// autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include const int kFailStatus = 67; const int kRetryStatus = 69; __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } __attribute__((noreturn)) static void fail(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } __attribute__((noreturn)) static void exitf(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(kRetryStatus); } static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* uctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { _longjmp(segv_env, 1); } doexit(sig); for (;;) { } } static void install_segv_handler() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } static void use_temporary_dir() { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } static void remove_dir(const char* dir) { DIR* dp; struct dirent* ep; int iter = 0; retry: dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exitf("opendir(%s) failed due to NOFILE, exiting"); } exitf("opendir(%s) failed", dir); } while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exitf("lstat(%s) failed", filename); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exitf("unlink(%s) failed", filename); if (umount2(filename, MNT_DETACH)) exitf("umount(%s) failed", filename); } } closedir(dp); int i; for (i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, MNT_DETACH)) exitf("umount(%s) failed", dir); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exitf("rmdir(%s) failed", dir); } } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void test(); void loop() { int iter; for (iter = 0;; iter++) { char cwdbuf[256]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) fail("failed to mkdir"); int pid = fork(); if (pid < 0) fail("clone failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); if (chdir(cwdbuf)) fail("failed to chdir"); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } remove_dir(cwdbuf); } } long r[212]; void* thr(void* arg) { switch ((long)arg) { case 0: r[0] = syscall(__NR_mmap, 0x20000000ul, 0x1b000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 1: r[1] = syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul); break; case 2: NONFAILING(*(uint32_t*)0x20018ffc = (uint32_t)0x0); r[3] = syscall(__NR_setsockopt, r[1], 0x1ul, 0x8ul, 0x20018ffcul, 0x4ul); break; case 3: NONFAILING(*(uint16_t*)0x20004000 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x20004002 = (uint16_t)0x204e); NONFAILING(*(uint32_t*)0x20004004 = (uint32_t)0x12000000); NONFAILING(*(uint8_t*)0x20004008 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20004009 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000400a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000400b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000400c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000400d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000400e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000400f = (uint8_t)0x0); r[15] = syscall(__NR_bind, r[1], 0x20004000ul, 0x10ul); break; case 4: NONFAILING(*(uint16_t*)0x20003000 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x20003002 = (uint16_t)0x204e); NONFAILING(*(uint32_t*)0x20003004 = (uint32_t)0x100007f); NONFAILING(*(uint8_t*)0x20003008 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20003009 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300f = (uint8_t)0x0); r[27] = syscall(__NR_connect, r[1], 0x20003000ul, 0x10ul); break; case 5: r[28] = syscall(__NR_mmap, 0x2001c000ul, 0x1000ul, 0x1ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 6: r[29] = syscall(__NR_mmap, 0x2001d000ul, 0x1000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 7: r[30] = syscall(__NR_mmap, 0x20022000ul, 0x1000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 8: r[31] = syscall(__NR_mmap, 0x20023000ul, 0x1000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 9: r[32] = syscall(__NR_mmap, 0x2002b000ul, 0x1000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 10: NONFAILING(*(uint64_t*)0x2002bdc0 = (uint64_t)0x20000000); NONFAILING(*(uint32_t*)0x2002bdc8 = (uint32_t)0x8); NONFAILING(*(uint64_t*)0x2002bdd0 = (uint64_t)0x20022fa0); NONFAILING(*(uint64_t*)0x2002bdd8 = (uint64_t)0x6); NONFAILING(*(uint64_t*)0x2002bde0 = (uint64_t)0x20022000); NONFAILING(*(uint64_t*)0x2002bde8 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002bdf0 = (uint32_t)0x0); NONFAILING(*(uint32_t*)0x2002bdf8 = (uint32_t)0x101); NONFAILING(*(uint64_t*)0x2002be00 = (uint64_t)0x20023ff0); NONFAILING(*(uint32_t*)0x2002be08 = (uint32_t)0x10); NONFAILING(*(uint64_t*)0x2002be10 = (uint64_t)0x20001000); NONFAILING(*(uint64_t*)0x2002be18 = (uint64_t)0x6); NONFAILING(*(uint64_t*)0x2002be20 = (uint64_t)0x2000d000); NONFAILING(*(uint64_t*)0x2002be28 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002be30 = (uint32_t)0x6); NONFAILING(*(uint32_t*)0x2002be38 = (uint32_t)0x80000000); NONFAILING(*(uint64_t*)0x2002be40 = (uint64_t)0x20024ffa); NONFAILING(*(uint32_t*)0x2002be48 = (uint32_t)0x6); NONFAILING(*(uint64_t*)0x2002be50 = (uint64_t)0x2001f000); NONFAILING(*(uint64_t*)0x2002be58 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2002be60 = (uint64_t)0x20024000); NONFAILING(*(uint64_t*)0x2002be68 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002be70 = (uint32_t)0x2); NONFAILING(*(uint32_t*)0x2002be78 = (uint32_t)0x4); NONFAILING(*(uint64_t*)0x2002be80 = (uint64_t)0x20025000); NONFAILING(*(uint32_t*)0x2002be88 = (uint32_t)0x10); NONFAILING(*(uint64_t*)0x2002be90 = (uint64_t)0x20009000); NONFAILING(*(uint64_t*)0x2002be98 = (uint64_t)0x1); NONFAILING(*(uint64_t*)0x2002bea0 = (uint64_t)0x20025fe7); NONFAILING(*(uint64_t*)0x2002bea8 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002beb0 = (uint32_t)0x8); NONFAILING(*(uint32_t*)0x2002beb8 = (uint32_t)0x101); NONFAILING(*(uint64_t*)0x2002bec0 = (uint64_t)0x20025000); NONFAILING(*(uint32_t*)0x2002bec8 = (uint32_t)0x58); NONFAILING(*(uint64_t*)0x2002bed0 = (uint64_t)0x2000cfb0); NONFAILING(*(uint64_t*)0x2002bed8 = (uint64_t)0x5); NONFAILING(*(uint64_t*)0x2002bee0 = (uint64_t)0x20026000); NONFAILING(*(uint64_t*)0x2002bee8 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002bef0 = (uint32_t)0xffff); NONFAILING(*(uint32_t*)0x2002bef8 = (uint32_t)0x46); NONFAILING(*(uint64_t*)0x2002bf00 = (uint64_t)0x20027ffa); NONFAILING(*(uint32_t*)0x2002bf08 = (uint32_t)0x6); NONFAILING(*(uint64_t*)0x2002bf10 = (uint64_t)0x20004f90); NONFAILING(*(uint64_t*)0x2002bf18 = (uint64_t)0x7); NONFAILING(*(uint64_t*)0x2002bf20 = (uint64_t)0x20016000); NONFAILING(*(uint64_t*)0x2002bf28 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002bf30 = (uint32_t)0x6); NONFAILING(*(uint32_t*)0x2002bf38 = (uint32_t)0x1ff); NONFAILING(*(uint64_t*)0x2002bf40 = (uint64_t)0x20000ff0); NONFAILING(*(uint32_t*)0x2002bf48 = (uint32_t)0x10); NONFAILING(*(uint64_t*)0x2002bf50 = (uint64_t)0x20028000); NONFAILING(*(uint64_t*)0x2002bf58 = (uint64_t)0x5); NONFAILING(*(uint64_t*)0x2002bf60 = (uint64_t)0x20017000); NONFAILING(*(uint64_t*)0x2002bf68 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002bf70 = (uint32_t)0x3); NONFAILING(*(uint32_t*)0x2002bf78 = (uint32_t)0x6); NONFAILING(*(uint64_t*)0x2002bf80 = (uint64_t)0x2001c000); NONFAILING(*(uint32_t*)0x2002bf88 = (uint32_t)0x10); NONFAILING(*(uint64_t*)0x2002bf90 = (uint64_t)0x2000bfc0); NONFAILING(*(uint64_t*)0x2002bf98 = (uint64_t)0x4); NONFAILING(*(uint64_t*)0x2002bfa0 = (uint64_t)0x20029fdf); NONFAILING(*(uint64_t*)0x2002bfa8 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002bfb0 = (uint32_t)0x4); NONFAILING(*(uint32_t*)0x2002bfb8 = (uint32_t)0x0); NONFAILING(*(uint64_t*)0x2002bfc0 = (uint64_t)0x20015b87); NONFAILING(*(uint32_t*)0x2002bfc8 = (uint32_t)0x10); NONFAILING(*(uint64_t*)0x2002bfd0 = (uint64_t)0x20000000); NONFAILING(*(uint64_t*)0x2002bfd8 = (uint64_t)0x5); NONFAILING(*(uint64_t*)0x2002bfe0 = (uint64_t)0x20012f3f); NONFAILING(*(uint64_t*)0x2002bfe8 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x2002bff0 = (uint32_t)0x51d); NONFAILING(*(uint32_t*)0x2002bff8 = (uint32_t)0x400); NONFAILING(*(uint64_t*)0x20022fa0 = (uint64_t)0x20002000); NONFAILING(*(uint64_t*)0x20022fa8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20022fb0 = (uint64_t)0x20001f9c); NONFAILING(*(uint64_t*)0x20022fb8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20022fc0 = (uint64_t)0x20000000); NONFAILING(*(uint64_t*)0x20022fc8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20022fd0 = (uint64_t)0x2001d000); NONFAILING(*(uint64_t*)0x20022fd8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20022fe0 = (uint64_t)0x20009000); NONFAILING(*(uint64_t*)0x20022fe8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20022ff0 = (uint64_t)0x20005fd1); NONFAILING(*(uint64_t*)0x20022ff8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001000 = (uint64_t)0x2001d000); NONFAILING(*(uint64_t*)0x20001008 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001010 = (uint64_t)0x20016f90); NONFAILING(*(uint64_t*)0x20001018 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001020 = (uint64_t)0x20000000); NONFAILING(*(uint64_t*)0x20001028 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001030 = (uint64_t)0x20023000); NONFAILING(*(uint64_t*)0x20001038 = (uint64_t)0x1000); NONFAILING(*(uint64_t*)0x20001040 = (uint64_t)0x20023f80); NONFAILING(*(uint64_t*)0x20001048 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001050 = (uint64_t)0x20021000); NONFAILING(*(uint64_t*)0x20001058 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20009000 = (uint64_t)0x20020000); NONFAILING(*(uint64_t*)0x20009008 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000cfb0 = (uint64_t)0x2000d000); NONFAILING(*(uint64_t*)0x2000cfb8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000cfc0 = (uint64_t)0x20026f0e); NONFAILING(*(uint64_t*)0x2000cfc8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000cfd0 = (uint64_t)0x20026fcc); NONFAILING(*(uint64_t*)0x2000cfd8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000cfe0 = (uint64_t)0x20026000); NONFAILING(*(uint64_t*)0x2000cfe8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000cff0 = (uint64_t)0x2000b000); NONFAILING(*(uint64_t*)0x2000cff8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20004f90 = (uint64_t)0x20027f2c); NONFAILING(*(uint64_t*)0x20004f98 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20004fa0 = (uint64_t)0x2000a000); NONFAILING(*(uint64_t*)0x20004fa8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20004fb0 = (uint64_t)0x20027ff3); NONFAILING(*(uint64_t*)0x20004fb8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20004fc0 = (uint64_t)0x20027000); NONFAILING(*(uint64_t*)0x20004fc8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20004fd0 = (uint64_t)0x20009ff4); NONFAILING(*(uint64_t*)0x20004fd8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20004fe0 = (uint64_t)0x2001d000); NONFAILING(*(uint64_t*)0x20004fe8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20004ff0 = (uint64_t)0x20005000); NONFAILING(*(uint64_t*)0x20004ff8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20028000 = (uint64_t)0x20028fb6); NONFAILING(*(uint64_t*)0x20028008 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20028010 = (uint64_t)0x20008000); NONFAILING(*(uint64_t*)0x20028018 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20028020 = (uint64_t)0x20028000); NONFAILING(*(uint64_t*)0x20028028 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20028030 = (uint64_t)0x20028fa9); NONFAILING(*(uint64_t*)0x20028038 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20028040 = (uint64_t)0x20001000); NONFAILING(*(uint64_t*)0x20028048 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000bfc0 = (uint64_t)0x20029000); NONFAILING(*(uint64_t*)0x2000bfc8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000bfd0 = (uint64_t)0x2001c000); NONFAILING(*(uint64_t*)0x2000bfd8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000bfe0 = (uint64_t)0x20029000); NONFAILING(*(uint64_t*)0x2000bfe8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2000bff0 = (uint64_t)0x20029f28); NONFAILING(*(uint64_t*)0x2000bff8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20000000 = (uint64_t)0x20028000); NONFAILING(*(uint64_t*)0x20000008 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20000010 = (uint64_t)0x20001fc9); NONFAILING(*(uint64_t*)0x20000018 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20000020 = (uint64_t)0x2002a000); NONFAILING(*(uint64_t*)0x20000028 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20000030 = (uint64_t)0x2002af4c); NONFAILING(*(uint64_t*)0x20000038 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20000040 = (uint64_t)0x2002af80); NONFAILING(*(uint64_t*)0x20000048 = (uint64_t)0x0); r[183] = syscall(__NR_recvmmsg, r[1], 0x2002bdc0ul, 0x9ul, 0x102ul, 0x20000000ul); break; case 11: NONFAILING(*(uint64_t*)0x20007000 = (uint64_t)0x2000e67e); NONFAILING(*(uint64_t*)0x20007008 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20007010 = (uint64_t)0x20012f53); NONFAILING(*(uint64_t*)0x20007018 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20007020 = (uint64_t)0x20007fb7); NONFAILING(*(uint64_t*)0x20007028 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20007030 = (uint64_t)0x20013f86); NONFAILING(*(uint64_t*)0x20007038 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20007040 = (uint64_t)0x20014000); NONFAILING(*(uint64_t*)0x20007048 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20007050 = (uint64_t)0x20015fc7); NONFAILING(*(uint64_t*)0x20007058 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20007060 = (uint64_t)0x20000000); NONFAILING(*(uint64_t*)0x20007068 = (uint64_t)0x1000); NONFAILING(memcpy( (void*)0x20000000, "\x12\x33\x6d\xe8\x81\xf2\x48\x71\xc3\x65\x47\xbb\xde\x16\xca" "\xae\x15\x0d\x5b\x32\x92\x0a\xb0\x85\x24\x88\xec\x30\xb7\xc2" "\x73\x57\xaf\xeb\xa2\xe4\x62\x8e\x76\xd7\xea\x1a\x78\x35\xa3" "\x3d\x66\x9e\x49\xe1\xf5\x44\xa9\x30\x2e\x82\x0f\xca\xdb\xa3" "\xde\xc3\x55\x3d\xad\x18\x54\xc8\x63\x04\x9c\x73\xd2\xba\x18" "\x4b\xdf\x1c\x7a\x05\xd3\xa8\x34\x1e\xbe\x1a\xd6\x94\x76\x04" "\xc8\xe8\x5a\x40\x13\xf6\x2e\x85\x81\x54\xb4\x09\x19\xf0\x77" "\xaa\x94\xb6\x78\xa1\xa7\xe9\x5a\x30\xcd\xab\xcf\x10\x93\x43" "\x8a\xd6\x2c\x5e\xea\x6b\x1c\x73\x04\xd1\xc6\x66\xfa\x32\xc4" "\xc8\xe2\x12\x6a\x78\x93\xf0\x06\xdc\x83\x1e\x8d\xb4\xc4\xb9" "\x17\xd4\x38\x56\x99\xf9\xce\x01\x4f\xb4\xd4\xac\x00\xa9\x9c" "\x9d\x49\xa2\xb0\xca\x40\x8e\x53\xd8\x85\xee\x2a\x9a\x29\xaa" "\xb6\x5b\x58\x30\x14\x44\x2f\x28\x34\xf7\x7a\x00\xca\x78\xf1" "\x00\x00\xc1\xe7\x56\x05\x72\x52\xf8\x3c\xe5\x07\x0d\x44\xe6" "\xc2\xbc\x20\x35\x4a\x17\xc6\x59\x38\xc1\x3e\x42\xc4\xc8\xfd" "\x16\xc0\xd3\x26\xbf\xb1\x20\x09\x40\xe3\xbd\xb4\xfc\xc9\xa3" "\xb0\x23\xbe\x56\x78\x96\x40\xcc\xef\x3d\x52\x95\xd3\x47\xbd" "\x75\xa3\x2c\x5f\xd9\x4e\x12\xbe\xcf\xbb\x4e\x2e\xf7\x14\xa4" "\x17\x99\x18\x47\xe8\x2c\x78\x12\x3c\x82\xa3\x3b\xbf\xf4\xe2" "\x4d\x05\xb7\x4d\x3e\x03\x7a\xe9\x82\x94\xab\xf4\x35\x16\x2b" "\x4b\x2d\x6b\x43\x4e\x80\xb2\x8e\xf5\x63\x03\x3d\x45\x57\x94" "\xe8\x8a\xb0\xcd\xc5\x5f\x2e\x61\x95\xa4\xd8\x52\x20\x39\x6f" "\xb3\xab\x5d\x7f\x53\xcd\x99\x44\x99\x13\xc5\x09\x9a\xd2\xa8" "\x7a\x44\xbf\xf0\x31\xaa\xd8\x0b\xcc\xe4\x0d\x9e\x38\x9c\xa5" "\xcf\x06\x71\xbd\x5c\x0b\x2d\xcb\xea\x5b\x8c\xf6\x20\x85\xe1" "\x0b\xa2\xf2\xd7\xa2\x54\x66\x2d\xcc\x72\x3a\x2a\x2f\x5d\x77" "\x11\x43\xfa\x44\x8b\xd7\xae\x7d\x52\xed\x6a\xe6\xe6\x70\x57" "\x28\x02\x88\xc5\x91\xc0\x28\x85\x50\xb9\xf8\xee\x0f\xc6\x94" "\x7a\x9d\x30\x27\x30\x0f\x5d\xa9\x8e\x82\x8a\x5d\x89\x1a\xb3" "\xd7\xec\x50\x96\xd5\xc2\x22\x95\x94\x30\x30\x38\xb7\x44\x0e" "\x02\xb7\xae\xd8\x7e\xb9\xaf\xca\x82\xd5\x07\x9c\x53\x1b\x41" "\x8c\x82\xcc\x77\xf4\x61\x81\xc4\xac\x15\xfb\x6b\x8f\x98\xac" "\x06\x51\x4c\x77\xf4\x1e\xce\x00\xac\x1d\x83\x1b\x12\xd7\x73" "\x96\x55\x62\x95\x8d\x7f\x3c\x3e\x72\xf3\x43\x1a\x2b\x78\xbb" "\x6c\x19\xb8\x31\x10\x14\x09\xd1\x3c\x8d\x26\x69\x8c\x13\x37" "\x77\x4a\x26\xd7\xab\xfe\xff\x93\xa3\x4b\xdb\xc5\x04\xe8\x3b" "\x11\x6a\xc8\x2e\xd2\xc1\xd2\x6f\x21\xdc\x0a\xf1\x0e\x23\xc9" "\xb8\x6a\xe6\x3b\x67\xf9\x3f\xcb\xaf\xbe\x66\x77\xc9\x85\xb7" "\x36\x86\xb9\x26\xdd\x4e\xea\x72\x79\xae\x96\x81\x3d\xb4\xce" "\x1e\xa8\x52\x29\xd2\xe1\x12\xc8\x42\xd6\x92\x00\x23\x7b\xd3" "\x64\xe2\xdc\xb8\x28\xfb\x1d\x66\x00\x07\x2c\x1a\x06\x0e\x7a" "\x5d\x38\xf0\x35\x22\xd6\xbb\xdf\xbf\xe6\x67\xff\x76\x17\x4f" "\xbe\xc1\x2e\xbb\x36\x28\x7f\xd0\x63\xdd\xb6\x8d\x3f\xef\x85" "\x96\x5c\xcc\x26\x1b\x27\x7b\xe0\xbb\x04\x77\xad\x67\x7e\xd3" "\x5f\x8c\xf9\x20\x0d\xd5\xe8\x69\x9a\x03\xba\x00\x05\xbf\xae" "\x4a\x74\xf4\x9c\xd5\x43\xde\xdd\x9f\x45\xff\x55\x8d\xa1\x22" "\x2e\x84\xae\x51\x31\xa7\x2b\xf8\xf7\xb7\xe9\xa1\x79\xb8\xe3" "\x0b\x6f\x68\xe1\x06\x41\x0d\x80\x56\xd8\x0d\x35\xd8\x1a\x93" "\xe7\x12\xb9\xd2\xc8\x41\x1b\x09\x90\xdc\x28\x6d\x40\x24\x10" "\x58\xed\x08\xf2\x7c\xff\x3b\xbd\x44\x93\x2f\x24\xa8\xeb\x72" "\x6b\x1c\xca\x93\x05\x10\x30\x0b\xf3\x06\x57\x45\x16\x52\x1d" "\x62\x8b\x47\x42\x55\x0c\x31\x2a\xc8\xdf\xee\x3c\x34\xd1\x6d" "\x03\xfd\xa9\x96\xb3\xe2\xdb\xc7\x70\x61\x02\x50\xd2\x55\x92" "\xc1\x0b\xb2\x78\x15\x9f\xc9\xac\xfe\xc0\x7b\xfa\x51\x4d\x17" "\xfd\x25\x21\x18\x77\x0c\x15\x94\x7e\xf2\xa4\x6b\xf3\xd1\x4a" "\x47\xe4\x07\xfb\x2f\xaf\x38\x7d\xb9\x12\xf1\x6f\x70\x87\x81" "\x09\x69\x74\xea\x83\x83\xc9\x8d\x71\xa8\xc8\xf1\x45\xd7\x4d" "\x2c\xf2\x20\xb3\x7b\x99\xe7\x48\x84\x3e\x27\x1c\x24\xa4\xbf" "\xf3\x37\x22\x93\xda\xf0\x5d\x40\x94\x35\xad\xe8\x33\xa5\x2d" "\x42\x90\x1e\x99\xf7\xe5\x17\x70\xdc\x72\x2d\xfe\xe9\xe1\xe9" "\xf9\xac\xfa\xb2\xf7\x44\xe7\x82\x55\xea\x13\xb1\x5d\x68\x1c" "\x34\x52\x88\xd3\xa2\x23\xbb\x04\xb2\x2c\xad\x80\x64\xa5\x0f" "\xfd\x22\xab\xb1\xac\x33\x8f\xc1\x80\x45\xe8\xee\xd0\x54\x45" "\x9f\xd2\x74\x54\x0f\xc7\x45\x4f\x87\x9e\xcd\xd0\xef\xd7\x61" "\x5a\x85\x30\xcd\xbd\x4b\xf7\x00\xad\x9c\xb6\x54\xc3\x16\x6c" "\x64\x13\x70\x01\x8f\xed\xc3\x12\xe4\xff\x58\xf9\x2d\x73\x63" "\xa4\x8c\xcd\x12\x42\x16\x4a\xd9\x85\x15\x4e\x1b\xb3\xd6\xea" "\x93\x12\x7a\x3e\xd4\x79\x4a\xa5\x01\xc4\x83\xd6\x53\x57\xa9" "\xf8\xa5\x6a\x5a\x2c\x91\x28\x80\xad\x61\x32\x23\x16\xb4\xee" "\xa5\xd5\xa7\xc0\x15\x62\xf6\x2d\xf9\x82\xc0\x9d\xa1\x10\xd2" "\xc8\x02\x9e\x3c\xb4\xee\xa5\xb6\x99\x89\x9f\xef\x1a\xb1\x1b" "\x55\x2a\x9a\x5e\x5e\xce\xb9\xa1\x21\x96\x23\xf3\x22\xfc\xbf" "\xfe\x62\x12\x68\xb4\xb9\xc5\x7e\x5e\x61\x0c\x72\x11\x73\x6c" "\x9f\xee\xce\x63\xf7\xdf\x6e\xc5\x05\x9a\x13\x47\x92\x2d\xad" "\xe2\x7b\xc4\x23\x94\xec\xa5\xf0\x9c\x82\xbe\x82\xbd\xd1\xc3" "\x81\x64\x74\x95\x7e\x34\xeb\xf2\xe4\x0e\x1f\x30\x3d\x26\xaf" "\xc7\xf0\x9a\xb9\x3c\x0a\xce\xec\x5b\x25\x6e\x66\xf7\x7f\x58" "\x55\x81\x37\x33\x9e\x42\x62\xb0\x50\xfe\xab\x43\x6c\x6d\xc9" "\x99\xa0\x50\x70\x75\x80\x6a\x2d\xca\xa0\xa9\x32\x38\xfd\x23" "\xd6\x17\xb2\xb5\x90\x3d\xa2\xc1\xcb\x0d\x2d\x84\x0e\xbf\x48" "\xa6\x7b\xa2\xfd\x46\x27\x85\x11\x16\x6c\x79\xa9\x41\x06\x54" "\xd0\x5b\x71\xba\xd8\x82\xcf\x6d\x00\x36\x85\xaa\x75\x89\xaf" "\xaf\xbe\xc9\x59\xfc\x48\x1c\x7c\x0c\x25\xbc\xe4\xc5\x35\x24" "\x26\xf3\x22\xf2\x52\x5f\x87\x25\x4a\x8f\x38\xff\x27\xd3\xd9" "\xe8\x78\xda\x52\xf4\x4c\xe5\xa2\xa3\x44\xf9\x93\xeb\x37\x85" "\x4e\xda\xa5\x93\x18\x3a\xed\x1e\xed\x3e\x42\xd6\x07\x62\xb3" "\xf2\x9d\xa9\x4e\x32\x0b\x7c\x5a\x15\xd6\xd2\xde\x08\x5e\x1c" "\x0d\x6b\xd7\x47\x4e\x5f\xa3\x20\xd1\x5e\x0f\xff\xc3\xce\x1e" "\xf7\xe9\xdf\xfe\xda\xb9\xd0\x9c\x01\x5e\x88\x61\xcb\xba\xf8" "\xab\x8d\x43\xc2\x6b\xbe\x6e\xb6\xbc\xc2\x94\x9e\x95\x5f\xb0" "\x67\x8f\xee\x23\x0a\xfe\xdb\x20\xd6\x90\x12\x64\x71\x3c\x7d" "\x04\x7a\xc3\xe5\x05\x20\x80\x59\x6b\xb6\x08\x5b\xa7\x44\x72" "\x5a\x0c\x9b\x1f\xb0\x95\x91\x98\xe9\x4f\x87\x50\x64\x99\x49" "\x2d\x32\xc5\xd2\x37\xca\x27\x40\x3f\x9e\x6b\xf9\xad\xe8\xdd" "\x3c\xe7\x2a\xc2\x42\xe8\xd1\x39\x30\xf0\x05\xd2\x32\x83\xfb" "\x75\x72\xfd\xc1\x75\x09\x7e\xe6\x26\x6a\xac\x7f\xae\xe3\xc1" "\x25\x7f\xba\x08\x10\xd8\xf2\x7f\xea\xde\x17\x4e\x24\x72\xc0" "\xaa\xa6\xec\xc8\x5c\x89\x03\xbc\x2f\xc3\x74\x47\xa7\x14\xcc" "\x93\xfe\x70\xc3\xa0\x46\xbc\x3a\x5e\xa7\xa4\xf0\x5c\xd6\xea" "\xd6\x3b\x02\xb9\x8e\x16\xe7\x1a\x12\xee\x07\xf8\x1b\x9c\x1a" "\x51\xfb\xdd\xad\xa7\xab\x43\xf5\xf4\x17\x2f\x04\x69\xa3\x67" "\x1a\x20\x38\xd8\x51\x8b\x0e\x87\xb2\x10\xf9\xec\xb3\xf3\x03" "\xd9\x00\x86\x69\xdc\x80\x62\xf1\x6f\x91\x54\x4f\x77\x89\x54" "\x6c\x7c\x6e\x3c\xaa\xf9\xd8\xb7\x0c\x61\x73\xfd\x06\x88\x26" "\x8f\x01\x81\xc2\x8d\x80\xb0\x8c\x91\xac\x27\xd3\x22\xc9\xdf" "\xb6\xfa\xd2\x61\x2e\xee\xb3\xb2\x73\x13\x22\x60\x4c\xd3\x11" "\xa8\xcd\x76\xf0\x17\x53\x61\x7f\x45\x9d\xae\x43\x75\xd3\x3a" "\x51\xd0\x47\xc6\x41\x1a\xac\xfe\xd0\xe9\xf5\x90\x3b\xde\x44" "\x97\x23\x34\x3d\xe2\x46\xcd\x03\xa4\x46\x7a\x02\x21\x3a\xe5" "\x1f\x9e\xb0\x28\x90\x78\xd3\xab\xf6\x27\x19\x80\x19\xfe\x89" "\xa0\xc7\x33\xf8\xad\xac\xf1\x79\x98\x30\xd4\x9e\x3d\x2c\x06" "\xfd\x23\xe9\x1c\x4d\x77\xed\x8c\xf5\xc1\x9f\x9e\x6d\x25\x9b" "\xce\x7e\x00\x2f\x09\x27\x81\x40\x4a\xe3\xa2\xe4\xa9\xca\x51" "\x90\xe5\x07\xe8\x83\x70\x2d\x14\xf7\x4c\x49\x1e\x4a\x1a\x44" "\xb3\x7e\xd4\x6d\x12\xe8\xb5\xf3\x53\xb6\xa3\x7e\xca\xbd\x3e" "\xc0\xf4\x7e\x2c\x63\xbd\x8b\xde\xee\x77\x52\xae\xf7\x60\x3a" "\x8b\x22\xeb\xc3\x3c\x97\x72\x68\x37\x57\xf3\x9a\xb2\x73\xdc" "\xb8\xfc\x58\x3d\x33\x81\x12\xe4\x98\x1f\x4e\xb1\x30\x69\xa8" "\x6b\x9b\xc5\x95\x67\x4a\x76\x40\x4b\x94\x66\x69\x98\x99\x32" "\x34\x44\x10\x4d\x59\x36\xfc\x28\xa3\xc0\x3c\x42\x4d\x9b\xae" "\x7f\x01\x30\x5e\x0e\x46\xb2\x83\xfc\x04\xef\xb5\xb8\xd9\x61" "\x8d\xf5\xce\x15\xbe\x74\x91\x7b\x54\x4a\x72\xe5\xe3\x42\x6b" "\x06\xbe\xab\x3a\x76\x0a\x72\x3c\x3e\x79\xe6\x8d\xf4\x44\x4f" "\x2f\xee\x9b\x9b\xbf\x08\x85\x55\xe2\xd6\xa5\xc5\x73\xa9\x85" "\x96\x62\x4a\xa7\xf5\x4a\xc9\xff\xcc\x3b\xd2\x39\xea\x94\xe5" "\x18\x17\x34\xe4\xbc\x7e\x4c\x8f\xf4\x51\x92\xe9\x23\xe2\xaf" "\x29\x1d\x86\x6d\x2b\x96\xf0\xd5\xe3\x76\x52\xd6\x52\xf7\x5c" "\x37\x11\xb7\xfe\xa6\x0e\x45\x9d\xe3\xab\xf2\x44\x87\xbd\xa0" "\xeb\x5c\x98\xa0\x8a\x01\x16\xa4\x96\xd1\x77\x72\xe9\xa5\x3b" "\x3e\x8a\x8f\x5e\xef\xa4\x15\xf8\x04\x31\x4e\x60\x80\x0d\x54" "\x29\xe7\x2f\x6d\x14\x60\xe0\x71\xb6\x6f\x63\x55\xe2\x7d\x05" "\x80\x5a\x63\xf5\x56\x44\x66\x88\xea\xf1\xfa\xfd\x6d\xc9\x78" "\xb5\xd1\x4c\x0e\x25\x19\xe0\x6c\xf4\x51\x13\x03\x4c\x35\x16" "\xb4\x0c\xc5\x11\x58\x18\x76\x91\xf0\x51\xb0\x25\x41\x7a\xef" "\x36\xfe\xa5\x84\xcf\xd4\xa0\x78\x7e\x9d\x2a\x79\x3f\xc4\xd4" "\xe2\x63\xe1\x8a\x2f\xdc\x38\xa9\xf4\x0f\xa5\x0d\x29\xcc\x97" "\x57\xd4\x54\xeb\x49\xa9\x56\x8d\xca\x31\x49\x5c\x6c\x58\xe9" "\x82\x77\x49\x82\x68\x83\x0e\x03\xdc\xe8\xf1\xff\x4a\x40\xff" "\x7c\x5e\x23\xc6\xa8\x45\x2a\xa1\x44\x22\x46\x9c\x4b\xac\xf0" "\x17\x81\x06\x7d\x52\xa5\x00\x94\xb0\x93\x35\xe3\x61\x5a\x00" "\xf6\x30\x72\xfe\xda\x47\x54\xc8\x06\x4f\xe9\xe6\x24\x2a\x83" "\xe8\x5b\x7e\x33\x58\x3e\x02\xda\x28\xbe\x2d\x34\x62\xb3\x4c" "\x25\xb9\x7f\x83\x16\x3e\xab\xcf\x4a\x4f\x68\xa9\xbb\x34\x2b" "\x59\x25\x39\x68\x8f\xbe\x38\x28\xfb\xba\xcc\x9f\x4b\x6b\xa0" "\x30\x44\x22\x26\x24\x0e\x94\xbb\x97\x71\x97\x71\xf7\x02\x63" "\xe3\xa3\x83\x0a\x33\x81\xdd\x5d\x09\x17\xff\x12\x99\xa6\xf7" "\xfa\xd1\xc3\x4c\xa8\x6c\xb1\x32\xcf\x8d\x95\xad\x25\xd8\xf1" "\x2e\x42\xea\x81\x00\x62\x99\x40\x75\x5d\xbf\x45\x4c\xfb\x5f" "\x51\xf7\x49\xb9\x22\x0e\xb1\xac\x83\x14\xae\x99\xb6\x30\x59" "\x86\xc3\x7f\x82\x7c\x9e\xda\x76\xe3\x16\xb0\x7a\x69\xcd\xa8" "\x63\xf1\x92\x35\xea\x4b\x97\xc6\xe0\x13\x65\xa2\xfd\x04\x7c" "\xe4\x65\xeb\x53\x4a\xf1\x17\x56\x3c\x5f\xae\x3e\xc8\x9e\xb2" "\x37\x3c\x8e\xd4\x6b\xca\x1f\x9e\x53\xa1\xa7\x88\xc4\xab\xb9" "\x8a\xa8\x76\xc7\x0d\xac\xdc\xc0\xc1\x40\x91\x78\x80\xd3\x21" "\x21\x19\xe0\x75\x1e\x6f\x2f\xfd\x27\x2a\xfb\xdc\x19\xfe\x50" "\xbf\x0f\x8c\x01\x42\x07\xc1\x28\x77\x8d\x30\x3f\xa6\x7d\xde" "\x38\xb7\x51\x2a\x55\x83\x01\x33\x68\x16\x65\x81\xba\xb9\x04" "\x83\x03\xe3\xb1\x34\x7a\x5a\x0a\xa1\x58\xd1\xe3\x15\x47\xc7" "\xf9\x79\x4e\xa7\x60\xdc\xa7\x46\xe3\x1a\x5d\x6e\x9a\x60\x27" "\x70\xbe\xe9\x52\xf4\x17\x65\x8c\x82\x13\x28\x81\xf4\x2a\x5c" "\x05\x74\x89\x68\x06\x1a\x31\x95\x3f\xdc\x2d\x58\x95\x1b\x2c" "\xb7\x39\x1a\x0f\xde\x13\xca\x1c\xb3\x07\x3e\xb9\x2f\x5d\x1a" "\x9f\xb5\x12\x15\x28\x65\x91\x2b\xcd\x3f\xf5\x0e\x7c\x0a\xad" "\x35\x7b\x49\x71\x98\xc7\x5a\x62\x6f\x78\xf8\xc9\x20\x85\x67" "\x7c\x7d\x9c\xbf\x44\x6c\xd1\x3f\xce\xfc\xda\xc5\xd7\x5e\xad" "\xf1\x14\xc4\x68\x2c\x7e\x67\x19\x7a\xcd\x24\x31\xdb\x0c\xd5" "\x40\x4d\xf1\x3a\x1a\x2c\x69\x4b\x2c\x38\x1a\xaf\xab\x9e\x6f" "\x99\xa6\xab\x5d\x15\x76\xde\xb3\xaf\x91\x74\x8a\x25\xf5\x18" "\x4c\x79\x9b\xa8\x78\x4f\xd6\xd6\xa7\x30\x66\x6b\x15\x7c\x47" "\x94\xd6\xf4\x57\x4e\x90\x8f\x89\x7c\xa7\xb4\x2c\x04\xc3\x36" "\xcd\xcf\x01\x97\xbc\x9c\x29\x94\xb1\x4f\x0c\x68\x01\x87\xf9" "\x7b\x1b\x1d\xdf\x8b\xf3\xcc\x8d\x06\x3f\xb5\x18\x85\xf7\x00" "\x6a\xc4\x1c\x1e\x86\xaa\xed\xd3\x41\x7c\x0b\x4d\x44\xdb\x48" "\x0e\x4f\x63\xc3\x5c\xc1\x18\xf7\x14\x86\x39\xd0\xa6\xa7\xd1" "\x97\xce\x8e\x5e\xf9\xcb\x1a\x8c\x82\xa6\xb8\x37\xeb\x06\xf9" "\x38\x57\x2e\xfc\x43\xa7\x85\x17\xde\x3b\x95\xd0\x35\x0a\x8c" "\x09\x56\x6d\x06\xa2\x1b\x3f\xb7\xb0\xfc\x31\x2d\xc3\xb3\xfc" "\x64\x91\x70\xcc\x2b\x42\x3c\x76\x8f\xaf\x0f\xeb\x96\x36\x85" "\xd0\x12\x4d\x05\xbe\xca\x67\x83\x79\x54\x5c\xe8\x21\x58\xfa" "\xda\x3d\x73\x54\x85\xc6\xff\xf5\x94\xd0\x9a\x06\xac\x3e\x4d" "\xdf\xf0\x4f\x82\x16\x6c\x15\x1e\x95\x04\x29\xa8\x87\x4a\xd6" "\x82\x5a\x97\x1c\xa0\x74\xf4\x81\x23\xd9\x96\xc8\xb7\xfb\xa4" "\x48\x43\x95\xb0\xe0\x50\x0c\x6a\x26\x51\xc2\xe5\x3a\x85\x94" "\x21\xae\x16\x9a\xd0\xf8\x93\x85\xa4\xa0\x82\x09\x8c\x5d\x59" "\xd7\xc6\xa1\xe0\x98\x5c\xdb\x4a\x70\x8b\x72\x51\x47\xae\x6a" "\x42\x10\x06\x0a\x9d\xad\xc0\xf9\x1a\x62\xbe\xe3\x12\x51\xe7" "\x2f\x0d\x18\x5f\x13\x41\xa0\x72\x20\x99\x22\x50\x9c\x18\x9e" "\xe5\x09\xdc\x42\xfb\xcd\x49\x7c\xd3\x79\x0b\x7d\x09\x4e\x6d" "\x79\x21\xf6\x12\x1b\xfc\xf7\x0d\x93\x73\x4e\xd4\x5d\xbd\x14" "\x85\x9b\xa8\x15\xd1\x4d\x38\x11\xb7\x4c\x10\x83\xde\x8f\x8e" "\x68\x0e\xb0\xe5\x2d\xe9\xc7\xea\x9c\x7f\x09\x2b\xc7\xa3\x13" "\x24\xef\xae\xb0\x4d\x67\x40\x41\x27\x03\x4a\x5f\x77\x51\x26" "\xe3\x07\x7f\xd5\x97\x2d\x10\x31\x07\xa8\x61\xed\x71\xd8\xd6" "\x3f\xa8\xa0\xc1\x1c\xda\xb6\xcd\x50\xfc\xde\xeb\xe7\x71\x91" "\xf7\x4b\x1d\x82\xd7\x40\x28\xc3\x34\x20\x2d\xcf\x6b\x60\x2a" "\xeb\xde\xf7\x40\xab\x6f\x1c\xea\x51\xc8\x77\xd1\xb7\xd0\x13" "\x0e\xc4\xb6\x10\xb9\xca\xe3\xf7\x82\xb9\xae\xcf\xd8\x5e\x1c" "\x89\x6f\x5f\x5b\xf8\x2d\x58\x08\xca\xe2\xa7\xc8\x4a\xf4\x11" "\x4d\x97\x1f\xc2\x06\x97\x4a\x0f\xe6\x64\xc6\xf6\xe0\xd1\xee" "\x6a\x64\x33\xf1\xf4\xf7\x44\x10\x32\xde\xd4\x17\xf1\xfb\x54" "\x3a\x0e\xcc\xca\x37\xc0\x0d\xe5\xc4\x96\xd3\x2d\x6b\xf4\x7b" "\x79\x62\xc2\x7a\x44\x31\xc7\x87\x32\xae\x95\x82\xb3\x4c\x26" "\x3f\x64\x97\x90\xf5\xfe\xfb\x38\x12\xed\x5f\x98\xf0\x04\x7c" "\x15\xed\x60\x50\x8c\x11\xb8\xd3\x29\x0a\x6a\xb3\x2a\x19\x45" "\x82\xca\xe0\xf8\x2d\x9d\xc7\x8f\xbf\x3d\x32\x65\x06\xf4\x90" "\x6b\x14\x78\xaa\xe1\x3b\xef\xed\xe1\x0d\xe5\x00\xf8\x72\x96" "\x83\x1c\x92\xaa\xfd\x02\xe8\x5c\x4a\xe8\x47\xad\x9f\xb7\x20" "\x8a\xf6\x2e\x35\x46\x46\x84\x6b\xf4\xe4\x6f\xcd\xc3\xef\x36" "\x8e\x21\x02\xf2\x33\xa5\xfe\x7a\x63\x62\x92\x14\xcf\xdf\x02" "\x6f\xd3\x79\x8f\x04\x2a\xf8\xe2\x3e\x34\x98\x75\x94\xda\xe8" "\xf4\xf8\xdb\x0f\x0b\x42\x0c\x64\xfc\x11\xc8\xc4\x44\x8b\x82" "\x23\x27\xe2\xa7\xaa\x28\xbb\x98\xf6\xd3\xad\xdb\xf0\xab\x79" "\xee\xb1\x46\x0f\xd1\x15\x82\x41\x04\x44\xe2\xbb\xcb\x1a\xa3" "\xac\xdd\x35\x39\x22\xd3\x89\xb9\xbf\x7f\xae\xae\x8a\x8f\xc8" "\xcb\x56\x4d\xde\x6a\x5d\xe1\x50\x99\x72\x56\x7b\x84\xc8\x5b" "\x5a\x05\xd4\xc1\x5b\x66\x55\x31\x84\x86\x05\x0d\x8a\x2c\xdf" "\x28\x30\xa6\x1e\xcc\x2a\x4f\x10\xee\xb7\x16\x89\x80\x05\xae" "\x91\xcd\x1f\x97\x28\xe7\xed\x59\x89\xb5\xdd\x5d\x20\x10\x8e" "\x80\xab\x63\x25\xa4\x03\x4f\x08\xd2\x5a\xeb\x83\x60\x3a\xb0" "\xe4\x49\xd8\x61\x83\x1b\x75\x1f\x6e\x3b\xdb\xb7\x75\x94\x78" "\x48\x1d\xc0\x46\x11\xd5\xde\xd4\xef\x4b\xbb\x29\x5a\x75\xb7" "\x86\x08\xa6\xbd\x74\xaa\x27\x0f\x6b\x4f\xf0\xca\x7e\x5f\x35" "\x4d\xf3\xdb\x4a\x81\xdb\x9c\x75\xe1\x5d\x40\x9f\x8d\x3f\xd0" "\x2c\x45\x53\x50\x4e\xfe\x3e\x03\xea\x05\x88\xb1\x06\x79\x86" "\x9d\x13\x18\x8d\xa8\xf0\x03\xd4\xc9\x89\x3c\xe2\x45\x22\xf8" "\x10\x43\x92\xdb\x3d\xdc\xa0\x89\x57\x8b\x76\x91\x91\x30\xc7" "\xde\x51\xf5\x71\x33\x54\xda\x62\xb3\x16\xda\x76\xa4\x32\x87" "\xf0\x79\x24\xc0\x6f\x91\x2d\xe9\x34\xd4\x24\x39\x01\xe1\xf2" "\x68\x53\xf3\x71\x02\x29\x7d\x84\x64\x02\x77\x18\x0e\xc0\xd1" "\xd7\xfe\xd1\xf7\x85\xa0\xbb\x2f\xc4\x63\xad\xc7\x21\xe6\xed" "\xa7\xf7\x8a\x72\x90\xd5\x9e\x39\x23\x32\x27\x32\x2e\xaa\xa5" "\x67\x9a\xac\xd8\xa4\xd9\x4c\x47\xc2\x38\x6a\x0d\xe7\xee\xef" "\xb1\x93\x13\x2a\xce\x9f\x05\x4d\x65\x60\x25\x30\x9f\x67\xac" "\x8c\x70\xbd\x48\x76\xad\x97\x9a\x0e\xf5\xf2\xa0\x61\xbc\xdb" "\xda\x29\xbe\x14\x18\x18\xaf\xc3\x76\x6d\x92\xc5\xf7\x3e\x4d" "\xb4\x26\xdb\x60\x39\x80\xc2\x14\xc5\xe4\x99\x35\x25\xf9\x48" "\x72\xd9\x05\x52\x62\x33\x39\xb2\xc7\x06\x18\x8c\x25\xcf\x7b" "\xe2\xf4\x5e\xb3\x21\x36\x7e\x0d\x8a\xd4\x7b\x67\x69\x34\xc0" "\x3f\x77\x1f\x11\x67\xb5\x57\x5e\x6d\xfe\x97\xf5\xe2\x05\x38" "\x41\xda\x7d\x7d\xe8\x77\xab\xdf\x0f\x5a\x00\x60\x47\x34\xda" "\xb1\x3d\x09\x65\xe4\xd7\x9f\xbc\xe9\x69\x40\x19\x1d\x4d\x85" "\x52\xd6\xa3\x59\xb0\x47\xcb\xc7\x60\x01\x7d\x2e\x36\x50\x39" "\x38\x27\x1b\x20\xc7\x65\xb3\xe8\x54\x9b\x65\xbf\x87\x38\x1b" "\x57\x10\x58\xa9\x34\x96\x57\x53\xc9\x00\xda\xe4\x9c\x2f\x65" "\xbb\x3b\x32\x91\x7c\x0f\xb7\xb6\x1e\xba\x5b\xe0\xb4\xa1\x06" "\x63\x70\xba\x55\x7f\x18\x50\xdb\xa5\xa6\x93\x15\x10\x14\x27" "\xe2\xee\xd7\x69\x4c\x66\x07\x86\x46\x0f\x2f\x61\x05\x5f\x74" "\x58\xa8\x19\x85\x9e\x89\x17\x0f\x96\xea\x65\x0a\xaa\x32\x33" "\x15\xca\x5c\x75\xbb\x79\xa9\x1e\xf7\xa1\x2c\x56\xd8\x25\xad" "\x91\x0c\x38\x7c\x69\x8c\xda\x14\xac\xc6\xd7\xc7\x62\x62\xf0" "\x25\x23\x87\x27\x28\xed\x13\xc2\x98\xe1\x5c\x70\xa3\x32\x94" "\x9c\x79\x75\x50\xb5\x48\xcb\x99\xd4\x79\x41\xb8\x1e\xae\x39" "\x57\x8f\x88\xb5\x19\x6a\x8e\x07\xca\xf6\xd3\x47\x82\x14\x07" "\xfc\x82\x2f\x70\xf1\xf6\x04\xe6\x5d\xf8\x4d\xe8\xb8\x23\xef" "\xe4\x79\xf7\x20\x64\x95\x1a\x2d\x8a\x87\x91\x31\x63\xfa\xdc" "\xbe\x42\xd1\x5e\x79\x27\x0f\x7b\x3b\x52\xce\xe6\x3b\xd0\x98" "\xed\xbb\xc6\x4d\x01\x4c\xf1\x90\xe6\xfe\x7d\x39\x28\xe6\x05" "\xd0\xbd\x4e\xcb\x5a\x83\x2b\x7a\x45\xcb\x76\x37\x42\xee\xb9" "\xd0\xea\xb8\x0f\x5d\x1a\xf3\x65\x82\x02\xe2\x8d\x6d\x8f\x21" "\xf0\xa8\x70\xd6\x36\xde\x09\x95\x90\xa4\x29\xe4\x1c\xf2\x4e" "\xa5\x8b\x15\xf0\x9c\xb0\x98\x0f\x82\x73\x2e\x65\x71\x43\x94" "\x77\x83\xd6\x81\x6b\xcd\x60\xba\x9f\xfd\x10\x3e\xaa\x01\xf3" "\x08\x7e\x55\x85\xba\x91\xc7\xca\x02\x93\x01\xa0\x95\xf8\x56" "\x96\xfe\x46\x03\xfd\xfa\x25\xab\x5d\xa3\x2b\xf3\xa4\xd2\x18" "\xfa\x1a\xaf\x94\xf4\x51\xef\xea\x79\x20\x13\xee\xff\x33\x35" "\xcf\xe8\xb1\x3b\xee\x3c\x7d\xae\xcd\xaa\xea\xd4\xc6\x05\x94" "\x01\xbd\xaa\xa6\x5b\x8c\x3d\x99\xcb\x9e\x8f\x2b\xf5\x07\xb9" "\x8b\x3c\x87\x08\xb1\x6b\x04\x59\x05\xff\xd4\x1c\x58\x04\xb0" "\x96\x37\x14\x5f\x24\x68\x19\x91\x41\x07\x34\x9a\x0b\xd9\xf5" "\x07\x35\x0b\xb4\x87\x35\x22\x8d\x47\x9c\x91\x59\x19\xfd\xe8" "\xe2\x11\xe6\x1f\xb0\x6e\xa2\xc1\x61\x18\x79\x5a\xcc\x72\x81" "\xa5\x47\x2e\x2e\xb0\xd9\x16\x58\x90\xb0\xbf\x02\xd1\x99\x30" "\x7a\x5b\x59\xf2\x61\xe5\x0f\x16\x29\x2e\x58\x58\x26\x96\x7f" "\xc9", 4096)); r[199] = syscall(__NR_writev, r[1], 0x20007000ul, 0x7ul); break; case 12: NONFAILING(*(uint16_t*)0x2001c000 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x2001c002 = (uint16_t)0x224e); NONFAILING(*(uint32_t*)0x2001c004 = (uint32_t)0x20000e0); NONFAILING(*(uint8_t*)0x2001c008 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001c009 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001c00a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001c00b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001c00c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001c00d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001c00e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001c00f = (uint8_t)0x0); r[211] = syscall(__NR_connect, r[1], 0x2001c000ul, 0x10ul); break; } return 0; } void test() { long i; pthread_t th[26]; memset(r, -1, sizeof(r)); for (i = 0; i < 13; i++) { pthread_create(&th[i], 0, thr, (void*)i); usleep(rand() % 10000); } usleep(rand() % 100000); } int main() { int i; for (i = 0; i < 4; i++) { if (fork() == 0) { install_segv_handler(); use_temporary_dir(); loop(); return 0; } } sleep(1000000); return 0; }