8d\xb4"
4363. "\xa5\x82\x81\x86\x0b\x93\x93\xd2\x79\xd6\x69\x1b\xaf\x05\xe8\xa0\xe7\x41"
4364. "\x1d\x12\x15\x63\x78\xb5\x1c\x01\x42\x1e\x0a\x79\x1c\x01\xdf\xa4\xb2\xfd"
4365. "\x68\x62\x6d\x3e\x27\xfc\x03\xe9\x38\xd3\xbf\x30\x13\x58\x48\x71\xf0\xb6"
4366. "\x2e\xfe\x72\x70\x72\xc1\x15\xb3\xd1\xb8\x76\xc9\x81\xb3\x66\xcc\xde\xe5"
4367. "\xc7\x38\x33\x79\x77\x73\xc4\xd6\x85\x4b\x38\xd0\x0f\x4f\xdb\x53\x53\xb2"
4368. "\xf1\x16\x78\x45\x5b\x2e\xbe\x09\x72\x3f\xb4\x68\x9a\x96\x80\xe4\xcf\x2b"
4369. "\xd4\x53\xfb\x38\x0d\xc1\x70\x13\x7f\x22\xa7\x96\xc2\x35\x13\xda\xcf\xd8"
4370. "\x6d\x73\x3e\xe5\x21\xb2\x16\x5b\x25\x12\x2a\xfd\x05\x90\x17\xe7\xc3\x57"
4371. "\xc5\x13\x27\x7c\xbc\xc6\x0a\xef\xb8\xfc\x45\x0c\xef\x36\x39\x82\x2d\x5d"
4372. "\x29\x55\xfa\xb7\x88\x1c\xe9\xe8\x42\xa5\xa1\xce\x6f\x35\x33\x48\x04\x18"
4373. "\x10\x5d\xcd\xe6\x55\x5a\x5b\x6b\x51\x99\x96\xa5\x83\x87\xc1\x0c\x11\x2d"
4374. "\x6c\x69\x50\x62\x49\x51\x4d\x47\x1d\x47\x76\xf9\xc8\xb8\x27\x98\x17\xaa"
4375. "\x88\x2e\xd1\x22\x23\x43\xa3\x17\xca\xe6\x4a\x5b\xb2\x04\x3d\xc4\x45\x84"
4376. "\xda\x59\xdc\x3b\xdb\x11\xea\xf4\xc8\xeb\x96\x3b\x32\x78\x29\xc8\x94\xa3"
4377. "\xbc\xee\x41\x61\x05\xb4\xd0\x6b\x7d\xc9\xfc\x85\xc4\x67\xd9\xf3\x3c\x73"
4378. "\x7f\xfa\xd2\x76\x36\x0f\x27\xa4\x9e\x8e\x1a\x6e\xf2\xe9\xcb\xb4\xd9\xc9"
4379. "\xd6\x98\xba\x1d\x70\x75\xbc\xc9\xe5\x38\xc2\x4b\xa9\x29\x65\x5d\x43\x2e"
4380. "\xe3\xa0\x55\xed\x67\x06\xec\x16\x24\xab\xc4\x32\x81\x21\x49\x18\xeb\xc2"
4381. "\xbe\x6d\xb9\xa7\x56\xeb\x2d\xf4\x10\xce\x0c\xcd\x4d\x84\x30\x7b\x32\x0e"
4382. "\xcd\x97\xd4\x65\x7b\x68\x49\xd0\x21\x7c\x38\x1b\x9f\x0c\x83\xd8\x48\x10"
4383. "\xf9\x19\x31\x4c\x12\x0e\x6b\x05\xc1\x23\xd1\xe1\xce\x2a\x03\x06\xc2\x22"
4384. "\x04\xd0\x9d\x69\xff\x62\x00\x19\x7e\x6b\xc9\xc5\x0e\x69\x58\xef\x83\xea"
4385. "\xa5\xc1\x02\x32\x4f\x78\x7b\x0a\x98\x0a\x60\x31\xea\xdf\xfc\x1b\xa5\x91"
4386. "\xe4\x0d\xf3\x4f\x1b\xe2\x3f\xd7\xcf\xfb\xc5\x2f\xc8\xb1\x4c\xc2\x28\x00"
4387. "\x0b\xbd\x61\x3c\x87\x0c\x69\x02\xc4\x0c\x09\x4d\xde\xd0\xdc\x3a\x65\xd7"
4388. "\x54\x39\x5b\x57\xf9\x41\x11\x33\x5d\x3f\x0a\xdb\xa5\xd2\x4c\x1a\x65\xf3"
4389. "\x36\x77\xee\x5f\xca\x14\x63\xa9\x9d\x0d\xed\xaa\x36\x73\xe5\x66\x7b\x26"
4390. "\x71\xaf\x78\xc8\xd3\xb2\xcc\x2f\xc7\xe6\x4e\x96\x8d\x68\xb7\xaa\x8e\x5d"
4391. "\xa0\x6f\x1d\x8c\x86\xc3\xc7\x82\xf4\x1a\x4c\xa1\x35\x71\xdf\x9e\xed\xa8"
4392. "\x13\xa9\x0d\x35\x6f\x08\x80\xef\x3b\x04\x49\xcf\x98\xa3\xb4\xc8\xed\xd6"
4393. "\x78\xf2\xd2\xa5\xb0\xda\x5c\x3d\x4b\x21\xaa\x2c\x8e\x6d\x97\xaa\x71\xd9"
4394. "\xc2\x53\x1c\x65\x1f\xe6\x04\xe4\x5b\x31\x97\x56\x51\xb7\xbf\xc7\x55\xbd"
4395. "\xe1\x71\x9f\x0d\x87\xe5\xad\x11\x12\xf5\x8c\xd1\xc0\x51\x02\xb1\x30\x3e"
4396. "\x6b\x8d\x91\x65\xc2\xa7\x53\xc4\x89\x55\x88\x9d\x83\xb1\x50\xce\x0b\x3c"
4397. "\x0f\xc5\xe0\x47\x6d\x3d\x81\x2a\x6d\x31\x70\x09\xbd\x55\x2d\xb4\x6f\xfb"
4398. "\x8e\x65\x12\x3b\x38\x3b\xc5\x2f\x10\x4b\xaa\x74\x21\x39\x44\x3c\x69\x2a"
4399. "\x02\xc5\x0c\x3d\xa3\x5d\x99\x12\xba\x48\x8a\x6e\x22\xf7\xc4\x80\xda\xcb"
4400. "\xb0\x99\x9e\x77\x79\x78\xfc\xd0\x2b\xe2\xd6\x76\xf0\x27\x69\x1e\x59\x73"
4401. "\x8e\x69\x67\x6a\x58\x2b\x1f\x2a\x32\x1a\x2b\x22\xad\xb7\x46\x41\xf6\xa7"
4402. "\xf1\xe7\x0a\x7d\xfc\x15\xa4\x21\xa2\xe9\xe7\x93\x38\xde\xa1\xd9\x09\xe9"
4403. "\xfb\xd6\xea\xd4\x5c\x03\xee\xbc\x76\x25\x0d\x2d\x18\x77\x4f\xe4\xb7\x6e"
4404. "\xcd\x7c\x4f\x5c\x89\x19\x5c\xd0\xa4\x7a\x90\x61\x64\xb2\xbe\x5d\xf0\xa2"
4405. "\x2c\x85\x16\x29\xac\xbd\xd4\xc3\xe9\x05\xb2\xf4\x43\x77\xec\x87\x20\x40"
4406. "\xc7\x78\x46\xe3\x14\xbf\x5a\xf6\xf9\xfa\xcb\xf9\x32\x5d\xfe\x03\x57\x34"
4407. "\xf8\x48\x14\x64\x42\xa3\xdb\xf3\x8f\x41\xfc\x4c\x31\xb6\x39\xe9\x06\xfd"
4408. "\x1a\x3a\x1e\x95\x3a\x49\x9e\x79\x93\x83\xd6\x62\xcc\x33\x5b\x5f\x90\xbb"
4409. "\xee\x14\xf0\x8d\x39\x66\xc1\xd1\xeb\x41\xa8\xa0\xb5\x72\xaf\x2e\xf3\x9a"
4410. "\xd9\x3f\xb1\xa9\x5c\x36\x48\xb9\x5e\xd6\xd9\xa6\x99\x49\xbf\x01\xb2\x08"
4411. "\x65\x00\xa9\xe9\x56\x8d\xeb\x87\x0e\x2d\xb8\xc5\xc9\x08\x98\x55\x27\x87"
4412. "\xde\x32\xe0\xad\x54\xfb\xb5\x60\x27\x4c\xdf\x47\xfb\x47\xa2\x78\x72\x9e"
4413. "\x2a\x2c\xc5\x74\x9d\xd5\x86\xe1\x65\x2b\x8c\x53\x79\x8e\x15\x76\x26\xab"
4414. "\x42\x55\x41\x27\x71\xd1\x6f\x25\x7e\xe3",
4415. 4096);
4416. *(uint64_t*)0x2000000048a8 = 0x1000;
4417. *(uint64_t*)0x200000005bd8 = 7;
4418. *(uint64_t*)0x200000005be0 = 0x2000000048c0;
4419. *(uint64_t*)0x2000000048c0 = 0x11;
4420. *(uint32_t*)0x2000000048c8 = 0;
4421. *(uint32_t*)0x2000000048cc = 1;
4422. *(uint8_t*)0x2000000048d0 = 0x39;
4423. *(uint64_t*)0x2000000048d8 = 0x11;
4424. *(uint32_t*)0x2000000048e0 = 0;
4425. *(uint32_t*)0x2000000048e4 = 1;
4426. *(uint8_t*)0x2000000048e8 = 7;
4427. *(uint64_t*)0x200000005be8 = 0x30;
4428. *(uint32_t*)0x200000005bf0 = 0;
4429. *(uint32_t*)0x200000005bf8 = 0;
4430. *(uint64_t*)0x200000005c00 = 0;
4431. *(uint32_t*)0x200000005c08 = 0;
4432. *(uint64_t*)0x200000005c10 = 0x200000005a00;
4433. *(uint64_t*)0x200000005a00 = 0x200000004900;
4434. memcpy(
4435. (void*)0x200000004900,
4436. "\xe4\x86\xa3\x43\xb0\xe5\xa0\x85\xf7\x37\xa3\x03\x7b\x2b\x24\x3c\xde\x03"
4437. "\x59\x50\x62\xad\xb3\x0b\xdc\x5f\xcb\x3f\xa8\x27\x64\x0c\xeb\x64\xd6\x47"
4438. "\xa0\x3c\x09\x02\x7a\x41\xb3\x9a\x6b\x6d\x47\xac\xfa\x0f\xb3\xee\x1b\xaa"
4439. "\x9e\x5c\x33\x78\x65\x86\xaf\x8d\x73\xf9\x59\xeb\x4a\x0c\x75\x6e\x57\x02"
4440. "\xda\x40\x2f\x79\xfb\x81\xdc\x59\x75\x6e\x21\x86\x12\x06\xbd\xb1\xa4\xb3"
4441. "\x73\x93\x89\x43\x8c\x85\x4f\x31\xf2\x8f\x36\x31\x5e\xd2\x1f\x33\x8e\xb5"
4442. "\xf8\x44\x69\x68\x56\x88\x1e\x3f\xe8\x76\x27\x0d\xf5\x34\x33\xc4\x1f\x15"
4443. "\x04\xfd\x69\xa6\xb8\x47\x0b\x40\x70\xbc\x84\xdf\x0e\xaa\x48\x11\x44\xfc"
4444. "\x2f\x12\x5c\xea\xb5\xfb\x3f\x23\xc7\xcf\x79\x7c\x7a\x9f\x49\x0f\xd2\xff"
4445. "\x36\xf2\xba\x1d\xcd\x5a\xfe\x4b\x92\xa7\x28\x57\x4c\x7f\xec\x50\xa6\x7f"
4446. "\x2f\x09\x32\xf8\xa0\x04\xf3\xb8\xef\x30\x9f\x4f\xfb\x03\x30\xb7\x9b\xad"
4447. "\x49\x30\x84\xc4\x29\x54\x8b\xd9\xe2\x69\x4d\x0b\x98\x25\xa2\x9a\x18\xad"
4448. "\xc1\x5f\x76\x82\x85\x5d\x5c\xca\xee\x8c\x46\xa9\xbb\xe8\x6d\xc4\x19\x9c"
4449. "\x9c\x5c\xd3\xbc\x54\x4b\xce\xf8\x31\x22\x72\xd6\xae\x22\x96\x33\x9c\xae"
4450. "\x9e\x83\xf2\xdf\xf5\x5e\x48\x5f\xeb\x5c\x95\x95\x08\x69\x5b\x24\xd2\xeb"
4451. "\x7b\x02\x0e\x0f\xf4\xd4\xb4\xba\xa3\xf5\xb3\xac\xa7\x9f\x91\xe0\x3e\x5f"
4452. "\x74\x1a\xc9\x88\x60\xad\x58\x27\x2c\x15\xa3\x07\xa8\xd3\x2a\x2a\x18\x29"
4453. "\x08\x33\xe1\xb3\xf7\x52\x8d\xe9\x64\xab\x5e\xeb\x47\x12\x5c\x93\xae\x2b"
4454. "\x67\x94\xa7\x6f\x88\x16\x4e\xdc\x76\xd7\xf6\x91\x53\xcc\x7a\xb3\x74\xdf"
4455. "\xc6\x83\x22\x05\x73\x4a\xa5\x1e\x2e\x93\xa0\xb6\x65\xc9\x77\xf9\x10\x3a"
4456. "\xae\xba\x58\x94\x36\x72\x2a\x1f\xbd\x2e\xd2\xcc\x98\x20\x2d\x35\xbc\xf4"
4457. "\x8f\x91\xa3\xb4\xba\x8e\x76\x83\xa0\x96\x8f\xcc\x2d\x96\xdb\x71\x83\x8f"
4458. "\x4d\x39\x72\xd4\xa2\xe4\x37\x19\xac\xbe\xff\xce\xac\x26\x0c\x93\xc1\x71"
4459. "\xbd\x02\xd1\xf2\xfb\x61\x9c\xa9\x3e\xb6\x10\x4e\xef\xb9\x43\xf2\xe5\x2d"
4460. "\x24\x92\x59\x2d\xeb\xb5\xe8\xc7\x8c\x5c\x4a\x95\xff\x5d\x50\x94\x94\x51"
4461. "\x92\x4a\x5a\x22\x99\x73\xf4\xed\x36\xa9\xf1\xd9\x37\x9c\x6a\x36\x22\xc6"
4462. "\xf1\xe4\x4c\xc2\xc3\x08\x9b\x8b\x20\xbe\x35\x42\xf9\x08\xf9\xad\x16\x2f"
4463. "\xd4\x7f\x6e\x93\x4a\xb8\x2b\x26\x12\xcf\x7a\x1c\x7f\xe1\x82\xfa\x9a\x17"
4464. "\x21\x50\xe4\x56\xbb\xaa\x96\xfb\xe5\x18\xb8\x33\xd5\x7a\x3c\xaf\xcc\x7f"
4465. "\x8a\x2a\x99\x25\x91\x1f\x97\xba\x27\x50\xf8\x41\x84\x1d\x73\x3a\x4a\x09"
4466. "\x78\xce\xa1\xdc\x29\x5b\xee\x3b\xd0\xfb\x5c\x1c\x67\x51\xd7\xd4\x64\x05"
4467. "\x7d\x14\xe6\x56\x80\xf4\x15\xb3\x27\xe6\x3c\xa3\x3c\x4f\x4a\xfe\x14\x51"
4468. "\x9b\xea\x98\x2d\xb1\xc4\xde\x9d\x5d\xd7\xc5\x40\x4a\x79\x58\x50\xd2\x1e"
4469. "\xfb\x59\x70\x2e\x91\xd4\xbc\xe6\x07\xf3\xea\x3a\x64\xdb\x18\xf6\x10\x2a"
4470. "\x99\x14\x65\xbe\xba\xc6\x08\xee\x76\xc9\x5a\x0d\x97\xf9\x07\xc7\x76\x2b"
4471. "\x05\xec\x9a\x79\xf9\x01\xbc\x9a\x7e\x16\x84\x93\x75\x73\x08\xa2\x23\xa8"
4472. "\x76\x70\x8e\xfa\xfe\xeb\x60\xb5\x9e\x2a\x72\xbc\x40\x2d\x29\x61\x0e\x41"
4473. "\xf7\x33\x1c\xc0\x32\xcb\xc0\xec\xf1\xac\x88\x04\xc0\xda\x0f\xdb\xa0\x07"
4474. "\x15\x9d\xcb\x33\x70\xf2\x78\x0d\x67\x59\x5b\xe3\x6a\x83\xe2\x78\xfc\xcf"
4475. "\x77\x35\x5f\x17\x21\x90\x5f\x4a\x88\x08\xfa\x1b\x11\x43\xd9\x68\xc5\xa6"
4476. "\x1d\xb2\x91\x7b\xc1\x82\x30\x8e\xa8\x28\xb1\x56\xbf\xf5\xd7\xa0\x43\x22"
4477. "\x7d\x2d\x07\x62\xa1\xd0\xa2\xd1\xb2\xe3\x9d\x64\xbb\x64\x55\x55\xf3\xae"
4478. "\xa9\x55\x53\x9b\x4e\xe7\x0f\xc4\x57\x75\x36\xe5\xce\xb1\x0f\x3a\xfe\x50"
4479. "\x54\x99\x63\xb3\xf7\x0d\xae\x07\x29\x83\x4b\x8c\x97\xe7\x3c\x07\x73\xdc"
4480. "\xb4\xbf\x38\x79\x5a\x38\x75\x8d\x23\xc8\x72\xc3\xfe\x41\x72\x08\xe1\x9c"
4481. "\x8f\xd5\xe3\x5b\x37\xee\xe7\xc2\x80\x91\xd6\xe8\xa8\x1e\x7b\xde\xd3\x5c"
4482. "\x31\xc1\xd0\x6c\xa1\x2c\xff\x3b\xdd\x83\x78\x40\x82\xd9\x00\x0f\x0c\x9f"
4483. "\x4a\xe3\x4a\xcc\x0c\x0b\x03\x5f\xe6\x74\xd0\xf9\x85\x63\xc3\x3d\x58\x4d"
4484. "\xae\x1a\x7d\xe6\xb6\x06\xc4\x99\x3e\x17\x0a\xd9\xde\x66\x3c\x73\xea\x0d"
4485. "\xcb\xc4\xe4\x3c\x09\x18\x6b\x62\x65\x9a\xce\xb4\x29\xcf\x28\x61\x82\x67"
4486. "\x74\xcf\x53\x32\x02\x3e\x81\xa2\xd4\xe6\xc5\x97\x3f\x8c\xc6\x57\x26\x00"
4487. "\xf4\xb1\x91\xdb\x1b\xec\xe6\x46\xfd\xbd\x48\x4c\x55\xda\x50\xe8\x9c\xb1"
4488. "\x77\x5d\x1e\x6d\x0a\x13\x52\x85\x98\x3a\xa0\x65\x8c\x4e\x87\xe3\xdf\x82"
4489. "\x26\x45\x26\x44\x31\x6b\xe9\xd5\xbb\xf0\x07\x78\x94\x0a\x9d\xc3\x18\x18"
4490. "\xea\x26\xef\x35\x63\x31\xe4\xba\xb0\x8c\x7f\x45\xfc\x89\xac\xb5\xf8\x94"
4491. "\xf6\x3c\x2a\xbd\x48\x20\x48\xee\x18\x0c\xff\x2c\xb7\xff\x8f\x31\xca\x79"
4492. "\x84\x7b\x3c\x2a\xeb\x06\x31\x4d\xf7\xae\x65\x73\x55\x5b\x66\x8c\x56\x50"
4493. "\xb7\x8f\x58\xe8\x0b\x63\xea\x3d\xa0\x52\xb6\x3d\xa2\x5a\x78\x28\xde\xfa"
4494. "\xf0\xe7\x17\xe1\xf5\xae\x48\xf6\x6a\xfe\x9c\xbd\xd4\xde\xd6\xf2\x0a\xd6"
4495. "\x7b\x68\xca\xea\x69\x29\x52\x91\xd5\xe0\xc3\x45\x8e\x64\xa7\x4b\x04\x36"
4496. "\x10\x7d\x28\xaf\x93\x18\x9d\x30\xf7\xe0\x70\x96\xc1\xaa\x67\x17\xb1\xc5"
4497. "\x96\xff\x82\x44\x91\x4a\x89\x21\x0d\x82\x36\x78\x9b\x9a\x90\x67\x30\xbb"
4498. "\xb9\xa2\x9a\x2f\xfb\x02\xff\xe1\x86\x3f\x0f\xb3\xf4\x5b\x23\x1f\x89\x55"
4499. "\x5d\xf0\x08\xd5\x6b\x75\x28\x3a\x23\x37\xd4\x88\x21\x83\xa7\x7f\x42\x66"
4500. "\xce\xd9\x48\x9b\xbf\x41\x58\x71\x6a\x42\x36\xca\xa0\x4c\xc8\x10\x25\xa8"
4501. "\x55\x97\x1b\x9c\xb5\x90\xd6\x3e\x8d\xcb\xa1\xe9\x38\x60\x81\xd8\xba\x78"
4502. "\x1b\x05\x9d\x51\x88\x56\x1b\x66\x65\x3e\x97\xcf\xdc\x43\xa6\xc6\x09\xe1"
4503. "\xbc\x58\x97\x7e\x50\x08\xa8\x6f\xee\x6b\x7c\xa8\x64\x3a\x7a\xf2\x0d\x42"
4504. "\xa9\xe8\x70\x9c\x0f\x80\x51\xc9\x65\xf1\x9d\x32\x1b\x0d\x65\x2f\x83\x97"
4505. "\xc4\xd4\xb3\x69\x3d\x74\xc8\xd9\xa5\xed\x5c\xd4\x35\xf6\xb5\x8a\x83\xab"
4506. "\xa0\x59\x49\x95\x66\x9c\x79\x89\x4e\x71\x4f\x27\x4d\xf6\x5f\xd3\xc0\xc2"
4507. "\xfd\x8b\x66\x75\x28\xc4\x2e\xac\xe0\x40\x29\x97\xb6\x7b\x11\x20\x8e\xd7"
4508. "\x7e\xcf\x5e\x1e\xe9\xb4\xcb\x75\xe6\xcc\xb5\x9d\x22\x2e\x72\x01\x72\x9a"
4509. "\xb8\x3d\x44\x78\xef\x11\xfc\x07\xf1\x21\x5f\x30\xa5\xb9\x70\x65\x59\x98"
4510. "\x74\x3a\x64\x23\x90\x7c\x40\x28\x1f\x29\x32\x19\x03\x41\x73\x95\xc6\x48"
4511. "\x1b\xa6\x08\xc3\x60\xc6\x14\x4e\x7c\xf3\x85\xea\x8f\x19\xec\x14\x45\xb5"
4512. "\xfe\xc1\x89\xee\x74\xb8\x2a\x5f\xfb\x98\x5b\x0c\xd3\x8b\x11\xfe\x4d\x88"
4513. "\x74\xde\xc2\xe3\x25\xe5\xbc\x92\xea\x3c\xe9\xf9\x1c\xc3\x72\x2c\xd4\x7e"
4514. "\x57\xff\xe2\x80\xb8\x7b\x98\x69\xb7\x9a\x43\x05\xd4\x63\x5d\x04\xde\xde"
4515. "\x6e\x29\x28\x4e\x6b\x1f\x84\x68\x5f\xd3\x4f\x3d\x9f\x68\x8b\x70\xb8\x6a"
4516. "\x3c\x25\xe4\x33\x1a\x94\xdc\x38\x69\xd6\x4e\x99\x6a\xec\xcc\x82\x2d\x8e"
4517. "\xe4\xbe\xd8\x02\x79\x6e\x4a\x0d\xba\xde\xa3\xbe\x8b\x45\xea\x59\x2a\x5c"
4518. "\xcc\xcd\x7b\xfa\x70\xa2\x57\x2f\x6e\xe5\xe2\xd9\x78\x47\x6d\x49\x76\x84"
4519. "\x0b\x79\xa5\x0f\x83\x3e\x51\x39\x4f\x7a\x2a\xe7\x58\x12\x01\x6f\x3f\x67"
4520. "\x6d\x05\x3a\x98\xbb\x78\x00\x7d\x00\x8f\x30\xcc\xed\x50\x85\xc6\xd1\xd1"
4521. "\x77\x69\xf2\x9e\x17\x91\xe2\xbb\x77\xca\x71\xeb\x22\xc7\x84\x6b\x64\x6a"
4522. "\xe6\x12\x47\x95\xc5\x07\xdb\xb5\x13\xb6\x90\xc0\xc3\x4f\xdd\xdc\xbf\x42"
4523. "\x8c\x78\xad\x3a\xc0\x66\x97\x7e\xbe\x69\x39\xff\xe4\xa0\xc4\x11\x63\xd5"
4524. "\x33\x56\x54\x69\xca\xc3\xbe\xeb\x9b\xa9\xbc\xea\xb5\x56\x6c\xcf\x77\xb9"
4525. "\x86\xa1\x86\x8c\x46\x63\x4f\x47\x7b\xd0\x59\xea\xa3\xb6\x94\x3f\x6b\x5f"
4526. "\x9c\xf7\x96\x13\x54\x6e\x37\xb6\x21\x7a\xdb\xd3\x43\x3c\x7a\xe8\x01\xf7"
4527. "\x77\x2f\xf3\x9f\x14\x40\x2b\x17\x13\xa2\x87\xda\x92\x4c\xf3\xea\x6c\x07"
4528. "\xad\x96\x7f\xdf\xdd\x5e\xa1\xfa\xc3\x93\x85\xf5\x12\x64\x61\xe7\xae\xdb"
4529. "\x56\x27\x10\x2d\xdf\xa5\xc6\x46\xdf\x40\xb4\xbb\xd0\x53\x82\xfd\x12\xf1"
4530. "\x1d\x7c\x0e\x66\x0a\x99\xe5\x2c\xc9\xec\x7f\x11\x99\xe5\x3c\x22\xac\x1c"
4531. "\xbb\x42\x8b\x4a\xa7\x1a\xab\xb5\x2e\x6d\xa0\x9a\x91\x07\x3c\x04\x1b\xc7"
4532. "\x85\x2d\x70\x6a\xfe\xe7\xb5\x6e\xc9\x6e\x2d\x44\x33\x00\xae\x93\x1b\x55"
4533. "\xcf\x52\x97\xf0\x04\x4f\x83\x92\x25\xff\xaf\xb1\x4b\xb0\xb2\xc1\xe3\x2d"
4534. "\x8a\xcf\xf5\x75\xbb\xdb\xd9\x23\x8a\x1a\x49\x75\x22\x7f\x7e\x74\xae\xb7"
4535. "\xff\x15\xa6\xfa\xd1\xdc\x82\xf3\xd9\x82\x55\xbb\x07\x4b\xd1\x8a\xa2\x0d"
4536. "\x1d\xec\x37\xdd\xa7\x89\x6d\xf3\xd4\x88\x81\x80\xab\x2e\x44\xba\x45\xd5"
4537. "\x74\x0c\xd9\xd5\x7d\xc3\x3e\x2a\x41\x55\xa7\x21\xf9\x39\xa9\x33\xec\xec"
4538. "\x5d\x10\x0b\xf1\x69\x4a\x6d\xdc\x73\xfd\xad\x42\x01\xfd\xd3\x98\x09\x01"
4539. "\x86\x2c\xaf\xd9\x43\xb1\x3d\xff\xb9\x73\x76\x1e\x55\x5c\x43\xfe\xeb\xd2"
4540. "\x6c\xf1\x43\xd5\x13\xd6\xb4\x94\x5a\xaf\x1b\x3b\x92\x57\x75\x0a\x2c\xbc"
4541. "\x04\x9a\x0b\x7d\x38\xbf\xaa\x0a\xe9\x49\xd7\xaf\x52\x5a\xa3\xa2\x5b\x64"
4542. "\x9c\xcd\x6d\x5e\xfb\xa8\x3c\x36\x6e\x9d\x19\x86\x3c\x40\x18\xd7\xc5\xe2"
4543. "\xfc\x69\x0e\x9f\xb8\xde\x0f\x82\x18\x12\x60\x1c\x2b\xf9\x2f\x77\x88\xf1"
4544. "\x63\xee\x04\x75\x50\x42\x46\xe2\xe7\x39\xdc\xa6\x89\xd0\x62\xd9\x17\xe3"
4545. "\xc3\x27\x40\x9a\x6f\x94\x50\x9a\xb2\xd1\x40\x0e\xa1\x7e\xd2\x23\xd3\xb1"
4546. "\xdb\xd7\x7c\xb7\xda\xe7\x56\x7a\xa5\xbd\xb4\x7b\xf5\x14\x78\x54\xeb\x61"
4547. "\xea\xd7\x5a\x70\x6a\x59\x63\x1b\xaa\x28\x9a\x9e\xec\x84\x43\x16\x81\x66"
4548. "\x0e\xb4\xbe\x86\xed\xda\xf5\xd9\xb3\xe0\x96\x04\xdd\x1e\xdb\x74\xff\x1d"
4549. "\xe0\x67\x95\xea\xa3\x44\xb3\x5b\x43\x64\x94\x43\x84\x86\x9a\x07\xb3\x99"
4550. "\x08\x8a\xf0\x68\xec\xf4\x94\x3c\xc8\x4e\x76\x06\x10\x39\x79\xdf\x4e\x4b"
4551. "\xf9\xed\x1b\xd8\xcb\xdb\x9b\x33\xcf\x58\x4c\xff\xe5\x4e\x4d\x27\x29\xb5"
4552. "\x5c\x9d\x04\xe3\xf1\xbb\xae\xf5\x0b\xac\x73\xb8\xd9\xb2\x9a\x9e\x48\x2c"
4553. "\x72\x3d\x25\xac\x8a\x36\xd9\xc2\x5c\x6e\x4b\xb3\x65\x1b\x48\x3c\x96\x8f"
4554. "\x10\x0a\x7e\x86\xbb\xdf\xa5\x31\x02\xc2\xc6\x8b\x45\xee\x88\x47\xfb\x5a"
4555. "\x90\xcd\x8e\xe3\xbb\xb5\xc0\x35\x9d\x39\x00\xbe\x19\x02\x4e\xda\xec\x3b"
4556. "\x11\x08\x71\x17\x50\x9c\x3d\xfb\x0f\x87\xe7\xa8\x8c\x63\x28\xff\x94\x63"
4557. "\x08\xf3\xe3\x5b\x37\xa6\x5d\xe0\x49\x01\x48\xd2\x73\x4c\xdc\x91\xa9\xe2"
4558. "\x9a\x83\xce\x98\x12\xca\x89\x6d\x35\x7c\x52\x8f\xcb\xe6\xbe\xb1\x86\x76"
4559. "\xda\xd7\x38\xde\xbf\x5e\x60\xf4\xf9\xdb\x22\x52\x99\x78\x9d\x20\xe3\xb6"
4560. "\x47\x4f\x99\xe5\xa1\x1b\x6d\xb3\xd1\xcb\x82\xb4\xc9\xb8\x3e\x95\x1d\xe6"
4561. "\x63\xfe\xc8\xee\x79\x04\x92\x6d\x33\x4a\x65\x12\xc4\x61\x12\x75\xf3\x56"
4562. "\xb3\x8d\x5c\xad\x6b\xe0\x65\x7c\xbe\xc5\x02\x58\x03\xf0\xc5\xfd\xb1\x23"
4563. "\xbc\x47\xad\xee\xf5\x72\x42\xbe\x2e\x78\xd7\xc6\xd1\xb3\x81\xec\x84\xe5"
4564. "\x0d\xe5\x4a\xa9\x53\x14\xfb\x3c\x29\xf0\x7d\xf0\x81\x50\x85\x0f\xd1\x41"
4565. "\x21\x5e\x4f\x36\xf8\x90\x03\x7d\xfc\xd0\x40\xe4\x16\xfc\x34\x80\xa4\x77"
4566. "\xc7\x03\xb9\xc2\x5b\x48\x1c\xff\xdb\x4a\xc7\xea\xad\x1b\x51\x7c\x3e\x52"
4567. "\x76\xac\x47\x82\x9d\xb4\x94\x3d\x6c\x61\xb6\xee\xd9\xfe\x87\xce\x28\x56"
4568. "\x79\x22\x50\xfd\x57\x6f\x21\xad\xb5\x58\x36\x0a\x26\x4a\xc9\x0b\x15\x19"
4569. "\x19\x18\x83\xea\x8c\xd4\x42\xc3\x2b\x77\xbc\xa4\xd0\xe3\x78\x7c\xcb\x30"
4570. "\xd1\x69\x4d\x65\x56\x10\x63\x67\xe3\x04\xf0\xe3\x0e\x75\xcb\xf2\xd7\xcb"
4571. "\x9e\x2b\x65\x53\x5d\x19\x38\x4a\xd5\xe6\x2f\xfc\x74\x44\xb9\x98\x55\x91"
4572. "\x4a\x01\x3f\x7c\xf0\x90\x9e\x39\xa4\x31\x78\x52\x02\xce\xfe\x22\x26\x20"
4573. "\x43\xe6\xe2\x54\xf7\x45\xb6\x68\x27\xcd\x6c\x20\x4e\xbe\x80\x0e\xbb\xd2"
4574. "\x88\x3a\x0b\x34\x87\x54\x1a\x51\xb5\xd5\xfe\x26\x98\x26\xec\xa5\xf5\xd6"
4575. "\xe0\x8d\xc1\x30\x98\x70\x94\xf4\x75\x11\x56\x2c\x2f\x1f\x81\x37\x17\x3a"
4576. "\x3d\x5a\x1d\xd2\x9c\xe1\x74\xb6\x44\xaa\x44\xf9\x2c\x62\x7c\xd2\x01\xca"
4577. "\x53\x03\xd8\xcb\x9f\xbc\xca\x96\xd9\x95\xf3\x46\xb6\x66\x47\x08\x66\x15"
4578. "\x3f\xf8\x06\xa3\x81\x8a\x94\x7e\x43\xa4\x97\x45\x5c\x9a\xed\x11\x4e\xf1"
4579. "\x81\xd5\x7f\xc0\xb6\x8a\xb8\xf5\x92\xce\x60\xfd\xa1\x58\xc7\xfe\x08\x60"
4580. "\xf6\x27\xbc\xc7\x1b\x04\xb2\xee\xa4\x7c\xd1\xe8\x32\x2b\xbc\x71\x6d\x9e"
4581. "\xda\x07\x92\x72\x2b\x54\x60\x48\xcd\x60\x16\x5d\xb1\xd6\x9f\x6b\xa2\x3e"
4582. "\x56\x34\x2c\x29\x8d\xdd\x87\x7a\xd2\x70\xb1\x6b\x7f\x97\x56\x6e\xe8\x2b"
4583. "\x13\xdb\xb1\xbd\x87\xe5\x41\xdb\xf5\xbb\xb4\x69\xf2\x3f\x95\x16\xb3\xb5"
4584. "\xff\xaa\x55\xe1\x67\xf9\xf0\x9c\x0e\xbb\xa3\x79\xc2\xb5\x92\xeb\xbc\x43"
4585. "\x58\x67\x63\xa0\xc1\x9a\x64\x3b\x5e\xb1\x8e\x0d\xb9\x4c\x80\x13\x58\xbc"
4586. "\xae\x85\xc1\xa9\xd7\xd9\x0b\x37\xcc\xd3\xe8\x1e\x13\xa2\x39\x9a\xf0\x44"
4587. "\xce\x2f\x54\xa7\x70\x8a\x30\x55\xab\xe6\x75\x3a\xc1\x89\x5c\x81\x55\xb9"
4588. "\x01\xcc\x51\x45\xa8\xa8\xdf\x3c\x33\x3f\xaf\x22\x27\xfd\xee\xdd\xa2\x3c"
4589. "\xc4\x7b\x08\x26\x74\x0b\xf3\xa0\x56\x68\x2c\xa2\x10\x10\x2e\x0a\x3e\x3d"
4590. "\x41\x33\xd2\xef\x15\xa9\xd9\x25\xd4\xbd\xf4\x0a\x74\x5e\x1f\x12\x7a\xb8"
4591. "\xde\x75\x1a\x86\x5b\x65\xa4\x10\x2e\x51\x48\xed\x8d\xdf\x7d\xfb\xfa\x8f"
4592. "\x9d\x8a\x38\x89\x7f\x2b\x5a\x6b\xa2\x89\x47\x60\x0b\xce\x1e\xef\x45\x07"
4593. "\x66\xc7\x09\x39\xd3\x28\xf5\x1a\x02\x32\x9e\x26\x5b\xde\x95\xf6\x7f\x8f"
4594. "\x2d\xbb\xa4\x52\xa0\x02\x74\x80\x42\xf6\x8a\xb0\xb4\xc3\xfc\x69\x47\x41"
4595. "\x02\x9a\xce\x2a\x72\x21\xda\xe0\x66\xc4\x63\x98\xd2\x85\x75\x8e\xd8\x27"
4596. "\x51\xd2\x1b\x99\xcc\x95\xca\x2f\x45\x25\x45\x7f\x84\xd2\xa4\x5f\xc4\x94"
4597. "\xde\xe4\xfc\x84\xac\x03\xf0\x5e\x91\x08\x67\x56\x55\xbe\x51\xc9\x40\xaa"
4598. "\x83\xe4\x68\x3c\xcb\x2e\xad\x08\x35\xc7\xeb\xc6\xfd\xd6\xc8\x41\x75\x8e"
4599. "\xa6\xb6\x33\xfc\x7b\x96\xc6\x7d\xf6\x24\x1d\xb2\x33\x6a\x7c\x7c\x77\xed"
4600. "\x34\xd8\x43\x33\xb2\x2a\x8b\x6e\xb6\xb5\xb7\x9d\x03\x04\xba\x00\xcf\x1d"
4601. "\xc7\xed\xfa\x1a\xe6\x78\x98\xb0\xd7\x93\x06\xf4\x29\x62\x40\x63\xa0\x91"
4602. "\x09\x12\xf2\x84\x87\x8a\xb2\x96\xd5\xf9\x60\xc1\xff\x8e\x53\x44\x73\xe9"
4603. "\x55\x97\x7d\x2c\x43\x0d\xea\x79\x8b\x57\xb9\xff\x6f\x80\x8b\x75\x62\x44"
4604. "\xed\x06\xa3\xa7\x80\xf8\x09\x83\x80\xbe\x93\x2d\x34\xca\xcd\x76\x63\x8c"
4605. "\x23\x77\x87\x17\x19\x01\xec\x8a\xed\x92\xbd\x2a\x4e\x3e\x0c\xb4\xdb\x0f"
4606. "\xa3\x18\xf1\x82\xa6\x93\xd9\x5e\x33\xa2\x32\x54\x72\x8b\xd4\x6f\x34\x75"
4607. "\x40\xb0\xf7\xc4\x57\xa5\xa9\xce\xe9\xdb\x7a\x5e\x5b\xd0\x9b\x16\x03\xa5"
4608. "\x43\x5f\x59\x1b\x9c\x08\x5f\x6b\x4f\xe2\xbf\xf8\x08\x7f\xb4\x1d\x0f\x2e"
4609. "\x67\x14\x83\xa2\xcd\xfb\x7e\xcf\x21\xf5\xb8\x5a\x30\xc8\x0b\xd2\x95\x99"
4610. "\x4a\xbb\xf8\x46\x44\x13\x23\x9e\x83\x56\xb2\x67\x8e\xb7\x9b\xab\x50\x14"
4611. "\x4a\xa2\xbd\x2a\x68\x0e\xdf\x83\xfb\x12\x37\xac\x3b\x85\x77\x8a\x75\x26"
4612. "\xe9\x58\x12\x21\x89\x93\xca\x09\x9e\xdd\x70\xdf\xfa\xe8\x2b\xd5\x7f\x07"
4613. "\x53\xf8\x9f\x16\xb2\xc8\x39\x6c\x86\x75\x06\x3e\x27\xe1\xee\xba\x9e\xe4"
4614. "\x45\x28\x7c\x4b\x32\x05\xe4\xae\xc1\x83\xee\x63\xc3\xf8\xb9\xc6\xdc\xa8"
4615. "\xd0\xd8\x36\x01\x39\x59\x90\x64\x00\x2a\xda\x58\xf4\x0d\xd1\x2f\x2e\x47"
4616. "\xde\x56\x98\x99\x5d\xab\x86\x65\x0f\xee\x1f\xc0\xbe\x19\xcf\xda\x1f\xc7"
4617. "\x48\xe2\x6d\xff\xce\xa6\xed\x79\xc9\x48\xad\x88\xaf\x60\x6c\x54\x70\xba"
4618. "\x3d\x64\x85\x63\x53\x20\xa6\x06\xc3\x7c\x64\x47\x9b\x11\x67\xd2\x21\x4c"
4619. "\x10\xc6\x7f\x4c\xb7\x31\xb5\x39\x45\x8a\x96\xd9\x7b\x41\xb3\xf5\x73\xa5"
4620. "\x4f\x6e\xc4\xef\x4a\x70\x35\x2d\xa4\x25\x25\xde\xd7\x8b\x59\xa2\xe5\x7c"
4621. "\x3f\x0b\x65\x4f\xff\x67\xbd\x67\x1c\x36\xdf\x89\x5c\x34\x20\xc3\xd1\x7d"
4622. "\x17\x14\xb1\x74\xf0\xa6\xe7\x7f\xa2\x97\xab\x8c\x17\x3e\xda\x63\xf6\x0f"
4623. "\x22\xf6\x46\x99\xc8\x85\xbd\xad\x18\x8e\x76\x8e\x20\x00\x2b\xda\x6f\xca"
4624. "\xc6\xe8\x53\x3b\xd1\x77\xac\x41\x5a\x9e\xe2\x9c\xae\x96\xcf\x4b\x4f\x67"
4625. "\x37\x3a\xa9\x78\x0d\x40\x34\xd1\xf2\xa1\x9a\x7e\xe5\x50\xf1\xc7\x40\x1a"
4626. "\xd6\xaa\x80\xed\x2c\x05\x8b\x74\xdd\xfe\x73\x40\x19\x9e\x73\x45\xbf\x4b"
4627. "\xb3\x6b\x41\xec\x8a\xb1\x48\xe4\x72\x5f\xff\x1e\x6c\x9d\x9b\x9f\x3a\xcb"
4628. "\xd8\xf3\x88\x96\xef\x2a\xc7\x67\x8b\x36\xd5\xcd\xb6\x08\xd8\xf5\x0b\x60"
4629. "\xdb\x78\xc4\xac\xec\xe0\xe4\x04\x8a\x5a\x3d\x99\xaa\x40\x36\xde\x91\x86"
4630. "\x5b\xa7\xd7\x16\xfe\x7c\x80\xbe\x2c\x35\xc3\xc4\xbe\xb9\x3d\xf1\x92\x7e"
4631. "\x33\x1e\xa6\x70\x5f\x00\xf0\xb3\x6a\xd7\x2e\x4f\x98\xa2\xa4\x27\x56\x9b"
4632. "\x08\xcd\xd0\x7e\xa9\x58\xc5\xcc\x7d\xb5\xbb\x3f\xd6\x54\x3e\xe2\x5d\xe7"
4633. "\xeb\x37\x38\x34\x89\xa3\x15\x87\x8b\x22\x83\x3a\x6a\x98\x20\xdf\x45\x1a"
4634. "\xfc\xac\xbb\xc6\x7c\x36\xea\xbb\x36\x6f\x3a\x14\xa8\x5e\xc6\x75\x5c\x99"
4635. "\x6e\x0c\x55\x27\x02\xca\xe4\x74\xd2\x76\x90\x45\xb7\x2e\xf1\xc9\x0f\xe0"
4636. "\x2d\x98\x13\x14\x05\xc5\x10\xfe\xf6\x11\xab\x90\x1f\x35\x20\xd9\x61\x64"
4637. "\xd1\xbb\xf6\xa3\x6c\x6b\x74\x5f\x27\x73\xf4\x05\xdb\x99\x92\xba\xe6\x5a"
4638. "\x5c\x00\x92\xa3\xb4\xd9\xc7\xfc\x4f\x8b\x24\x7b\x1a\x99\x05\xa8\x17\x45"
4639. "\xdc\x5b\x54\xb4\x7b\x10\x66\x20\xb6\xb9\xf6\x35\xae\x85\xb5\xa0\x19\x75"
4640. "\xde\x28\xc6\x6b\xdc\xdc\xcd\x7f\xcc\x08\x40\x27\x16\xda\x2f\xdd\x14\x49"
4641. "\x6c\xea\xe9\xc0\x86\xfa\x4c\x87\xd6\x26\x8b\xe0\xa4\xb6\xa0\x72\xb9\x10"
4642. "\x4d\x1e\xb6\x02\x4e\x00\xe4\x93\x30\xfc\x01\x81\x8e\x66\x32\xef\x40\x69"
4643. "\x9a\xb9\x9b\xf9\xe8\x40\xf0\x1f\xf3\xd2\x39\x21\xcf\x20\x89\xae\x4f\x1d"
4644. "\x08\x2f\xff\x5f\xcf\x76\x13\x7b\x98\x7f\xaf\xda\x6e\x88\x3c\x68\x6b\x9e"
4645. "\xed\x70\x0a\x57\xba\x0f\xc2\x3a\x01\xf8\x48\xa1\x5c\xac\x1d\xd1\xda\xc6"
4646. "\x84\x5c\x87\xd1\xfc\x16\x50\x59\xe9\x1b\x89\xe9\xdf\x82\x48\x38\xb9\x56"
4647. "\xef\x90\x07\x8f\x43\xd7\xbc\xd1\x39\xb4\x86\x1b\x99\x01\x67\x53\xa0\x71"
4648. "\xe8\x41\x96\xac\xba\x26\x97\x4c\x9b\xcf\x4d\x68\xcb\x54\x13\xa0\x9a\x5a"
4649. "\x38\xd6\x7e\xfd\xd7\x95\x1f\x71\x44\xbc\xeb\x65\xb6\x19\x6b\x41\xf8\x24"
4650. "\x20\xe2\xff\x7d\xfb\x75\xe7\xc1\xe4\xb3\x4e\xf2\x3e\xd9\x27\x24\x2e\xbf"
4651. "\x70\xfd\x5a\xf7\xe0\xc1\x9c\xb5\x26\x7c\x53\x67\xcb\xe9\xf4\xa4\x98\x74"
4652. "\xfa\x07\x6b\x94\x38\x5a\xea\x07\x7d\xdc\x31\x48\xc0\x04\xcc\x5b\xe6\x4a"
4653. "\xeb\x9b\x94\xa1\x8b\x28\x7c\x2f\x1a\x7a\xf1\xc3\x30\x73\xea\xde\x89\x50"
4654. "\x18\x4d\x72\x81\x80\x79\x92\x52\x9c\xbf\xc3\x9c\x35\x35\x41\x13\xd4\xb4"
4655. "\x07\xd7\xdd\xfb\x5e\xa6\xf4\x39\x11\xee\x43\x9d\x85\x58\x3b\xc8\x4f\x1f"
4656. "\x83\xfc\xc8\x0f\x81\x94\x4c\x9d\x38\x26\xeb\xcc\x35\xad\xd6\xea\x50\x68"
4657. "\xf8\x77\xbe\x65\xad\x2c\x90\x6f\x01\x10\x6d\x9f\xc6\xc8\x69\xe1\xa1\x04"
4658. "\x67\xed\xaa\xf4\x58\x7d\x96\x97\xd6\xbf\x6b\x42\x3a\x70\x5c\x78\x99\x97"
4659. "\xef\x83\xef\xfb\xd0\x99\xdd\xb4\xc6\x04\x43\xd8\x9a\x86\x85\xef\x76\x69"
4660. "\x6d\xf6\x12\xca\x6f\x7d\x97\xd4\xad\x35\x7f\xc1\x43\xfb\x0d\x9d\x99\xa8"
4661. "\x83\x23\xaa\xf6\xbc\x86\xef\x68\xb4\xec\xf9\x24\xe7\x61\xdc\x68\x19\x37"
4662. "\x63\x80\xbd\x7b\xc6\xdd\x5d\xf9\xe0\x95\xc6\x45\x14\x62\x94\x5d\xad\x54"
4663. "\x33\x84\x75\x72\x9b\xd3\x46\x65\x67\xce",
4664. 4096);
4665. *(uint64_t*)0x200000005a08 = 0x1000;
4666. *(uint64_t*)0x200000005a10 = 0x200000005900;
4667. memcpy(
4668. (void*)0x200000005900,
4669. "\xa9\x0f\xa3\x6a\x12\x1d\x1a\x18\x64\x0c\x41\xc2\x95\x4e\x5c\x62\xd6\x3a"
4670. "\x1e\x83\x5d\x89\xca\x41\xe8\xd7\x8b\xba\x2e\xcd\x93\x18\x8b\xe8\x3a\x4e"
4671. "\x57\xc0\x0e\x58\xd0\x7c\xf4\x8b\xee\xb2\x15\x36\xb6\x15\xdb\x98\x83\x64"
4672. "\x3f\x9e\x03\x1e\x7d\x48\xae\xfb\x86\x2a\xee\xcf\xa2\xf3\x0b\xe6\xc3\xf6"
4673. "\x2e\xf4\x7b\xcb\x49\x91\xd0\x05\x22\x0a\xcf\xb6\x33\x87",
4674. 86);
4675. *(uint64_t*)0x200000005a18 = 0x56;
4676. *(uint64_t*)0x200000005a20 = 0x200000005980;
4677. memcpy((void*)0x200000005980,
4678. "\x14\x60\xcf\x86\x9b\xec\xa9\x6d\xc4\xea\xc3\x03\xc6\x38\xa8\x83\x1c"
4679. "\xab\xa0\xf0\x34\x49\x49\x47\xd9\xe5\xb3\xfe\xe8\x89\x8b\x7d\xdb\x15"
4680. "\x13\x72\x53\x14\x59\x7c\xfb\xa7\x33\xc4\x7e\xab\x6f\xbd\x14\x5d\x2e"
4681. "\xde\x57\x1e\x81\x48\xcd\xc7\x51\x8b\xc3\x17\x64\x47\x02\xe2\xe1\xc7"
4682. "\xc6\x96\x17\x19\x55\x4a\xfb\x1b\x7c\xe5\xf2\x08\x25\x1d\xa6\xa1\x2a"
4683. "\x06\x03\x4b\x37\xf0\x35\x49\x6b\x00\xdc\x39\x54\x66\x16\xbb\x8c\x30"
4684. "\x23\xe6\x74\x0d\x91\xdb\x4e\xaf\xc3\x83\x46\x0b\xe9\xc2\xf0\x43\x1c",
4685. 119);
4686. *(uint64_t*)0x200000005a28 = 0x77;
4687. *(uint64_t*)0x200000005c18 = 3;
4688. *(uint64_t*)0x200000005c20 = 0;
4689. *(uint64_t*)0x200000005c28 = 0;
4690. *(uint32_t*)0x200000005c30 = 0;
4691. *(uint32_t*)0x200000005c38 = 0;
4692. syscall(__NR_sendmmsg, /*fd=*/r[33], /*mmsg=*/0x200000005a40ul, /*vlen=*/8ul,
4693. /*f=MSG_FASTOPEN|MSG_PROBE|MSG_DONTWAIT|MSG_CONFIRM*/ 0x20000850ul);
4694. *(uint16_t*)0x200000005c40 = 2;
4695. *(uint16_t*)0x200000005c42 = htobe16(0x4e22);
4696. *(uint8_t*)0x200000005c44 = 0xac;
4697. *(uint8_t*)0x200000005c45 = 0x14;
4698. *(uint8_t*)0x200000005c46 = 0x14;
4699. *(uint8_t*)0x200000005c47 = 0xaa;
4700. STORE_BY_BITMASK(uint8_t, , 0x200000005c80, 0x16, 0, 4);
4701. STORE_BY_BITMASK(uint8_t, , 0x200000005c80, 4, 4, 4);
4702. STORE_BY_BITMASK(uint8_t, , 0x200000005c81, 1, 0, 2);
4703. STORE_BY_BITMASK(uint8_t, , 0x200000005c81, 0x1a, 2, 6);
4704. *(uint16_t*)0x200000005c82 = htobe16(0x82);
4705. *(uint16_t*)0x200000005c84 = htobe16(0x67);
4706. *(uint16_t*)0x200000005c86 = htobe16(0);
4707. *(uint8_t*)0x200000005c88 = 3;
4708. *(uint8_t*)0x200000005c89 = 2;
4709. *(uint16_t*)0x200000005c8a = htobe16(0);
4710. *(uint32_t*)0x200000005c8c = htobe32(0xe0000002);
4711. *(uint32_t*)0x200000005c90 = htobe32(0x7f000001);
4712. *(uint8_t*)0x200000005c94 = 0x83;
4713. *(uint8_t*)0x200000005c95 = 0x23;
4714. *(uint8_t*)0x200000005c96 = 0x6e;
4715. *(uint32_t*)0x200000005c97 = htobe32(0);
4716. *(uint32_t*)0x200000005c9b = htobe32(0xa010101);
4717. *(uint32_t*)0x200000005c9f = htobe32(0x64010102);
4718. *(uint32_t*)0x200000005ca3 = htobe32(0x64010100);
4719. *(uint8_t*)0x200000005ca7 = 0xac;
4720. *(uint8_t*)0x200000005ca8 = 0x14;
4721. *(uint8_t*)0x200000005ca9 = 0x14;
4722. *(uint8_t*)0x200000005caa = 0x21;
4723. *(uint32_t*)0x200000005cab = htobe32(0);
4724. *(uint8_t*)0x200000005caf = 0xac;
4725. *(uint8_t*)0x200000005cb0 = 0x14;
4726. *(uint8_t*)0x200000005cb1 = 0x14;
4727. *(uint8_t*)0x200000005cb2 = 0xaa;
4728. *(uint32_t*)0x200000005cb3 = htobe32(0);
4729. *(uint8_t*)0x200000005cb7 = 0x44;
4730. *(uint8_t*)0x200000005cb8 = 0xc;
4731. *(uint8_t*)0x200000005cb9 = 0x21;
4732. STORE_BY_BITMASK(uint8_t, , 0x200000005cba, 0, 0, 4);
4733. STORE_BY_BITMASK(uint8_t, , 0x200000005cba, 9, 4, 4);
4734. *(uint32_t*)0x200000005cbb = htobe32(0x10000);
4735. *(uint32_t*)0x200000005cbf = htobe32(0x80000001);
4736. *(uint8_t*)0x200000005cc3 = 0x44;
4737. *(uint8_t*)0x200000005cc4 = 0x14;
4738. *(uint8_t*)0x200000005cc5 = 0x7b;
4739. STORE_BY_BITMASK(uint8_t, , 0x200000005cc6, 0, 0, 4);
4740. STORE_BY_BITMASK(uint8_t, , 0x200000005cc6, 3, 4, 4);
4741. *(uint32_t*)0x200000005cc7 = htobe32(2);
4742. *(uint32_t*)0x200000005ccb = htobe32(3);
4743. *(uint32_t*)0x200000005ccf = htobe32(0xa87e);
4744. *(uint32_t*)0x200000005cd3 = htobe32(4);
4745. *(uint8_t*)0x200000005cd8 = 0x12;
4746. *(uint8_t*)0x200000005cd9 = 8;
4747. *(uint16_t*)0x200000005cda = htobe16(0);
4748. *(uint32_t*)0x200000005cdc = htobe32(-1);
4749. memcpy((void*)0x200000005ce0,
4750. "\x74\x89\x0d\x7a\xbe\xa9\x92\xd7\xe6\xaf\xb1\xa0\xb0\xf3\x2f\xc1\xe0"
4751. "\xb9\x15\x28\x43\xba\x16\xea\x58\xf0\xcd\xba\xde\x92\x56\x0a\x32\x55",
4752. 34);
4753. struct csum_inet csum_2;
4754. csum_inet_init(&csum_2);
4755. csum_inet_update(&csum_2, (const uint8_t*)0x200000005cd8, 42);
4756. *(uint16_t*)0x200000005cda = csum_inet_digest(&csum_2);
4757. struct csum_inet csum_3;
4758. csum_inet_init(&csum_3);
4759. csum_inet_update(&csum_3, (const uint8_t*)0x200000005c80, 88);
4760. *(uint16_t*)0x200000005c8a = csum_inet_digest(&csum_3);
4761. res = -1;
4762. res = syz_emit_proto(/*proto=*/0, /*addr=*/0x200000005c40, /*addrlen=*/0x10,
4763. /*packet=*/0x200000005c80, /*ttl=*/0);
4764. if (res != -1)
4765. r[43] = res;
4766. syz_receive_proto(/*proto=*/0x6c, /*fd=*/r[43], /*buffer=*/0x200000005d40,
4767. /*buflen=*/0xcb);
4768. *(uint32_t*)0x200000005ec0 = 0x6e;
4769. res = syscall(__NR_accept4, /*fd=*/-1, /*peer=*/0x200000005e40ul,
4770. /*peerlen=*/0x200000005ec0ul, /*flags=SOCK_NONBLOCK*/ 0x800ul);
4771. if (res != -1)
4772. r[44] = res;
4773. *(uint32_t*)0x200000005f00 = 8;
4774. memcpy((void*)0x200000005f04,
4775. "rose0\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
4776. "\000\000\000",
4777. 24);
4778. memcpy((void*)0x200000005f1c,
4779. "bond_slave_1\000\000\000\000\000\000\000\000\000\000\000\000", 24);
4780. *(uint16_t*)0x200000005f34 = 1;
4781. syscall(__NR_ioctl, /*fd=*/r[44], /*cmd=*/0x8982, /*arg=*/0x200000005f00ul);
4782. *(uint64_t*)0x200000006200 = 0x200000005f40;
4783. *(uint16_t*)0x200000005f40 = 0x10;
4784. *(uint16_t*)0x200000005f42 = 0;
4785. *(uint32_t*)0x200000005f44 = 0;
4786. *(uint32_t*)0x200000005f48 = 0x10;
4787. *(uint32_t*)0x200000006208 = 0xc;
4788. *(uint64_t*)0x200000006210 = 0x2000000061c0;
4789. *(uint64_t*)0x2000000061c0 = 0x200000005f80;
4790. *(uint32_t*)0x200000005f80 = 0x228;
4791. *(uint16_t*)0x200000005f84 = 0;
4792. *(uint16_t*)0x200000005f86 = 0x100;
4793. *(uint32_t*)0x200000005f88 = 0x70bd27;
4794. *(uint32_t*)0x200000005f8c = 0x25dfdbfe;
4795. *(uint8_t*)0x200000005f90 = 0x3e;
4796. *(uint8_t*)0x200000005f91 = 0;
4797. *(uint16_t*)0x200000005f92 = 0;
4798. *(uint16_t*)0x200000005f94 = 0xe;
4799. *(uint16_t*)0x200000005f96 = 1;
4800. memcpy((void*)0x200000005f98, "netdevsim\000", 10);
4801. *(uint16_t*)0x200000005fa4 = 0xf;
4802. *(uint16_t*)0x200000005fa6 = 2;
4803. memcpy((void*)0x200000005fa8, "netdevsim", 9);
4804. *(uint8_t*)0x200000005fb1 = 0x30;
4805. *(uint8_t*)0x200000005fb2 = 0;
4806. *(uint16_t*)0x200000005fb4 = 0x1c;
4807. *(uint16_t*)0x200000005fb6 = 0x82;
4808. memcpy((void*)0x200000005fb8, "source_mac_is_multicast\000", 24);
4809. *(uint16_t*)0x200000005fd0 = 5;
4810. *(uint16_t*)0x200000005fd2 = 0x83;
4811. *(uint8_t*)0x200000005fd4 = 1;
4812. *(uint16_t*)0x200000005fd8 = 8;
4813. *(uint16_t*)0x200000005fda = 1;
4814. memcpy((void*)0x200000005fdc, "pci\000", 4);
4815. *(uint16_t*)0x200000005fe0 = 0x11;
4816. *(uint16_t*)0x200000005fe2 = 2;
4817. memcpy((void*)0x200000005fe4, "0000:00:10.0\000", 13);
4818. *(uint16_t*)0x200000005ff4 = 0x1c;
4819. *(uint16_t*)0x200000005ff6 = 0x82;
4820. memcpy((void*)0x200000005ff8, "source_mac_is_multicast\000", 24);
4821. *(uint16_t*)0x200000006010 = 5;
4822. *(uint16_t*)0x200000006012 = 0x83;
4823. *(uint8_t*)0x200000006014 = 0;
4824. *(uint16_t*)0x200000006018 = 0xe;
4825. *(uint16_t*)0x20000000601a = 1;
4826. memcpy((void*)0x20000000601c, "netdevsim\000", 10);
4827. *(uint16_t*)0x200000006028 = 0xf;
4828. *(uint16_t*)0x20000000602a = 2;
4829. memcpy((void*)0x20000000602c, "netdevsim", 9);
4830. *(uint8_t*)0x200000006035 = 0x30;
4831. *(uint8_t*)0x200000006036 = 0;
4832. *(uint16_t*)0x200000006038 = 0x1c;
4833. *(uint16_t*)0x20000000603a = 0x82;
4834. memcpy((void*)0x20000000603c, "source_mac_is_multicast\000", 24);
4835. *(uint16_t*)0x200000006054 = 5;
4836. *(uint16_t*)0x200000006056 = 0x83;
4837. *(uint8_t*)0x200000006058 = 0;
4838. *(uint16_t*)0x20000000605c = 8;
4839. *(uint16_t*)0x20000000605e = 1;
4840. memcpy((void*)0x200000006060, "pci\000", 4);
4841. *(uint16_t*)0x200000006064 = 0x11;
4842. *(uint16_t*)0x200000006066 = 2;
4843. memcpy((void*)0x200000006068, "0000:00:10.0\000", 13);
4844. *(uint16_t*)0x200000006078 = 0x1c;
4845. *(uint16_t*)0x20000000607a = 0x82;
4846. memcpy((void*)0x20000000607c, "source_mac_is_multicast\000", 24);
4847. *(uint16_t*)0x200000006094 = 5;
4848. *(uint16_t*)0x200000006096 = 0x83;
4849. *(uint8_t*)0x200000006098 = 1;
4850. *(uint16_t*)0x20000000609c = 0xe;
4851. *(uint16_t*)0x20000000609e = 1;
4852. memcpy((void*)0x2000000060a0, "netdevsim\000", 10);
4853. *(uint16_t*)0x2000000060ac = 0xf;
4854. *(uint16_t*)0x2000000060ae = 2;
4855. memcpy((void*)0x2000000060b0, "netdevsim", 9);
4856. *(uint8_t*)0x2000000060b9 = 0x30;
4857. *(uint8_t*)0x2000000060ba = 0;
4858. *(uint16_t*)0x2000000060bc = 0x1c;
4859. *(uint16_t*)0x2000000060be = 0x82;
4860. memcpy((void*)0x2000000060c0, "source_mac_is_multicast\000", 24);
4861. *(uint16_t*)0x2000000060d8 = 5;
4862. *(uint16_t*)0x2000000060da = 0x83;
4863. *(uint8_t*)0x2000000060dc = 0;
4864. *(uint16_t*)0x2000000060e0 = 0xe;
4865. *(uint16_t*)0x2000000060e2 = 1;
4866. memcpy((void*)0x2000000060e4, "netdevsim\000", 10);
4867. *(uint16_t*)0x2000000060f0 = 0xf;
4868. *(uint16_t*)0x2000000060f2 = 2;
4869. memcpy((void*)0x2000000060f4, "netdevsim", 9);
4870. *(uint8_t*)0x2000000060fd = 0x30;
4871. *(uint8_t*)0x2000000060fe = 0;
4872. *(uint16_t*)0x200000006100 = 0x1c;
4873. *(uint16_t*)0x200000006102 = 0x82;
4874. memcpy((void*)0x200000006104, "source_mac_is_multicast\000", 24);
4875. *(uint16_t*)0x20000000611c = 5;
4876. *(uint16_t*)0x20000000611e = 0x83;
4877. *(uint8_t*)0x200000006120 = 1;
4878. *(uint16_t*)0x200000006124 = 0xe;
4879. *(uint16_t*)0x200000006126 = 1;
4880. memcpy((void*)0x200000006128, "netdevsim\000", 10);
4881. *(uint16_t*)0x200000006134 = 0xf;
4882. *(uint16_t*)0x200000006136 = 2;
4883. memcpy((void*)0x200000006138, "netdevsim", 9);
4884. *(uint8_t*)0x200000006141 = 0x30;
4885. *(uint8_t*)0x200000006142 = 0;
4886. *(uint16_t*)0x200000006144 = 0x1c;
4887. *(uint16_t*)0x200000006146 = 0x82;
4888. memcpy((void*)0x200000006148, "source_mac_is_multicast\000", 24);
4889. *(uint16_t*)0x200000006160 = 5;
4890. *(uint16_t*)0x200000006162 = 0x83;
4891. *(uint8_t*)0x200000006164 = 0;
4892. *(uint16_t*)0x200000006168 = 8;
4893. *(uint16_t*)0x20000000616a = 1;
4894. memcpy((void*)0x20000000616c, "pci\000", 4);
4895. *(uint16_t*)0x200000006170 = 0x11;
4896. *(uint16_t*)0x200000006172 = 2;
4897. memcpy((void*)0x200000006174, "0000:00:10.0\000", 13);
4898. *(uint16_t*)0x200000006184 = 0x1c;
4899. *(uint16_t*)0x200000006186 = 0x82;
4900. memcpy((void*)0x200000006188, "source_mac_is_multicast\000", 24);
4901. *(uint16_t*)0x2000000061a0 = 5;
4902. *(uint16_t*)0x2000000061a2 = 0x83;
4903. *(uint8_t*)0x2000000061a4 = 1;
4904. *(uint64_t*)0x2000000061c8 = 0x228;
4905. *(uint64_t*)0x200000006218 = 1;
4906. *(uint64_t*)0x200000006220 = 0;
4907. *(uint64_t*)0x200000006228 = 0;
4908. *(uint32_t*)0x200000006230 = 0x4004040;
4909. syscall(__NR_sendmsg, /*fd=*/r[33], /*msg=*/0x200000006200ul,
4910. /*f=MSG_CONFIRM*/ 0x800ul);
4911. *(uint32_t*)0x200000006240 = 0;
4912. res = syscall(__NR_accept4, /*fd=*/-1, /*peer=*/0ul,
4913. /*peerlen=*/0x200000006240ul,
4914. /*flags=SOCK_CLOEXEC|SOCK_NONBLOCK|0x400*/ 0x80c00ul);
4915. if (res != -1)
4916. r[45] = res;
4917. *(uint32_t*)0x200000006280 = 0x288;
4918. syscall(__NR_setsockopt, /*fd=*/r[45], /*level=*/0x107,
4919. /*optname=PACKET_COPY_THRESH*/ 7, /*optval=*/0x200000006280ul,
4920. /*optlen=*/4ul);
4921. syscall(__NR_close, /*fd=*/r[43]);
4922. memcpy((void*)0x2000000062c0,
4923. "team0\000\000\000\000\000\000\000\000\000\000\000", 16);
4924. syscall(__NR_ioctl, /*fd=*/r[44], /*cmd=*/0x8933, /*arg=*/0x2000000062c0ul);
4925. *(uint64_t*)0x2000000065c0 = 0x200000006300;
4926. *(uint16_t*)0x200000006300 = 0x10;
4927. *(uint16_t*)0x200000006302 = 0;
4928. *(uint32_t*)0x200000006304 = 0;
4929. *(uint32_t*)0x200000006308 = 8;
4930. *(uint32_t*)0x2000000065c8 = 0xc;
4931. *(uint64_t*)0x2000000065d0 = 0x200000006580;
4932. *(uint64_t*)0x200000006580 = 0x200000006340;
4933. *(uint32_t*)0x200000006340 = 0x214;
4934. *(uint16_t*)0x200000006344 = r[34];
4935. *(uint16_t*)0x200000006346 = 0x300;
4936. *(uint32_t*)0x200000006348 = 0x70bd2b;
4937. *(uint32_t*)0x20000000634c = 0x25dfdbfc;
4938. *(uint8_t*)0x200000006350 = 1;
4939. *(uint8_t*)0x200000006351 = 0;
4940. *(uint16_t*)0x200000006352 = 0;
4941. *(uint16_t*)0x200000006354 = 0x50;
4942. STORE_BY_BITMASK(uint16_t, , 0x200000006356, 2, 0, 14);
4943. STORE_BY_BITMASK(uint16_t, , 0x200000006357, 0, 6, 1);
4944. STORE_BY_BITMASK(uint16_t, , 0x200000006357, 1, 7, 1);
4945. *(uint16_t*)0x200000006358 = 0x4c;
4946. STORE_BY_BITMASK(uint16_t, , 0x20000000635a, 1, 0, 14);
4947. STORE_BY_BITMASK(uint16_t, , 0x20000000635b, 0, 6, 1);
4948. STORE_BY_BITMASK(uint16_t, , 0x20000000635b, 1, 7, 1);
4949. *(uint16_t*)0x20000000635c = 8;
4950. *(uint16_t*)0x20000000635e = 1;
4951. *(uint32_t*)0x200000006360 = 7;
4952. *(uint16_t*)0x200000006364 = 8;
4953. *(uint16_t*)0x200000006366 = 1;
4954. *(uint32_t*)0x200000006368 = 4;
4955. *(uint16_t*)0x20000000636c = 8;
4956. *(uint16_t*)0x20000000636e = 1;
4957. *(uint32_t*)0x200000006370 = 0;
4958. *(uint16_t*)0x200000006374 = 8;
4959. *(uint16_t*)0x200000006376 = 1;
4960. *(uint32_t*)0x200000006378 = 3;
4961. *(uint16_t*)0x20000000637c = 8;
4962. *(uint16_t*)0x20000000637e = 1;
4963. *(uint32_t*)0x200000006380 = 5;
4964. *(uint16_t*)0x200000006384 = 8;
4965. *(uint16_t*)0x200000006386 = 1;
4966. *(uint32_t*)0x200000006388 = 7;
4967. *(uint16_t*)0x20000000638c = 8;
4968. *(uint16_t*)0x20000000638e = 1;
4969. *(uint32_t*)0x200000006390 = 7;
4970. *(uint16_t*)0x200000006394 = 8;
4971. *(uint16_t*)0x200000006396 = 1;
4972. *(uint32_t*)0x200000006398 = 0;
4973. *(uint16_t*)0x20000000639c = 8;
4974. *(uint16_t*)0x20000000639e = 1;
4975. *(uint32_t*)0x2000000063a0 = 0;
4976. *(uint16_t*)0x2000000063a4 = 0x16c;
4977. STORE_BY_BITMASK(uint16_t, , 0x2000000063a6, 2, 0, 14);
4978. STORE_BY_BITMASK(uint16_t, , 0x2000000063a7, 0, 6, 1);
4979. STORE_BY_BITMASK(uint16_t, , 0x2000000063a7, 1, 7, 1);
4980. *(uint16_t*)0x2000000063a8 = 0x14;
4981. STORE_BY_BITMASK(uint16_t, , 0x2000000063aa, 1, 0, 14);
4982. STORE_BY_BITMASK(uint16_t, , 0x2000000063ab, 0, 6, 1);
4983. STORE_BY_BITMASK(uint16_t, , 0x2000000063ab, 1, 7, 1);
4984. *(uint16_t*)0x2000000063ac = 8;
4985. *(uint16_t*)0x2000000063ae = 1;
4986. *(uint32_t*)0x2000000063b0 = 5;
4987. *(uint16_t*)0x2000000063b4 = 8;
4988. *(uint16_t*)0x2000000063b6 = 1;
4989. *(uint32_t*)0x2000000063b8 = 7;
4990. *(uint16_t*)0x2000000063bc = 0x2c;
4991. STORE_BY_BITMASK(uint16_t, , 0x2000000063be, 1, 0, 14);
4992. STORE_BY_BITMASK(uint16_t, , 0x2000000063bf, 0, 6, 1);
4993. STORE_BY_BITMASK(uint16_t, , 0x2000000063bf, 1, 7, 1);
4994. *(uint16_t*)0x2000000063c0 = 8;
4995. *(uint16_t*)0x2000000063c2 = 1;
4996. *(uint32_t*)0x2000000063c4 = 7;
4997. *(uint16_t*)0x2000000063c8 = 8;
4998. *(uint16_t*)0x2000000063ca = 1;
4999. *(uint32_t*)0x2000000063cc = 6;
5000. *(uint16_t*)0x2000000063d0 = 8;
5001. *(uint16_t*)0x2000000063d2 = 1;
5002. *(uint32_t*)0x2000000063d4 = 8;
5003. *(uint16_t*)0x2000000063d8 = 8;
5004. *(uint16_t*)0x2000000063da = 1;
5005. *(uint32_t*)0x2000000063dc = 5;
5006. *(uint16_t*)0x2000000063e0 = 8;
5007. *(uint16_t*)0x2000000063e2 = 1;
5008. *(uint32_t*)0x2000000063e4 = 0;
5009. *(uint16_t*)0x2000000063e8 = 0xc;
5010. STORE_BY_BITMASK(uint16_t, , 0x2000000063ea, 1, 0, 14);
5011. STORE_BY_BITMASK(uint16_t, , 0x2000000063eb, 0, 6, 1);
5012. STORE_BY_BITMASK(uint16_t, , 0x2000000063eb, 1, 7, 1);
5013. *(uint16_t*)0x2000000063ec = 8;
5014. *(uint16_t*)0x2000000063ee = 1;
5015. *(uint32_t*)0x2000000063f0 = 1;
5016. *(uint16_t*)0x2000000063f4 = 0xc;
5017. STORE_BY_BITMASK(uint16_t, , 0x2000000063f6, 1, 0, 14);
5018. STORE_BY_BITMASK(uint16_t, , 0x2000000063f7, 0, 6, 1);
5019. STORE_BY_BITMASK(uint16_t, , 0x2000000063f7, 1, 7, 1);
5020. *(uint16_t*)0x2000000063f8 = 8;
5021. *(uint16_t*)0x2000000063fa = 1;
5022. *(uint32_t*)0x2000000063fc = 8;
5023. *(uint16_t*)0x200000006400 = 0xc;
5024. STORE_BY_BITMASK(uint16_t, , 0x200000006402, 1, 0, 14);
5025. STORE_BY_BITMASK(uint16_t, , 0x200000006403, 0, 6, 1);
5026. STORE_BY_BITMASK(uint16_t, , 0x200000006403, 1, 7, 1);
5027. *(uint16_t*)0x200000006404 = 8;
5028. *(uint16_t*)0x200000006406 = 1;
5029. *(uint32_t*)0x200000006408 = 5;
5030. *(uint16_t*)0x20000000640c = 0x2c;
5031. STORE_BY_BITMASK(uint16_t, , 0x20000000640e, 1, 0, 14);
5032. STORE_BY_BITMASK(uint16_t, , 0x20000000640f, 0, 6, 1);
5033. STORE_BY_BITMASK(uint16_t, , 0x20000000640f, 1, 7, 1);
5034. *(uint16_t*)0x200000006410 = 8;
5035. *(uint16_t*)0x200000006412 = 1;
5036. *(uint32_t*)0x200000006414 = 5;
5037. *(uint16_t*)0x200000006418 = 8;
5038. *(uint16_t*)0x20000000641a = 1;
5039. *(uint32_t*)0x20000000641c = 0;
5040. *(uint16_t*)0x200000006420 = 8;
5041. *(uint16_t*)0x200000006422 = 1;
5042. *(uint32_t*)0x200000006424 = 0;
5043. *(uint16_t*)0x200000006428 = 8;
5044. *(uint16_t*)0x20000000642a = 1;
5045. *(uint32_t*)0x20000000642c = 0;
5046. *(uint16_t*)0x200000006430 = 8;
5047. *(uint16_t*)0x200000006432 = 1;
5048. *(uint32_t*)0x200000006434 = 5;
5049. *(uint16_t*)0x200000006438 = 0x1c;
5050. STORE_BY_BITMASK(uint16_t, , 0x20000000643a, 1, 0, 14);
5051. STORE_BY_BITMASK(uint16_t, , 0x20000000643b, 0, 6, 1);
5052. STORE_BY_BITMASK(uint16_t, , 0x20000000643b, 1, 7, 1);
5053. *(uint16_t*)0x20000000643c = 8;
5054. *(uint16_t*)0x20000000643e = 1;
5055. *(uint32_t*)0x200000006440 = 6;
5056. *(uint16_t*)0x200000006444 = 8;
5057. *(uint16_t*)0x200000006446 = 1;
5058. *(uint32_t*)0x200000006448 = 5;
5059. *(uint16_t*)0x20000000644c = 8;
5060. *(uint16_t*)0x20000000644e = 1;
5061. *(uint32_t*)0x200000006450 = 4;
5062. *(uint16_t*)0x200000006454 = 0x2c;
5063. STORE_BY_BITMASK(uint16_t, , 0x200000006456, 1, 0, 14);
5064. STORE_BY_BITMASK(uint16_t, , 0x200000006457, 0, 6, 1);
5065. STORE_BY_BITMASK(uint16_t, , 0x200000006457, 1, 7, 1);
5066. *(uint16_t*)0x200000006458 = 8;
5067. *(uint16_t*)0x20000000645a = 1;
5068. *(uint32_t*)0x20000000645c = 8;
5069. *(uint16_t*)0x200000006460 = 8;
5070. *(uint16_t*)0x200000006462 = 1;
5071. *(uint32_t*)0x200000006464 = 0;
5072. *(uint16_t*)0x200000006468 = 8;
5073. *(uint16_t*)0x20000000646a = 1;
5074. *(uint32_t*)0x20000000646c = 4;
5075. *(uint16_t*)0x200000006470 = 8;
5076. *(uint16_t*)0x200000006472 = 1;
5077. *(uint32_t*)0x200000006474 = 7;
5078. *(uint16_t*)0x200000006478 = 8;
5079. *(uint16_t*)0x20000000647a = 1;
5080. *(uint32_t*)0x20000000647c = 0;
5081. *(uint16_t*)0x200000006480 = 0x54;
5082. STORE_BY_BITMASK(uint16_t, , 0x200000006482, 1, 0, 14);
5083. STORE_BY_BITMASK(uint16_t, , 0x200000006483, 0, 6, 1);
5084. STORE_BY_BITMASK(uint16_t, , 0x200000006483, 1, 7, 1);
5085. *(uint16_t*)0x200000006484 = 8;
5086. *(uint16_t*)0x200000006486 = 1;
5087. *(uint32_t*)0x200000006488 = 0;
5088. *(uint16_t*)0x20000000648c = 8;
5089. *(uint16_t*)0x20000000648e = 1;
5090. *(uint32_t*)0x200000006490 = 0;
5091. *(uint16_t*)0x200000006494 = 8;
5092. *(uint16_t*)0x200000006496 = 1;
5093. *(uint32_t*)0x200000006498 = 5;
5094. *(uint16_t*)0x20000000649c = 8;
5095. *(uint16_t*)0x20000000649e = 1;
5096. *(uint32_t*)0x2000000064a0 = 0;
5097. *(uint16_t*)0x2000000064a4 = 8;
5098. *(uint16_t*)0x2000000064a6 = 1;
5099. *(uint32_t*)0x2000000064a8 = 0;
5100. *(uint16_t*)0x2000000064ac = 8;
5101. *(uint16_t*)0x2000000064ae = 1;
5102. *(uint32_t*)0x2000000064b0 = 2;
5103. *(uint16_t*)0x2000000064b4 = 8;
5104. *(uint16_t*)0x2000000064b6 = 1;
5105. *(uint32_t*)0x2000000064b8 = 3;
5106. *(uint16_t*)0x2000000064bc = 8;
5107. *(uint16_t*)0x2000000064be = 1;
5108. *(uint32_t*)0x2000000064c0 = 6;
5109. *(uint16_t*)0x2000000064c4 = 8;
5110. *(uint16_t*)0x2000000064c6 = 1;
5111. *(uint32_t*)0x2000000064c8 = 1;
5112. *(uint16_t*)0x2000000064cc = 8;
5113. *(uint16_t*)0x2000000064ce = 1;
5114. *(uint32_t*)0x2000000064d0 = 0;
5115. *(uint16_t*)0x2000000064d4 = 0x3c;
5116. STORE_BY_BITMASK(uint16_t, , 0x2000000064d6, 1, 0, 14);
5117. STORE_BY_BITMASK(uint16_t, , 0x2000000064d7, 0, 6, 1);
5118. STORE_BY_BITMASK(uint16_t, , 0x2000000064d7, 1, 7, 1);
5119. *(uint16_t*)0x2000000064d8 = 8;
5120. *(uint16_t*)0x2000000064da = 1;
5121. *(uint32_t*)0x2000000064dc = 0;
5122. *(uint16_t*)0x2000000064e0 = 8;
5123. *(uint16_t*)0x2000000064e2 = 1;
5124. *(uint32_t*)0x2000000064e4 = 5;
5125. *(uint16_t*)0x2000000064e8 = 8;
5126. *(uint16_t*)0x2000000064ea = 1;
5127. *(uint32_t*)0x2000000064ec = 6;
5128. *(uint16_t*)0x2000000064f0 = 8;
5129. *(uint16_t*)0x2000000064f2 = 1;
5130. *(uint32_t*)0x2000000064f4 = 3;
5131. *(uint16_t*)0x2000000064f8 = 8;
5132. *(uint16_t*)0x2000000064fa = 1;
5133. *(uint32_t*)0x2000000064fc = 7;
5134. *(uint16_t*)0x200000006500 = 8;
5135. *(uint16_t*)0x200000006502 = 1;
5136. *(uint32_t*)0x200000006504 = 3;
5137. *(uint16_t*)0x200000006508 = 8;
5138. *(uint16_t*)0x20000000650a = 1;
5139. *(uint32_t*)0x20000000650c = 4;
5140. *(uint16_t*)0x200000006510 = 0x44;
5141. STORE_BY_BITMASK(uint16_t, , 0x200000006512, 2, 0, 14);
5142. STORE_BY_BITMASK(uint16_t, , 0x200000006513, 0, 6, 1);
5143. STORE_BY_BITMASK(uint16_t, , 0x200000006513, 1, 7, 1);
5144. *(uint16_t*)0x200000006514 = 0x24;
5145. STORE_BY_BITMASK(uint16_t, , 0x200000006516, 1, 0, 14);
5146. STORE_BY_BITMASK(uint16_t, , 0x200000006517, 0, 6, 1);
5147. STORE_BY_BITMASK(uint16_t, , 0x200000006517, 1, 7, 1);
5148. *(uint16_t*)0x200000006518 = 8;
5149. *(uint16_t*)0x20000000651a = 1;
5150. *(uint32_t*)0x20000000651c = 7;
5151. *(uint16_t*)0x200000006520 = 8;
5152. *(uint16_t*)0x200000006522 = 1;
5153. *(uint32_t*)0x200000006524 = 6;
5154. *(uint16_t*)0x200000006528 = 8;
5155. *(uint16_t*)0x20000000652a = 1;
5156. *(uint32_t*)0x20000000652c = 3;
5157. *(uint16_t*)0x200000006530 = 8;
5158. *(uint16_t*)0x200000006532 = 1;
5159. *(uint32_t*)0x200000006534 = 1;
5160. *(uint16_t*)0x200000006538 = 0x1c;
5161. STORE_BY_BITMASK(uint16_t, , 0x20000000653a, 1, 0, 14);
5162. STORE_BY_BITMASK(uint16_t, , 0x20000000653b, 0, 6, 1);
5163. STORE_BY_BITMASK(uint16_t, , 0x20000000653b, 1, 7, 1);
5164. *(uint16_t*)0x20000000653c = 8;
5165. *(uint16_t*)0x20000000653e = 1;
5166. *(uint32_t*)0x200000006540 = 2;
5167. *(uint16_t*)0x200000006544 = 8;
5168. *(uint16_t*)0x200000006546 = 1;
5169. *(uint32_t*)0x200000006548 = 2;
5170. *(uint16_t*)0x20000000654c = 8;
5171. *(uint16_t*)0x20000000654e = 1;
5172. *(uint32_t*)0x200000006550 = 2;
5173. *(uint64_t*)0x200000006588 = 0x214;
5174. *(uint64_t*)0x2000000065d8 = 1;
5175. *(uint64_t*)0x2000000065e0 = 0;
5176. *(uint64_t*)0x2000000065e8 = 0;
5177. *(uint32_t*)0x2000000065f0 = 1;
5178. syscall(__NR_sendmsg, /*fd=*/r[33], /*msg=*/0x2000000065c0ul,
5179. /*f=MSG_OOB*/ 1ul);
5180. memcpy((void*)0x200000006700, "/selinux/policy\000", 16);
5181. res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
5182. /*file=*/0x200000006700ul, /*flags=*/0, /*mode=*/0);
5183. if (res != -1)
5184. r[46] = res;
5185. res = syscall(__NR_getresuid, /*ruid=*/0x200000006740ul,
5186. /*euid=*/0x200000006780ul, /*suid=*/0x2000000067c0ul);
5187. if (res != -1)
5188. r[47] = *(uint32_t*)0x200000006780;
5189. res = syscall(__NR_getgid);
5190. if (res != -1)
5191. r[48] = res;
5192. res = syscall(__NR_getresuid, /*ruid=*/0x200000006800ul,
5193. /*euid=*/0x200000006840ul, /*suid=*/0x200000006880ul);
5194. if (res != -1)
5195. r[49] = *(uint32_t*)0x200000006880;
5196. res = syscall(__NR_fstat, /*fd=*/r[33], /*statbuf=*/0x2000000068c0ul);
5197. if (res != -1)
5198. r[50] = *(uint32_t*)0x2000000068dc;
5199. *(uint64_t*)0x200000006a00 = 0x200000006600;
5200. *(uint16_t*)0x200000006600 = 0x10;
5201. *(uint16_t*)0x200000006602 = 0;
5202. *(uint32_t*)0x200000006604 = 0;
5203. *(uint32_t*)0x200000006608 = 0x100;
5204. *(uint32_t*)0x200000006a08 = 0xc;
5205. *(uint64_t*)0x200000006a10 = 0x2000000066c0;
5206. *(uint64_t*)0x2000000066c0 = 0x200000006640;
5207. *(uint32_t*)0x200000006640 = 0x6c;
5208. *(uint16_t*)0x200000006644 = 0x3e;
5209. *(uint16_t*)0x200000006646 = 0x100;
5210. *(uint32_t*)0x200000006648 = 0x70bd2a;
5211. *(uint32_t*)0x20000000664c = 0x25dfdbff;
5212. memcpy((void*)0x200000006650,
5213. "\x00\xfb\x03\x8c\x23\xd1\x6c\x74\x1d\x50\xb9\x47\x15\xbb\x19\xa9\xd8"
5214. "\xbc\xc9\x0d\xab\xb4\x48\x81\x78\x94\x58\xbc\xb6\xc5\xc6\x67\xc7\xe0"
5215. "\xa4\x28\x03\xad\xc4\x30\x82\x37\x8a\xbf\x9a\xcc\x56\x3b\x73\xf0\x01"
5216. "\x2f\xab\x71\x6a\x3b\x15\x78\x34\x33\x29\x9c\x7a\x53\x88\xdf\xe6\x96"
5217. "\x9c\xa3\x26\xd8\x59\xbe\xa8\x32\x06\x00\xe9\x18\x24\xba",
5218. 82);
5219. *(uint16_t*)0x2000000066a2 = 8;
5220. STORE_BY_BITMASK(uint16_t, , 0x2000000066a4, 0x25, 0, 14);
5221. STORE_BY_BITMASK(uint16_t, , 0x2000000066a5, 0, 6, 1);
5222. STORE_BY_BITMASK(uint16_t, , 0x2000000066a5, 0, 7, 1);
5223. *(uint32_t*)0x2000000066a6 = 0x10;
5224. *(uint64_t*)0x2000000066c8 = 0x6c;
5225. *(uint64_t*)0x200000006a18 = 1;
5226. *(uint64_t*)0x200000006a20 = 0x200000006940;
5227. *(uint64_t*)0x200000006940 = 0x18;
5228. *(uint32_t*)0x200000006948 = 1;
5229. *(uint32_t*)0x20000000694c = 1;
5230. *(uint32_t*)0x200000006950 = r[33];
5231. *(uint32_t*)0x200000006954 = r[33];
5232. *(uint64_t*)0x200000006958 = 0x34;
5233. *(uint32_t*)0x200000006960 = 1;
5234. *(uint32_t*)0x200000006964 = 1;
5235. *(uint32_t*)0x200000006968 = r[44];
5236. *(uint32_t*)0x20000000696c = r[33];
5237. *(uint32_t*)0x200000006970 = r[44];
5238. *(uint32_t*)0x200000006974 = r[33];
5239. *(uint32_t*)0x200000006978 = r[43];
5240. *(uint32_t*)0x20000000697c = r[46];
5241. *(uint32_t*)0x200000006980 = r[44];
5242. *(uint32_t*)0x200000006984 = r[44];
5243. *(uint32_t*)0x200000006988 = r[45];
5244. *(uint64_t*)0x200000006990 = 0x1c;
5245. *(uint32_t*)0x200000006998 = 1;
5246. *(uint32_t*)0x20000000699c = 2;
5247. *(uint32_t*)0x2000000069a0 = -1;
5248. *(uint32_t*)0x2000000069a4 = r[47];
5249. *(uint32_t*)0x2000000069a8 = r[48];
5250. *(uint64_t*)0x2000000069b0 = 0x1c;
5251. *(uint32_t*)0x2000000069b8 = 1;
5252. *(uint32_t*)0x2000000069bc = 2;
5253. *(uint32_t*)0x2000000069c0 = -1;
5254. *(uint32_t*)0x2000000069c4 = r[49];
5255. *(uint32_t*)0x2000000069c8 = r[50];
5256. *(uint64_t*)0x200000006a28 = 0x90;
5257. *(uint32_t*)0x200000006a30 = 0x8885;
5258. syscall(__NR_sendmsg, /*fd=*/r[33], /*msg=*/0x200000006a00ul,
5259. /*f=MSG_BATCH|MSG_DONTROUTE*/ 0x40004ul);
5260. *(uint32_t*)0x200000006a40 = 3;
5261. syscall(__NR_setsockopt, /*fd=*/r[46], /*level=*/0, /*opt=*/0xd4,
5262. /*val=*/0x200000006a40ul, /*len=*/4ul);
5263. for (int i = 0; i < 32; i++) {
5264. syscall(__NR_setsockopt, /*fd=*/r[46], /*level=*/0, /*opt=*/0xd4,
5265. /*val=*/0x200000006a40ul, /*len=*/4ul);
5266. }
5267. memcpy((void*)0x200000006a80,
5268. "NETMAP\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
5269. "\000\000\000\000\000\000\000\000",
5270. 29);
5271. *(uint8_t*)0x200000006a9d = 0;
5272. *(uint32_t*)0x200000006ac0 = 0x1e;
5273. syscall(__NR_getsockopt, /*fd=*/r[46], /*level=*/0x29, /*opt=*/0x44,
5274. /*val=*/0x200000006a80ul, /*len=*/0x200000006ac0ul);
5275. for (int i = 0; i < 32; i++) {
5276. syscall(__NR_getsockopt, /*fd=*/r[46], /*level=*/0x29, /*opt=*/0x44,
5277. /*val=*/0x200000006a80ul, /*len=*/0x200000006ac0ul);
5278. }
5279. memcpy((void*)0x200000000780, "ext4\000", 5);
5280. memcpy((void*)0x200000000240, "./file0\000", 8);
5281. *(uint8_t*)0x200000000080 = 0;
5282. memcpy(
5283. (void*)0x2000000007c0,
5284. "\x78\x9c\xec\xdd\xdf\x6b\x5b\x65\x1f\x00\xf0\xef\x49\x7f\x77\x7b\xdf\xf6"
5285. "\x85\x17\x74\x5e\x15\x04\x2d\x8c\xa5\x76\xd6\x4d\xc1\x8b\x89\x17\x22\x38"
5286. "\x18\xe8\xb5\x5b\x49\xb3\x32\x9b\x36\xa3\x49\xc7\x5a\x0a\x6e\x88\xe0\x8d"
5287. "\xa0\xe2\x85\xa0\x37\xbb\xf6\xc7\xbc\xf3\xd6\x1f\xb7\xfa\x5f\x78\x21\x1b"
5288. "\x53\xbb\xe1\xc4\x0b\xa9\x9c\x34\x59\xb3\x35\xe9\x92\xad\x49\xe6\xf6\xf9"
5289. "\xc0\x69\x9e\xe7\x3c\x27\x7d\x9e\x6f\x9e\x73\x9e\xf3\x24\xe7\x90\x04\xf0"
5290. "\xc8\x9a\x48\xff\x64\x22\x0e\x44\xc4\x07\x49\xc4\x58\x75\x7d\x12\x11\x03"
5291. "\x95\x54\x7f\xc4\xb1\xad\xed\x6e\x6e\xac\xe7\xd2\x25\x89\xcd\xcd\xd7\x7f"
5292. "\x4b\x2a\xdb\xdc\xd8\x58\xcf\x45\xdd\x73\x52\xfb\xaa\x99\xc7\x23\xe2\xfb"
5293. "\x77\x23\x0e\x66\x76\xd6\x5b\x5a\x5d\x5b\x98\x2d\x14\xf2\xcb\xd5\xfc\x54"
5294. "\x79\xf1\xec\x54\x69\x75\xed\xd0\x99\xc5\xd9\xf9\xfc\x7c\x7e\xe9\xc8\xf4"
5295. "\xcc\xcc\xe1\xa3\xcf\x1d\x3d\xb2\x77\xb1\xfe\xf1\xd3\xda\xfe\xab\x1f\xbe"
5296. "\xf2\xf4\x57\xc7\xfe\x7a\xe7\xb1\xcb\xef\xff\x90\xc4\xb1\xd8\x5f\x2d\xab"
5297. "\x8f\x63\xaf\x4c\xc4\x44\xf5\x35\x19\x48\x5f\xc2\xdb\xbc\xbc\xd7\x95\xf5"
5298. "\x58\xb2\x7b\x71\x83\x3d\x80\x07\x41\xda\x31\x7d\x5b\x47\x79\x1c\x88\xb1"
5299. "\xe8\xab\xa4\x9a\x18\xe9\x66\xcb\x00\x80\x4e\x79\x3b\x22\x36\x9b\xe9\x6b"
5300. "\x5a\x02\x00\xfc\xab\x25\xcd\xcf\xff\x00\xc0\x43\xa9\xf6\x39\xc0\x8d\x8d"
5301. "\xf5\x5c\x6d\xe9\xed\x27\x12\xdd\x75\xed\xa5\x88\x18\xde\x8a\xbf\x76\x7d"
5302. "\x73\xab\xa4\xbf\x7a\xcd\x6e\xb8\x72\x1d\x74\xf4\x46\x72\xdb\x95\x91\x24"
5303. "\x22\xc6\xf7\xa0\xfe\x89\x88\xf8\xec\x9b\x37\xbf\x48\x97\xe8\xd0\x75\x48"
5304. "\x80\x46\x2e\x5c\x8c\x88\x53\xe3\x13\x3b\xc7\xff\x64\xc7\x3d\x0b\xed\x7a"
5305. "\xa6\x85\x6d\x26\xee\xc8\x1b\xff\xa0\x7b\xbe\x4d\xe7\x3f\xcf\x37\x9a\xff"
5306. "\x65\x6e\xcd\x7f\xa2\xc1\xfc\x67\xa8\xc1\xb1\x7b\x2f\xee\x7e\xfc\x67\xae"
5307. "\xec\x41\x35\x4d\xa5\xf3\xbf\x17\xeb\xee\x6d\xbb\x59\x17\x7f\xd5\x78\x5f"
5308. "\x35\xf7\x9f\xca\x9c\x6f\x20\x39\x7d\xa6\x90\x4f\xc7\xb6\xff\x46\xc4\x64"
5309. "\x0c\x0c\xa5\xf9\xe9\x5d\xea\x98\xbc\xfe\xf7\xf5\x66\x65\xf5\xf3\xbf\xdf"
5310. "\x3f\x7a\xeb\xf3\xb4\xfe\xf4\x71\x7b\x8b\xcc\x95\xfe\xa1\xdb\x9f\x33\x37"
5311. "\x5b\x9e\xbd\x9f\x98\xeb\x5d\xbb\x18\xf1\x44\x7f\xa3\xf8\x93\x5b\xfd\x9f"
5312. "\x34\x99\xff\x9e\x68\xb1\x8e\x57\x5f\x78\xef\xd3\x66\x65\x69\xfc\x69\xbc"
5313. "\xb5\x65\x67\xfc\x9d\xb5\x79\x29\xe2\xa9\x86\xfd\xbf\x7d\x47\x5b\xb2\xeb"
5314. "\xfd\x89\x53\x95\xdd\x61\xaa\xb6\x53\x34\xf0\xf5\xcf\x9f\x8c\x36\xab\xbf"
5315. "\xbe\xff\xd3\x25\xad\xbf\xf6\x5e\xa0\x1b\xd2\xfe\x1f\xdd\x3d\xfe\xf1\xa4"
5316. "\xfe\x7e\xcd\x52\xfb\x75\xfc\x78\x69\xec\xbb\x66\x65\x77\x8f\xbf\xf1\xfe"
5317. "\x3f\x98\xbc\x51\x49\x0f\x56\xd7\x9d\x9f\x2d\x97\x97\xa7\x23\x06\x93\xd7"
5318. "\x76\xae\x3f\xbc\xfd\xdc\x5a\xbe\xb6\x7d\x1a\xff\xe4\x93\x8d\x8f\xff\xdd"
5319. "\xf6\xff\xf4\x3d\xe1\xa9\x16\xe3\xef\xbf\xfa\xeb\x97\xf7\x1e\x7f\x67\xa5"
5320. "\xf1\xcf\xb5\xd5\xff\xed\x27\x2e\xdf\x5c\xe8\x6b\x56\x7f\x6b\xfd\x3f\x53"
5321. "\x49\x4d\x56\xd7\xb4\x32\xfe\xb5\xda\xc0\xfb\x79\xed\x00\x00\x00\x00\x00"
5322. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\x55\x99\x88"
5323. "\xd8\x1f\x49\x26\x7b\x2b\x9d\xc9\x64\xb3\x5b\xbf\xe1\xfd\xff\x18\xcd\x14"
5324. "\x8a\xa5\xf2\xc1\xd3\xc5\x95\xa5\xb9\xa8\xfc\x56\xf6\x78\x0c\x64\x6a\x5f"
5325. "\x75\x39\x56\xf7\x7d\xa8\xd3\xd5\xef\xc3\xaf\xe5\x0f\xdf\x91\x7f\x36\x22"
5326. "\xfe\x17\x11\x1f\x0f\x8d\x54\xf2\xd9\x5c\xb1\x30\xd7\xeb\xe0\x01\x00\x00"
5327. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5328. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\x6a\x5f\x93\xdf\xff\x4f\xfd"
5329. "\x32\xd4\xeb\xd6\x01\x00\x1d\x33\xdc\xd7\xeb\x16\x00\x00\xdd\x36\xdc\xdf"
5330. "\xeb\x16\x00\x00\xdd\x36\xdc\xd6\xd6\x23\x1d\x6b\x07\x00\xd0\x3d\xed\x9d"
5331. "\xff\x01\x80\x87\x81\xf3\x3f\x00\x3c\x7a\x9c\xff\x01\x00\x00\x00\x00\x00"
5332. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5333. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5334. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\xb0\x13\xc7\x8f\xa7\xcb\xe6\x9f"
5335. "\x1b\xeb\xb9\x34\x3f\x77\x6e\x75\x65\xa1\x78\xee\xd0\x5c\xbe\xb4\x90\x5d"
5336. "\x5c\xc9\x65\x73\xc5\xe5\xb3\xd9\xf9\x62\x71\xbe\x90\xcf\xe6\x8a\x8b\x4d"
5337. "\xff\xd1\x85\xad\x87\x42\xb1\x78\x76\x26\x96\x56\xce\x4f\x95\xf3\xa5\xf2"
5338. "\x54\x69\x75\xed\xe4\x62\x71\x65\xa9\x7c\xf2\xcc\xe2\xec\x7c\xfe\x64\x7e"
5339. "\xa0\x6b\x91\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5340. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\xeb"
5341. "\x4a\xab\x6b\x0b\xb3\x85\x42\x7e\x59\x42\x42\xa2\xed\x44\x5c\xd8\x3a\x8e"
5342. "\x1e\x94\xf6\xec\x5d\x22\x06\xb7\x47\x89\x91\x9e\x8d\x4f\x00\x00\x00\x00"
5343. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5344. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5345. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5346. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5347. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5348. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5349. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5350. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5351. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5352. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5353. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5354. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5355. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5356. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5357. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5358. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5359. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5360. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5361. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5362. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5363. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5364. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5365. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5366. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5367. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5368. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5369. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5370. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5371. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5372. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5373. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5374. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5375. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5376. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5377. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5378. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5379. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5380. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5381. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5382. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5383. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5384. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5385. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5386. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5387. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5388. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5389. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5390. "\x00\x00\x00\x00\x00\x00\x0f\xba\x7f\x02\x00\x00\xff\xff\xa6\x03\x26"
5391. "\xe7",
5392. 1926);
5393. syz_mount_image(
5394. /*fs=*/0x200000000780, /*dir=*/0x200000000240,
5395. /*flags=MS_LAZYTIME|MS_STRICTATIME|MS_NOATIME|MS_DIRSYNC*/ 0x3000480,
5396. /*opts=*/0x200000000080, /*chdir=*/0x45, /*size=*/0x786,
5397. /*img=*/0x2000000007c0);
5398. memcpy((void*)0x2000000000c0, "./file1\000", 8);
5399. res = syscall(__NR_open, /*file=*/0x2000000000c0ul, /*flags=*/0ul,
5400. /*mode=*/0ul);
5401. if (res != -1)
5402. r[51] = res;
5403. memcpy((void*)0x200000001140, "ext4\000", 5);
5404. memcpy((void*)0x2000000007c0, "./file0\000", 8);
5405. *(uint8_t*)0x200000001180 = 0;
5406. memcpy(
5407. (void*)0x200000000840,
5408. "\x78\x9c\xec\xdd\xcd\x6b\x1c\xe5\x1f\x00\xf0\xef\x6c\x92\xa6\xbf\xb4\x3f"
5409. "\x13\x41\xd0\x7a\x0a\x08\x1a\x28\xdd\x98\x1a\x5b\x05\x0f\x15\x0f\x22\x58"
5410. "\x28\xe8\xd9\x76\xd9\x6c\x43\xcd\x6e\xb6\x64\x37\xa5\x09\x01\x2d\x22\x78"
5411. "\x11\x54\x3c\x08\x7a\xe9\xd9\x97\x7a\xf3\xea\xcb\x55\xff\x0b\x0f\xd2\x52"
5412. "\x35\x2d\x56\x3c\x48\x64\x36\xb3\xe9\xb6\xd9\x4d\x37\x6d\x92\x45\xf7\xf3"
5413. "\x81\xa7\x7d\x9e\x99\xd9\x3c\xf3\x9d\x67\x66\x9e\x67\x77\x86\x99\x00\xfa"
5414. "\xd6\x78\xfa\x4f\x2e\xe2\x50\x44\x7c\x90\x44\x8c\x66\xd3\x93\x88\x18\x6a"
5415. "\xe4\x06\x23\x4e\xac\x2f\x77\x6b\x75\xa5\x98\xa6\x24\xd6\xd6\x5e\xfb\x2d"
5416. "\x69\x2c\x73\x73\x75\xa5\x18\x2d\x9f\x49\x1d\xc8\x0a\x8f\x45\xc4\xf7\xef"
5417. "\x46\x1c\xce\x6d\xae\xb7\xb6\xb4\x3c\x57\x28\x97\x4b\x0b\x59\x79\xb2\x5e"
5418. "\x39\x3f\x59\x5b\x5a\x3e\x72\xae\x52\x98\x2d\xcd\x96\xe6\x8f\x4d\x4d\x4f"
5419. "\x1f\x3d\xfe\xec\xf1\x63\x3b\x17\xeb\x1f\x3f\x2d\x1f\xbc\xf6\xe1\xcb\x4f"
5420. "\x7d\x75\xe2\xaf\x77\x1e\xbd\xf2\xfe\x0f\x49\x9c\x88\x83\xd9\xbc\xd6\x38"
5421. "\x76\xca\x78\x8c\x67\xdb\x64\x28\xdd\x84\x77\x78\x69\xa7\x2b\xeb\xb1\xa4"
5422. "\xd7\x2b\xc0\x7d\x49\x0f\xcd\x81\xf5\xa3\x3c\x0e\xc5\x68\x0c\x34\x72\x00"
5423. "\xc0\x7f\xd9\x5b\x11\xb1\x06\x00\xf4\x99\x44\xff\x0f\x00\x7d\xa6\xf9\x3b"
5424. "\xc0\xcd\xd5\x95\x62\x33\xf5\xf6\x17\x89\xbd\x75\xfd\xc5\x88\xd8\xbf\x1e"
5425. "\x7f\xf3\xfa\xe6\xfa\x9c\xc1\xec\x9a\xdd\xfe\xc6\x75\xd0\x91\x9b\xc9\x1d"
5426. "\x57\x46\x92\x88\x18\xdb\x81\xfa\xc7\x23\xe2\xb3\x6f\xde\xf8\x22\x4d\xb1"
5427. "\x4b\xd7\x21\x01\xda\x79\xfb\x52\x44\x9c\x19\x1b\xdf\x7c\xfe\x4f\x36\xdd"
5428. "\xb3\xb0\x5d\x4f\x77\xb1\xcc\xf8\x5d\x65\xe7\x3f\xd8\x3b\xdf\xa6\xe3\x9f"
5429. "\xe7\xda\x8d\xff\x72\x1b\xe3\x9f\x68\x33\xfe\x19\x6e\x73\xec\xde\x8f\x7b"
5430. "\x1f\xff\xb9\xab\x3b\x50\x4d\x47\xe9\xf8\xef\x85\x96\x7b\xdb\x6e\xb5\xc4"
5431. "\x9f\x19\x1b\xc8\x4a\xff\x6f\x8c\xf9\x86\x92\xb3\xe7\xca\xa5\xf4\xdc\xf6"
5432. "\x50\x44\x4c\xc4\xd0\x70\x5a\x9e\xda\xa2\x8e\x89\x1b\x7f\xdf\xe8\x34\xaf"
5433. "\x75\xfc\xf7\xfb\x47\x6f\x7e\x9e\xd6\x9f\xfe\x7f\x7b\x89\xdc\xd5\xc1\xe1"
5434. "\x3b\x3f\x33\x53\xa8\x17\x1e\x24\xe6\x56\xd7\x2f\x45\x3c\x3e\xd8\x2e\xfe"
5435. "\x64\xa3\xfd\x93\x0e\xe3\xdf\x53\x5d\xd6\xf1\xca\xf3\xef\x7d\xda\x69\x5e"
5436. "\x1a\x7f\x1a\x6f\x33\x6d\x8e\x7f\x77\xad\x5d\x8e\x78\xb2\x6d\xfb\xdf\xbe"
5437. "\xa3\x2d\xd9\xf2\xfe\xc4\xc9\xc6\xee\x30\xd9\xdc\x29\xda\xf8\xfa\xe7\x4f"
5438. "\x46\x3a\xd5\xdf\xda\xfe\x69\x4a\xeb\x6f\x7e\x17\xd8\x0b\x69\xfb\x8f\x6c"
5439. "\x1d\xff\x58\xd2\x7a\xbf\x66\x6d\xfb\x75\xfc\x78\x79\xf4\xbb\x4e\xf3\xee"
5440. "\x1d\x7f\xfb\xfd\x7f\x5f\xf2\x7a\x23\xbf\x2f\x9b\x76\xb1\x50\xaf\x2f\x4c"
5441. "\x45\xec\x4b\x5e\xdd\x3c\xfd\xe8\xed\xcf\x36\xcb\xcd\xe5\xd3\xf8\x27\x9e"
5442. "\x68\x7f\xfc\x6f\xb5\xff\xa7\xdf\x09\xcf\x74\x19\xff\xe0\xb5\x5f\xbf\xbc"
5443. "\xff\xf8\x77\x57\x1a\xff\xcc\xb6\xda\x7f\xfb\x99\x2b\xb7\xe6\x06\x3a\xd5"
5444. "\xdf\x5d\xfb\x4f\x37\x72\x13\xd9\x94\x6e\xce\x7f\xdd\xae\xe0\x83\x6c\x3b"
5445. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5446. "\x00\xe8\x56\x2e\x22\x0e\x46\x92\xcb\x6f\xe4\x73\xb9\x7c\x7e\xfd\x1d\xde"
5447. "\x8f\xc4\x48\xae\x5c\xad\xd5\x0f\x9f\xad\x2e\xce\xcf\x44\xe3\x5d\xd9\x63"
5448. "\x31\x94\x6b\x3e\xea\x72\xb4\xe5\x79\xa8\x53\xd9\xf3\xf0\x9b\xe5\xa3\x77"
5449. "\x95\x9f\x89\x88\x87\x23\xe2\xe3\xe1\xff\x35\xca\xf9\x62\xb5\x3c\xd3\xeb"
5450. "\xe0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5451. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x73\xa0\xc3"
5452. "\xfb\xff\x53\xbf\x0c\xf7\x7a\xed\x00\x80\x5d\xb3\xbf\xd7\x2b\x00\x00\xec"
5453. "\x39\xfd\x3f\x00\xf4\x1f\xfd\x3f\x00\xf4\x1f\xfd\x3f\x00\xf4\x1f\xfd\x3f"
5454. "\x00\xf4\x1f\xfd\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5455. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5456. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5457. "\x00\x00\xbb\xec\xd4\xc9\x93\x69\x5a\xfb\x73\x75\xa5\x98\x96\x67\x2e\x2c"
5458. "\x2d\xce\x55\x2f\x1c\x99\x29\xd5\xe6\xf2\x95\xc5\x62\xbe\x58\x5d\x38\x9f"
5459. "\x9f\xad\x56\x67\xcb\xa5\x7c\xb1\x5a\xb9\xd7\xdf\x2b\x57\xab\xe7\xa7\x63"
5460. "\x7e\xf1\xe2\x64\xbd\x54\xab\x4f\xd6\x96\x96\x4f\x57\xaa\x8b\xf3\xf5\xd3"
5461. "\xe7\x2a\x85\xd9\xd2\xe9\xd2\xd0\x9e\x44\x05\x00\x00\x00\x00\x00\x00\x00"
5462. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5463. "\x00\x00\x00\x00\x00\x00\xdb\x53\x5b\x5a\x9e\x2b\x94\xcb\xa5\x05\x19\x19"
5464. "\x19\x99\x8d\x4c\xaf\xcf\x4c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5465. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5466. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5467. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5468. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5469. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5470. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5471. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5472. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5473. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5474. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5475. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5476. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5477. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5478. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5479. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5480. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5481. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5482. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5483. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5484. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5485. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5486. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5487. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5488. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5489. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5490. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5491. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5492. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5493. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5494. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5495. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5496. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5497. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5498. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5499. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5500. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5501. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5502. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5503. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5504. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5505. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5506. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5507. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5508. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5509. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5510. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5511. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff"
5512. "\x0e\xff\x04\x00\x00\xff\xff\x3e\x07\x2a\x2f",
5513. 1883);
5514. syz_mount_image(/*fs=*/0x200000001140, /*dir=*/0x2000000007c0,
5515. /*flags=MS_LAZYTIME|MS_NOATIME|MS_DIRSYNC*/ 0x2000480,
5516. /*opts=*/0x200000001180, /*chdir=*/1, /*size=*/0x75b,
5517. /*img=*/0x200000000840);
5518. memcpy((void*)0x200000000180, "./bus\000", 6);
5519. syscall(__NR_creat, /*file=*/0x200000000180ul, /*mode=*/0ul);
5520. memcpy((void*)0x200000001280, "/dev/loop", 9);
5521. *(uint8_t*)0x200000001289 = 0x30;
5522. *(uint8_t*)0x20000000128a = 0;
5523. memcpy((void*)0x200000001240, "./bus\000", 6);
5524. syscall(__NR_mount, /*src=*/0x200000001280ul, /*dst=*/0x200000001240ul,
5525. /*type=*/0ul, /*flags=MS_BIND*/ 0x1000ul, /*data=*/0ul);
5526. memcpy((void*)0x200000000040, "./bus\000", 6);
5527. res = syscall(
5528. __NR_open, /*file=*/0x200000000040ul,
5529. /*flags=O_NOFOLLOW|O_NOCTTY|O_NOATIME|O_CREAT|O_CLOEXEC|0x2*/ 0xe0142ul,
5530. /*mode=*/0ul);
5531. if (res != -1)
5532. r[52] = res;
5533. memcpy((void*)0x200000000080, "./bus\000", 6);
5534. res = syscall(__NR_open, /*file=*/0x200000000080ul,
5535. /*flags=O_SYNC|O_NOCTTY|O_DIRECT|O_CLOEXEC|O_RDWR*/ 0x185102ul,
5536. /*mode=*/0ul);
5537. if (res != -1)
5538. r[53] = res;
5539. syscall(__NR_sendfile, /*fdout=*/r[52], /*fdin=*/r[53], /*off=*/0ul,
5540. /*count=*/0x1000000201005ul);
5541. memcpy((void*)0x200000000180, "./bus\000", 6);
5542. syscall(__NR_open, /*file=*/0x200000000180ul,
5543. /*flags=O_TRUNC|O_SYNC|O_NOATIME|O_LARGEFILE|O_DIRECT|O_CREAT|0x3e*/
5544. 0x14d27eul, /*mode=*/0ul);
5545. memcpy((void*)0x200000000380, "/dev/loop", 9);
5546. *(uint8_t*)0x200000000389 = 0x30;
5547. *(uint8_t*)0x20000000038a = 0;
5548. memcpy((void*)0x200000000140, "./bus\000", 6);
5549. syscall(__NR_mount, /*src=*/0x200000000380ul, /*dst=*/0x200000000140ul,
5550. /*type=*/0ul, /*flags=MS_BIND*/ 0x1000ul, /*data=*/0ul);
5551. memcpy((void*)0x200000000400, "./bus\000", 6);
5552. res = syscall(__NR_open, /*file=*/0x200000000400ul,
5553. /*flags=O_SYNC|O_NOCTTY|O_NOATIME|O_RDWR|0x3c*/ 0x14113eul,
5554. /*mode=*/0ul);
5555. if (res != -1)
5556. r[54] = res;
5557. memcpy((void*)0x2000000001c0, "#! ", 3);
5558. *(uint8_t*)0x2000000001c3 = 0xa;
5559. syscall(__NR_write, /*fd=*/r[54], /*data=*/0x2000000001c0ul,
5560. /*len=*/0x208e24bul);
5561. memcpy((void*)0x200000000040, "./file0\000", 8);
5562. memcpy((void*)0x200000000100, "./file1\000", 8);
5563. syscall(__NR_symlinkat, /*old=*/0x200000000040ul, /*newfd=*/r[51],
5564. /*new=*/0x200000000100ul);
5565. memcpy((void*)0x200000000000, "./file1\000", 8);
5566. syscall(__NR_creat, /*file=*/0x200000000000ul, /*mode=*/0ul);
5567. res = syscall(__NR_socket, /*domain=AF_NETLINK*/ 0x10ul,
5568. /*type=SOCK_RAW*/ 3ul, /*proto=*/0);
5569. if (res != -1)
5570. r[55] = res;
5571. syscall(__NR_madvise, /*addr=*/0x200000ffc000ul, /*len=*/0x4000ul,
5572. /*advice=MADV_POPULATE_WRITE*/ 0x17ul);
5573. syscall(__NR_madvise, /*addr=*/0x200000ffc000ul, /*len=*/0x4000ul,
5574. /*advice=MADV_POPULATE_WRITE*/ 0x17ul);
5575. syscall(__NR_madvise, /*addr=*/0x200000ffb000ul, /*len=*/0x3000ul,
5576. /*advice=MADV_PAGEOUT*/ 0x15ul);
5577. syscall(__NR_madvise, /*addr=*/0x200000ffb000ul, /*len=*/0x3000ul,
5578. /*advice=MADV_PAGEOUT*/ 0x15ul);
5579. syz_clone(/*flags=*/0, /*stack=*/0, /*stack_len=*/0, /*parentid=*/0,
5580. /*childtid=*/0, /*tls=*/0);
5581. syscall(__NR_madvise, /*addr=*/0x200000ffb000ul, /*len=*/0x3000ul,
5582. /*advice=MADV_RANDOM*/ 1ul);
5583. syscall(__NR_madvise, /*addr=*/0x200000ffb000ul, /*len=*/0x3000ul,
5584. /*advice=MADV_RANDOM*/ 1ul);
5585. syscall(__NR_madvise, /*addr=*/0x200000ffb000ul, /*len=*/0x2000ul,
5586. /*advice=MADV_POPULATE_READ*/ 0x16ul);
5587. syscall(__NR_mbind, /*addr=*/0x200000ffb000ul, /*len=*/0x2000ul, /*mode=*/0ul,
5588. /*nodemask=*/0ul, /*maxnode=*/0ul, /*flags=MPOL_MF_MOVE*/ 2ul);
5589. res = syscall(__NR_socket, /*domain=*/0x11ul, /*type=SOCK_DGRAM*/ 2ul,
5590. /*proto=*/0x300);
5591. if (res != -1)
5592. r[56] = res;
5593. *(uint32_t*)0x200000000000 = 0;
5594. syscall(__NR_setsockopt, /*fd=*/r[56], /*level=*/0x107,
5595. /*optname=PACKET_RESERVE*/ 0xc, /*optval=*/0x200000000000ul,
5596. /*optlen=*/4ul);
5597. *(uint64_t*)0x2000000001c0 = 0;
5598. *(uint32_t*)0x2000000001c8 = 0;
5599. *(uint64_t*)0x2000000001d0 = 0x200000000040;
5600. *(uint64_t*)0x200000000040 = 0x200000000280;
5601. memcpy((void*)0x200000000280,
5602. "\xbd\x00\x00\x00\x19\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a"
5603. "\x01\x01\x01\x00\x00\x00\x15\xe9\xdc\x0d\x07\xfe\x64\x68\x00\xfc\x02"
5604. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5605. "\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00",
5606. 64);
5607. *(uint32_t*)0x2000000002c0 = 0;
5608. *(uint32_t*)0x2000000002c4 = -1;
5609. memcpy((void*)0x2000000002c8,
5610. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5611. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5612. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5613. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5614. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5615. "\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5616. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
5617. 112);
5618. *(uint64_t*)0x200000000048 = 0xb8;
5619. *(uint64_t*)0x2000000001d8 = 1;
5620. *(uint64_t*)0x2000000001e0 = 0;
5621. *(uint64_t*)0x2000000001e8 = 0;
5622. *(uint32_t*)0x2000000001f0 = 0;
5623. syscall(__NR_sendmsg, /*fd=*/r[55], /*msg=*/0x2000000001c0ul, /*f=*/0ul);
5624. *(uint64_t*)0x2000000001c0 = 0;
5625. *(uint32_t*)0x2000000001c8 = 0;
5626. *(uint64_t*)0x2000000001d0 = 0x200000000040;
5627. *(uint64_t*)0x200000000040 = 0x200000000280;
5628. memcpy((void*)0x200000000280,
5629. "\xbd\x00\x00\x00\x19\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a"
5630. "\x01\x01\x01\x00\x00\x00\x15\xe9\xdc\x0d\x07\xfe\x64\x68\x00\xfc\x02"
5631. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5632. "\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00",
5633. 64);
5634. *(uint32_t*)0x2000000002c0 = 0;
5635. *(uint32_t*)0x2000000002c4 = -1;
5636. memcpy((void*)0x2000000002c8,
5637. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5638. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5639. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5640. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5641. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5642. "\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
5643. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
5644. 112);
5645. *(uint64_t*)0x200000000048 = 0xb8;
5646. *(uint64_t*)0x2000000001d8 = 1;
5647. *(uint64_t*)0x2000000001e0 = 0;
5648. *(uint64_t*)0x2000000001e8 = 0;
5649. *(uint32_t*)0x2000000001f0 = 0;
5650. syscall(__NR_sendmsg, /*fd=*/r[55], /*msg=*/0x2000000001c0ul, /*f=*/0ul);
5651. memcpy((void*)0x2000000000c0, "nl80211\000", 8);
5652. res = -1;
5653. res = syz_genetlink_get_family_id(/*name=*/0x2000000000c0, /*fd=*/r[55]);
5654. if (res != -1)
5655. r[57] = res;
5656. *(uint64_t*)0x200000000200 = 0x200000000080;
5657. *(uint16_t*)0x200000000080 = 0x10;
5658. *(uint16_t*)0x200000000082 = 0;
5659. *(uint32_t*)0x200000000084 = 0;
5660. *(uint32_t*)0x200000000088 = 0x20000;
5661. *(uint32_t*)0x200000000208 = 0xc;
5662. *(uint64_t*)0x200000000210 = 0x200000000180;
5663. *(uint64_t*)0x200000000180 = 0x200000000100;
5664. *(uint32_t*)0x200000000100 = 0x80;
5665. *(uint16_t*)0x200000000104 = r[57];
5666. *(uint16_t*)0x200000000106 = 8;
5667. *(uint32_t*)0x200000000108 = 0x70bd29;
5668. *(uint32_t*)0x20000000010c = 0x25dfdbff;
5669. *(uint8_t*)0x200000000110 = 0x38;
5670. *(uint8_t*)0x200000000111 = 0;
5671. *(uint16_t*)0x200000000112 = 0;
5672. *(uint16_t*)0x200000000114 = 0xc;
5673. *(uint16_t*)0x200000000116 = 0x99;
5674. *(uint32_t*)0x200000000118 = 1;
5675. *(uint32_t*)0x20000000011c = 0x3a;
5676. *(uint16_t*)0x200000000120 = 0xc;
5677. *(uint16_t*)0x200000000122 = 0x58;
5678. *(uint64_t*)0x200000000124 = 0xf;
5679. *(uint16_t*)0x20000000012c = 0xc;
5680. *(uint16_t*)0x20000000012e = 0x58;
5681. *(uint64_t*)0x200000000130 = 0x100b;
5682. *(uint16_t*)0x200000000138 = 0xc;
5683. *(uint16_t*)0x20000000013a = 0x58;
5684. *(uint64_t*)0x20000000013c = 0x3f;
5685. *(uint16_t*)0x200000000144 = 0xc;
5686. *(uint16_t*)0x200000000146 = 0x58;
5687. *(uint64_t*)0x200000000148 = 0x63;
5688. *(uint16_t*)0x200000000150 = 0xc;
5689. *(uint16_t*)0x200000000152 = 0x58;
5690. *(uint64_t*)0x200000000154 = 0x7a;
5691. *(uint16_t*)0x20000000015c = 0xc;
5692. *(uint16_t*)0x20000000015e = 0x58;
5693. *(uint64_t*)0x200000000160 = 0x5d;
5694. *(uint16_t*)0x200000000168 = 0xc;
5695. *(uint16_t*)0x20000000016a = 0x58;
5696. *(uint64_t*)0x20000000016c = 0x59;
5697. *(uint16_t*)0x200000000174 = 0xc;
5698. *(uint16_t*)0x200000000176 = 0x58;
5699. *(uint64_t*)0x200000000178 = 6;
5700. *(uint64_t*)0x200000000188 = 0x80;
5701. *(uint64_t*)0x200000000218 = 1;
5702. *(uint64_t*)0x200000000220 = 0;
5703. *(uint64_t*)0x200000000228 = 0;
5704. *(uint32_t*)0x200000000230 = 0;
5705. syscall(__NR_sendmsg, /*fd=*/r[55], /*msg=*/0x200000000200ul, /*f=*/0ul);
5706. *(uint64_t*)0x200000000000 = 7;
5707. syscall(__NR_set_mempolicy, /*mode=MPOL_BIND|0x4*/ 6ul,
5708. /*nodemask=*/0x200000000000ul, /*maxnode=*/0x2ful);
5709. *(uint32_t*)0x20000001d000 = 2;
5710. *(uint32_t*)0x20000001d004 = 0x80;
5711. *(uint8_t*)0x20000001d008 = 0xb9;
5712. *(uint8_t*)0x20000001d009 = 0;
5713. *(uint8_t*)0x20000001d00a = 0;
5714. *(uint8_t*)0x20000001d00b = 0;
5715. *(uint32_t*)0x20000001d00c = 0;
5716. *(uint64_t*)0x20000001d010 = 0;
5717. *(uint64_t*)0x20000001d018 = 0;
5718. *(uint64_t*)0x20000001d020 = 0;
5719. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 0, 1);
5720. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 1, 1);
5721. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 2, 1);
5722. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 3, 1);
5723. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 4, 1);
5724. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 5, 1);
5725. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 6, 1);
5726. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 7, 1);
5727. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 8, 1);
5728. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 9, 1);
5729. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 10, 1);
5730. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 11, 1);
5731. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 12, 1);
5732. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 13, 1);
5733. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 14, 1);
5734. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 15, 2);
5735. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 17, 1);
5736. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 18, 1);
5737. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 19, 1);
5738. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 20, 1);
5739. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 21, 1);
5740. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 22, 1);
5741. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 23, 1);
5742. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 24, 1);
5743. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 25, 1);
5744. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 26, 1);
5745. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 27, 1);
5746. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 28, 1);
5747. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 29, 1);
5748. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 30, 1);
5749. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 31, 1);
5750. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 32, 1);
5751. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 33, 1);
5752. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 34, 1);
5753. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 35, 1);
5754. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 36, 1);
5755. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 37, 1);
5756. STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 38, 26);
5757. *(uint32_t*)0x20000001d030 = 0;
5758. *(uint32_t*)0x20000001d034 = 0;
5759. *(uint64_t*)0x20000001d038 = 0;
5760. *(uint64_t*)0x20000001d040 = 0;
5761. *(uint64_t*)0x20000001d048 = 0;
5762. *(uint64_t*)0x20000001d050 = 0;
5763. *(uint32_t*)0x20000001d058 = 0;
5764. *(uint32_t*)0x20000001d05c = 0;
5765. *(uint64_t*)0x20000001d060 = 0;
5766. *(uint32_t*)0x20000001d068 = 0;
5767. *(uint16_t*)0x20000001d06c = 0;
5768. *(uint16_t*)0x20000001d06e = 0;
5769. *(uint32_t*)0x20000001d070 = 0;
5770. *(uint32_t*)0x20000001d074 = 0;
5771. *(uint64_t*)0x20000001d078 = 0;
5772. syscall(__NR_perf_event_open, /*attr=*/0x20000001d000ul, /*pid=*/0,
5773. /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
5774. syscall(__NR_close_range, /*fd=*/-1, /*max_fd=*/-1,
5775. /*flags=CLOSE_RANGE_UNSHARE*/ 2ul);
5776. res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
5777. if (res != -1)
5778. r[58] = res;
5779. *(uint32_t*)0x200000000300 = 0xc;
5780. syscall(__NR_getsockopt, /*fd=*/-1, /*level=*/0, /*optname=*/8,
5781. /*optval=*/0x2000000002c0ul, /*optlen=*/0x200000000300ul);
5782. *(uint32_t*)0x200000000380 = 0x14;
5783. syscall(__NR_getpeername, /*fd=*/-1, /*peer=*/0x200000000340ul,
5784. /*peerlen=*/0x200000000380ul);
5785. memcpy((void*)0x2000000003c0,
5786. "team0\000\000\000\000\000\000\000\000\000\000\000", 16);
5787. syscall(__NR_ioctl, /*fd=*/r[58], /*cmd=*/0x8933, /*arg=*/0x2000000003c0ul);
5788. memcpy((void*)0x2000000004c0, "syztnl0\000\000\000\000\000\000\000\000\000",
5789. 16);
5790. *(uint64_t*)0x2000000004d0 = 0x200000000400;
5791. memcpy((void*)0x200000000400,
5792. "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
5793. *(uint32_t*)0x200000000410 = 0;
5794. *(uint16_t*)0x200000000414 = htobe16(0x20);
5795. *(uint16_t*)0x200000000416 = htobe16(8);
5796. *(uint32_t*)0x200000000418 = htobe32(1);
5797. *(uint32_t*)0x20000000041c = htobe32(0x10001);
5798. STORE_BY_BITMASK(uint8_t, , 0x200000000420, 0x1e, 0, 4);
5799. STORE_BY_BITMASK(uint8_t, , 0x200000000420, 4, 4, 4);
5800. STORE_BY_BITMASK(uint8_t, , 0x200000000421, 1, 0, 2);
5801. STORE_BY_BITMASK(uint8_t, , 0x200000000421, 0x3c, 2, 6);
5802. *(uint16_t*)0x200000000422 = htobe16(0x78);
5803. *(uint16_t*)0x200000000424 = htobe16(0x66);
5804. *(uint16_t*)0x200000000426 = htobe16(0);
5805. *(uint8_t*)0x200000000428 = 0x80;
5806. *(uint8_t*)0x200000000429 = 4;
5807. *(uint16_t*)0x20000000042a = htobe16(0);
5808. *(uint32_t*)0x20000000042c = htobe32(0xe0000002);
5809. *(uint32_t*)0x200000000430 = htobe32(0xe0000001);
5810. *(uint8_t*)0x200000000434 = 0x44;
5811. *(uint8_t*)0x200000000435 = 0xc;
5812. *(uint8_t*)0x200000000436 = 0x59;
5813. STORE_BY_BITMASK(uint8_t, , 0x200000000437, 1, 0, 4);
5814. STORE_BY_BITMASK(uint8_t, , 0x200000000437, 0xe, 4, 4);
5815. *(uint32_t*)0x200000000438 = htobe32(0xe0000001);
5816. *(uint32_t*)0x20000000043c = htobe32(0x76279cf9);
5817. *(uint8_t*)0x200000000440 = 0x94;
5818. *(uint8_t*)0x200000000441 = 4;
5819. *(uint16_t*)0x200000000442 = 0;
5820. *(uint8_t*)0x200000000444 = 0x44;
5821. *(uint8_t*)0x200000000445 = 0x44;
5822. *(uint8_t*)0x200000000446 = 0xb1;
5823. STORE_BY_BITMASK(uint8_t, , 0x200000000447, 1, 0, 4);
5824. STORE_BY_BITMASK(uint8_t, , 0x200000000447, 8, 4, 4);
5825. *(uint32_t*)0x200000000448 = htobe32(0xe0000001);
5826. *(uint32_t*)0x20000000044c = htobe32(0x8000);
5827. *(uint32_t*)0x200000000450 = htobe32(0);
5828. *(uint32_t*)0x200000000454 = htobe32(4);
5829. *(uint8_t*)0x200000000458 = 0xac;
5830. *(uint8_t*)0x200000000459 = 0x14;
5831. *(uint8_t*)0x20000000045a = 0x14;
5832. *(uint8_t*)0x20000000045b = 0xaa;
5833. *(uint32_t*)0x20000000045c = htobe32(4);
5834. *(uint32_t*)0x200000000460 = htobe32(0xe0000001);
5835. *(uint32_t*)0x200000000464 = htobe32(0x400);
5836. *(uint8_t*)0x200000000468 = 0xac;
5837. *(uint8_t*)0x200000000469 = 0x1e;
5838. *(uint8_t*)0x20000000046a = 0;
5839. *(uint8_t*)0x20000000046b = 1;
5840. *(uint32_t*)0x20000000046c = htobe32(6);
5841. *(uint32_t*)0x200000000470 = htobe32(-1);
5842. *(uint32_t*)0x200000000474 = htobe32(7);
5843. *(uint32_t*)0x200000000478 = htobe32(0xa010101);
5844. *(uint32_t*)0x20000000047c = htobe32(9);
5845. *(uint32_t*)0x200000000480 = htobe32(0xe0000002);
5846. *(uint32_t*)0x200000000484 = htobe32(0x25e);
5847. *(uint8_t*)0x200000000488 = 7;
5848. *(uint8_t*)0x200000000489 = 0xf;
5849. *(uint8_t*)0x20000000048a = 0xe8;
5850. *(uint8_t*)0x20000000048b = 0xac;
5851. *(uint8_t*)0x20000000048c = 0x14;
5852. *(uint8_t*)0x20000000048d = 0x14;
5853. *(uint8_t*)0x20000000048e = 0xaa;
5854. *(uint32_t*)0x20000000048f = htobe32(0xa010102);
5855. *(uint32_t*)0x200000000493 = htobe32(0);
5856. struct csum_inet csum_4;
5857. csum_inet_init(&csum_4);
5858. csum_inet_update(&csum_4, (const uint8_t*)0x200000000420, 120);
5859. *(uint16_t*)0x20000000042a = csum_inet_digest(&csum_4);
5860. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f0, /*arg=*/0x2000000004c0ul);
5861. memcpy((void*)0x2000000005c0,
5862. "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
5863. *(uint64_t*)0x2000000005d0 = 0x200000000500;
5864. memcpy((void*)0x200000000500, "erspan0\000\000\000\000\000\000\000\000\000",
5865. 16);
5866. *(uint32_t*)0x200000000510 = 0;
5867. *(uint16_t*)0x200000000514 = htobe16(8);
5868. *(uint16_t*)0x200000000516 = htobe16(0x8000);
5869. *(uint32_t*)0x200000000518 = htobe32(6);
5870. *(uint32_t*)0x20000000051c = htobe32(7);
5871. STORE_BY_BITMASK(uint8_t, , 0x200000000520, 0x26, 0, 4);
5872. STORE_BY_BITMASK(uint8_t, , 0x200000000520, 4, 4, 4);
5873. STORE_BY_BITMASK(uint8_t, , 0x200000000521, 3, 0, 2);
5874. STORE_BY_BITMASK(uint8_t, , 0x200000000521, 0xc, 2, 6);
5875. *(uint16_t*)0x200000000522 = htobe16(0x98);
5876. *(uint16_t*)0x200000000524 = htobe16(0x66);
5877. *(uint16_t*)0x200000000526 = htobe16(0);
5878. *(uint8_t*)0x200000000528 = 0x80;
5879. *(uint8_t*)0x200000000529 = 0x29;
5880. *(uint16_t*)0x20000000052a = htobe16(0);
5881. *(uint32_t*)0x20000000052c = htobe32(0x64010102);
5882. *(uint32_t*)0x200000000530 = htobe32(0x7f000001);
5883. *(uint8_t*)0x200000000534 = 0;
5884. *(uint8_t*)0x200000000535 = 0x44;
5885. *(uint8_t*)0x200000000536 = 0xc;
5886. *(uint8_t*)0x200000000537 = 0xb7;
5887. STORE_BY_BITMASK(uint8_t, , 0x200000000538, 1, 0, 4);
5888. STORE_BY_BITMASK(uint8_t, , 0x200000000538, 5, 4, 4);
5889. *(uint8_t*)0x200000000539 = 0xac;
5890. *(uint8_t*)0x20000000053a = 0x14;
5891. *(uint8_t*)0x20000000053b = 0x14;
5892. *(uint8_t*)0x20000000053c = 0xaa;
5893. *(uint32_t*)0x20000000053d = htobe32(0);
5894. *(uint8_t*)0x200000000541 = 0x82;
5895. *(uint8_t*)0x200000000542 = 4;
5896. memcpy((void*)0x200000000543, "\xb8\xef", 2);
5897. *(uint8_t*)0x200000000545 = 0x86;
5898. *(uint8_t*)0x200000000546 = 0x59;
5899. *(uint32_t*)0x200000000547 = htobe32(0);
5900. *(uint8_t*)0x20000000054b = 2;
5901. *(uint8_t*)0x20000000054c = 0xe;
5902. memcpy((void*)0x20000000054d,
5903. "\x34\x08\x3f\x49\x7a\x02\xf6\x39\x81\x17\x3c\x47", 12);
5904. *(uint8_t*)0x200000000559 = 0;
5905. *(uint8_t*)0x20000000055a = 0xc;
5906. memcpy((void*)0x20000000055b, "\x3d\x2f\x48\x6f\x70\xcc\x08\xfb\xb2\xda", 10);
5907. *(uint8_t*)0x200000000565 = 0;
5908. *(uint8_t*)0x200000000566 = 9;
5909. memcpy((void*)0x200000000567, "\xb5\x5d\xb1\x30\xc9\x4b\x45", 7);
5910. *(uint8_t*)0x20000000056e = 1;
5911. *(uint8_t*)0x20000000056f = 0xf;
5912. memcpy((void*)0x200000000570,
5913. "\x53\x03\x8e\xa0\x07\x40\xc8\xf8\xec\xaa\xfc\x05\xe2", 13);
5914. *(uint8_t*)0x20000000057d = 7;
5915. *(uint8_t*)0x20000000057e = 0xf;
5916. memcpy((void*)0x20000000057f,
5917. "\xc5\x0a\x92\xca\x0e\x76\xbe\x1c\xd9\x04\xd7\x5f\xdd", 13);
5918. *(uint8_t*)0x20000000058c = 2;
5919. *(uint8_t*)0x20000000058d = 0x12;
5920. memcpy((void*)0x20000000058e,
5921. "\x5b\x4d\x62\x4c\xcc\xa6\x0e\x21\xb1\xfb\xf1\x56\x6c\xf0\xfb\xce",
5922. 16);
5923. *(uint8_t*)0x20000000059e = 0x83;
5924. *(uint8_t*)0x20000000059f = 0x17;
5925. *(uint8_t*)0x2000000005a0 = 0x8e;
5926. *(uint32_t*)0x2000000005a1 = htobe32(0xa010101);
5927. *(uint8_t*)0x2000000005a5 = 0xac;
5928. *(uint8_t*)0x2000000005a6 = 0x14;
5929. *(uint8_t*)0x2000000005a7 = 0x14;
5930. *(uint8_t*)0x2000000005a8 = 0xbb;
5931. *(uint32_t*)0x2000000005a9 = htobe32(0x64010101);
5932. *(uint32_t*)0x2000000005ad = htobe32(0xe0000002);
5933. *(uint8_t*)0x2000000005b1 = 0xac;
5934. *(uint8_t*)0x2000000005b2 = 0x14;
5935. *(uint8_t*)0x2000000005b3 = 0x14;
5936. *(uint8_t*)0x2000000005b4 = 0xaa;
5937. struct csum_inet csum_5;
5938. csum_inet_init(&csum_5);
5939. csum_inet_update(&csum_5, (const uint8_t*)0x200000000520, 152);
5940. *(uint16_t*)0x20000000052a = csum_inet_digest(&csum_5);
5941. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f1, /*arg=*/0x2000000005c0ul);
5942. res = syscall(
5943. __NR_socket, /*domain=AF_PACKET|0x200000000000000*/ 0x200000000000011ul,
5944. /*type=SOCK_CLOEXEC|SOCK_DGRAM|0x4000000000000000*/ 0x4000000000080002ul,
5945. /*proto=*/0xdd86);
5946. if (res != -1)
5947. r[59] = res;
5948. memcpy((void*)0x200000000100, "./file0\000", 8);
5949. syscall(__NR_mkdir, /*path=*/0x200000000100ul, /*mode=*/0ul);
5950. memcpy((void*)0x200000027000, "./file0\000", 8);
5951. memcpy((void*)0x200000000040, "devpts\000", 7);
5952. syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000027000ul,
5953. /*type=*/0x200000000040ul, /*flags=*/0ul, /*data=*/0ul);
5954. memcpy((void*)0x2000000000c0, "./file0\000", 8);
5955. syscall(__NR_chroot, /*dir=*/0x2000000000c0ul);
5956. *(uint64_t*)0x200000000680 = 0;
5957. *(uint32_t*)0x200000000688 = 0x21;
5958. *(uint32_t*)0x20000000068c = 0;
5959. *(uint32_t*)0x200000000690 = 0;
5960. syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000680ul,
5961. /*timerid=*/0x200000000100ul);
5962. *(uint64_t*)0x20000006b000 = 0;
5963. *(uint64_t*)0x20000006b008 = 8;
5964. *(uint64_t*)0x20000006b010 = 0;
5965. *(uint64_t*)0x20000006b018 = 9;
5966. syscall(__NR_timer_settime, /*timerid=*/0, /*flags=*/0ul,
5967. /*new=*/0x20000006b000ul, /*old=*/0ul);
5968. memcpy((void*)0x200000000ac0, "./file0\000", 8);
5969. memcpy((void*)0x200000000a80, "securityfs\000", 11);
5970. syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000ac0ul,
5971. /*type=*/0x200000000a80ul, /*flags=*/0ul, /*data=*/0ul);
5972. memcpy((void*)0x200000000080, "./file0\000", 8);
5973. memcpy((void*)0x2000000000c0, "./file0\000", 8);
5974. syscall(__NR_pivot_root, /*new_root=*/0x200000000080ul,
5975. /*put_old=*/0x2000000000c0ul);
5976. memcpy((void*)0x200000000000,
5977. "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
5978. syscall(__NR_ioctl, /*fd=*/r[59], /*cmd=*/0x8933, /*arg=*/0x200000000000ul);
5979. res = syscall(__NR_socket,
5980. /*domain=AF_INET6|0x200000000000000*/ 0x20000000000000aul,
5981. /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0);
5982. if (res != -1)
5983. r[60] = res;
5984. res = syscall(__NR_socket, /*domain=*/2ul, /*type=SOCK_RAW*/ 3ul,
5985. /*proto=*/0x8d);
5986. if (res != -1)
5987. r[61] = res;
5988. memset((void*)0x200000000340, 156, 1);
5989. syscall(__NR_setsockopt, /*fd=*/r[61], /*level=*/0, /*optname=*/8,
5990. /*optval=*/0x200000000340ul, /*optlen=*/1ul);
5991. *(uint32_t*)0x200000000140 = 0xc;
5992. res = syscall(__NR_getsockopt, /*fd=*/r[61], /*level=*/0, /*optname=*/8,
5993. /*optval=*/0x200000000040ul, /*optlen=*/0x200000000140ul);
5994. if (res != -1)
5995. r[62] = *(uint32_t*)0x200000000040;
5996. *(uint8_t*)0x200000000000 = -1;
5997. *(uint8_t*)0x200000000001 = 2;
5998. memset((void*)0x200000000002, 0, 13);
5999. *(uint8_t*)0x20000000000f = 1;
6000. *(uint32_t*)0x200000000010 = 0;
6001. *(uint32_t*)0x200000000014 = r[62];
6002. syscall(__NR_ioctl, /*fd=*/r[60], /*cmd=*/0x8916, /*arg=*/0x200000000000ul);
6003. memcpy((void*)0x200000000680, "syztnl2\000\000\000\000\000\000\000\000\000",
6004. 16);
6005. *(uint64_t*)0x200000000690 = 0x200000000600;
6006. memcpy((void*)0x200000000600, "ip6tnl0\000\000\000\000\000\000\000\000\000",
6007. 16);
6008. *(uint32_t*)0x200000000610 = 0;
6009. *(uint8_t*)0x200000000614 = 4;
6010. *(uint8_t*)0x200000000615 = 0xcd;
6011. *(uint8_t*)0x200000000616 = 9;
6012. *(uint32_t*)0x200000000618 = htobe32(9);
6013. *(uint32_t*)0x20000000061c = 0x3e;
6014. *(uint8_t*)0x200000000620 = 0xfe;
6015. *(uint8_t*)0x200000000621 = 0x88;
6016. memset((void*)0x200000000622, 0, 12);
6017. *(uint8_t*)0x20000000062e = 0;
6018. *(uint8_t*)0x20000000062f = 1;
6019. memset((void*)0x200000000630, 0, 16);
6020. *(uint16_t*)0x200000000640 = htobe16(0x80);
6021. *(uint16_t*)0x200000000642 = htobe16(7);
6022. *(uint32_t*)0x200000000644 = htobe32(7);
6023. *(uint32_t*)0x200000000648 = htobe32(2);
6024. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f3, /*arg=*/0x200000000680ul);
6025. memcpy((void*)0x2000000006c0, "batadv0\000\000\000\000\000\000\000\000\000",
6026. 16);
6027. syscall(__NR_ioctl, /*fd=*/r[58], /*cmd=*/0x8933, /*arg=*/0x2000000006c0ul);
6028. res = syscall(__NR_socket, /*domain=*/0x11ul, /*type=SOCK_DGRAM*/ 2ul,
6029. /*proto=*/0x300);
6030. if (res != -1)
6031. r[63] = res;
6032. memcpy((void*)0x200000000000,
6033. "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
6034. res = syscall(__NR_ioctl, /*fd=*/r[63], /*cmd=*/0x8933,
6035. /*arg=*/0x200000000000ul);
6036. if (res != -1)
6037. r[64] = *(uint32_t*)0x200000000010;
6038. res = syscall(__NR_socket, /*domain=AF_INET6*/ 0xaul, /*type=SOCK_DGRAM*/ 2ul,
6039. /*proto=*/0);
6040. if (res != -1)
6041. r[65] = res;
6042. *(uint8_t*)0x200000000400 = 0xfe;
6043. *(uint8_t*)0x200000000401 = 0x80;
6044. memset((void*)0x200000000402, 0, 13);
6045. *(uint8_t*)0x20000000040f = 0x1f;
6046. memcpy((void*)0x200000000410,
6047. " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
6048. memcpy((void*)0x200000000420,
6049. " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16);
6050. *(uint32_t*)0x200000000430 = 0;
6051. *(uint16_t*)0x200000000434 = 0;
6052. *(uint16_t*)0x200000000436 = 0;
6053. *(uint32_t*)0x200000000438 = 0;
6054. *(uint64_t*)0x200000000440 = 0;
6055. *(uint32_t*)0x200000000448 = 0x8420006e;
6056. *(uint32_t*)0x20000000044c = r[64];
6057. syscall(__NR_ioctl, /*fd=*/r[65], /*cmd=*/0x890b, /*arg=*/0x200000000400ul);
6058. memcpy((void*)0x2000000000c0, "./file0\000", 8);
6059. syscall(__NR_open, /*file=*/0x2000000000c0ul,
6060. /*flags=O_NOCTTY|O_LARGEFILE|O_EXCL|O_CREAT|O_RDWR|0x3d*/ 0x81fful,
6061. /*mode=*/0ul);
6062. *(uint64_t*)0x200000000680 = 0;
6063. *(uint32_t*)0x200000000688 = 0x21;
6064. *(uint32_t*)0x20000000068c = 0;
6065. *(uint32_t*)0x200000000690 = 0;
6066. syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000680ul,
6067. /*timerid=*/0x200000000100ul);
6068. *(uint64_t*)0x20000006b000 = 0;
6069. *(uint64_t*)0x20000006b008 = 0x3938700;
6070. *(uint64_t*)0x20000006b010 = 0x77359400;
6071. *(uint64_t*)0x20000006b018 = 0;
6072. syscall(__NR_timer_settime, /*timerid=*/0, /*flags=TIMER_ABSTIME*/ 1ul,
6073. /*new=*/0x20000006b000ul, /*old=*/0ul);
6074. *(uint64_t*)0x200000000080 = 0;
6075. *(uint64_t*)0x200000000088 = 0x3938700;
6076. syscall(__NR_clock_nanosleep, /*id=CLOCK_PROCESS_CPUTIME_ID*/ 2ul,
6077. /*flags=TIMER_ABSTIME*/ 1ul, /*rqtp=*/0x200000000080ul, /*rmtp=*/0ul);
6078. memcpy((void*)0x200000000040, "./file0\000", 8);
6079. memcpy((void*)0x200000000100, "tmpfs\000", 6);
6080. memcpy((void*)0x2000000001c0,
6081. "\x6d\x70\x6f\x6c\x3d\x6c\x6f\x63\x61\x6c\x3d\x72\x65\x6c\x61\x74\x69"
6082. "\x76\x65\x3a\x4e\x2c\x97\x23\x87\xbf\x8f\x7c\xeb\x2b\xca\xcc\x71\x66"
6083. "\x02\x14\x20\x1f\xa3\x72\x42\x2a\x04\x2e\x0b\xfc\x4f\x8b\x43\xc2\xb8"
6084. "\xf6\x50\xf0\x70\x2e\xb1\x4d\xe8\xcc\xba\xc9\x98\x84\x3f\x92\x7c\xae"
6085. "\x63\x7a\x86\x51\x42\x88\x71\xf9\x35\x19\xdb\x55\x6b\x62\xb5\x92\xad"
6086. "\x83\x8b\xf8\xb8\x42\x48\x18\x42\x1a\xd1\x8d\x4d\xa9\x84\xeb\x13\x7e"
6087. "\x09\x20\xd1\xf6\x20\x56\x84\xb2\xab\x96\x87\xbd\xbd\x14\xc1\xf2\x86"
6088. "\x54\x41\xf0\x7f\x3b\xb8\xca\x5c\x75\xdf\x1f\xd1\x0f\xcf\xd6\x00\x00"
6089. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
6090. 147);
6091. syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000040ul,
6092. /*type=*/0x200000000100ul, /*flags=*/0ul, /*opts=*/0x2000000001c0ul);
6093. memcpy((void*)0x200000000800, "ext4\000", 5);
6094. memcpy((void*)0x200000000100, "./file0\000", 8);
6095. *(uint8_t*)0x200000000140 = 0;
6096. memcpy(
6097. (void*)0x200000000d40,
6098. "\x78\x9c\xec\xdd\xcf\x6f\x23\x57\x1d\x00\xf0\xef\x4c\x7e\xa7\x69\x93\x02"
6099. "\x07\x40\x40\x96\x52\x58\xd0\x6a\xed\xc4\xdb\x46\x55\x25\xa4\x72\xa1\x87"
6100. "\xaa\x12\xa2\xe2\xc4\x61\x1b\x12\x6f\x14\xc5\x8e\xa3\xd8\x81\x4d\x58\x89"
6101. "\xf4\xc2\x5f\x50\x89\x4a\x9c\xe0\xc2\x9d\x03\x12\x07\xa4\xfe\x0b\xdc\xe0"
6102. "\xd6\x4b\x39\x20\x2d\xb0\x02\x6d\x90\x38\x18\xcd\xd8\xc9\x26\x9b\xd8\x89"
6103. "\x76\x13\x1b\x32\x9f\x8f\xf4\xe4\x79\xf3\xbc\xf3\x7d\xcf\xde\x99\x37\xfe"
6104. "\xae\xd7\x2f\x80\xc2\xba\x11\x11\xfb\x11\x31\x1e\x11\xef\x47\xc4\x6c\x77"
6105. "\x7f\xd2\x2d\xf1\x56\xa7\x64\xcf\x7b\xfc\xe8\xc1\xca\xc1\xa3\x07\x2b\x49"
6106. "\xb4\xdb\xef\xfd\x3d\xc9\xdb\xb3\x7d\x71\xec\xcf\x64\x5e\xe8\x1e\x73\x32"
6107. "\x22\xbe\xff\x76\xc4\x8f\x92\xd3\x71\x9b\xbb\x7b\x1b\xcb\xb5\x5a\x75\xbb"
6108. "\x5b\x2f\xb7\xea\x5b\xe5\xe6\xee\xde\xed\xf5\xfa\xf2\x5a\x75\xad\xba\x59"
6109. "\xa9\x2c\x2d\x2e\x2d\xbc\x71\xe7\xf5\xca\xa5\x8d\x75\xbe\xfe\xdb\x87\xdf"
6110. "\x5d\x7f\xe7\x07\x7f\xf8\xfd\x97\x3f\xfd\xe3\xfe\xb7\x7e\x9a\x75\x6b\xa6"
6111. "\xdb\x76\x7c\x1c\x97\xa9\x33\xf4\xb1\xa3\x38\x99\xd1\x88\x78\xe7\x2a\x82"
6112. "\x0d\xc1\x48\x77\x3c\xe3\xc3\xee\x08\xcf\x24\x8d\x88\xcf\x44\xc4\x2b\x59"
6113. "\x65\x6e\x36\x46\xf2\x77\x13\x00\xb8\xce\xda\xed\xd9\x68\xcf\x1e\xaf\x03"
6114. "\x00\xd7\x5d\x9a\xe7\xc0\x92\xb4\xd4\xcd\x05\xcc\x44\x9a\x96\x4a\x9d\x1c"
6115. "\xde\xe7\x62\x3a\xad\x35\x9a\xad\x5b\xf7\x1a\x3b\x9b\xab\x9d\x5c\xd9\x5c"
6116. "\x8c\xa5\xf7\xd6\x6b\xd5\x85\x6e\xae\x70\x2e\xc6\x92\xac\xbe\x98\x6f\x3f"
6117. "\xa9\x57\x9e\xaa\xdf\x89\x88\x97\x23\xe2\xc3\x89\xa9\xbc\x5e\x5a\x69\xd4"
6118. "\x56\x87\x79\xe3\x03\x00\x05\xf6\xc2\x53\xf3\xff\xbf\x26\x3a\xf3\xff\x71"
6119. "\x53\xc3\xea\x1c\x00\x70\x75\x26\x87\xdd\x01\x00\x60\xe0\xcc\xff\x00\x50"
6120. "\x3c\xe6\x7f\x00\x28\x9e\x7c\xfe\xff\xf0\x37\x6f\x7f\xfb\x54\x4b\x3a\x8c"
6121. "\xee\x00\x00\x03\x70\xde\xe7\x7f\x77\x01\x00\x70\xfd\xc8\xff\x03\x40\xf1"
6122. "\x98\xff\x01\xa0\x50\xbe\xf7\xee\xbb\x59\x69\x1f\x74\x7f\xff\x7a\xf5\xc7"
6123. "\xbb\x3b\x1b\x8d\xa9\xdb\xab\xd5\xe6\x46\xa9\xbe\xb3\x52\x5a\x69\x6c\x6f"
6124. "\x95\xd6\x1a\x8d\xb5\xfc\x37\x7b\xea\xe7\x1d\xaf\xd6\x68\x6c\x2d\xbe\x16"
6125. "\x3b\xf7\xcb\xad\x6a\xb3\x55\x6e\xee\xee\xdd\xad\x37\x76\x36\x5b\x77\xf3"
6126. "\xdf\xf5\xbe\x5b\x1d\x1b\xc8\xa8\x00\x80\x7e\x5e\x9e\xff\xf8\xcf\x49\x44"
6127. "\xec\xbf\x39\x95\x97\x38\xb6\x96\x83\xb9\x1a\xae\x37\x5f\xed\x81\xe2\xb2"
6128. "\xda\x0f\x14\x97\xf3\x1f\x8a\xcb\x67\x7c\x20\xe9\x2c\xe5\xda\x53\xcf\xaf"
6129. "\x08\x7d\x74\x25\xdd\x01\x06\xe0\xe6\x17\x3a\xf9\xff\x44\xfe\x1f\x0a\x47"
6130. "\xfe\x1f\x8a\xab\xef\x4d\x3f\x70\xad\xc9\xff\x43\x71\xb5\xdb\x89\x35\xff"
6131. "\x01\xa0\x60\xe4\xf8\xa1\xf0\x26\x93\xf3\x9e\xd0\xab\xe1\x9c\x7f\xff\x1f"
6132. "\x7f\xc6\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6133. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xff\x83\x99\xbc\x24\x69\xa9\xbb"
6134. "\x16\xf8\x4c\xa4\x69\xa9\x14\xf1\x62\x44\xcc\xc5\x58\x72\x6f\xbd\x56\x5d"
6135. "\x88\x88\x97\x22\xe2\x4f\x13\x63\x13\x59\x7d\x71\xd8\x9d\x06\x00\x9e\x53"
6136. "\xfa\xd7\x24\x22\xb2\x72\x73\xf6\xd5\xec\x76\xe0\xc4\x92\x80\xe3\xc9\xbf"
6137. "\x27\xa2\xbb\x8e\xd7\x4f\x7e\xf9\xde\x2f\xee\x2f\xb7\x5a\xdb\x8b\xd9\xfe"
6138. "\x7f\x1c\xed\x6f\x7d\xd4\xdd\x5f\x19\xd6\x18\x00\x80\x7e\x0e\xe7\xe9\xfb"
6139. "\xcb\xad\x9f\xc7\xb1\x0f\xf2\x8f\x1f\x3d\x58\x39\x2c\x83\xec\xcf\xc3\xef"
6140. "\x74\x16\x17\xcd\xe2\x1e\x74\x4b\xa7\x65\x34\x46\xf3\xc7\xc9\xfc\x86\x64"
6141. "\xfa\x9f\x49\xb7\xde\x91\xdd\xaf\x8c\x5c\x42\xfc\xfd\x0f\x22\xe2\xf3\x67"
6142. "\x8d\x3f\xc9\x73\x23\x73\xdd\x95\x4f\x9f\x8e\x9f\xc5\x7e\x71\xa0\xf1\xd3"
6143. "\x13\xf1\xd3\xbc\xad\xf3\x98\xbd\x16\x9f\xbd\x84\xbe\x40\xd1\x7c\x9c\x5d"
6144. "\x7f\xde\x3a\x71\xfe\xa5\x9d\x96\x34\x6e\xe4\x8f\x67\x9f\xff\x93\xf9\x15"
6145. "\xea\xf9\x1d\x5e\xff\x0e\x4e\x5d\xff\xd2\xa3\xeb\xdf\x48\x8f\xeb\xdf\x8d"
6146. "\xfe\x87\x6e\xcf\x1e\xc6\x78\x6d\xbe\x77\xfc\x0f\x22\xbe\x38\x7a\x56\xfc"
6147. "\xe4\x28\x7e\xd2\x23\xfe\xab\x17\x1c\xe3\x27\x5f\xfa\xca\x2b\x3d\x3b\xf9"
6148. "\xab\x88\x9b\x71\x76\xfc\xe3\xb1\xca\xad\xfa\x56\xb9\xb9\xbb\x77\x7b\xbd"
6149. "\xbe\xbc\x56\x5d\xab\x6e\x56\x2a\x4b\x8b\x4b\x0b\x6f\xdc\x79\xbd\x52\xce"
6150. "\x73\xd4\xe5\xc3\x4c\xf5\x69\x7f\x7b\xf3\xd6\x4b\xfd\xc6\x3f\xdd\x23\xfe"
6151. "\xe4\x39\xe3\xff\xfa\x05\xc7\xff\xeb\xff\xbc\xff\xc3\xaf\xf6\x89\xff\xcd"
6152. "\xaf\x9d\xfd\xfe\x8f\xf5\x89\x9f\xb5\x7d\xe3\x82\xf1\x97\xa7\x7f\xd7\x73"
6153. "\xf9\xee\x2c\xfe\x6a\x8f\xf1\xf7\x79\xff\x3f\xc9\xf6\xdd\x3a\x71\xa4\x76"
6154. "\xc7\xcf\x4e\xc7\xf8\xf4\x2f\x7b\xab\x17\xec\x2a\x00\x30\x00\xcd\xdd\xbd"
6155. "\x8d\xe5\x5a\xad\xba\x6d\xa3\x18\x1b\xe3\xf1\x3f\xd1\x8d\xf3\x36\xf2\xe4"
6156. "\x46\x44\x5c\x41\x88\x2b\xf8\x3b\x3f\x1f\xc3\x7f\xc5\x2e\x7b\x63\xd8\x57"
6157. "\x26\xe0\xaa\x3d\x39\xe9\x87\xdd\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6158. "\x00\x00\xa0\x97\x41\xfc\x77\xa2\x61\x8f\x11\x00\x00\x00\x00\x00\x00\x00"
6159. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6160. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6161. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6162. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6163. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6164. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6165. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6166. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6167. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\xeb"
6168. "\xeb\xbf\x01\x00\x00\xff\xff\xfe\xbf\xdc\x04",
6169. 1271);
6170. res = -1;
6171. res = syz_mount_image(
6172. /*fs=*/0x200000000800, /*dir=*/0x200000000100,
6173. /*flags=MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODIRATIME|0x44*/ 0x84f,
6174. /*opts=*/0x200000000140, /*chdir=*/0x20, /*size=*/0x4f7,
6175. /*img=*/0x200000000d40);
6176. if (res != -1)
6177. r[66] = res;
6178. memcpy((void*)0x2000000000c0, "iso9660\000", 8);
6179. memcpy((void*)0x200000000000, "./file0\000", 8);
6180. memcpy((void*)0x200000000880, "check=strict", 12);
6181. *(uint8_t*)0x20000000088c = 0x2c;
6182. memcpy((void*)0x20000000088d, "block", 5);
6183. *(uint8_t*)0x200000000892 = 0x3d;
6184. sprintf((char*)0x200000000893, "0x%016llx", (long long)0x200);
6185. *(uint8_t*)0x2000000008a5 = 0x2c;
6186. memcpy((void*)0x2000000008a6, "mode", 4);
6187. *(uint8_t*)0x2000000008aa = 0x3d;
6188. sprintf((char*)0x2000000008ab, "0x%016llx", (long long)6);
6189. *(uint8_t*)0x2000000008bd = 0x2c;
6190. memcpy((void*)0x2000000008be, "dmode", 5);
6191. *(uint8_t*)0x2000000008c3 = 0x3d;
6192. sprintf((char*)0x2000000008c4, "0x%016llx", (long long)0x800);
6193. *(uint8_t*)0x2000000008d6 = 0x2c;
6194. memcpy((void*)0x2000000008d7, "session", 7);
6195. *(uint8_t*)0x2000000008de = 0x3d;
6196. sprintf((char*)0x2000000008df, "0x%016llx", (long long)0x4a);
6197. *(uint8_t*)0x2000000008f1 = 0x2c;
6198. memcpy((void*)0x2000000008f2, "iocharset", 9);
6199. *(uint8_t*)0x2000000008fb = 0x3d;
6200. memcpy((void*)0x2000000008fc, "cp857", 5);
6201. *(uint8_t*)0x200000000901 = 0x2c;
6202. *(uint8_t*)0x200000000902 = 0;
6203. memcpy(
6204. (void*)0x200000000240,
6205. "\x78\x9c\xec\xdd\x5d\x6f\xdb\xd6\x1d\xc7\xf1\x1f\x65\xd9\x56\x3c\x20\x18"
6206. "\xb6\x21\x08\x82\x34\x39\x4d\x56\xc0\xc1\x52\x45\x92\x1b\x07\x42\x76\x31"
6207. "\x8e\x3a\xb2\xd9\x49\xa2\x40\xd2\x85\x0d\x0c\x28\xb2\xc6\x2e\x8c\xc8\xe9"
6208. "\x96\x74\xc0\xe2\x9b\xc2\x37\x7b\x00\xba\x17\xd1\x9b\x5d\xec\x45\x0c\xd8"
6209. "\xf5\xde\xc5\x2e\x07\x14\xdb\xdd\x80\xdd\x68\x20\x29\xd9\xb2\xad\x27\x27"
6210. "\x8a\x9d\x34\xdf\x8f\x90\xf0\x98\xfc\xf3\x9c\x3f\x0f\x15\x9e\xd0\x12\x49"
6211. "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6212. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6213. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x5e\xad\x54\x2a\x3b"
6214. "\x6a\xf8\xad\x8d\x4d\x33\x9a\x57\x0b\x83\xe6\x98\xe5\x59\x6d\xf3\xba\x93"
6215. "\x15\xee\x4c\x6c\x57\x72\x92\x3f\x2a\x14\x74\x35\x9b\x75\xf5\x47\x47\x8b"
6216. "\xaf\x24\x7f\xdd\xd2\xf5\xec\xa7\xeb\x2a\x24\x93\x82\xf6\xbf\x77\xe5\xfb"
6217. "\x0f\x7f\x98\xcf\xf5\xd7\x1f\x93\xd0\xcb\xd0\x59\x2b\x7c\xfe\x62\xff\xc9"
6218. "\xa3\x4e\x67\xfb\xd9\x8c\x13\x79\x03\x28\x37\x45\xd0\x9a\x6d\xf9\x51\xe0"
6219. "\x37\xdd\x35\x6b\xfc\x28\x30\xd5\xd5\xd5\xd2\xbd\xf5\x7a\x64\xea\x7e\xc3"
6220. "\x46\x5b\x51\x6c\x9b\xc6\x0b\xad\x1b\x07\xa1\x59\xf6\xee\x98\x72\xb5\xba"
6221. "\x62\x6c\x71\x2b\xd8\x68\xad\xd5\xdc\x86\xed\xcf\x7c\xf0\x61\xa5\x54\x5a"
6222. "\x35\x1f\x2f\xf6\x76\xff\xbd\x8f\x8b\x91\xb7\xee\x37\x1a\x7e\x6b\x2d\x8d"
6223. "\x49\x16\x27\x31\x0f\xcc\xd7\xbf\xcc\x42\xac\xdb\x34\x66\x67\xb7\xb3\xbd"
6224. "\x32\x29\xc9\x24\xa8\x3c\x4d\x50\x65\x52\x50\xa5\x54\xa9\x94\xcb\x95\x4a"
6225. "\x79\xf5\x7e\xf5\xfe\x83\x52\x29\x7f\x6a\x46\xe9\x04\x9d\x8a\x98\xf9\x9b"
6226. "\x16\x6f\x99\xd9\x1d\xbc\x81\x57\x94\x4b\xc6\xff\x7f\x3a\x52\x43\x05\xb5"
6227. "\xb4\xa1\x4d\x99\xa1\x2f\x4f\x35\x85\x0a\xd4\x1c\xb1\xbc\xa7\x3f\xfe\x7f"
6228. "\x70\xcf\x8e\x6d\x77\x70\xfc\xef\x8f\xf2\x57\x8f\x16\x5f\x53\x3a\xfe\xdf"
6229. "\xc8\x7e\xba\x31\x6a\xfc\x1f\x91\xcb\xb8\x97\xa3\x97\x59\x6b\xd4\xeb\xb9"
6230. "\x5e\x68\x5f\x4f\xf4\x48\x1d\x75\xb4\xad\x67\x33\xac\xfb\x6d\x78\xad\xc9"
6231. "\xaa\x25\x5f\x91\x02\xf9\x6a\xca\x4d\xe7\x98\xde\x1c\xa3\xaa\x56\xb5\xaa"
6232. "\x92\x3e\xd5\xba\xea\x8a\x64\x54\x97\xaf\x86\xac\x22\x6d\x29\x52\x2c\x9b"
6233. "\xbe\xa3\x3c\x85\xb2\x72\x15\x2b\x50\x28\xa3\x65\x79\xba\x23\xa3\xb2\xaa"
6234. "\xaa\x6a\x45\x46\x56\x45\x6d\x29\xd0\x86\x5a\x5a\x53\x4d\xae\xfe\xdb\xed"
6235. "\x76\x77\xb4\x9b\xf6\xfb\xca\x98\x1c\xd5\x0f\x2a\x4f\x13\x54\x19\x13\x34"
6236. "\x6a\xfc\xff\xd5\x57\xd9\xfb\x94\xf1\xff\x5d\xd7\x3f\x7e\x4d\x13\x03\x5c"
6237. "\xb8\x6e\xef\xfc\xff\x8c\x6e\xbe\x9e\x6c\x00\x00\x00\x00\x00\xc0\xeb\xe0"
6238. "\xa4\xbf\x7d\x77\xd2\xcf\xee\xdf\x93\xd4\x55\xdd\x6f\xd8\xd2\x45\xa7\x05"
6239. "\x00\x00\x00\x00\x00\x66\x28\xfd\xe4\xff\x7a\x32\x99\x4f\x4a\xef\xc9\xe1"
6240. "\xfc\x1f\x00\x00\x00\x00\x80\xef\x1a\x27\xbd\xc6\xce\x91\xb4\x94\x7e\xa9"
6241. "\xdf\x39\xba\x12\x6a\x9a\x5f\x02\x2c\x9e\x43\x8a\x00\x00\x00\x00\x00\xe0"
6242. "\x15\xa5\x9f\xff\xdf\x58\x90\xba\xe9\xa9\xfc\x4d\x39\x67\x3a\xff\x07\x00"
6243. "\x00\x00\x00\x00\x6f\x81\x3f\x0e\xdc\x63\x3f\xdf\xbf\xc7\x6e\x77\xae\xb7"
6244. "\x34\x27\x29\x6a\x2f\x3a\x7f\xfb\xf7\xa2\xc2\x79\xe7\xa0\xbd\xf9\x63\x67"
6245. "\xcf\x4d\x96\xb8\x7b\xbd\x98\xb9\x93\x35\xc6\xf5\x6b\xce\xe5\xde\x8d\x7a"
6246. "\xd3\xc9\x6a\xbe\xf7\x93\x67\xaf\x3b\xbd\xfb\x03\xf7\x6e\x82\x79\x78\xdf"
6247. "\xc1\x6f\x77\x26\xdd\xeb\xdf\x09\x4f\x24\xb0\x30\x37\x58\xc1\x54\x09\xe8"
6248. "\x6b\xbd\x9f\xc5\xbc\x5f\xc8\xa6\x8f\xf7\x73\x4a\x97\x64\xad\x2c\xd5\xfd"
6249. "\x86\x2d\x7a\x41\xe3\x61\x59\xae\x7b\x39\x17\xdb\xcd\xf8\xb7\x4f\x77\x7f"
6250. "\x27\x85\x87\xdb\xb9\xb3\xdb\xd9\x2e\x7e\xf6\x45\xe7\x71\x9a\xcb\x41\x32"
6251. "\xeb\x60\x2f\xc9\xe3\xab\x63\xe9\xe4\x26\xe5\xf2\x65\x7a\xbf\x85\xf4\x9a"
6252. "\x8b\xa1\x5b\x3c\x5f\xef\x37\xf9\xa7\x56\x73\xc9\x49\xdb\x2d\xf5\xb7\x7f"
6253. "\x4e\xee\x5e\x6e\xb0\xa1\xe9\xb6\xff\xf7\xba\x95\xc5\xdc\x5a\xca\xa6\x4b"
6254. "\xfb\xea\xf5\x44\xda\x66\x21\xd9\xfe\x72\xf1\xe1\x82\xa4\x63\x5b\x1f\xce"
6255. "\x3b\x47\x59\x94\x4f\x6e\xf9\xb0\x1d\x31\x22\x8b\x42\x9a\xc5\xed\x2c\xe6"
6256. "\xf6\xf2\xed\x6c\xd2\xcf\xaf\x97\xc5\x4f\xe6\xa4\x4a\xf1\xf4\x3e\x38\x96"
6257. "\x45\x65\x30\x8b\xc9\x7d\xe1\xfc\xe7\x54\x5f\x4c\xc8\x22\xe9\x8b\x95\x24"
6258. "\x8b\xbf\x27\x15\x8d\xc8\x62\xe5\x6c\x59\x9c\xda\x23\x00\x70\x51\x76\x26"
6259. "\x8c\x42\x8e\x4e\x8e\xbb\x2f\x73\x94\x9b\x3c\xba\xff\x6c\xf4\x7f\x2f\xf2"
6260. "\xd3\xb4\x52\x50\x72\x44\x5f\xce\x62\x16\xb2\x75\xf2\xd7\x86\x1c\xd1\x4b"
6261. "\xbd\x71\xa5\xa0\x11\x47\xf4\xd2\x2b\x8c\x6e\x49\x5b\x7f\x3d\x7a\x06\x52"
6262. "\xef\xdb\x91\xa7\xb2\xf8\x5f\xb7\xdb\x7d\x58\x4e\xdb\xfd\xf3\x89\x51\xf5"
6263. "\x9b\x64\x85\x6f\x46\xb6\x1b\x35\x2a\x73\x49\x17\xce\x7d\xb9\xf7\x6b\x5d"
6264. "\x79\xfe\x62\xff\xc3\xdd\xbd\x47\x9f\x6f\x7f\xbe\xfd\xb4\x52\x59\x59\x2d"
6265. "\x7d\x54\x2a\xdd\xaf\x68\x3e\xdd\x8c\xde\x84\xb1\x07\x00\x30\xc4\xe4\x67"
6266. "\xec\x4c\x8c\x70\x3e\x3a\x3c\xab\x7e\xfc\xaf\x0f\xb2\xd2\xb1\x11\xef\x07"
6267. "\x87\x5f\x29\x28\xea\x33\x7d\xa1\x8e\x1e\xeb\x6e\xff\x11\x02\x37\x87\xd7"
6268. "\xba\x34\xf0\x35\x84\xbb\xa7\xcf\x5a\x93\xd8\x4b\xd2\xc9\xd8\xb2\xee\x4e"
6269. "\x38\xab\x5b\x1a\x78\xd0\x4b\x3f\x76\x5e\xfd\x55\x46\xc5\xae\xbc\xee\xdd"
6270. "\x00\x00\xc0\xb9\xba\x35\x61\x1c\x9e\x66\xfc\xbf\xdb\x3f\xef\x5e\xbe\x36"
6271. "\xf4\xbc\xfb\xf8\x58\x7e\xf2\x09\xc1\xa3\x62\xcb\xe7\xdc\x13\x00\x00\xbc"
6272. "\x3b\x6c\xf8\xad\xb3\x14\xff\xc1\x09\x43\xbf\xfd\x69\xb9\x5a\x2d\xbb\xf1"
6273. "\xba\x35\x61\xe0\xfd\xc2\x84\x7e\x6d\xcd\x1a\xbf\x15\xdb\xd0\x5b\x77\x5b"
6274. "\x6b\xd6\xb4\xc3\x20\x0e\xbc\xa0\x91\x14\x3e\xf1\x6b\x36\x32\xd1\x46\xbb"
6275. "\x1d\x84\xb1\xa9\x07\xa1\x69\x07\x91\xbf\x99\x3e\xf9\xdd\xf4\x1e\xfd\x1e"
6276. "\xd9\xa6\xdb\x8a\x7d\x2f\x6a\x37\xac\x1b\x59\xe3\x05\xad\xd8\xf5\x62\x53"
6277. "\xf3\x23\xcf\xb4\x37\x7e\xde\xf0\xa3\x75\x1b\xa6\x2b\x47\x6d\xeb\xf9\x75"
6278. "\xdf\x73\x63\x3f\x68\x99\x28\xd8\x08\x3d\x5b\x34\x26\xb2\x76\x20\xd0\xaf"
6279. "\xd9\x56\xec\xd7\xfd\xa4\xd8\x32\xed\xd0\x6f\xba\xe1\x96\xf9\x24\x68\x6c"
6280. "\x34\xad\xa9\xd9\xc8\x0b\xfd\x76\x1c\x64\x15\xf6\xdb\xf2\x5b\xf5\x20\x6c"
6281. "\xa6\xd5\x16\x2f\xba\xb3\x01\x00\x78\x43\x3c\x7f\xb1\xff\xe4\x51\xa7\xb3"
6282. "\xfd\x6c\x4c\xe1\x40\x93\x63\x7a\x85\x85\x61\x15\x5e\xf4\x36\x02\x00\x80"
6283. "\xe3\x18\xa5\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
6284. "\x00\x00\x78\xf3\x4d\x73\xfd\xdf\x99\x0a\xf3\xc3\x2e\x16\x94\x0e\xe7\xfc"
6285. "\xe6\xf2\x54\xf5\x38\x9a\x75\x62\x67\x29\xe4\x5e\x7e\xf5\x7f\x8c\x89\xb9"
6286. "\x74\x38\xa7\xdf\xfd\x83\x31\x07\x17\xb0\xa5\xca\x0a\xf9\xd9\xd7\x7c\x49"
6287. "\x9a\xfe\xb2\xd1\x19\x14\x7e\xba\x93\xf5\xe8\xc8\x98\x64\xe1\xd0\x45\x8b"
6288. "\x87\xfb\x22\x3f\xfb\x7f\x0e\x49\xe1\xe9\x5f\x46\x2c\xea\x76\xbb\xdd\xf1"
6289. "\xab\x2f\x1e\xef\xc3\x85\x71\x1b\x78\xbc\x90\x97\xf4\x6c\xe1\x15\x76\xc1"
6290. "\xc5\x1c\x8f\x00\x9c\x9f\xff\x07\x00\x00\xff\xff\x30\x99\x3c\x3f",
6291. 1546);