Backport request to fix a WARNING in sco_sock_sendmsg on LTS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

We have seen a WARNING message while fuzzing with syzkaller.


Kernel 5.15.54 on an x86_64

localhost login: [  104.557712] ------------[ cut here ]------------
[ 104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358 __alloc_pages+0x38a/0x410
[  104.559584] Modules linked in:
[  104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1
[ 104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
[  104.562190] RIP: 0010:__alloc_pages+0x38a/0x410
[ 104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb c5 <0f> 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff
[  104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246
[ 104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX: dffffc0000000000 [ 104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI: 0000000000040cc0 [ 104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 104.569196] R10: fffffff900000000 R11: 0000000000000001 R12: 0000000000000001 [ 104.570194] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 104.571201] FS: 00007fda701c7740(0000) GS:ffff888107080000(0000) knlGS:0000000000000000
[  104.572330] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4: 00000000000006e0
[  104.574149] Call Trace:
[  104.574503]  <TASK>
[  104.574838]  ? __sanitizer_cov_trace_cmp4+0x25/0x90
[  104.575535]  ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0
[  104.576391]  ? bpf_ksym_find+0x171/0x1c0
[  104.576985]  ? selinux_socket_sendmsg+0x207/0x2d0
[  104.577938]  ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[  104.578739]  alloc_pages+0x191/0x3f0
[  104.579258]  kmalloc_order+0x34/0xb0
[  104.579794]  kmalloc_order_trace+0x19/0xa0
[  104.580375]  sco_sock_sendmsg+0x10f/0x300
[  104.581228]  ? security_socket_sendmsg+0x8e/0xc0


I have attached the report and the reproducer. A similar warning is seen
on some testing previously.

Ref: https://lore.kernel.org/linux-mm/812dab5c-845d-df58-2752-abea7c07890@xxxxxxxxxx/

Commit: 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by
memcpy_from_msg()") is backported to LTS. So we have this bug on LTS
branches.

The Fix commit is not backported to LTS.
Commit: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg
with bt_skb_sendmsg")

I have tried backporting onto LTS locally.

Can you please backport the following commits to these branches.
4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y LTS. (applying from 1 to 7)

1. commit 38f64f650dc0e44c146ff88d15a7339efa325918 upstream
	("Bluetooth: Add bt_skb_sendmsg helper")
2. commit 97e4e80299844bb5f6ce5a7540742ffbffae3d97 upstream
	("Bluetooth: Add bt_skb_sendmmsg helper")
3. commit 0771cbb3b97d3c1d68eecd7f00055f599954c34e upstream
	("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg")
4. commit 81be03e026dc0c16dc1c64e088b2a53b73caa895 upstream
	("Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg")
5. commit 266191aa8d14b84958aaeb5e96ee4e97839e3d87 upstream
	("Bluetooth: Fix passing NULL to PTR_ERR")
6. commit 037ce005af6b8a3e40ee07c6e9266c8997e6a4d6 upstream
	("Bluetooth: SCO: Fix sco_send_frame returning
skb->len")
7. commit 29fb608396d6a62c1b85acc421ad7a4399085b9f upstream
	("Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks")


Notes:
3 is the fix for the WARNING.
1,2 are prerequisites for applying 3. At this stage the WARNING is fixed.
4,5,6,7 are necessary as they are fixing newly introduced commits by us.

This is a clean cherry-pick series(7 commits) on all mentioned branches(LTS 4.14->5.15)

I have tested all mentioned LTS branches with the reproducer(only) and the WARNING is fixed after applying these 7 patches.

Please correct me if I am missing something.


Thanks,
Harshit
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE 

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

const int kInitNetNsFd = 239;

static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto)
{
	return syscall(__NR_socket, domain, type, proto);
}

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
		syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
	syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
	syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
				intptr_t res = 0;
	res = -1;
res = syz_init_net_socket(0x1f, 5, 2);
	if (res != -1)
		r[0] = res;
*(uint64_t*)0x20004640 = 0;
*(uint32_t*)0x20004648 = 0;
*(uint64_t*)0x20004650 = 0x200025c0;
*(uint64_t*)0x200025c0 = 0x20000040;
memcpy((void*)0x20000040, "\xf0\x22\x33", 3);
*(uint64_t*)0x200025c8 = 0x20000043;
*(uint64_t*)0x200025d0 = 0x20000140;
memcpy((void*)0x20000140, "\xa6\xf0\xea\xb0\x8e\x0f\x59\x88\x04\x5f\xed\xb5\x2a\xb3\x24\x5f\x05\xdc\x8b\xef\x1e\x87\x1d\xf5\x54\x2a\xb8\x02\xf1\x80\x58\x4f\x88\x5f\xe5\xf2\xc0\xdb\x66\xeb\x90\xa8\x16\x4f\x91\xf2\x1c\x0a\x6d\xcb\xcc\xc3\x01\x46\x52\x20\x5a\x12\x8e\xe4\x0f\x7f\xf5\xad\x99\xd4\x34\x62\xb7\xcb\x28\x0f\x48\xea\x79\x14\xea\xde\x36\xd4\x2b\x5a\x01\xd6\x06\x16\xbd\xac\xae\x7b\x85\xea\x3d\x05\xac\xc8\x0f\x8e\xf6\x57\xd7\x31\x47\xe2\x18\x9d\x1d\xe6\xe3\x0a\x07\x90\x83\x1f\xeb\xe5\x59\x57\xdb\x45\x57\x0d\x6c\x9f\x99\xe0\x92\x2f\x68\x6f\xb8\x32\xc1\x6d\x9d\xc2\xcc\x7f\x34\x35\xd6\xba\xf0\x18\x15\x4e\x1e\x75\xfe\x35\xad\xc1\x34\xa8\xbf\xf8\xe4\xf8\x68\x5d\x99\xd5\x4e\x57\xb5\x4e\xb1\xc1\xa2\x63\xcc\x7c\xa1\x22\x39\x48\x9c\x20\x99\x8d\xa4\x88\xa8\xd5\xd6\x85\x30\x2f\xb9\x65\x5f\x87\x15\xc2\xa4\x3a\x5a\xf7\x77\x5d\x82\xc1\x09\x6c\xd3\x5b\x36\x95\x77\x43\xcf\x49\xef\x76\x72\x82\xc1\x81\x80\xaa\xdd\x85\xa7\x27\xb3\xd9\xcb\xf8\xb8\xd0\xd5\x93\x5d\x7c\xfa\xca\xb8\x0d\x79\xf7\xd3\x6d\x60\x8a\x6a\x91\x79\xe3\xc8\x7f\x16\x80\xb2\xbc\x15\x4a\x81\xd8\xbb\xe7\x93\x4a\x29\xeb\xd5\x88\x0e\x2c\xb0\xef\x9f\x7a\xa0\xec\xd9\xb8\x18\xaf\x10\x1a\xa3\x7b\x65\xa4\x99\xe6\xa4\x3c\x35\x63\x42\xb4\x57\x6f\x65\x65\xfc\x96\xaa\x13\xd2\x90\x0f\x1f\x6b\x0e\x10\xff\xdc\x04\x6d\x52\x44\x1e\xe6\xb5\xea\xfb\x69\xce\x8e\x27\x9f\x5a\xb2\x78\xb4\x46\x99\xa4\x36\x8c\x6c\x35\xd7\xa0\x45\x1c\x99\x38\xa5\x2f\xdb\x07\x71\x92\x58\x41\xb9\x10\x0a\xe5\x0c\x8b\xf7\xec\x2f\xda\x3f\x7a\x2b\xd6\x98\x2a\xcf\x80\x7a\xa0\x1d\x71\xc6\xa7\xc7\xa9\xed\xe7\x34\xc2\xed\x63\xd8\x33\x66\x87\xbe\xba\xff\xbc\x8c\xd2\x85\x6b\x47\x85\xde\x0d\x53\x7d\xf7\xa7\x3f\xb8\x3b\x2a\xd3\x20\x86\x26\xc5\x5d\xd4\xf4\xf9\x91\x8d\x44\x33\x16\xa4\x7c\xe5\xcc\x3f\x33\x10\xae\x40\x5c\xdf\xed\x11\xa2\xb6\xa4\xc3\x04\x9b\x03\x85\xfd\xc5\x6d\x5b\x01\x55\x9c\x61\xc2\xae\xae\xbc\x10\x14\xae\x20\xa3\x9c\x29\xb1\xa8\xf9\x4c\x1c\x3a\x32\xc3\x3e\xfb\xbf\xea\xc7\xfc\x68\x6c\xe1\xc0\x9f\xa1\x9f\x20\x09\x8a\x0c\x70\xa9\x23\xe0\x1c\x0e\xbb\x6b\x7a\xe2\xe0\xce\x45\xdf\x60\x3a\x1b\xa1\x79\x79\x16\x68\x3f\xb6\xfb\x19\x9a\x60\xb0\x39\xec\x52\xae\x5f\x7a\xb6\xb0\xcb\x29\x17\x0c\xf2\x42\x52\xd8\x2a\xa8\x5f\xe3\xd1\xd4\x6a\x2e\xd4\x22\x3e\xa7\x4d\x42\x74\x05\xb7\x1a\x82\xab\x1e\x1c\xa4\xe8\xb1\xe0\x98\x3f\x24\x38\x34\xc2\xe1\x64\x79\x6e\xa8\x20\xad\x2e\x5c\x40\xc9\x62\x11\xce\xdc\x08\x0c\x9d\x40\x03\x08\x9f\xff\x10\x40\x78\xa7\x6f\xed\xb5\x58\xcc\xde\x78\xf6\x5e\x4f\xb2\x51\x5b\x4a\x89\xc7\x69\x7c\xd7\x12\x7d\x91\x2f\xcc\x28\x48\xfe\xb7\xe0\x67\x5e\x48\x83\xf4\xde\x6f\x0f\xc1\x98\x7b\x15\x74\x4d\xd0\x94\xa5\xe3\xd9\x89\xab\x28\xd0\x02\x00\x03\x64\x87\x82\x2e\x95\x7e\x90\x4a\x12\x7e\x55\xf4\x3e\xd3\x52\x8b\x7e\x01\x02\xde\xf3\xe0\x7e\xd6\x69\xed\x8c\x49\x2a\x91\x7c\x74\x1b\xf3\xf5\xfb\x2f\xcf\x10\x3f\x72\xbe\xd2\x2f\x65\xb8\x9e\x34\xed\xaa\x92\xa3\x79\xed\xaf\x96\x98\x7e\x62\x8c\xb5\x20\x31\xad\xfb\x9a\x36\xe2\xe6\x9d\x9a\xe3\x53\x3f\x0c\x5c\x2d\xe4\xe2\x9a\x94\x16\x68\xf0\xf4\x78\xb1\x08\xc9\x4a\x89\x8b\x7b\x84\xaa\xeb\xf6\xff\x68\x5d\xad\x93\x7c\x9d\xa1\xb8\x7b\x8f\xba\xb4\x6f\x28\x00\x0b\xa6\x56\xe4\x14\xc4\xce\xb4\x4f\x73\x4b\x3d\x68\x1a\x2d\xb7\xef\x6a\x52\x3b\x1c\x7a\x34\xbc\x58\x1e\x53\xe3\xfd\xd0\xd2\x79\xf6\x37\x08\x50\x8d\x36\xfb\x58\xd1\x72\x51\xc9\x68\x9b\xce\xe2\xb9\xdb\x48\x31\xed\xef\xdd\x8e\x12\x02\x84\xd7\xeb\x48\x86\x63\x71\x21\x90\x9e\x65\x69\x31\x8b\x75\xc4\xcc\x5f\xe8\x9c\xac\x5c\x31\x3f\x7e\xb4\x0b\xaa\x57\x0b\x81\x6f\x8a\xc6\xaf\x75\x6d\x28\xab\x95\x81\x83\xc8\x8f\x57\xf9\x5a\x2c\x02\xff\xda\xa4\x9a\x5f\x8a\xa8\x78\x9e\x26\xe3\x58\xb6\x78\x58\x1c\x52\xb3\x6a\x6b\xe7\xe5\xd7\x59\x19\x5a\x5b\xcc\x02\xe1\x6a\x98\x1b\xa4\x73\x03\x4c\xd2\x85\xd9\xb3\xcc\x2b\x4f\xf7\xac\x19\xba\x48\x3b\x11\x10\x02\x41\x8c\xef\x80\xd9\x9c\x77\xff\xfc\x7a\xbf\xc2\xcc\xfa\xf1\xe5\x31\x7a\xb6\x25\x8c\x85\xb4\x62\xd6\x22\x63\xe9\x6f\xae\x16\xad\xc0\x22\xd1\x03\xa1\x62\x69\x80\x2b\xcf\xdd\x15\x71\x44\x95\x20\x1d\x85\xd2\x1d\xa4\xc4\x47\xc0\x68\xff\xdc\x2d\xd3\x92\xf7\x54\xc3\x44\x24\xca\x1a\x60\x87\x46\x2b\x73\x72\xe3\xeb\x9f\xe2\x56\x21\xe9\xee\x5c\x3c\xfd\x8f\x15\x1c\xc7\x81\x33\xbb\x3d\xe5\x15\xc9\x20\xef\x83\x73\xf1\x51\x91\x9b\x49\x08\xd3\xed\xcb\x13\xa4\xe5\xd8\xe5\x8a\xf5\xc3\x05\x2b\x94\x3c\x84\xee\xf4\x0c\xde\x32\x53\xf3\xf0\x50\x00\x89\xd6\x35\x11\xf4\x7f\x16\x92\xab\x8d\xe3\x8e\xa5\x58\xab\xec\xb6\xe8\xa4\x51\x1d\x8e\x8c\xfc\x2c\xd9\xca\xa2\xa4\xa2\x45\x99\x59\xd1\x9e\x2d\xb4\xa2\xa4\xe0\x76\x55\xf7\x0c\x94\x02\xac\xad\x21\xd4\xac\x6d\x56\x93\x11\x3f\x49\xd6\xc8\xfd\xab\xb9\x94\x1c\x4b\x61\x53\x25\x1c\xcf\x3b\x00\x9b\xc7\x1c\x88\x26\x4c\x32\x4e\xf1\xa7\x63\xec\x9c\x7f\xdb\x29\x82\x03\x7d\x30\x5e\x13\xa7\x72\x48\x22\x00\x04\xba\xcd\x21\x09\xcd\xed\x16\x05\x01\x7c\x41\xcb\x3b\xf3\x0c\x27\x1a\x9e\x5b\xfc\x09\xec\x72\xf5\xf3\x33\x08\x10\x0d\xf4\xb1\x08\x7a\xf6\xc3\x55\xd9\x51\x14\x0a\xe0\x8b\x00\xc1\x52\x44\xe6\xed\xb1\xd3\x8b\xa1\x44\xf1\x50\x35\xe3\xcb\x11\x6f\x16\x4c\x1e\xdf\xad\x35\xe1\x7b\x9f\x7a\x3e\xf6\xbf\xd9\xb1\x6a\xff\xaa\xed\x75\x0a\x3f\xed\xd7\x09\xbf\xab\x95\x6b\x55\x66\xc3\x88\x9e\xd1\x6b\x90\xd0\xde\x2d\xd6\xf7\x7e\xd7\xf1\xd9\xa2\x5a\x65\x72\x06\x9b\x1f\xb1\x46\x36\x76\x1e\xe3\x59\x00\xdc\xce\xda\x13\x67\x7d\xa2\x66\xf2\x13\xb0\x30\x58\xd9\x0b\xc5\x4f\xbf\x94\xb3\x63\x0f\x64\xcb\xae\xc1\x72\x22\xb9\xbe\x37\x89\x52\xd2\x39\x8b\x5b\x83\x8d\x20\xf2\xa5\x1f\xa2\x08\x78\x69\x35\xd9\x8e\xeb\xe4\xdc\x15\x42\x6d\x21\x64\xf8\x2c\x40\xa4\x4b\x7e\x99\xd0\x5d\xf5\x7f\x32\x2e\xdd\x98\x12\x36\xe8\x23\xd9\x33\xff\x52\x36\xc2\x36\xfb\x89\x19\xbd\x6e\x56\x14\x09\x76\x61\x9d\x63\x79\x17\x71\x7b\xd5\x24\x1f\xb9\x94\xfb\x2c\x6d\x01\xc6\x33\x50\xe6\xd5\x0f\x50\x07\xb9\x71\x78\xff\xcd\x0b\xd2\x15\xbe\x53\x90\x76\xd9\x68\x4a\x4a\x78\xd5\x3d\x66\xe8\x76\xf8\x65\xbd\x59\x79\x8f\x00\x97\x50\xd7\x35\x03\x88\x91\xb9\x6a\x90\x31\x5e\x38\x96\xa0\xe1\xab\xfc\xc6\x69\xd0\xf3\x79\x87\xf7\xa9\x65\x1d\xb2\x73\xa7\x3e\xb3\x67\x18\x75\x20\x93\x40\xa5\x38\xc2\x01\xfc\xa9\x8c\x63\x54\x90\x18\x4c\x9e\x13\xef\xb1\xad\x2f\x3b\xa3\x7c\xf8\xae\x82\xf1\xf5\xc8\xcd\xc4\x76\xfb\xff\xe9\x4c\xe6\x86\x60\x16\x4f\xd9\x34\x0d\x37\x01\x8c\x57\x0e\x25\xe4\x60\xdb\x56\x92\x30\x6f\x1e\x22\x91\x12\x7f\x4a\xeb\x26\xd8\x0b\xf0\x3d\xd9\x38\x0a\xc6\x71\xb3\x3f\xd1\x64\x6e\x81\x5b\xe2\x7d\x41\x27\x5c\x4f\x5d\x10\x25\x69\x53\x8f\x76\x3d\xa0\x06\x50\x62\xc1\xc6\xdd\x19\xfb\xdc\xc8\xf1\x21\xfd\x33\x8f\xdf\x42\xe0\x20\x05\x08\x43\xd6\x43\x0a\xa7\xf6\x97\x81\x4b\xc3\x83\x69\x4d\xc6\x37\x17\xf6\xcb\xbd\x8d\xff\xf4\xee\x73\x2a\x08\x89\xb4\x51\x0d\x04\xda\x83\x61\x8d\x3a\xda\xd6\xcd\xec\x0a\x9c\xfa\xaf\x10\x54\x4f\x1c\xfe\xed\xf9\x23\x83\xc5\x27\x13\xc8\x96\xd2\x22\x90\x5c\x22\x28\xad\x5c\x3a\x82\xed\x6e\xda\x76\xa6\x69\x61\xa3\xa7\x88\x07\x0a\x9f\x54\xba\x23\xa1\xe7\x5e\xe5\x85\x18\xae\xf1\x8e\x91\x78\x99\xb6\xa4\x63\xab\x3b\x62\x90\x50\xef\x9c\x96\x64\xca\x63\x14\x4f\xc3\x07\x61\xfc\xbf\x29\x5a\x68\xee\x04\xe9\xa5\x2c\x72\x2f\xbf\x87\x3e\xf3\x3a\x43\x4e\x03\x7f\xa8\x34\xc0\x64\x05\xb9\xd0\xce\x72\x62\xc8\x6b\x08\xc3\x8a\x14\xba\x3e\x92\xf0\xce\x41\x41\x00\xdf\x89\x23\xf5\xbe\xb2\x45\x37\x7c\x38\x3b\x92\xca\xdb\x30\x33\xb9\xd4\xda\x0c\x55\xf5\x3a\x18\xc8\xd1\x7e\x43\x1d\x09\xb7\x39\xfc\x8c\x62\x92\x90\xa4\x70\x01\x43\x29\xa6\xf6\x69\x22\xed\x4d\x4d\x4b\x85\x63\x77\x2e\x2f\x86\xc4\x88\xc4\xe1\xe9\x2d\xe5\x41\x52\xe3\x19\x96\xc6\x33\x05\x83\xb8\x52\x20\x55\xe6\x84\xc1\x32\x78\x91\x33\x28\x22\x94\x7f\xa0\xae\x55\xeb\xd5\xe7\xcb\x01\x3b\x05\xd3\xd8\xd5\x8e\x33\xf0\xcc\xea\xa9\x99\x1e\x2f\xb7\x2a\xc4\xb3\xd8\x41\x99\x70\x6a\x7e\x35\x52\xb7\x54\x53\x48\x7b\x9d\x2e\x96\xcd\xbc\x96\x2f\x59\x59\x60\x7a\xc6\x28\x3a\xfb\x87\x84\x23\xbd\xdc\x61\x6a\x08\xb5\xe9\x35\x69\xad\x02\xed\xc2\xc1\x84\xa8\xf5\x09\xb2\x49\xe2\x17\x79\x8a\x23\x2d\x61\x81\xe3\x03\x7e\xdb\xe6\xe5\xe5\x8c\x55\x26\xf9\x35\xfa\x33\x8a\x53\x48\xc7\x2a\x10\x83\x08\x89\x94\xb1\x8c\xcb\x3b\xfb\xc8\x86\xd0\x56\x87\xbd\xb9\x3d\x02\x22\xfc\x7c\x98\x57\x10\x83\x1d\x79\x2e\x76\x01\x4b\x37\x29\xf7\x07\xb3\x32\x81\x60\x55\xf1\x08\xc2\x58\xfc\x41\x7b\xa6\x21\x25\xa1\x6c\x51\xb4\xc9\xd9\xa4\xc8\xee\x54\x5f\x31\x26\xd1\x95\xa5\xb3\xae\x40\x17\x13\x91\xce\x2c\xb6\x91\xbd\xda\x13\x57\xbe\x33\x19\x99\xcf\x27\xfc\x90\xb0\x52\x76\xa2\x7a\x41\xd4\x96\xf0\x13\x4d\x6a\x0d\xec\x45\x11\x4d\xcb\x59\x10\xfc\x87\x9a\xe8\x98\x35\x23\x02\x74\x3b\xa0\x37\x6b\x14\x1d\x20\x7d\x61\xcb\x52\x6a\x00\xbe\x2c\xa2\x2b\x96\x48\xfc\xe5\x1b\x05\x87\x22\xf0\xe6\x3e\xfb\x70\x7c\xeb\x56\x4c\x52\x22\xcb\x41\xd1\x03\x16\xc0\x64\xae\x71\x3f\xb5\x1a\x17\x5d\x4c\x64\x24\x51\xeb\xbf\x34\xb1\x88\x9c\x1c\x23\xb1\x0a\x9b\x6a\xf2\x58\x41\xb7\xbf\x02\x90\x93\x80\x56\xe3\x47\x60\xbb\x02\x7c\xfe\x7f\x3e\xde\x2d\x5f\x38\xb9\x76\x67\xa1\x94\x2e\x49\x6f\x2b\xbe\xce\xfc\x21\x0a\xb7\x3c\xaf\xe1\x72\x1b\xec\x86\xd3\x5c\x45\x5f\x72\x09\xb3\x52\x4f\x83\x87\x62\xc1\xf1\xe6\x7b\x3a\x04\x15\xac\x1a\x02\x6f\x41\xa2\xe8\x0b\xc2\xb2\x2a\xef\x8c\x82\xed\xa8\x44\xf8\x7d\x9d\xd8\x1a\x80\xde\x21\xdb\x40\x95\x88\x88\x9f\x00\xf5\x43\x84\x7c\xd7\xdd\x5b\x61\x41\x1a\xcb\x3c\xfd\xd2\x4a\x85\x62\xac\x7e\xcd\x8a\x83\xc6\x1d\x4a\x24\x22\x1a\x8a\x79\x5a\x95\x29\xeb\xc4\x2a\x52\xb5\x1e\x69\x29\x03\x5b\xa8\x8e\xda\x2c\x2b\x70\x43\x05\x6c\x95\xdd\x67\x3c\xc5\x25\x4f\xc8\x54\x96\x9e\xfd\x99\xaa\x7c\x1d\x44\x23\x36\x74\xca\xfb\x21\xdf\x55\xfb\x5f\x78\xec\x2c\x47\xb6\x41\x06\x8f\x90\x97\x9e\x52\x0f\x0d\x94\x67\x54\x34\x16\x36\x71\x86\x83\x2c\x47\x22\x27\x8c\x6f\x66\x50\x78\xbb\x49\x6b\x2b\x78\x22\xd9\x4e\x2f\x3d\xb5\x33\x6b\xc7\xf0\x2c\x3f\x51\x86\x8e\xd5\xea\x46\xc8\x23\xcf\x70\x61\xf1\x2e\x2e\x31\x8e\xc9\x8b\x5e\x5d\x0c\xad\x34\x4a\x7a\x38\x89\x7d\x95\xab\x54\x2f\x25\x1e\xe3\x68\x6e\xf5\x76\x6e\xae\x14\xfe\xae\xb4\x55\x7a\x9d\xad\x1b\xff\x37\x21\xe1\xef\xdd\xe1\xcc\xdc\x47\xbe\x8e\xeb\x88\x41\x86\x44\x1f\xc7\x5b\x44\x7a\x0b\x5a\x80\x38\x5b\x62\x4f\xf2\xe3\x10\xee\x51\x07\x8f\x79\x6f\x27\x72\xa6\x43\x0e\x1b\x53\xfc\xf3\xb5\x5e\xdf\x9b\x1d\x51\xbf\x8d\x36\x9a\xc7\x75\xae\x2a\xd1\xff\x56\xb3\x20\x9e\xf9\xcc\xad\xbf\x9a\xf4\xc3\x60\xf7\x01\x22\xfb\xfc\x4c\xd1\xe6\x53\xb7\xaf\x75\xef\x98\xd6\xc5\xe2\xe1\xff\x7a\xbb\x6b\xbe\x78\x5e\x62\x7e\x1f\x1d\x7c\x35\x45\xb3\xbc\x7f\xef\x0f\xaf\x6b\x90\x4b\x07\x6f\x13\x54\xd7\x6c\xfd\xa1\xf2\xe5\xb8\x56\x4d\x46\x0d\x56\x33\xfa\x4f\x0f\xe9\xe8\xfe\xb5\xd4\x61\x25\xa4\xcd\x59\xb4\x5c\x08\x77\xc0\xce\xaf\xe3\x79\xe1\x61\xda\xf8\x61\x30\x4c\x74\xcc\xe1\xef\xb1\xcd\x1d\x1e\x5b\xee\x53\x6f\xfb\x0a\xa5\x76\x2d\x42\x52\xc7\xba\x8e\xa5\x06\x41\x8e\xf4\xbd\x46\x3c\xd8\x8f\x6d\xc7\xff\xd3\x69\x47\xc8\xf9\xc1\x1b\x1a\x51\x60\x12\x59\x80\xd7\x54\x00\x1f\xc5\xe2\x69\xe2\xab\xde\x03\xbd\x0d\x7d\x3c\x1f\x93\xc4\x5a\x1f\xe2\x02\x8a\xfa\xc0\x55\x2b\xc1\x3f\x1b\x01\x01\xd8\x4e\x81\xca\x3a\x8d\x86\xf3\x8a\x81\xf1\x65\x7d\xf1\x77\xf4\x65\xf6\x8f\x5e\x07\xe3\x38\x00\x23\xf0\xf6\xb1\x08\xc1\x38\x1f\xb5\x82\xac\x42\x48\xe1\x8b\x08\xe9\xe9\x24\x33\x84\x26\xa2\x4a\xa7\xea\x4b\x2b\xb8\x06\xca\xfd\x23\xb2\xae\xa1\x15\xaf\x52\xc0\x54\x1e\x4f\xde\x1e\x98\xb2\x5c\x5d\x26\x79\xa0\x61\x18\x06\x49\x9e\xcf\xcf\xd9\x5b\xa9\x59\x4c\xd1\x11\x18\x1c\x29\x41\x0e\x72\x22\x2f\x8c\x4d\x04\xa3\xe1\x54\x7f\x62\x73\x00\xa2\x39\xda\x7a\x30\x1f\x0d\x2e\x17\x16\x83\xc7\x20\x34\x0e\xa0\xce\x76\xdc\x76\x76\xb5\x0e\x43\xf0\x3b\x0a\x03\x09\xa2\xf9\x1b\xf2\xf9\xc3\x02\xbb\x13\xd3\x69\x31\x04\x3a\x52\xa6\x02\xb6\x9f\xff\xba\xc5\x8f\xe8\xf6\x62\xf6\xac\x7a\xfe\x76\x6b\xeb\x5d\x18\x5a\xa3\x42\xa6\x73\x35\x3b\x29\x53\x00\x64\x38\x6c\x18\xe1\x56\x1d\x7c\xde\x08\x2a\xcf\x2d\x22\x0a\x7d\x0a\x1b\xf1\xa5\x74\xb6\x1c\x7a\xd7\x30\xf9\xf4\x60\x9c\xec\xdc\xa9\x2f\x7f\x9c\x23\x1e\xa9\x0b\x67\x2b\x44\x8c\x30\x29\xd7\xc4\xef\x57\xd4\xed\x46\x8a\x94\x65\x7e\xef\x5d\x3e\x91\xc5\x45\x14\xab\xbd\x78\x4a\xdb\x9d\x68\x8a\x9b\x81\x43\xca\x39\x25\x1b\x04\xe1\xdf\xf6\x1f\xcd\x18\xed\x86\xd2\x42\x07\x67\xde\x18\x69\x8c\x9c\x93\x88\xf1\xd6\x25\x7b\xb3\x62\xfe\x77\x92\x3e\xb1\x85\x94\x53\x9f\x51\x9c\xac\x40\x1d\x34\x39\x5b\xf9\x03\xb2\xea\xf7\x7c\x4c\x52\xf8\x16\x29\x75\xba\x13\xfc\x8c\x91\x6f\x0e\x1b\x9b\x1a\xf8\xf9\x2c\x54\x41\x77\x2c\x74\x0c\x5f\x6d\x89\x68\xc9\x17\xa8\x15\x48\x07\xb2\x56\x9e\xbe\x44\x81\x75\x3f\x15\x3e\x7d\xee\x5a\x58\x0d\xa1\x4b\xae\xc6\x38\x29\x79\x2f\x53\x12\x0d\x6d\x1a\xe0\xea\xa0\xe2\x6a\xeb\xb5\x87\xe7\x59\xa2\xd5\x74\x99\x18\x88\x97\x4e\xdf\x29\x70\x27\xf2\xb0\xbd\xc8\xe4\x06\xef\x24\x35\xb6\x96\x7e\x19\x1f\x5c\x9f\xec\xd0\x50\xd8\x5e\x20\x0d\xd3\x60\x9f\xcb\xcc\xb0\x00\xd1\xd3\xb6\xf5\xb2\xda\x64\x88\xb5\xa4\x21\x90\xa0\x3e\x5e\x6d\x6d\x0d\x58\x15\xa7\x74\x28\xf9\x2b\xe4\xb0\x18\xec\xd7\x29\x1b\x4d\x18\x5b\x12\x89\x3a\x57\x67\x8c\x4d\x4d\x3f\x86\xb3\x4f\xcf\xad\x24\x63\xc6\xcb\xe6\x67\x7b\x01\x63\x73\xf0\xc3\x49\xa6\xd1\x72\x81\xdc\x74\xf6\x51\x75\x81\x78\x87\x80\x38\xc0\xad\xed\x0c\xa8\x4f\x6b\x2e\x62\xbf\x33\x4b\x65\xb6\x51\x94\xf5\xf8\x24\x9e\xd9\x24\xd4\xff\x99\xd6\x0f\x4e\x24\xb9\xea\xf2\x39\x22\x3d\xce\x4a\x8f\xc9\x22\x93\xfc\x00\x85\x59\x2e\x99\xa7\x0e\x92\xde\x22\x7d\xaf\x1c\x62\x54\x43\xd0\xc5\x76\x66\xa7\xf8\x4e\x8d\x14\xba\x6c\xed\x0c\x53\x76\xb4\x11\xb0\xf9\x23\x78\xcd\x60\x5e\xf7\x31\xfc\xd4\x37\xf3\xf7\x32\x8f\x51\xec\x8f\xf0\x1e\x25\x15\xb8\x4f\x58\x15\x81\x93\x2e\x75\xe4\xad\xee\x53\xa2\x57\x9d\x9c\x9f\xc9\xf8\x18\xd3\x90\x36\x39\xe7\x6b\xce\x73\x45\x61\x26\x5a\x7b\xfd\x98\xfd\xb6\x87\x71\x49\x2f\xb2\x00\x54\x55\x4e\xa5\xe8\xd4\x8a\x07\x9e\x70\xdb\x29\x31\x00\x8d\x20\xa0\x52\x1f\x53\x95\x72\x91\xd8\x12\x3d\xa1\x03\x7d\x1d\x02\x55\xcd\x43\xce\x69\xf3\xdc\x3f\x98\xfd\x01\x05\xd7\x9a\x77\x2e\xef\xe7\x2f\x09\xf9\x17\x9d\xc1\x19\xed\xfc\xf8\x03\x25\xfd\x93\x15\x03\xa8\xc4\x72\xf4\xbd\xc1\xe1\x6d\xb0\x91\xef\x21\xa5\x48\x06\x59\xfb\xc6\x9c\xb3\xf8\x5e\x29\xee\xe6\xd2\xef\x00\xb1\x0c\x75\xd0\x3e\x88\x4a\x89\xbc\xf2\xc8\xc9\x16\x5c\x89\xce\xa2\x7b\x4f\x6a\x94\x78\x2b\x15\xef\xa8\x88\x11\x80\x96\x3a\x85\x39\x6b\xe3\x6e\x34\xfb\x36\x37\x18\xd8\x69\xc1\xa9\x0f\x70\x08\x32\x68\x86\x8f\x0a\x52\xf9\x2d\x64\x3d\x80\x30\x42\x50\xde\xa1\x01\xde\x7b\x46\xc4\x68\xfc\x54\x14\xe2\x42\x00\xab\x44\xf9\xc3\xf6\xf4\xe5\xf5\x1a\x76\x50\x3e\x12\x7a\x46\x9b\x58\x28\xc9\x7f\x87\x5d\xf6\x9f\x3d\x6c\xe8\xa5\x62\x02\x00\xf6\x82\x72\xd1\x66\x12\x50\x41\xbf\x68\x8d\x78\x1e\xd7\x42\x0d\x9a\x3c\xc2\x8e\x79\x75\x59\x8a\x11\xaa\xf4\x00\x05\x0c\xd8\x1c\x70\x03\x08\x65\x71\x7c\x4c\x8c\x07\xbc\x2f\xf3\x31\x24\x91\x9f\x1d\x94\x87\xf3\x34\xb0\x7a\xa9\x7f\xf9\xd9\xb4\xc6\xac\x17\xa9\xd9\x1a\xeb\xc1\xcc\x42\x32\x65\xea\x4c\xd2\x9b\xf7\xe1\xea\xb4\x7c\x58\x83\xd7\xb6\xc3\x70\x9b\x3c\x3b\x6d\x17\x4d\xc1\xc7\xd3\x4f\x3f\xb1\xad\x62\xeb\xa6\x6a\x1f\xe4\xeb\xe4\xb1\xfa\x8e\x95\x37\xbb\x45\x87\x4c\xd9\x8c\x6c\x6d\xd5\x89\x61\x07\xb9\xe9\x6f\xdf\x26\x26\x71\x33\x79\x10\xa1\x82\x1d\x88\xaf\x12\xd7\x28\xac\x96\xf4\x97\xeb\x91\xf6\x1a\xe1\x1f\xe2\x93\x15\x7c\xdd\x68\x86\x1c\x9f\xa4\x9b\xd3\x06\xa0\x31\xab\x87\xd5\x07\x63\xa8\x19\x91\xb5\x99\x67\x35\xe7\xee\xaf\x4e\xaf\x0a\x60\x44\xdb\x16\xc0\x7b\x3e\x07\x33\x71\x9e\x0e\xef\x10\x05\xfe\xd4\x39\x95\xa4\x85\xe6\xc1\xd6\x50\x83\x99\x02\x5e\x4d\x36\xa8\xf6\x29\x22\x48\xb2\x56\xdc\x42\xcc\x8b\x35\x08\x8e\x2c\xc9\x86\x4a\x1b\x4c\x23\xc1\x07\xa6\xc6\x77\x2a\x61\x3f\xf7\x58\x58\xe5\xde\xbf\xf7\x10\x84\xfb\x22\x10\x4f\x79\x3e\x00\xff\xe5\x77\xd8\xfe\x19\xd5\xb1\x0a\x51\x6c\x25\xe5\x31\x04\xb1\x77\x06\x92\x54\x5d\x85\x9d\xbd\xb0\x67\xe1\x99\xd5\x99\x9e\xc7\x9a\x13\x75\x04\xe4\x17\x3d\xd4\x56\x68\xe6\x93\x96\x04\x65\xf6\xd5\x7b\x25\xae\xcb\xc2\xd1\x53\xa1\x40\xbc\x80\xe8\xca\xc4\xf9\x27\xe0\x51\x78\x48\x67\xc9\x80\x19\x05\xb6\x2c\x91\x9f\xd3\x7c\x3c\x55\xdd\xb7\xad\x30\x93\x29\xde\xbe\xec\x6f\x4f\xb6\x67\x07\xaf\xff\x8b\x5a\x61\x82\xd0\x9c\x19\xdc\x54\xe2\x6d\x26\x92\x0f\xd9\xfa\x0d\x76\x82\x87\x84\x7b\xf3\xa6\x69\xc7\xf1\x7e\x6e\xb8\xa8\x00\xb2\xcf\xfc\xe4\xdd\x05\x52\xe6\x26\x66\x97\x6f\xa0\xe5\x79\x65\xf7\xd1\xc2\x71\x84\x9d\xde\xc6\x1c\x71\x1e\xc9\xeb\x1e\x17\xba\x34\x3e\x36\x28\x88\x0d\xb5\x7a\xc3\xbd\xa2\x21\xb8\xd6\x5b\x6e\x74\x79\xf0\xc8\xe3\xa2\x40\x16\x92\xba\x71\x01\xad\x16\xdd\x96\x7d\xb9\x03\x77\xe2\x9c\x2f\xae\x78\x37\x0b\x58\x6f\x32\x23\xf2\xb8\xca\x71\xc9\xf7\x56\x86\xf3\x96\x53\xc6\x72\x28\xe1\x09\xb7\x49\xfd\x45\xaa\x21\x81\x72\xa0\x3d\xae\x32\xcc\x3c\x41\x7e\x5f\x6a\x52\xd0\xd4\xd8\x3e\xec\x8a\x1d\x02\x50\x45\xcc\xdc\x8f\x62\xed\xd1\x10\xf4\xae\xa0\x98\x96\x7c\xb8\x4a\xd4\xb3\xaa\xe4\x6d\x19\x72\x0e\x35\x31\xae\x1b\xcc\xfa\x7b\x96\xed\x64\x6d\x38\x07\x10\xe4\x4d\x8b\xea\xdb\x3d\xe1\xa9\x31\x77\x77\x9a\x7d\x42\xe1\xd8\xdd\x01\x38\x2b\x20\x17\x57\x13\x2a\x8c\x5a\xfb\x5a\xdb\xcb\x96\x9b\xff\x0a\xd5\x4c\x9a\x3c\x99\xe4\x49\x67\x52\x21\xf0\xc7\x1e\xbd\x60\xed\xc9\xcb\x81\x10\x88\x28\xfe\xf7\xb1\x23\xbd\xfb\xbe\x6a\x30\xcb\x07\xd5\x36\x78\xfb\xae\xfe\xc8\x2c\xc0\x92\xc1\xaa\x80", 4096);
*(uint64_t*)0x200025d8 = 0x1000;
*(uint64_t*)0x200025e0 = 0x20001140;
memcpy((void*)0x20001140, "\xa9\xb8\x8a\xe0\x5c\x48\xde\xa3\xdf\x9c\xe1\xb7\x3d\x6a\xb4\xab\x15\x1b\x10\x3a\xf0\xba\x25\x2f\xe9\x62\x27\xfa\x8c\x83\xc2\x91\xf5\xae\x2b\x00\x11\x28\x63\xb1\xd3\x4a\x64\xb1\xc9\x6d\xba\x53\x6e\x51\x5b\x1f\xa0\x49\xd4\x8c\x5b\xba\x53\xf5\xa1\x56\x83\xea\x4f\xe0\x05\xb9\x74\x6b\x05\x0c\x5e\x40\x7b\x53\x60\x5d\xa2\xc2\x72\x38\x78\xd2\xd8\x42\xbe\xdb\x39\x82\x4b\x6c\x07\x1a\x0b\x31\xcb\x0b\x0e\xd5\x9e\xa9\x3f\xd2\x7f\xd4\xa6\x0f\x41\x79\x83\xa1\x20\x02\x1c\xe7\x2e\x3e\x58\x68\x42\xc3\x28\x99\xdd\x13\xc1\x87\x8a\x07\x8e\x40\xe1\x49\x05\xd2\xdd\x73\x29\xe6\x3f\x59", 142);
*(uint64_t*)0x200025e8 = 0x8e;
*(uint64_t*)0x200025f0 = 0x20001200;
memcpy((void*)0x20001200, "\xd0\xa1\x24\x85\x38\x38\x34\x7c\x2b\x3e\x6c\x4d\x16\xeb\x0a\x6f\x1b\xd7\x9e\xaf\x2a\xe9\xe2\xa2\xba\xe9\x6c\xee\xac\xa3\xda\xb7\x94\xdd\xa3\x4b\xff\x30\xf0\xc2\xba\x6f\xaf\x07\x0e\x70\xd4\x9d\x31\x19\x24\x75\xbd\xad\x80\x28\xa9\x0c\x67\x22\xf9\x4d\x5c\xed\x27\xbd\x1e\x8b\x55\xee\x9a\xf2\xb3\x34\xb1\x74\x5a\xf6\x1a\x5a\x47\xbc\x4d\xe8\x5e\x87\x68\x51\x07\x67\x9f\x1c\xd6\x36\x9f\xd4\x1d\xee\x35\x6d\x59\x02\xa8\x29\x2a\x50\x50\x1c\xf0\xcd\x89\xb8\x3c\x18\x12\xd0\x47\x9c\x8f\xc6\xd4\x07\xc5\x8e\x97\x98\x3b\xe5\x11\x9f\x1d\x77\x61\xae\xd5\x79\x5b\xc1\x8f\x82\x00\x3b\x08\x4d\x56\xd7\x91\x23\xbb\x7f\x1f\x57\xca\xb3\xa0\x42\xf3\x4d\x43\xaa\xfa\x65\x58\x92\xb0\xfb\xe0\xee\x28\x28\x1c\x5f\xfa\x00\xe3\x31\x2d\x3d\xcb\x6e\x56\xb0\xdc\x3c\x5b\x46\xae\x57\x24\x26\x1f\x04\x2c\x34\xe8\x27\x9b\xfe\x14\xe6\x59\x4e\xf2\xd5\xe7\xe1\x1d\xb5\x19\xa2\x3f\xc3\x57\xb1\x76\x83\x3a\x35\x1a\x69\xeb\xf8\x10\x83\xb2\x32\x75\x6c\x0e\x4a\x24\x4c\xe5\xcb\x78\xd1\xb2\xfd\x21\x7f\xe6\x1f", 242);
*(uint64_t*)0x200025f8 = 0xf2;
*(uint64_t*)0x20002600 = 0x20001300;
memcpy((void*)0x20001300, "\x2a\x77\x80\xfc\xf7\x67\xcf\x06\x9b\xcf\x3d\x04\xca\x4c\xe2\x03\x02\xdb\x2e\x4b\xe7\xa3\xd7\x07\x3d\xd6\xbe\x09\x63\x5c\x95\x87\xe5\x4e\x11\x12\xa8\xf7\x70\xc5\xf8\x88\x3a\x1e\x94\x0e\xaa\x08\x99\x1c\x06\x95\x72\xb4\xdd\xb7\xa4\xf9\x60\xaa\x2b\x31\x6a\xbe\x27\x11\xfa\x7a\x03\x6c\xf5\xb1\x30\xf1\x47\x3e\x6f\xc8\x56\x42\xf9\xef\xfe\x87\x14\x5e\x38\xf7\xd2\x8c\x48\x77\x45\xc0\x6e\xd1\x21\xca\x29\x54\xa0\x06\xc2\x68\x09\x96\xb3\xf1\xc3\x75\x97\xbd\x12\x31\x4c\xbf\x20\xda\xae\x52\x07\xe4\xbb\xa1\x18\x6a\xcc\x5b\xbe\x6f\xe1\x30\x3a\x35\x9d\xa7\xda\xa9\xc6\x9a\xe6\x4a\x8a\x47\xe1\x19\xd2\xa7\xac\xe5\xc7\xc7\xc3\xb8\x53\x3c\x25\xca\xaa\xd1\x5c\x09\xb0\x44\xf1\x5c\x8e\x8d\xd5\x87\xa2\x8a\xf0\xbc\xda\x8a\x0d\xa1\x0f\x1e\xe8\x70\x01\x30\xbd\x19\xc4\xba\x82\x8d\x56\x89\x62\x1f\x9e\xe9\xe7\x92\x4d\x2a\x01\xd5\x1a\xa9\x28\xeb\xc9\x37\x82\x71\x6f\xfd\x06\xc6\x09\xbe\xb3\xcf\xd7\x8e\x0c\x91\x30\x06\x3f\xde\xb0\xc8\x10\x8b\x5c\x8a\x93\xf7\x38\xc6\x54\x93\xfa\xe9\x87\x9a\xd9\xab\x35\xc1\x9e\x2c", 248);
*(uint64_t*)0x20002608 = 0xf8;
*(uint64_t*)0x20002610 = 0x20001400;
memcpy((void*)0x20001400, "\xaf\xb3\x43\x9e\xd0\xbf\x1d\x6f\xb1\x97\x94\xe5\x8c\x06\x6c\x72\xdb\x06\xbf\xd8\xdb\x84\x85\x31\xd3\xf2\x99\xbd\x52\xf0\xea\xb0\x42\xbe\x3f\xb7\xe7\x10\x61\x1c\xaa\x9f\x47\x01\x79\xca\xaf\x0f\x36\xdc\x3b\x9e\x53\x63\x1f\xd1\x5d\x7f\xaf\x12\x7b\xf6\xc4\x93\x49\xf3\x33\xb7\xe9\xda\x19\xf0\xac\xa4\xb3\x2d\x61\x58\xc4\xfc\x7d\x92\x5a\x6f\xc2\x27\x6a\xd5\x22\x13\xe0\x7f\xb6\x39\xba\xf9\xd6\x7e\x50\x12\x5c\x14\xd7\x62\x28\x6e\x53\xb7\x6c\x75\xc5\x5c\xe9\x9c\xca\xf8\xa7\x05\x9e\xf5\x68\xc1\xee\x1c\xad\x73\x79\xb2\x8a\x8f\x73\x9f\x81\xa0\xb4\xeb\x36\x2c\x0e\x86\x52\x2c\xbe\x79\x98\x45\x64\x69\xfc\x4b\x81\x29\x50\xe0\x42\x43\x0d\x7c\x78\xdb\xe0\xbe\x5b\x07\x37\xc7\x0a\xc3\xdf\x0f\xcf\xdf\x14\x24\xb0\xdf\x10\x5b\xb0\x1f\x98\x6c\x4e\xbc\xe5\xf6\x66\xb7\x85\xa7\x2f", 191);
*(uint64_t*)0x20002618 = 0xbf;
*(uint64_t*)0x20002620 = 0x200014c0;
memcpy((void*)0x200014c0, "\xd8\x1b\x61\xf2\x5f\xa8\x77\xbe\x05\x47\x37\xd0\x92\x36\xb3\xf0\xef\xe7\x59\x32\x8c\x49\xee\x3a\x03\x82\x1b\xb3\xba\x12\x32\xbc\xf8\x33\x66\xc7\x48\x45\x76\xc3\x95\x5e\xa1\xfa\x98\xe0\x77\xac\x83\xf2\xdf\xdb\xb9\x39\x72\x57\x93\x8b\x98\x92\xe0\x4e\x10\x57\x77\x4e\x79\x09\xde\x64\x8d\x4c\x77\xb5\xeb\x6f\x26\xe8\x24\x08\x45\xf4\x9a\xb0\xad\x46\x97\xcd\xf6\x8e\xe5\x70\x37\x99\xb0\xa6\x74\x15\x88\xb8\xc1\xe1\x77\x81\x49\xbe\xe4\x71\xf4\x16\xe5\x2a\xe5\xdb\xb6\xfc\xf7\xba\x6a\x9c\x75\x2f\xe2\x96\x80\xc9\xb1\x76\xa0\x93\x4f\xca\xe6\x59\x06\x77\xe9\x9b\x0b\x8b\x7a\x76\xc5\xbe\x60\x41\x01\x0e\x27\xff\xbc\x25\x76\x66\x2b\x82\xd8\xab\x1b\x0b\x98\x52\x99\x3a\xa7\x66\xcc\x8a\xe3\xe6\x1b\x85\x77\xbf\xc4\x22\x61\x54\x14\x37\x43\x23\x4a\xcc\x45\x5b\xf4\x43\x33\xce\xc0\x46\x32\x51\xdd\xf5\x17\xb0\x9e\x60\x31\xb4\x15\x36\xae\x97\x47\x99\x3a\x7b\x39\x9d\xa6\x4a\x5e\xea\x09\xc6\x2a\x4b\x8c\x69\xa5\xca\xaf\x22\x91\x0e\x45\xfb\x2d\xbc\xd5\xf4\x73\xff\xc3\xb6\x4a\xa8\x15\x9d\x01\x26\xc6\x92\xd7\x3d\x48\xc7\xb2\xa1\x6c\x28\x24\xd0\xca\x82\x41\x63\x96\xa3\x5d\xeb\xb8\xcf\xc1\x1b\x5a\x20\x93\xd4\x6e\x95\x2d\x93\x3f\x1e\xc8\x51\x6c\x57\x4e\x1c\x8b\x33\x4f\x1d\xbd\x4a\xa6\xc8\x13\xbd\x84\x23\xd7\xab\x5d\xc4\x7a\x54\xf8\x7c\x46\x40\x14\x80\x99\xf0\xf2\x5c\x8b\x5d\x21\x5a\x4d\xd5\x05\x41\x56\x55\x4e\xe8\x8b\xfe\x2a\xcf\xe6\x20\x61\x20\x34\x6a\x3e\xcd\x32\x01\x5c\x1a\x18\xfd\x4d\xfd\x4d\xa8\x72\x05\x34\xe1\x6b\xb1\x5e\xcf\x57\xb9\x4e\x97\x2d\x2a\x1b\x21\x90\xbb\x8b\xe1\xc1\x9c\x70\xac\x97\xf9\x27\xbf\xe7\x3e\x8b\x08\x71\xb4\x49\x83\x23\x76\x5b\xeb\x1b\x94\xad\xbf\xcb\xf6\xf8\xff\xc2\xd9\xcf\x47\x1d\x45\x70\x89\x1a\xea\xa3\x92\x8e\xc8\x16\x15\x17\xf8\x4a\x29\x29\x09\x5d\x30\x01\x1f\x7e\xd8\x96\x50\x0a\x02\x6c\x98\xf5\xb3\xb1\xdb\xe3\x74\xd7\x1f\x6c\x7a\x59\x66\x48\x36\xd7\x05\x36\xba\x7e\x04\xda\x48\x64\x75\x54\xed\xc2\x92\xcd\xbe\x26\xa4\x53\x6a\xaa\xfc\xe4\x86\xb4\xfd\xc7\x74\x30\x4e\x73\xad\xab\xd9\xc9\xf7\x8b\x7a\x51\x23\x55\x53\x8e\x53\xee\x12\x18\x6b\x1e\xee\x48\x09\xfb\xff\x3a\x72\x49\xfb\xe3\x68\x0f\x0e\x3c\x8c\x2d\x2e\xf8\x99\x34\x9b\xbb\x71\xb2\xd8\x89\xee\x00\x2b\xf5\xb5\x3c\x77\xfe\x56\xc4\xef\xc9\x71\x88\xdf\x59\xfe\x64\x4b\x07\x66\x42\x3a\xcd\xe5\xb0\x06\x74\xf0\x35\xe2\x7f\x76\x4b\xd6\xd8\xbe\x84\x0d\x96\x24\x79\xb3\x86\xb9\x96\x27\xf2\x63\x9d\xc6\x67\xe5\x28\xd5\x9f\x5a\x13\x53\x84\x7d\x08\x1f\x43\x78\x00\xc1\x3c\xa0\x81\xd2\x3a\x5d\x31\xb6\x60\xef\xc2\x9d\xa4\x71\xf4\x90\x86\x6b\xc8\x91\xef\x93\x41\x17\xe8\x94\xf4\xbb\xc2\x90\xbb\x52\x44\x85\x78\x05\x3c\xe7\xd1\x5b\x99\xb7\x01\xe3\x02\x3d\xd1\x31\xac\x36\xd5\x4b\xcd\xbd\x9d\xba\xcf\xd6\x73\xe0\x3f\x9e\x82\x7d\x9c\x2d\x02\x0a\x95\xc1\x2f\xa6\x68\x3a\xc6\xd4\xcd\x1f\x17\x5e\x81\x90\x91\xa3\x28\xe0\x9e\x94\x93\xea\x92\xf9\x4f\x30\xde\x06\x7d\x01\x85\x3e\xe1\x6f\x31\x6f\xfd\xf7\xe1\xaf\x65\x16\xa6\x8c\xdf\xf0\x72\xa4\x31\xa6\x5a\x26\xf1\x6c\x2c\x98\x00\xe4\xfc\xa2\x25\x2c\xa8\xcb\x1c\x1b\xe5\x63\xe0\x90\x45\x5b\x30\xbe\x89\x37\xc1\xaf\x55\xa6\x6d\x05\xe0\x4a\x8f\x34\x50\x9b\x56\xce\xec\x19\xe9\x7e\x39\x25\x4f\x8f\xb6\xec\xbc\x53\x32\x7d\x52\x4a\x78\x64\x78\x44\xee\xf7\x99\x64\x15\x93\x52\xd4\xac\xf0\x62\xb0\xf3\xf2\xf5\x57\x12\xa5\xee\xbd\xbc\x95\xef\xd0\xa9\xf5\xfb\xd3\xbb\x45\x87\xe9\xf9\x6f\x46\xbe\x9c\xf7\x41\xa7\x67\xa0\x90\xf8\x5f\x96\x00\x1d\x9c\xf1\xd2\x15\x7f\xea\x81\xae\x8d\xdc\x2c\xdd\x60\x55\x9c\x02\x0a\x11\x76\x3b\xee\x28\xd5\x17\xc8\xdc\x22\x20\x20\x73\xba\xdb\xe4\xeb\x8b\xea\x03\x28\xf1\x85\xa4\xce\xb1\x1b\xb6\x48\x88\xee\x41\xed\xfa\x5f\x2e\xfb\x39\xa2\x52\x58\x41\x02\x5c\xac\x5f\x47\x87\x23\xb2\x82\x68\xb0\xac\x16\x27\x34\xda\x8b\xe1\x28\xaa\x93\xa1\x04\x39\x8b\x05\x8e\xa6\x3f\x80\x15\xa0\x86\x61\xa9\xdd\x0a\xfa\x4f\x9f\xc5\x3a\xe3\xfb\xe4\x57\x0d\xd1\x31\xfa\x0d\xda\xbe\x87\x4f\xe0\x9b\x02\x86\xfc\xb7\x23\x52\xd2\xf7\xee\xfd\x7f\xe3\xb0\xc6\x0e\x66\xad\xd1\x96\xf0\x05\xab\xf6\x9c\x2e\x2c\xae\xf0\x07\xba\x1f\x4c\x21\x90\x3e\x54\xb0\x30\x47\x93\x40\xc1\xae\x70\xab\xfe\x85\xf3\x43\xca\xd2\x89\x66\x53\x57\xe8\x22\x88\xaa\x96\xe1\xf2\x4f\x3f\x91\x40\x4f\xfb\x24\xf2\x1a\xfb\xb4\x81\x37\x84\x89\x25\xed\x8b\x4a\x51\xd4\xaa\x1f\xf4\x2e\xe5\x96\x02\x2e\x01\x77\x83\x4f\x79\x98\x13\x1d\xbd\x73\xb0\x55\xe8\x9b\x83\x67\xe5\xdc\xe4\xab\x4b\x3f\xf9\x07\x29\xf3\x18\x6b\xbb\x17\x3b\x29\xcc\x5d\x48\x5f\x6c\xc1\x96\xde\x53\x46\xfd\xe2\xbe\x65\x88\x04\xad\x8e\x4c\xda\xf1\xba\x81\x7d\xf6\xa4\x2f\x15\xc0\x46\xd2\x44\xab\xf6\x66\xe8\x5e\x8f\xd1\x0e\xd7\x01\x1c\x30\x1b\xf0\x79\xc0\xbb\xf1\x53\x1b\x71\x3b\x29\x9a\x1e\x13\xab\x44\x31\x2e\x5d\x00\xe8\x0a\xdd\x85\xc0\x85\xbe\x9a\xa3\x5d\x2d\xbd\xb1\x46\xab\xfd\xc4\x65\x3f\x44\xbf\x4e\xf8\x6d\xc1\x81\xac\x57\xa5\x4e\x64\x12\xa2\x81\x55\x09\x62\x89\xdc\xa0\xe2\xf9\xa6\xaa\x25\x62\xb9\xe7\x2f\xa1\x37\x29\xb2\x3e\x8b\x48\x3c\x66\x72\x78\x3e\x4d\xc9\x8e\x05\xdf\x9a\xaa\xb3\x19\xbf\x61\x03\x03\x9b\x86\xd1\xf2\x36\xad\x5b\x90\xc2\xad\x11\x51\x63\x75\xbe\x54\xc7\xc3\xc6\x88\x75\x69\x47\x74\xa0\x5a\x4f\x7d\x96\x65\x8b\xac\xc8\x3b\xb2\xef\x73\xb1\x27\xf5\x43\xa1\xf0\xa7\xba\x48\x3f\x38\xb3\x6e\x19\xc4\xed\xf7\x83\xbb\x79\xbb\x23\xae\x12\xa1\x45\x69\xa5\xf1\xda\x65\xbe\xb5\xad\xa1\x76\xb3\x7e\xe5\xfa\x7b\x16\xcf\xf1\x11\x31\x5a\x36\x12\xc8\x28\xb1\x05\x8c\x20\xde\x3b\x67\xa4\x6e\x25\x0c\xec\x13\x04\xb4\x3f\x58\xf3\x80\xe8\x96\x0a\xfe\x6d\xd8\xc6\xfb\x75\x7b\x74\xda\x89\x0e\x8a\x05\x71\x31\x65\x34\xc1\xf4\xfd\x68\x5e\x3c\x68\xd1\x98\x79\x63\x44\xd0\xa1\x26\x23\xae\x76\xbc\x6b\xf6\x27\x37\x5a\x53\xfc\x51\xba\x3c\x4a\xb5\xcd\x91\xfb\xfd\x01\xda\x30\x50\x7d\xd0\x46\xf5\x9e\x4a\x4c\x25\x40\x54\x53\x67\xa9\x80\x69\xbd\xaf\xb3\x8b\xb7\x30\x05\x8d\xfd\x47\x0f\x75\x5c\x37\x24\x23\xb4\x12\x8d\xf8\x9a\x42\x55\x75\x8f\x43\x99\x59\x00\x78\xf7\xcd\x95\xf6\x34\xab\xfe\xe0\xb6\x8f\x9f\xd4\x61\x11\xa4\xb6\x3c\x4e\x81\xaf\x94\x54\x6a\x88\x4d\x0b\x8b\x2e\xbf\x25\x84\x0b\x7a\xff\xbc\xf1\x40\x18\x73\x18\xda\x14\xa3\x10\x18\x89\x92\x99\xb1\x07\xa4\x73\xf1\x6a\x84\xae\xdb\x0b\x44\x05\xd1\xb5\xb6\x3c\x19\x7b\x24\xef\x49\x8a\x21\xdc\x0d\x8b\x06\xc8\x16\x95\xc9\x20\x73\xe8\xbc\xf1\x6a\x26\x23\xc2\x00\x2a\xad\x8c\xbf\x86\x53\x1d\xda\x9a\x07\x52\x2c\x2e\xcf\xa6\x7f\x4d\xfa\xc8\x55\xd8\x3a\xcf\xc2\xa1\xf7\xf2\xd3\x5b\x3f\xf6\x07\xa9\xf7\xf8\x53\x3a\xd6\xec\xe8\x3f\x7d\x3d\xfc\x81\x11\xb6\x04\xe2\xb1\x9e\x69\xa1\xe9\x00\x2f\xd9\x19\xc3\x8f\x36\x18\xb2\x5d\xb7\xce\x40\x13\x9a\x0b\x54\x38\x9b\x04\x0c\x6e\x5e\xa4\x14\x11\x26\xeb\xbb\x2f\xb4\x6c\x07\xbc\x23\xeb\x20\xd8\x0f\x01\xcd\xcf\x43\xba\xcb\x87\x19\xdc\x1f\xf0\x09\xd2\x49\xc4\xe7\xb9\xf5\x85\x20\x9c\x4b\x15\xc9\x72\x71\xed\x2d\xac\xc1\x7f\x41\x87\x9c\x0b\x10\xf5\xd4\xc1\xbf\xe1\x93\x04\x09\x31\xc7\x01\x1f\xc0\x8e\xb2\x67\x0a\x98\xf0\xaa\x3c\x02\x2c\xe7\x4e\x9a\x93\x5e\xd6\xf7\x2a\x0d\xb7\xf0\x60\x7a\x31\x73\x72\x4d\xf0\x12\x5a\xec\x64\x5b\xd9\x34\xc9\xd5\x41\x7b\x17\x66\x00\xfc\x7b\x23\x43\x0e\x9c\xb9\x61\x33\x85\x44\x03\x76\xd2\xeb\x88\x80\xf9\x78\x15\x7c\xb2\xfa\x5a\x5b\xe2\x8c\x4b\xef\x41\x74\x84\x3b\xba\xad\x45\x5b\x8a\xae\x41\x75\x32\xb6\xbc\x5d\xba\xc1\xf6\xb2\xf0\xae\x50\x76\x2b\x0a\x6d\x76\xaf\xa1\x32\x8f\x67\xfd\xe8\x17\x40\x8a\x2f\x8d\x4a\x6f\xd4\x7a\x4c\x87\x74\x6d\x3b\x17\x84\x85\x8b\x3e\x46\x73\x88\xac\x9f\xa1\x0d\xa6\x33\x6a\xac\xb5\xd7\xc1\xc9\xa9\x8a\x55\xe0\x0d\x32\xc8\x8a\x61\x3b\xce\x16\x87\x98\x51\xa7\xd6\x8d\x7d\x0e\x58\xb5\x68\xac\xfb\x93\xd9\x0c\xc9\x22\x96\x9b\x0d\xff\xa9\x93\x62\x1a\x7a\xa0\x05\x66\x2d\x68\x71\x75\x99\x21\x8e\x63\xe9\x86\x96\x49\xc2\x42\x7a\x08\x4e\x4c\xfb\xc7\xea\xc3\xf9\x4f\x10\x4f\x4c\xce\x59\x66\x23\x6e\x9d\xcd\x31\xf5\xb4\xa6\xa6\x99\x94\x32\xaf\xe0\x71\x89\x23\x71\x79\xf3\x42\xde\xa5\xb6\x74\xbf\x78\x66\x9e\xef\x00\x36\x6c\x3c\x27\xfa\xcc\xa8\x00\xf6\xd4\x73\x85\xcd\xa7\x7a\x47\x78\x99\x43\xe7\xcc\xcd\xa7\x09\xbd\x70\x20\xf4\xa0\xa8\x25\xbd\x66\x77\x71\xb7\xa5\xb2\x7e\xa0\xc2\xd8\xa8\x1e\x63\x47\x28\x90\x41\x78\xe5\x5d\xe2\x8f\xaf\xda\x1f\x88\x8b\xbe\x31\x34\xfc\xff\x57\x77\x4b\xfe\xe7\x0e\x8d\x38\x56\xce\x20\x95\xc9\xd9\x03\x17\x01\x17\x40\x01\x78\xac\x1b\xd9\xfe\xca\xbf\x0b\x1b\xfc\x46\x7f\x9b\x37\xe0\xb2\x98\xc1\xdd\x42\xea\x6e\x38\xfd\x8c\x90\x3c\x3e\xbc\x42\x2c\x18\x94\xde\xe5\xab\xc4\x7d\xa6\xea\xb9\x80\x80\xfc\xb9\x48\xfb\x33\x07\x5e\xcb\x7d\x0e\x74\x36\x2e\x6e\x00\xff\x74\x4f\xae\x99\x19\x23\x77\x66\x06\x34\x1f\x92\xb1\xfc\xd6\xb7\x2a\xcf\xcc\xcc\xb8\x75\x27\xb4\x93\xb3\x0a\xc2\xfd\x6d\xbb\x21\xd6\xd9\xa2\xea\xce\x67\xc8\x8f\x3c\xc4\x98\x41\x11\x2b\xea\x64\xfa\x6d\x7e\xb0\x4a\x16\x25\x45\x47\x85\xe4\x98\x20\x86\xa0\xed\x20\x43\xb6\x9b\x30\x4d\xdb\x59\x32\x8a\x8c\xb4\x86\xac\x86\xc0\xf6\x4f\x02\x01\x5c\x6c\x27\x95\xcf\x3c\xef\x28\x1e\xb7\xce\x9a\xc9\x21\xbb\xfb\xa9\x6c\x90\xd3\xec\xa7\x79\x02\xd8\x8b\x39\x58\xd8\x69\xdd\x5e\x48\x65\xdc\x82\x5b\xe2\xb2\xf5\xd0\x2e\x6b\x80\xa0\x9f\xa0\x0d\x25\x27\x2a\xa6\xc2\xc3\x85\x0a\x8b\x38\x2a\x5e\x48\x88\x8b\x33\x4e\x3b\x05\x68\xac\x15\x2c\xcf\xc4\x08\xb1\xcf\x11\x78\x95\x2b\xde\xbe\x62\xd5\x69\xc1\x9b\xe8\xa9\xec\x33\x8a\xe3\x5c\xc9\x92\xc1\x7c\xd2\x99\x82\x24\xe3\x70\x44\xb3\xb6\x54\x99\x4b\x6d\x41\xbe\x70\xd5\x3b\x39\xf9\xd6\x10\xa7\x31\xd4\xe9\xf9\xec\xc2\xd7\x21\x95\x7c\xb6\x4d\xa0\xff\xe9\x7f\x99\xcd\x64\x50\x18\x8c\xe1\x1d\xb5\xc5\xa8\x2c\xdc\x7e\xcc\x0f\xf4\xb7\x9d\xf3\x2f\x1d\xbc\x5e\x8c\x07\x2b\xd5\xbd\x1f\x69\x0b\x46\x92\xb5\x49\xd1\xfb\xc4\x13\x9a\x08\x5b\x46\xa1\x51\x83\xd3\xe7\xcf\x34\x85\xb9\x52\x25\x6c\x04\xac\xf8\x5f\x7e\x4a\x9b\x45\xab\x57\x31\x9a\xb7\x1a\xbc\x0d\x2c\xfa\x63\x6f\x41\xf8\x66\x4c\xac\xaf\x30\x54\x8d\x95\xff\xa4\x8f\x5e\x7a\x7f\xeb\x14\x0e\x6c\x1c\x98\x60\x13\x9c\xa0\x0d\x17\x47\xff\x3d\x85\xd2\xb5\x72\xe2\x90\x5a\x1a\x3a\xa8\xb7\x24\xd6\x48\xd2\x61\xe5\x71\xd1\x00\x3d\x33\x4b\x28\xce\x9c\x83\x6c\xae\x11\x44\xe9\x5f\x78\xc7\x45\x09\x2c\xea\x97\x24\x2a\x5c\x89\x12\x30\x05\xe1\x7a\xc3\x34\xf7\x10\x31\x41\xa2\x05\xd3\xfc\xb7\x6a\x11\x88\x72\x1d\x69\xe2\x5c\x89\x33\x49\xe6\x21\xa6\x05\xcd\x76\x97\x9d\xc3\xc8\x50\x26\x6f\x90\x21\x81\xed\xa1\xc3\x90\xda\x80\x49\x02\xef\x2b\xa5\x64\x3c\x1e\x11\xd7\x0b\x36\x34\xe7\x32\xf9\x0f\xb4\x17\x7c\x10\x5a\x2f\x1a\x59\xcd\xa4\x14\x06\xcd\x42\x85\x04\x5b\x78\x4f\xf6\xe3\x5b\xd7\xe3\xa2\xb7\x8b\x05\x87\x94\x3c\x8a\x18\xd6\x32\x0e\x6c\x5c\xdd\x4f\xab\x1c\x61\x92\x2f\xaa\xa4\xee\x3d\x86\x73\xbd\xc0\xf3\x8a\x27\xbf\x8a\xcb\xc8\x8a\x43\x87\xcf\x33\x66\x6b\x04\x84\x9c\x30\x56\x1d\x47\xdf\x6c\x14\x7a\x9e\xee\x3b\xe2\x4b\x5d\x49\xdd\x9b\x40\x42\x92\x0c\xc1\x1c\xfa\xac\x21\x28\x40\xb2\x15\xc1\xe6\x4c\xac\xeb\xe7\x35\x9d\xf9\x54\x9d\x19\x20\x85\xf6\x29\x3d\x55\xb7\x42\xf2\xd7\xcc\xd2\x97\xcd\x55\xce\x0a\x3c\x4e\xdd\x7a\xf5\xf2\xdd\xe9\xed\xed\x96\xb9\xae\x94\x83\x74\x09\x3f\xfd\x92\xff\xc8\xed\x9d\x94\x1a\x5c\x97\xd4\x15\x76\x13\x7c\x4b\xfa\x08\xe3\xe0\xe3\x90\xcf\x6a\xe9\x42\xd1\x48\x4e\xae\xd9\x96\x04\x03\x82\xfd\x13\xeb\x76\xf7\x9b\x69\x3b\xe1\xd6\xc6\xd8\x9c\x69\x3a\xc4\xb2\xc4\x4e\xc0\x70\xc7\x14\x2b\xf1\xdb\xc0\x42\xa5\x12\x05\x46\x23\xfa\x95\x3b\x0f\x83\x83\x46\xcd\x90\x56\xd0\xf8\x01\x01\x03\xe2\x29\x21\x6a\x29\xd7\x41\x35\x1b\x51\xf1\xcf\x4d\x55\x04\xad\x1b\x17\xe2\x78\x3c\xa3\xc5\xec\x46\xa8\xdf\xd2\x2c\x1b\xce\x83\xf3\xed\xab\xa0\x2c\xf1\x30\x90\x9f\x89\xe2\xa0\xbe\xf6\x12\x33\xba\x54\xb1\xa5\x0e\xf1\x65\x15\xa7\x62\x86\xb7\x5b\x02\xec\xb3\x8a\x42\x64\x43\x56\x2b\x13\xad\xbc\x66\x31\xdb\x99\xb8\x18\xf8\x94\x08\xae\xf4\xa4\xed\xc6\x7e\xe5\xaa\x57\xe9\x9b\x9f\x8d\x85\xfc\x3c\xf7\xd0\x03\x61\xf4\x68\x02\xea\xa4\x9d\x27\x06\xec\x2e\x89\x64\xe1\x00\xa3\xa8\xfe\xd6\xf7\x71\x87\xbe\x06\x2e\xce\x8e\x91\x51\x95\xdc\xdd\x7a\x02\xdb\x6a\x82\x5d\x61\x3a\x89\x25\x69\x17\x21\x95\xe4\xd3\xf8\x74\x1a\xe9\x1a\xcf\x6d\x26\xf6\x13\xbd\xef\x85\xa7\x43\xef\x59\xb4\xb4\x82\x1a\x77\x36\x19\xcc\xaa\x89\xea\xa9\x7b\xdc\x1c\x0a\x53\x18\x3a\x9b\xaf\x49\xc6\x5e\x67\x9d\x45\x5a\xa2\xe6\x65\x15\x20\xaa\x6e\x1e\xd1\x59\x1e\x9c\x7d\xdb\xca\xb0\x17\x15\x88\xbd\x0e\xae\xd6\xf4\x47\x0d\x58\xe0\xa0\x49\x2e\x54\x44\x85\x2d\x12\x57\x76\x68\xdb\x39\x35\x19\x95\xcf\x87\x71\x62\xf5\xa3\x4d\x05\xc7\xb9\xba\x4f\x56\x40\x2d\xba\x21\x72\x62\xbc\x5b\xa9\xd7\xb0\x90\x9b\x8e\xcd\xcd\xdc\xa2\xae\x74\xe4\x94\x3d\x44\x5b\x12\xe1\xfc\x18\x7e\xee\xb2\xd6\x40\x1e\x55\x41\xe0\x67\x3f\xb0\x15\xc0\x10\x74\xfe\x8a\x91\x3e\x4a\xf3\x60\xd7\xb0\xdd\x84\xd0\xca\x89\x7b\x43\xc1\xa4\x6a\x5c\x64\xf2\xed\x23\x64\xfc\xf6\xb6\x78\x0b\xa8\xd0\x27\x2f\xd5\xa3\x20\x3d\x5f\x75\xe6\xd4\x28\x85\xe9\x5c\xf9\x89\x45\x59\x2a\xfa\x2b\xc0\x27\xa9\x19\x16\xf6\x4f\xb8\x34\xc7\x47\xc8\xe8\x99\x83\x8f\x00\xdc\xab\x97\xd3\x47\x2d\x05\xea\x94\xed\x77\xb6\x01\x20\xad\x81\x35\x07\x87\x56\x09\xf5\x07\x70\xea\x84\xda\x53\xe9\xd7\xb4\xe9\x8a\xa5\x72\x34\x08\x20\xe1\x65\x0f\x3e\x65\x83\x58\x90\x6f\xa7\xe5\x03\xb8\xc3\x3e\xf7\x76\x03\xa2\x19\x09\x26\xa0\x42\x2a\xe7\xea\x9d\xe5\xae\x10\x72\x0b\x7a\x9c\x3c\x83\xb5\x80\xe2\x3b\x9d\x69\xda\xe0\x08\xf1\x5a\x49\x30\x85\xf1\x06\x76\x7e\xfa\xa7\x10\x3c\x02\xdd\x88\xec\xaf\xa7\x82\x0f\xcd\xcc\x96\x5f\x83\x6f\xe0\x82\xca\x87\xb6\x97\x4c\xb2\x81\x11\xac\xc7\xf6\x79\x3d\x37\x95\x35\x57\x8b\x20\x2b\x11\x58\xc5\xe0\xac\x44\x72\x18\x87\x12\x94\x8b\xc2\x64\x5a\x4f\xe3\x39\x06\xb4\x5b\x3c\x2f\x58\x95\x3d\xbf\xb9\xe9\x5f\x00\x50\x75\x05\x6e\x85\xa6\x11\xa1\x4a\x18\xd6\xaa\x91\x54\xc8\x24\x0c\xae\x45\x54\xb2\x44\x67\x2c\xc7\x48\xda\x44\xa1\x53\x55\xcb\xdd\x37\x4b\x7e\xfb\xf1\x4a\xc4\x62\x2d\xa8\x85\xb8\x13\x9c\xff\x9e\xf4\x97\xde\xb4\x6c\x1e\x81\xe6\x10", 3271);
*(uint64_t*)0x20002628 = 0xcc7;
*(uint64_t*)0x20004658 = 7;
*(uint64_t*)0x20004660 = 0;
*(uint64_t*)0x20004668 = 0;
*(uint32_t*)0x20004670 = 0;
*(uint32_t*)0x20004678 = 0;
	syscall(__NR_sendmmsg, r[0], 0x20004640ul, 1ul, 0ul);
	return 0;
}
Kernel 5.15.54 on an x86_64

localhost login: [  104.557712] ------------[ cut here ]------------
[  104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358 __alloc_pages+0x38a/0x410
[  104.559584] Modules linked in:
[  104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1
[  104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
[  104.562190] RIP: 0010:__alloc_pages+0x38a/0x410
[  104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb c5 <0f> 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff
[  104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246
[  104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX: dffffc0000000000
[  104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI: 0000000000040cc0
[  104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  104.569196] R10: fffffff900000000 R11: 0000000000000001 R12: 0000000000000001
[  104.570194] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  104.571201] FS:  00007fda701c7740(0000) GS:ffff888107080000(0000) knlGS:0000000000000000
[  104.572330] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4: 00000000000006e0
[  104.574149] Call Trace:
[  104.574503]  <TASK>
[  104.574838]  ? __sanitizer_cov_trace_cmp4+0x25/0x90
[  104.575535]  ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0
[  104.576391]  ? bpf_ksym_find+0x171/0x1c0
[  104.576985]  ? selinux_socket_sendmsg+0x207/0x2d0
[  104.577938]  ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[  104.578739]  alloc_pages+0x191/0x3f0
[  104.579258]  kmalloc_order+0x34/0xb0
[  104.579794]  kmalloc_order_trace+0x19/0xa0
[  104.580375]  sco_sock_sendmsg+0x10f/0x300
[  104.581228]  ? security_socket_sendmsg+0x8e/0xc0
[  104.581915]  ? sco_send_frame+0x3d0/0x3d0
[  104.582489]  sock_sendmsg+0x15b/0x190
[  104.583052]  ____sys_sendmsg+0x32d/0x870
[  104.583659]  ? kernel_sendmsg+0x50/0x50
[  104.584233]  ? __ia32_sys_recvmmsg+0x2a0/0x2a0
[  104.584895]  ? release_pages+0x5e0/0x1320
[  104.585474]  ___sys_sendmsg+0x104/0x180
[  104.586056]  ? __pagevec_lru_add_fn+0x669/0xa00
[  104.586724]  ? sendmsg_copy_msghdr+0x170/0x170
[  104.587355]  ? cgroup_rstat_updated+0x2d/0x2e0
[  104.588034]  ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[  104.588827]  ? __do_huge_pmd_anonymous_page+0x162/0xec0
[  104.589601]  ? __sanitizer_cov_trace_const_cmp4+0x25/0x90
[  104.590362]  ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[  104.591153]  ? sockfd_lookup_light+0xcc/0x180
[  104.591806]  __sys_sendmmsg+0x197/0x450
[  104.592362]  ? __ia32_sys_sendmsg+0xb0/0xb0
[  104.592985]  ? vm_iomap_memory+0x1f0/0x1f0
[  104.593610]  ? alloc_fd+0x226/0x5d0
[  104.594125]  ? cgroup_rstat_updated+0x2d/0x2e0
[  104.594789]  ? __sanitizer_cov_trace_const_cmp4+0x25/0x90
[  104.595571]  ? __sanitizer_cov_trace_cmp4+0x25/0x90
[  104.596280]  ? __audit_syscall_entry+0x3fb/0x540
[  104.596960]  __x64_sys_sendmmsg+0xa1/0x110
[  104.597569]  do_syscall_64+0x3b/0x90
[  104.598102]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  104.598852] RIP: 0033:0x7fda6fabe289
[  104.599367] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 db 2c 00 f7 d8 64 89 01 48
[  104.601917] RSP: 002b:00007ffd1d267ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  104.603000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fda6fabe289
[  104.604008] RDX: 0000000000000001 RSI: 0000000020004640 RDI: 0000000000000003
[  104.605003] RBP: 00007ffd1d268020 R08: 29814bfc69644598 R09: 0000000000000000
[  104.606007] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004004c0
[  104.607019] R13: 00007ffd1d268100 R14: 0000000000000000 R15: 0000000000000000
[  104.608030]  </TASK>
[  104.608350] ---[ end trace 9b3fdfb44b690636 ]---

[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux