* Backport request to fix a WARNING in sco_sock_sendmsg on LTS
@ 2022-07-27 7:56 Harshit Mogalapalli
2022-07-27 8:11 ` Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Harshit Mogalapalli @ 2022-07-27 7:56 UTC (permalink / raw)
To: stable, Luiz Augusto von Dentz
Cc: Marcel Holtmann, johan.hedberg, Harshit Mogalapalli,
harshit.m.mogalapalli, Ramanan Govindarajan, linux-bluetooth,
LKML, George Kennedy, John Donnelly
[-- Attachment #1: Type: text/plain, Size: 3927 bytes --]
Hi,
We have seen a WARNING message while fuzzing with syzkaller.
Kernel 5.15.54 on an x86_64
localhost login: [ 104.557712] ------------[ cut here ]------------
[ 104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358
__alloc_pages+0x38a/0x410
[ 104.559584] Modules linked in:
[ 104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1
[ 104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.11.0-2.el7 04/01/2014
[ 104.562190] RIP: 0010:__alloc_pages+0x38a/0x410
[ 104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78
00 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb
c5 <0f> 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff
[ 104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246
[ 104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX:
dffffc0000000000
[ 104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI:
0000000000040cc0
[ 104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09:
0000000000000000
[ 104.569196] R10: fffffff900000000 R11: 0000000000000001 R12:
0000000000000001
[ 104.570194] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
[ 104.571201] FS: 00007fda701c7740(0000) GS:ffff888107080000(0000)
knlGS:0000000000000000
[ 104.572330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4:
00000000000006e0
[ 104.574149] Call Trace:
[ 104.574503] <TASK>
[ 104.574838] ? __sanitizer_cov_trace_cmp4+0x25/0x90
[ 104.575535] ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0
[ 104.576391] ? bpf_ksym_find+0x171/0x1c0
[ 104.576985] ? selinux_socket_sendmsg+0x207/0x2d0
[ 104.577938] ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[ 104.578739] alloc_pages+0x191/0x3f0
[ 104.579258] kmalloc_order+0x34/0xb0
[ 104.579794] kmalloc_order_trace+0x19/0xa0
[ 104.580375] sco_sock_sendmsg+0x10f/0x300
[ 104.581228] ? security_socket_sendmsg+0x8e/0xc0
I have attached the report and the reproducer. A similar warning is seen
on some testing previously.
Ref:
https://lore.kernel.org/linux-mm/812dab5c-845d-df58-2752-abea7c07890@google.com/
Commit: 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by
memcpy_from_msg()") is backported to LTS. So we have this bug on LTS
branches.
The Fix commit is not backported to LTS.
Commit: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg
with bt_skb_sendmsg")
I have tried backporting onto LTS locally.
Can you please backport the following commits to these branches.
4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y LTS. (applying from 1 to 7)
1. commit 38f64f650dc0e44c146ff88d15a7339efa325918 upstream
("Bluetooth: Add bt_skb_sendmsg helper")
2. commit 97e4e80299844bb5f6ce5a7540742ffbffae3d97 upstream
("Bluetooth: Add bt_skb_sendmmsg helper")
3. commit 0771cbb3b97d3c1d68eecd7f00055f599954c34e upstream
("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg")
4. commit 81be03e026dc0c16dc1c64e088b2a53b73caa895 upstream
("Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg")
5. commit 266191aa8d14b84958aaeb5e96ee4e97839e3d87 upstream
("Bluetooth: Fix passing NULL to PTR_ERR")
6. commit 037ce005af6b8a3e40ee07c6e9266c8997e6a4d6 upstream
("Bluetooth: SCO: Fix sco_send_frame returning
skb->len")
7. commit 29fb608396d6a62c1b85acc421ad7a4399085b9f upstream
("Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks")
Notes:
3 is the fix for the WARNING.
1,2 are prerequisites for applying 3. At this stage the WARNING is fixed.
4,5,6,7 are necessary as they are fixing newly introduced commits by us.
This is a clean cherry-pick series(7 commits) on all mentioned
branches(LTS 4.14->5.15)
I have tested all mentioned LTS branches with the reproducer(only) and
the WARNING is fixed after applying these 7 patches.
Please correct me if I am missing something.
Thanks,
Harshit
[-- Attachment #2: reproducer.cprog --]
[-- Type: text/plain, Size: 34614 bytes --]
// autogenerated by syzkaller (https://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
const int kInitNetNsFd = 239;
static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto)
{
return syscall(__NR_socket, domain, type, proto);
}
uint64_t r[1] = {0xffffffffffffffff};
int main(void)
{
syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
intptr_t res = 0;
res = -1;
res = syz_init_net_socket(0x1f, 5, 2);
if (res != -1)
r[0] = res;
*(uint64_t*)0x20004640 = 0;
*(uint32_t*)0x20004648 = 0;
*(uint64_t*)0x20004650 = 0x200025c0;
*(uint64_t*)0x200025c0 = 0x20000040;
memcpy((void*)0x20000040, "\xf0\x22\x33", 3);
*(uint64_t*)0x200025c8 = 0x20000043;
*(uint64_t*)0x200025d0 = 0x20000140;
memcpy((void*)0x20000140, "\xa6\xf0\xea\xb0\x8e\x0f\x59\x88\x04\x5f\xed\xb5\x2a\xb3\x24\x5f\x05\xdc\x8b\xef\x1e\x87\x1d\xf5\x54\x2a\xb8\x02\xf1\x80\x58\x4f\x88\x5f\xe5\xf2\xc0\xdb\x66\xeb\x90\xa8\x16\x4f\x91\xf2\x1c\x0a\x6d\xcb\xcc\xc3\x01\x46\x52\x20\x5a\x12\x8e\xe4\x0f\x7f\xf5\xad\x99\xd4\x34\x62\xb7\xcb\x28\x0f\x48\xea\x79\x14\xea\xde\x36\xd4\x2b\x5a\x01\xd6\x06\x16\xbd\xac\xae\x7b\x85\xea\x3d\x05\xac\xc8\x0f\x8e\xf6\x57\xd7\x31\x47\xe2\x18\x9d\x1d\xe6\xe3\x0a\x07\x90\x83\x1f\xeb\xe5\x59\x57\xdb\x45\x57\x0d\x6c\x9f\x99\xe0\x92\x2f\x68\x6f\xb8\x32\xc1\x6d\x9d\xc2\xcc\x7f\x34\x35\xd6\xba\xf0\x18\x15\x4e\x1e\x75\xfe\x35\xad\xc1\x34\xa8\xbf\xf8\xe4\xf8\x68\x5d\x99\xd5\x4e\x57\xb5\x4e\xb1\xc1\xa2\x63\xcc\x7c\xa1\x22\x39\x48\x9c\x20\x99\x8d\xa4\x88\xa8\xd5\xd6\x85\x30\x2f\xb9\x65\x5f\x87\x15\xc2\xa4\x3a\x5a\xf7\x77\x5d\x82\xc1\x09\x6c\xd3\x5b\x36\x95\x77\x43\xcf\x49\xef\x76\x72\x82\xc1\x81\x80\xaa\xdd\x85\xa7\x27\xb3\xd9\xcb\xf8\xb8\xd0\xd5\x93\x5d\x7c\xfa\xca\xb8\x0d\x79\xf7\xd3\x6d\x60\x8a\x6a\x91\x79\xe3\xc8\x7f\x16\x80\xb2\xbc\x15\x4a\x81\xd8\xbb\xe7\x93\x4a\x29\xeb\xd5\x88\x0e\x2c\xb0\xef\x9f\x7a\xa0\xec\xd9\xb8\x18\xaf\x10\x1a\xa3\x7b\x65\xa4\x99\xe6\xa4\x3c\x35\x63\x42\xb4\x57\x6f\x65\x65\xfc\x96\xaa\x13\xd2\x90\x0f\x1f\x6b\x0e\x10\xff\xdc\x04\x6d\x52\x44\x1e\xe6\xb5\xea\xfb\x69\xce\x8e\x27\x9f\x5a\xb2\x78\xb4\x46\x99\xa4\x36\x8c\x6c\x35\xd7\xa0\x45\x1c\x99\x38\xa5\x2f\xdb\x07\x71\x92\x58\x41\xb9\x10\x0a\xe5\x0c\x8b\xf7\xec\x2f\xda\x3f\x7a\x2b\xd6\x98\x2a\xcf\x80\x7a\xa0\x1d\x71\xc6\xa7\xc7\xa9\xed\xe7\x34\xc2\xed\x63\xd8\x33\x66\x87\xbe\xba\xff\xbc\x8c\xd2\x85\x6b\x47\x85\xde\x0d\x53\x7d\xf7\xa7\x3f\xb8\x3b\x2a\xd3\x20\x86\x26\xc5\x5d\xd4\xf4\xf9\x91\x8d\x44\x33\x16\xa4\x7c\xe5\xcc\x3f\x33\x10\xae\x40\x5c\xdf\xed\x11\xa2\xb6\xa4\xc3\x04\x9b\x03\x85\xfd\xc5\x6d\x5b\x01\x55\x9c\x61\xc2\xae\xae\xbc\x10\x14\xae\x20\xa3\x9c\x29\xb1\xa8\xf9\x4c\x1c\x3a\x32\xc3\x3e\xfb\xbf\xea\xc7\xfc\x68\x6c\xe1\xc0\x9f\xa1\x9f\x20\x09\x8a\x0c\x70\xa9\x23\xe0\x1c\x0e\xbb\x6b\x7a\xe2\xe0\xce\x45\xdf\x60\x3a\x1b\xa1\x79\x79\x16\x68\x3f\xb6\xfb\x19\x9a\x60\xb0\x39\xec\x52\xae\x5f\x7a\xb6\xb0\xcb\x29\x17\x0c\xf2\x42\x52\xd8\x2a\xa8\x5f\xe3\xd1\xd4\x6a\x2e\xd4\x22\x3e\xa7\x4d\x42\x74\x05\xb7\x1a\x82\xab\x1e\x1c\xa4\xe8\xb1\xe0\x98\x3f\x24\x38\x34\xc2\xe1\x64\x79\x6e\xa8\x20\xad\x2e\x5c\x40\xc9\x62\x11\xce\xdc\x08\x0c\x9d\x40\x03\x08\x9f\xff\x10\x40\x78\xa7\x6f\xed\xb5\x58\xcc\xde\x78\xf6\x5e\x4f\xb2\x51\x5b\x4a\x89\xc7\x69\x7c\xd7\x12\x7d\x91\x2f\xcc\x28\x48\xfe\xb7\xe0\x67\x5e\x48\x83\xf4\xde\x6f\x0f\xc1\x98\x7b\x15\x74\x4d\xd0\x94\xa5\xe3\xd9\x89\xab\x28\xd0\x02\x00\x03\x64\x87\x82\x2e\x95\x7e\x90\x4a\x12\x7e\x55\xf4\x3e\xd3\x52\x8b\x7e\x01\x02\xde\xf3\xe0\x7e\xd6\x69\xed\x8c\x49\x2a\x91\x7c\x74\x1b\xf3\xf5\xfb\x2f\xcf\x10\x3f\x72\xbe\xd2\x2f\x65\xb8\x9e\x34\xed\xaa\x92\xa3\x79\xed\xaf\x96\x98\x7e\x62\x8c\xb5\x20\x31\xad\xfb\x9a\x36\xe2\xe6\x9d\x9a\xe3\x53\x3f\x0c\x5c\x2d\xe4\xe2\x9a\x94\x16\x68\xf0\xf4\x78\xb1\x08\xc9\x4a\x89\x8b\x7b\x84\xaa\xeb\xf6\xff\x68\x5d\xad\x93\x7c\x9d\xa1\xb8\x7b\x8f\xba\xb4\x6f\x28\x00\x0b\xa6\x56\xe4\x14\xc4\xce\xb4\x4f\x73\x4b\x3d\x68\x1a\x2d\xb7\xef\x6a\x52\x3b\x1c\x7a\x34\xbc\x58\x1e\x53\xe3\xfd\xd0\xd2\x79\xf6\x37\x08\x50\x8d\x36\xfb\x58\xd1\x72\x51\xc9\x68\x9b\xce\xe2\xb9\xdb\x48\x31\xed\xef\xdd\x8e\x12\x02\x84\xd7\xeb\x48\x86\x63\x71\x21\x90\x9e\x65\x69\x31\x8b\x75\xc4\xcc\x5f\xe8\x9c\xac\x5c\x31\x3f\x7e\xb4\x0b\xaa\x57\x0b\x81\x6f\x8a\xc6\xaf\x75\x6d\x28\xab\x95\x81\x83\xc8\x8f\x57\xf9\x5a\x2c\x02\xff\xda\xa4\x9a\x5f\x8a\xa8\x78\x9e\x26\xe3\x58\xb6\x78\x58\x1c\x52\xb3\x6a\x6b\xe7\xe5\xd7\x59\x19\x5a\x5b\xcc\x02\xe1\x6a\x98\x1b\xa4\x73\x03\x4c\xd2\x85\xd9\xb3\xcc\x2b\x4f\xf7\xac\x19\xba\x48\x3b\x11\x10\x02\x41\x8c\xef\x80\xd9\x9c\x77\xff\xfc\x7a\xbf\xc2\xcc\xfa\xf1\xe5\x31\x7a\xb6\x25\x8c\x85\xb4\x62\xd6\x22\x63\xe9\x6f\xae\x16\xad\xc0\x22\xd1\x03\xa1\x62\x69\x80\x2b\xcf\xdd\x15\x71\x44\x95\x20\x1d\x85\xd2\x1d\xa4\xc4\x47\xc0\x68\xff\xdc\x2d\xd3\x92\xf7\x54\xc3\x44\x24\xca\x1a\x60\x87\x46\x2b\x73\x72\xe3\xeb\x9f\xe2\x56\x21\xe9\xee\x5c\x3c\xfd\x8f\x15\x1c\xc7\x81\x33\xbb\x3d\xe5\x15\xc9\x20\xef\x83\x73\xf1\x51\x91\x9b\x49\x08\xd3\xed\xcb\x13\xa4\xe5\xd8\xe5\x8a\xf5\xc3\x05\x2b\x94\x3c\x84\xee\xf4\x0c\xde\x32\x53\xf3\xf0\x50\x00\x89\xd6\x35\x11\xf4\x7f\x16\x92\xab\x8d\xe3\x8e\xa5\x58\xab\xec\xb6\xe8\xa4\x51\x1d\x8e\x8c\xfc\x2c\xd9\xca\xa2\xa4\xa2\x45\x99\x59\xd1\x9e\x2d\xb4\xa2\xa4\xe0\x76\x55\xf7\x0c\x94\x02\xac\xad\x21\xd4\xac\x6d\x56\x93\x11\x3f\x49\xd6\xc8\xfd\xab\xb9\x94\x1c\x4b\x61\x53\x25\x1c\xcf\x3b\x00\x9b\xc7\x1c\x88\x26\x4c\x32\x4e\xf1\xa7\x63\xec\x9c\x7f\xdb\x29\x82\x03\x7d\x30\x5e\x13\xa7\x72\x48\x22\x00\x04\xba\xcd\x21\x09\xcd\xed\x16\x05\x01\x7c\x41\xcb\x3b\xf3\x0c\x27\x1a\x9e\x5b\xfc\x09\xec\x72\xf5\xf3\x33\x08\x10\x0d\xf4\xb1\x08\x7a\xf6\xc3\x55\xd9\x51\x14\x0a\xe0\x8b\x00\xc1\x52\x44\xe6\xed\xb1\xd3\x8b\xa1\x44\xf1\x50\x35\xe3\xcb\x11\x6f\x16\x4c\x1e\xdf\xad\x35\xe1\x7b\x9f\x7a\x3e\xf6\xbf\xd9\xb1\x6a\xff\xaa\xed\x75\x0a\x3f\xed\xd7\x09\xbf\xab\x95\x6b\x55\x66\xc3\x88\x9e\xd1\x6b\x90\xd0\xde\x2d\xd6\xf7\x7e\xd7\xf1\xd9\xa2\x5a\x65\x72\x06\x9b\x1f\xb1\x46\x36\x76\x1e\xe3\x59\x00\xdc\xce\xda\x13\x67\x7d\xa2\x66\xf2\x13\xb0\x30\x58\xd9\x0b\xc5\x4f\xbf\x94\xb3\x63\x0f\x64\xcb\xae\xc1\x72\x22\xb9\xbe\x37\x89\x52\xd2\x39\x8b\x5b\x83\x8d\x20\xf2\xa5\x1f\xa2\x08\x78\x69\x35\xd9\x8e\xeb\xe4\xdc\x15\x42\x6d\x21\x64\xf8\x2c\x40\xa4\x4b\x7e\x99\xd0\x5d\xf5\x7f\x32\x2e\xdd\x98\x12\x36\xe8\x23\xd9\x33\xff\x52\x36\xc2\x36\xfb\x89\x19\xbd\x6e\x56\x14\x09\x76\x61\x9d\x63\x79\x17\x71\x7b\xd5\x24\x1f\xb9\x94\xfb\x2c\x6d\x01\xc6\x33\x50\xe6\xd5\x0f\x50\x07\xb9\x71\x78\xff\xcd\x0b\xd2\x15\xbe\x53\x90\x76\xd9\x68\x4a\x4a\x78\xd5\x3d\x66\xe8\x76\xf8\x65\xbd\x59\x79\x8f\x00\x97\x50\xd7\x35\x03\x88\x91\xb9\x6a\x90\x31\x5e\x38\x96\xa0\xe1\xab\xfc\xc6\x69\xd0\xf3\x79\x87\xf7\xa9\x65\x1d\xb2\x73\xa7\x3e\xb3\x67\x18\x75\x20\x93\x40\xa5\x38\xc2\x01\xfc\xa9\x8c\x63\x54\x90\x18\x4c\x9e\x13\xef\xb1\xad\x2f\x3b\xa3\x7c\xf8\xae\x82\xf1\xf5\xc8\xcd\xc4\x76\xfb\xff\xe9\x4c\xe6\x86\x60\x16\x4f\xd9\x34\x0d\x37\x01\x8c\x57\x0e\x25\xe4\x60\xdb\x56\x92\x30\x6f\x1e\x22\x91\x12\x7f\x4a\xeb\x26\xd8\x0b\xf0\x3d\xd9\x38\x0a\xc6\x71\xb3\x3f\xd1\x64\x6e\x81\x5b\xe2\x7d\x41\x27\x5c\x4f\x5d\x10\x25\x69\x53\x8f\x76\x3d\xa0\x06\x50\x62\xc1\xc6\xdd\x19\xfb\xdc\xc8\xf1\x21\xfd\x33\x8f\xdf\x42\xe0\x20\x05\x08\x43\xd6\x43\x0a\xa7\xf6\x97\x81\x4b\xc3\x83\x69\x4d\xc6\x37\x17\xf6\xcb\xbd\x8d\xff\xf4\xee\x73\x2a\x08\x89\xb4\x51\x0d\x04\xda\x83\x61\x8d\x3a\xda\xd6\xcd\xec\x0a\x9c\xfa\xaf\x10\x54\x4f\x1c\xfe\xed\xf9\x23\x83\xc5\x27\x13\xc8\x96\xd2\x22\x90\x5c\x22\x28\xad\x5c\x3a\x82\xed\x6e\xda\x76\xa6\x69\x61\xa3\xa7\x88\x07\x0a\x9f\x54\xba\x23\xa1\xe7\x5e\xe5\x85\x18\xae\xf1\x8e\x91\x78\x99\xb6\xa4\x63\xab\x3b\x62\x90\x50\xef\x9c\x96\x64\xca\x63\x14\x4f\xc3\x07\x61\xfc\xbf\x29\x5a\x68\xee\x04\xe9\xa5\x2c\x72\x2f\xbf\x87\x3e\xf3\x3a\x43\x4e\x03\x7f\xa8\x34\xc0\x64\x05\xb9\xd0\xce\x72\x62\xc8\x6b\x08\xc3\x8a\x14\xba\x3e\x92\xf0\xce\x41\x41\x00\xdf\x89\x23\xf5\xbe\xb2\x45\x37\x7c\x38\x3b\x92\xca\xdb\x30\x33\xb9\xd4\xda\x0c\x55\xf5\x3a\x18\xc8\xd1\x7e\x43\x1d\x09\xb7\x39\xfc\x8c\x62\x92\x90\xa4\x70\x01\x43\x29\xa6\xf6\x69\x22\xed\x4d\x4d\x4b\x85\x63\x77\x2e\x2f\x86\xc4\x88\xc4\xe1\xe9\x2d\xe5\x41\x52\xe3\x19\x96\xc6\x33\x05\x83\xb8\x52\x20\x55\xe6\x84\xc1\x32\x78\x91\x33\x28\x22\x94\x7f\xa0\xae\x55\xeb\xd5\xe7\xcb\x01\x3b\x05\xd3\xd8\xd5\x8e\x33\xf0\xcc\xea\xa9\x99\x1e\x2f\xb7\x2a\xc4\xb3\xd8\x41\x99\x70\x6a\x7e\x35\x52\xb7\x54\x53\x48\x7b\x9d\x2e\x96\xcd\xbc\x96\x2f\x59\x59\x60\x7a\xc6\x28\x3a\xfb\x87\x84\x23\xbd\xdc\x61\x6a\x08\xb5\xe9\x35\x69\xad\x02\xed\xc2\xc1\x84\xa8\xf5\x09\xb2\x49\xe2\x17\x79\x8a\x23\x2d\x61\x81\xe3\x03\x7e\xdb\xe6\xe5\xe5\x8c\x55\x26\xf9\x35\xfa\x33\x8a\x53\x48\xc7\x2a\x10\x83\x08\x89\x94\xb1\x8c\xcb\x3b\xfb\xc8\x86\xd0\x56\x87\xbd\xb9\x3d\x02\x22\xfc\x7c\x98\x57\x10\x83\x1d\x79\x2e\x76\x01\x4b\x37\x29\xf7\x07\xb3\x32\x81\x60\x55\xf1\x08\xc2\x58\xfc\x41\x7b\xa6\x21\x25\xa1\x6c\x51\xb4\xc9\xd9\xa4\xc8\xee\x54\x5f\x31\x26\xd1\x95\xa5\xb3\xae\x40\x17\x13\x91\xce\x2c\xb6\x91\xbd\xda\x13\x57\xbe\x33\x19\x99\xcf\x27\xfc\x90\xb0\x52\x76\xa2\x7a\x41\xd4\x96\xf0\x13\x4d\x6a\x0d\xec\x45\x11\x4d\xcb\x59\x10\xfc\x87\x9a\xe8\x98\x35\x23\x02\x74\x3b\xa0\x37\x6b\x14\x1d\x20\x7d\x61\xcb\x52\x6a\x00\xbe\x2c\xa2\x2b\x96\x48\xfc\xe5\x1b\x05\x87\x22\xf0\xe6\x3e\xfb\x70\x7c\xeb\x56\x4c\x52\x22\xcb\x41\xd1\x03\x16\xc0\x64\xae\x71\x3f\xb5\x1a\x17\x5d\x4c\x64\x24\x51\xeb\xbf\x34\xb1\x88\x9c\x1c\x23\xb1\x0a\x9b\x6a\xf2\x58\x41\xb7\xbf\x02\x90\x93\x80\x56\xe3\x47\x60\xbb\x02\x7c\xfe\x7f\x3e\xde\x2d\x5f\x38\xb9\x76\x67\xa1\x94\x2e\x49\x6f\x2b\xbe\xce\xfc\x21\x0a\xb7\x3c\xaf\xe1\x72\x1b\xec\x86\xd3\x5c\x45\x5f\x72\x09\xb3\x52\x4f\x83\x87\x62\xc1\xf1\xe6\x7b\x3a\x04\x15\xac\x1a\x02\x6f\x41\xa2\xe8\x0b\xc2\xb2\x2a\xef\x8c\x82\xed\xa8\x44\xf8\x7d\x9d\xd8\x1a\x80\xde\x21\xdb\x40\x95\x88\x88\x9f\x00\xf5\x43\x84\x7c\xd7\xdd\x5b\x61\x41\x1a\xcb\x3c\xfd\xd2\x4a\x85\x62\xac\x7e\xcd\x8a\x83\xc6\x1d\x4a\x24\x22\x1a\x8a\x79\x5a\x95\x29\xeb\xc4\x2a\x52\xb5\x1e\x69\x29\x03\x5b\xa8\x8e\xda\x2c\x2b\x70\x43\x05\x6c\x95\xdd\x67\x3c\xc5\x25\x4f\xc8\x54\x96\x9e\xfd\x99\xaa\x7c\x1d\x44\x23\x36\x74\xca\xfb\x21\xdf\x55\xfb\x5f\x78\xec\x2c\x47\xb6\x41\x06\x8f\x90\x97\x9e\x52\x0f\x0d\x94\x67\x54\x34\x16\x36\x71\x86\x83\x2c\x47\x22\x27\x8c\x6f\x66\x50\x78\xbb\x49\x6b\x2b\x78\x22\xd9\x4e\x2f\x3d\xb5\x33\x6b\xc7\xf0\x2c\x3f\x51\x86\x8e\xd5\xea\x46\xc8\x23\xcf\x70\x61\xf1\x2e\x2e\x31\x8e\xc9\x8b\x5e\x5d\x0c\xad\x34\x4a\x7a\x38\x89\x7d\x95\xab\x54\x2f\x25\x1e\xe3\x68\x6e\xf5\x76\x6e\xae\x14\xfe\xae\xb4\x55\x7a\x9d\xad\x1b\xff\x37\x21\xe1\xef\xdd\xe1\xcc\xdc\x47\xbe\x8e\xeb\x88\x41\x86\x44\x1f\xc7\x5b\x44\x7a\x0b\x5a\x80\x38\x5b\x62\x4f\xf2\xe3\x10\xee\x51\x07\x8f\x79\x6f\x27\x72\xa6\x43\x0e\x1b\x53\xfc\xf3\xb5\x5e\xdf\x9b\x1d\x51\xbf\x8d\x36\x9a\xc7\x75\xae\x2a\xd1\xff\x56\xb3\x20\x9e\xf9\xcc\xad\xbf\x9a\xf4\xc3\x60\xf7\x01\x22\xfb\xfc\x4c\xd1\xe6\x53\xb7\xaf\x75\xef\x98\xd6\xc5\xe2\xe1\xff\x7a\xbb\x6b\xbe\x78\x5e\x62\x7e\x1f\x1d\x7c\x35\x45\xb3\xbc\x7f\xef\x0f\xaf\x6b\x90\x4b\x07\x6f\x13\x54\xd7\x6c\xfd\xa1\xf2\xe5\xb8\x56\x4d\x46\x0d\x56\x33\xfa\x4f\x0f\xe9\xe8\xfe\xb5\xd4\x61\x25\xa4\xcd\x59\xb4\x5c\x08\x77\xc0\xce\xaf\xe3\x79\xe1\x61\xda\xf8\x61\x30\x4c\x74\xcc\xe1\xef\xb1\xcd\x1d\x1e\x5b\xee\x53\x6f\xfb\x0a\xa5\x76\x2d\x42\x52\xc7\xba\x8e\xa5\x06\x41\x8e\xf4\xbd\x46\x3c\xd8\x8f\x6d\xc7\xff\xd3\x69\x47\xc8\xf9\xc1\x1b\x1a\x51\x60\x12\x59\x80\xd7\x54\x00\x1f\xc5\xe2\x69\xe2\xab\xde\x03\xbd\x0d\x7d\x3c\x1f\x93\xc4\x5a\x1f\xe2\x02\x8a\xfa\xc0\x55\x2b\xc1\x3f\x1b\x01\x01\xd8\x4e\x81\xca\x3a\x8d\x86\xf3\x8a\x81\xf1\x65\x7d\xf1\x77\xf4\x65\xf6\x8f\x5e\x07\xe3\x38\x00\x23\xf0\xf6\xb1\x08\xc1\x38\x1f\xb5\x82\xac\x42\x48\xe1\x8b\x08\xe9\xe9\x24\x33\x84\x26\xa2\x4a\xa7\xea\x4b\x2b\xb8\x06\xca\xfd\x23\xb2\xae\xa1\x15\xaf\x52\xc0\x54\x1e\x4f\xde\x1e\x98\xb2\x5c\x5d\x26\x79\xa0\x61\x18\x06\x49\x9e\xcf\xcf\xd9\x5b\xa9\x59\x4c\xd1\x11\x18\x1c\x29\x41\x0e\x72\x22\x2f\x8c\x4d\x04\xa3\xe1\x54\x7f\x62\x73\x00\xa2\x39\xda\x7a\x30\x1f\x0d\x2e\x17\x16\x83\xc7\x20\x34\x0e\xa0\xce\x76\xdc\x76\x76\xb5\x0e\x43\xf0\x3b\x0a\x03\x09\xa2\xf9\x1b\xf2\xf9\xc3\x02\xbb\x13\xd3\x69\x31\x04\x3a\x52\xa6\x02\xb6\x9f\xff\xba\xc5\x8f\xe8\xf6\x62\xf6\xac\x7a\xfe\x76\x6b\xeb\x5d\x18\x5a\xa3\x42\xa6\x73\x35\x3b\x29\x53\x00\x64\x38\x6c\x18\xe1\x56\x1d\x7c\xde\x08\x2a\xcf\x2d\x22\x0a\x7d\x0a\x1b\xf1\xa5\x74\xb6\x1c\x7a\xd7\x30\xf9\xf4\x60\x9c\xec\xdc\xa9\x2f\x7f\x9c\x23\x1e\xa9\x0b\x67\x2b\x44\x8c\x30\x29\xd7\xc4\xef\x57\xd4\xed\x46\x8a\x94\x65\x7e\xef\x5d\x3e\x91\xc5\x45\x14\xab\xbd\x78\x4a\xdb\x9d\x68\x8a\x9b\x81\x43\xca\x39\x25\x1b\x04\xe1\xdf\xf6\x1f\xcd\x18\xed\x86\xd2\x42\x07\x67\xde\x18\x69\x8c\x9c\x93\x88\xf1\xd6\x25\x7b\xb3\x62\xfe\x77\x92\x3e\xb1\x85\x94\x53\x9f\x51\x9c\xac\x40\x1d\x34\x39\x5b\xf9\x03\xb2\xea\xf7\x7c\x4c\x52\xf8\x16\x29\x75\xba\x13\xfc\x8c\x91\x6f\x0e\x1b\x9b\x1a\xf8\xf9\x2c\x54\x41\x77\x2c\x74\x0c\x5f\x6d\x89\x68\xc9\x17\xa8\x15\x48\x07\xb2\x56\x9e\xbe\x44\x81\x75\x3f\x15\x3e\x7d\xee\x5a\x58\x0d\xa1\x4b\xae\xc6\x38\x29\x79\x2f\x53\x12\x0d\x6d\x1a\xe0\xea\xa0\xe2\x6a\xeb\xb5\x87\xe7\x59\xa2\xd5\x74\x99\x18\x88\x97\x4e\xdf\x29\x70\x27\xf2\xb0\xbd\xc8\xe4\x06\xef\x24\x35\xb6\x96\x7e\x19\x1f\x5c\x9f\xec\xd0\x50\xd8\x5e\x20\x0d\xd3\x60\x9f\xcb\xcc\xb0\x00\xd1\xd3\xb6\xf5\xb2\xda\x64\x88\xb5\xa4\x21\x90\xa0\x3e\x5e\x6d\x6d\x0d\x58\x15\xa7\x74\x28\xf9\x2b\xe4\xb0\x18\xec\xd7\x29\x1b\x4d\x18\x5b\x12\x89\x3a\x57\x67\x8c\x4d\x4d\x3f\x86\xb3\x4f\xcf\xad\x24\x63\xc6\xcb\xe6\x67\x7b\x01\x63\x73\xf0\xc3\x49\xa6\xd1\x72\x81\xdc\x74\xf6\x51\x75\x81\x78\x87\x80\x38\xc0\xad\xed\x0c\xa8\x4f\x6b\x2e\x62\xbf\x33\x4b\x65\xb6\x51\x94\xf5\xf8\x24\x9e\xd9\x24\xd4\xff\x99\xd6\x0f\x4e\x24\xb9\xea\xf2\x39\x22\x3d\xce\x4a\x8f\xc9\x22\x93\xfc\x00\x85\x59\x2e\x99\xa7\x0e\x92\xde\x22\x7d\xaf\x1c\x62\x54\x43\xd0\xc5\x76\x66\xa7\xf8\x4e\x8d\x14\xba\x6c\xed\x0c\x53\x76\xb4\x11\xb0\xf9\x23\x78\xcd\x60\x5e\xf7\x31\xfc\xd4\x37\xf3\xf7\x32\x8f\x51\xec\x8f\xf0\x1e\x25\x15\xb8\x4f\x58\x15\x81\x93\x2e\x75\xe4\xad\xee\x53\xa2\x57\x9d\x9c\x9f\xc9\xf8\x18\xd3\x90\x36\x39\xe7\x6b\xce\x73\x45\x61\x26\x5a\x7b\xfd\x98\xfd\xb6\x87\x71\x49\x2f\xb2\x00\x54\x55\x4e\xa5\xe8\xd4\x8a\x07\x9e\x70\xdb\x29\x31\x00\x8d\x20\xa0\x52\x1f\x53\x95\x72\x91\xd8\x12\x3d\xa1\x03\x7d\x1d\x02\x55\xcd\x43\xce\x69\xf3\xdc\x3f\x98\xfd\x01\x05\xd7\x9a\x77\x2e\xef\xe7\x2f\x09\xf9\x17\x9d\xc1\x19\xed\xfc\xf8\x03\x25\xfd\x93\x15\x03\xa8\xc4\x72\xf4\xbd\xc1\xe1\x6d\xb0\x91\xef\x21\xa5\x48\x06\x59\xfb\xc6\x9c\xb3\xf8\x5e\x29\xee\xe6\xd2\xef\x00\xb1\x0c\x75\xd0\x3e\x88\x4a\x89\xbc\xf2\xc8\xc9\x16\x5c\x89\xce\xa2\x7b\x4f\x6a\x94\x78\x2b\x15\xef\xa8\x88\x11\x80\x96\x3a\x85\x39\x6b\xe3\x6e\x34\xfb\x36\x37\x18\xd8\x69\xc1\xa9\x0f\x70\x08\x32\x68\x86\x8f\x0a\x52\xf9\x2d\x64\x3d\x80\x30\x42\x50\xde\xa1\x01\xde\x7b\x46\xc4\x68\xfc\x54\x14\xe2\x42\x00\xab\x44\xf9\xc3\xf6\xf4\xe5\xf5\x1a\x76\x50\x3e\x12\x7a\x46\x9b\x58\x28\xc9\x7f\x87\x5d\xf6\x9f\x3d\x6c\xe8\xa5\x62\x02\x00\xf6\x82\x72\xd1\x66\x12\x50\x41\xbf\x68\x8d\x78\x1e\xd7\x42\x0d\x9a\x3c\xc2\x8e\x79\x75\x59\x8a\x11\xaa\xf4\x00\x05\x0c\xd8\x1c\x70\x03\x08\x65\x71\x7c\x4c\x8c\x07\xbc\x2f\xf3\x31\x24\x91\x9f\x1d\x94\x87\xf3\x34\xb0\x7a\xa9\x7f\xf9\xd9\xb4\xc6\xac\x17\xa9\xd9\x1a\xeb\xc1\xcc\x42\x32\x65\xea\x4c\xd2\x9b\xf7\xe1\xea\xb4\x7c\x58\x83\xd7\xb6\xc3\x70\x9b\x3c\x3b\x6d\x17\x4d\xc1\xc7\xd3\x4f\x3f\xb1\xad\x62\xeb\xa6\x6a\x1f\xe4\xeb\xe4\xb1\xfa\x8e\x95\x37\xbb\x45\x87\x4c\xd9\x8c\x6c\x6d\xd5\x89\x61\x07\xb9\xe9\x6f\xdf\x26\x26\x71\x33\x79\x10\xa1\x82\x1d\x88\xaf\x12\xd7\x28\xac\x96\xf4\x97\xeb\x91\xf6\x1a\xe1\x1f\xe2\x93\x15\x7c\xdd\x68\x86\x1c\x9f\xa4\x9b\xd3\x06\xa0\x31\xab\x87\xd5\x07\x63\xa8\x19\x91\xb5\x99\x67\x35\xe7\xee\xaf\x4e\xaf\x0a\x60\x44\xdb\x16\xc0\x7b\x3e\x07\x33\x71\x9e\x0e\xef\x10\x05\xfe\xd4\x39\x95\xa4\x85\xe6\xc1\xd6\x50\x83\x99\x02\x5e\x4d\x36\xa8\xf6\x29\x22\x48\xb2\x56\xdc\x42\xcc\x8b\x35\x08\x8e\x2c\xc9\x86\x4a\x1b\x4c\x23\xc1\x07\xa6\xc6\x77\x2a\x61\x3f\xf7\x58\x58\xe5\xde\xbf\xf7\x10\x84\xfb\x22\x10\x4f\x79\x3e\x00\xff\xe5\x77\xd8\xfe\x19\xd5\xb1\x0a\x51\x6c\x25\xe5\x31\x04\xb1\x77\x06\x92\x54\x5d\x85\x9d\xbd\xb0\x67\xe1\x99\xd5\x99\x9e\xc7\x9a\x13\x75\x04\xe4\x17\x3d\xd4\x56\x68\xe6\x93\x96\x04\x65\xf6\xd5\x7b\x25\xae\xcb\xc2\xd1\x53\xa1\x40\xbc\x80\xe8\xca\xc4\xf9\x27\xe0\x51\x78\x48\x67\xc9\x80\x19\x05\xb6\x2c\x91\x9f\xd3\x7c\x3c\x55\xdd\xb7\xad\x30\x93\x29\xde\xbe\xec\x6f\x4f\xb6\x67\x07\xaf\xff\x8b\x5a\x61\x82\xd0\x9c\x19\xdc\x54\xe2\x6d\x26\x92\x0f\xd9\xfa\x0d\x76\x82\x87\x84\x7b\xf3\xa6\x69\xc7\xf1\x7e\x6e\xb8\xa8\x00\xb2\xcf\xfc\xe4\xdd\x05\x52\xe6\x26\x66\x97\x6f\xa0\xe5\x79\x65\xf7\xd1\xc2\x71\x84\x9d\xde\xc6\x1c\x71\x1e\xc9\xeb\x1e\x17\xba\x34\x3e\x36\x28\x88\x0d\xb5\x7a\xc3\xbd\xa2\x21\xb8\xd6\x5b\x6e\x74\x79\xf0\xc8\xe3\xa2\x40\x16\x92\xba\x71\x01\xad\x16\xdd\x96\x7d\xb9\x03\x77\xe2\x9c\x2f\xae\x78\x37\x0b\x58\x6f\x32\x23\xf2\xb8\xca\x71\xc9\xf7\x56\x86\xf3\x96\x53\xc6\x72\x28\xe1\x09\xb7\x49\xfd\x45\xaa\x21\x81\x72\xa0\x3d\xae\x32\xcc\x3c\x41\x7e\x5f\x6a\x52\xd0\xd4\xd8\x3e\xec\x8a\x1d\x02\x50\x45\xcc\xdc\x8f\x62\xed\xd1\x10\xf4\xae\xa0\x98\x96\x7c\xb8\x4a\xd4\xb3\xaa\xe4\x6d\x19\x72\x0e\x35\x31\xae\x1b\xcc\xfa\x7b\x96\xed\x64\x6d\x38\x07\x10\xe4\x4d\x8b\xea\xdb\x3d\xe1\xa9\x31\x77\x77\x9a\x7d\x42\xe1\xd8\xdd\x01\x38\x2b\x20\x17\x57\x13\x2a\x8c\x5a\xfb\x5a\xdb\xcb\x96\x9b\xff\x0a\xd5\x4c\x9a\x3c\x99\xe4\x49\x67\x52\x21\xf0\xc7\x1e\xbd\x60\xed\xc9\xcb\x81\x10\x88\x28\xfe\xf7\xb1\x23\xbd\xfb\xbe\x6a\x30\xcb\x07\xd5\x36\x78\xfb\xae\xfe\xc8\x2c\xc0\x92\xc1\xaa\x80", 4096);
*(uint64_t*)0x200025d8 = 0x1000;
*(uint64_t*)0x200025e0 = 0x20001140;
memcpy((void*)0x20001140, "\xa9\xb8\x8a\xe0\x5c\x48\xde\xa3\xdf\x9c\xe1\xb7\x3d\x6a\xb4\xab\x15\x1b\x10\x3a\xf0\xba\x25\x2f\xe9\x62\x27\xfa\x8c\x83\xc2\x91\xf5\xae\x2b\x00\x11\x28\x63\xb1\xd3\x4a\x64\xb1\xc9\x6d\xba\x53\x6e\x51\x5b\x1f\xa0\x49\xd4\x8c\x5b\xba\x53\xf5\xa1\x56\x83\xea\x4f\xe0\x05\xb9\x74\x6b\x05\x0c\x5e\x40\x7b\x53\x60\x5d\xa2\xc2\x72\x38\x78\xd2\xd8\x42\xbe\xdb\x39\x82\x4b\x6c\x07\x1a\x0b\x31\xcb\x0b\x0e\xd5\x9e\xa9\x3f\xd2\x7f\xd4\xa6\x0f\x41\x79\x83\xa1\x20\x02\x1c\xe7\x2e\x3e\x58\x68\x42\xc3\x28\x99\xdd\x13\xc1\x87\x8a\x07\x8e\x40\xe1\x49\x05\xd2\xdd\x73\x29\xe6\x3f\x59", 142);
*(uint64_t*)0x200025e8 = 0x8e;
*(uint64_t*)0x200025f0 = 0x20001200;
memcpy((void*)0x20001200, "\xd0\xa1\x24\x85\x38\x38\x34\x7c\x2b\x3e\x6c\x4d\x16\xeb\x0a\x6f\x1b\xd7\x9e\xaf\x2a\xe9\xe2\xa2\xba\xe9\x6c\xee\xac\xa3\xda\xb7\x94\xdd\xa3\x4b\xff\x30\xf0\xc2\xba\x6f\xaf\x07\x0e\x70\xd4\x9d\x31\x19\x24\x75\xbd\xad\x80\x28\xa9\x0c\x67\x22\xf9\x4d\x5c\xed\x27\xbd\x1e\x8b\x55\xee\x9a\xf2\xb3\x34\xb1\x74\x5a\xf6\x1a\x5a\x47\xbc\x4d\xe8\x5e\x87\x68\x51\x07\x67\x9f\x1c\xd6\x36\x9f\xd4\x1d\xee\x35\x6d\x59\x02\xa8\x29\x2a\x50\x50\x1c\xf0\xcd\x89\xb8\x3c\x18\x12\xd0\x47\x9c\x8f\xc6\xd4\x07\xc5\x8e\x97\x98\x3b\xe5\x11\x9f\x1d\x77\x61\xae\xd5\x79\x5b\xc1\x8f\x82\x00\x3b\x08\x4d\x56\xd7\x91\x23\xbb\x7f\x1f\x57\xca\xb3\xa0\x42\xf3\x4d\x43\xaa\xfa\x65\x58\x92\xb0\xfb\xe0\xee\x28\x28\x1c\x5f\xfa\x00\xe3\x31\x2d\x3d\xcb\x6e\x56\xb0\xdc\x3c\x5b\x46\xae\x57\x24\x26\x1f\x04\x2c\x34\xe8\x27\x9b\xfe\x14\xe6\x59\x4e\xf2\xd5\xe7\xe1\x1d\xb5\x19\xa2\x3f\xc3\x57\xb1\x76\x83\x3a\x35\x1a\x69\xeb\xf8\x10\x83\xb2\x32\x75\x6c\x0e\x4a\x24\x4c\xe5\xcb\x78\xd1\xb2\xfd\x21\x7f\xe6\x1f", 242);
*(uint64_t*)0x200025f8 = 0xf2;
*(uint64_t*)0x20002600 = 0x20001300;
memcpy((void*)0x20001300, "\x2a\x77\x80\xfc\xf7\x67\xcf\x06\x9b\xcf\x3d\x04\xca\x4c\xe2\x03\x02\xdb\x2e\x4b\xe7\xa3\xd7\x07\x3d\xd6\xbe\x09\x63\x5c\x95\x87\xe5\x4e\x11\x12\xa8\xf7\x70\xc5\xf8\x88\x3a\x1e\x94\x0e\xaa\x08\x99\x1c\x06\x95\x72\xb4\xdd\xb7\xa4\xf9\x60\xaa\x2b\x31\x6a\xbe\x27\x11\xfa\x7a\x03\x6c\xf5\xb1\x30\xf1\x47\x3e\x6f\xc8\x56\x42\xf9\xef\xfe\x87\x14\x5e\x38\xf7\xd2\x8c\x48\x77\x45\xc0\x6e\xd1\x21\xca\x29\x54\xa0\x06\xc2\x68\x09\x96\xb3\xf1\xc3\x75\x97\xbd\x12\x31\x4c\xbf\x20\xda\xae\x52\x07\xe4\xbb\xa1\x18\x6a\xcc\x5b\xbe\x6f\xe1\x30\x3a\x35\x9d\xa7\xda\xa9\xc6\x9a\xe6\x4a\x8a\x47\xe1\x19\xd2\xa7\xac\xe5\xc7\xc7\xc3\xb8\x53\x3c\x25\xca\xaa\xd1\x5c\x09\xb0\x44\xf1\x5c\x8e\x8d\xd5\x87\xa2\x8a\xf0\xbc\xda\x8a\x0d\xa1\x0f\x1e\xe8\x70\x01\x30\xbd\x19\xc4\xba\x82\x8d\x56\x89\x62\x1f\x9e\xe9\xe7\x92\x4d\x2a\x01\xd5\x1a\xa9\x28\xeb\xc9\x37\x82\x71\x6f\xfd\x06\xc6\x09\xbe\xb3\xcf\xd7\x8e\x0c\x91\x30\x06\x3f\xde\xb0\xc8\x10\x8b\x5c\x8a\x93\xf7\x38\xc6\x54\x93\xfa\xe9\x87\x9a\xd9\xab\x35\xc1\x9e\x2c", 248);
*(uint64_t*)0x20002608 = 0xf8;
*(uint64_t*)0x20002610 = 0x20001400;
memcpy((void*)0x20001400, "\xaf\xb3\x43\x9e\xd0\xbf\x1d\x6f\xb1\x97\x94\xe5\x8c\x06\x6c\x72\xdb\x06\xbf\xd8\xdb\x84\x85\x31\xd3\xf2\x99\xbd\x52\xf0\xea\xb0\x42\xbe\x3f\xb7\xe7\x10\x61\x1c\xaa\x9f\x47\x01\x79\xca\xaf\x0f\x36\xdc\x3b\x9e\x53\x63\x1f\xd1\x5d\x7f\xaf\x12\x7b\xf6\xc4\x93\x49\xf3\x33\xb7\xe9\xda\x19\xf0\xac\xa4\xb3\x2d\x61\x58\xc4\xfc\x7d\x92\x5a\x6f\xc2\x27\x6a\xd5\x22\x13\xe0\x7f\xb6\x39\xba\xf9\xd6\x7e\x50\x12\x5c\x14\xd7\x62\x28\x6e\x53\xb7\x6c\x75\xc5\x5c\xe9\x9c\xca\xf8\xa7\x05\x9e\xf5\x68\xc1\xee\x1c\xad\x73\x79\xb2\x8a\x8f\x73\x9f\x81\xa0\xb4\xeb\x36\x2c\x0e\x86\x52\x2c\xbe\x79\x98\x45\x64\x69\xfc\x4b\x81\x29\x50\xe0\x42\x43\x0d\x7c\x78\xdb\xe0\xbe\x5b\x07\x37\xc7\x0a\xc3\xdf\x0f\xcf\xdf\x14\x24\xb0\xdf\x10\x5b\xb0\x1f\x98\x6c\x4e\xbc\xe5\xf6\x66\xb7\x85\xa7\x2f", 191);
*(uint64_t*)0x20002618 = 0xbf;
*(uint64_t*)0x20002620 = 0x200014c0;
memcpy((void*)0x200014c0, "\xd8\x1b\x61\xf2\x5f\xa8\x77\xbe\x05\x47\x37\xd0\x92\x36\xb3\xf0\xef\xe7\x59\x32\x8c\x49\xee\x3a\x03\x82\x1b\xb3\xba\x12\x32\xbc\xf8\x33\x66\xc7\x48\x45\x76\xc3\x95\x5e\xa1\xfa\x98\xe0\x77\xac\x83\xf2\xdf\xdb\xb9\x39\x72\x57\x93\x8b\x98\x92\xe0\x4e\x10\x57\x77\x4e\x79\x09\xde\x64\x8d\x4c\x77\xb5\xeb\x6f\x26\xe8\x24\x08\x45\xf4\x9a\xb0\xad\x46\x97\xcd\xf6\x8e\xe5\x70\x37\x99\xb0\xa6\x74\x15\x88\xb8\xc1\xe1\x77\x81\x49\xbe\xe4\x71\xf4\x16\xe5\x2a\xe5\xdb\xb6\xfc\xf7\xba\x6a\x9c\x75\x2f\xe2\x96\x80\xc9\xb1\x76\xa0\x93\x4f\xca\xe6\x59\x06\x77\xe9\x9b\x0b\x8b\x7a\x76\xc5\xbe\x60\x41\x01\x0e\x27\xff\xbc\x25\x76\x66\x2b\x82\xd8\xab\x1b\x0b\x98\x52\x99\x3a\xa7\x66\xcc\x8a\xe3\xe6\x1b\x85\x77\xbf\xc4\x22\x61\x54\x14\x37\x43\x23\x4a\xcc\x45\x5b\xf4\x43\x33\xce\xc0\x46\x32\x51\xdd\xf5\x17\xb0\x9e\x60\x31\xb4\x15\x36\xae\x97\x47\x99\x3a\x7b\x39\x9d\xa6\x4a\x5e\xea\x09\xc6\x2a\x4b\x8c\x69\xa5\xca\xaf\x22\x91\x0e\x45\xfb\x2d\xbc\xd5\xf4\x73\xff\xc3\xb6\x4a\xa8\x15\x9d\x01\x26\xc6\x92\xd7\x3d\x48\xc7\xb2\xa1\x6c\x28\x24\xd0\xca\x82\x41\x63\x96\xa3\x5d\xeb\xb8\xcf\xc1\x1b\x5a\x20\x93\xd4\x6e\x95\x2d\x93\x3f\x1e\xc8\x51\x6c\x57\x4e\x1c\x8b\x33\x4f\x1d\xbd\x4a\xa6\xc8\x13\xbd\x84\x23\xd7\xab\x5d\xc4\x7a\x54\xf8\x7c\x46\x40\x14\x80\x99\xf0\xf2\x5c\x8b\x5d\x21\x5a\x4d\xd5\x05\x41\x56\x55\x4e\xe8\x8b\xfe\x2a\xcf\xe6\x20\x61\x20\x34\x6a\x3e\xcd\x32\x01\x5c\x1a\x18\xfd\x4d\xfd\x4d\xa8\x72\x05\x34\xe1\x6b\xb1\x5e\xcf\x57\xb9\x4e\x97\x2d\x2a\x1b\x21\x90\xbb\x8b\xe1\xc1\x9c\x70\xac\x97\xf9\x27\xbf\xe7\x3e\x8b\x08\x71\xb4\x49\x83\x23\x76\x5b\xeb\x1b\x94\xad\xbf\xcb\xf6\xf8\xff\xc2\xd9\xcf\x47\x1d\x45\x70\x89\x1a\xea\xa3\x92\x8e\xc8\x16\x15\x17\xf8\x4a\x29\x29\x09\x5d\x30\x01\x1f\x7e\xd8\x96\x50\x0a\x02\x6c\x98\xf5\xb3\xb1\xdb\xe3\x74\xd7\x1f\x6c\x7a\x59\x66\x48\x36\xd7\x05\x36\xba\x7e\x04\xda\x48\x64\x75\x54\xed\xc2\x92\xcd\xbe\x26\xa4\x53\x6a\xaa\xfc\xe4\x86\xb4\xfd\xc7\x74\x30\x4e\x73\xad\xab\xd9\xc9\xf7\x8b\x7a\x51\x23\x55\x53\x8e\x53\xee\x12\x18\x6b\x1e\xee\x48\x09\xfb\xff\x3a\x72\x49\xfb\xe3\x68\x0f\x0e\x3c\x8c\x2d\x2e\xf8\x99\x34\x9b\xbb\x71\xb2\xd8\x89\xee\x00\x2b\xf5\xb5\x3c\x77\xfe\x56\xc4\xef\xc9\x71\x88\xdf\x59\xfe\x64\x4b\x07\x66\x42\x3a\xcd\xe5\xb0\x06\x74\xf0\x35\xe2\x7f\x76\x4b\xd6\xd8\xbe\x84\x0d\x96\x24\x79\xb3\x86\xb9\x96\x27\xf2\x63\x9d\xc6\x67\xe5\x28\xd5\x9f\x5a\x13\x53\x84\x7d\x08\x1f\x43\x78\x00\xc1\x3c\xa0\x81\xd2\x3a\x5d\x31\xb6\x60\xef\xc2\x9d\xa4\x71\xf4\x90\x86\x6b\xc8\x91\xef\x93\x41\x17\xe8\x94\xf4\xbb\xc2\x90\xbb\x52\x44\x85\x78\x05\x3c\xe7\xd1\x5b\x99\xb7\x01\xe3\x02\x3d\xd1\x31\xac\x36\xd5\x4b\xcd\xbd\x9d\xba\xcf\xd6\x73\xe0\x3f\x9e\x82\x7d\x9c\x2d\x02\x0a\x95\xc1\x2f\xa6\x68\x3a\xc6\xd4\xcd\x1f\x17\x5e\x81\x90\x91\xa3\x28\xe0\x9e\x94\x93\xea\x92\xf9\x4f\x30\xde\x06\x7d\x01\x85\x3e\xe1\x6f\x31\x6f\xfd\xf7\xe1\xaf\x65\x16\xa6\x8c\xdf\xf0\x72\xa4\x31\xa6\x5a\x26\xf1\x6c\x2c\x98\x00\xe4\xfc\xa2\x25\x2c\xa8\xcb\x1c\x1b\xe5\x63\xe0\x90\x45\x5b\x30\xbe\x89\x37\xc1\xaf\x55\xa6\x6d\x05\xe0\x4a\x8f\x34\x50\x9b\x56\xce\xec\x19\xe9\x7e\x39\x25\x4f\x8f\xb6\xec\xbc\x53\x32\x7d\x52\x4a\x78\x64\x78\x44\xee\xf7\x99\x64\x15\x93\x52\xd4\xac\xf0\x62\xb0\xf3\xf2\xf5\x57\x12\xa5\xee\xbd\xbc\x95\xef\xd0\xa9\xf5\xfb\xd3\xbb\x45\x87\xe9\xf9\x6f\x46\xbe\x9c\xf7\x41\xa7\x67\xa0\x90\xf8\x5f\x96\x00\x1d\x9c\xf1\xd2\x15\x7f\xea\x81\xae\x8d\xdc\x2c\xdd\x60\x55\x9c\x02\x0a\x11\x76\x3b\xee\x28\xd5\x17\xc8\xdc\x22\x20\x20\x73\xba\xdb\xe4\xeb\x8b\xea\x03\x28\xf1\x85\xa4\xce\xb1\x1b\xb6\x48\x88\xee\x41\xed\xfa\x5f\x2e\xfb\x39\xa2\x52\x58\x41\x02\x5c\xac\x5f\x47\x87\x23\xb2\x82\x68\xb0\xac\x16\x27\x34\xda\x8b\xe1\x28\xaa\x93\xa1\x04\x39\x8b\x05\x8e\xa6\x3f\x80\x15\xa0\x86\x61\xa9\xdd\x0a\xfa\x4f\x9f\xc5\x3a\xe3\xfb\xe4\x57\x0d\xd1\x31\xfa\x0d\xda\xbe\x87\x4f\xe0\x9b\x02\x86\xfc\xb7\x23\x52\xd2\xf7\xee\xfd\x7f\xe3\xb0\xc6\x0e\x66\xad\xd1\x96\xf0\x05\xab\xf6\x9c\x2e\x2c\xae\xf0\x07\xba\x1f\x4c\x21\x90\x3e\x54\xb0\x30\x47\x93\x40\xc1\xae\x70\xab\xfe\x85\xf3\x43\xca\xd2\x89\x66\x53\x57\xe8\x22\x88\xaa\x96\xe1\xf2\x4f\x3f\x91\x40\x4f\xfb\x24\xf2\x1a\xfb\xb4\x81\x37\x84\x89\x25\xed\x8b\x4a\x51\xd4\xaa\x1f\xf4\x2e\xe5\x96\x02\x2e\x01\x77\x83\x4f\x79\x98\x13\x1d\xbd\x73\xb0\x55\xe8\x9b\x83\x67\xe5\xdc\xe4\xab\x4b\x3f\xf9\x07\x29\xf3\x18\x6b\xbb\x17\x3b\x29\xcc\x5d\x48\x5f\x6c\xc1\x96\xde\x53\x46\xfd\xe2\xbe\x65\x88\x04\xad\x8e\x4c\xda\xf1\xba\x81\x7d\xf6\xa4\x2f\x15\xc0\x46\xd2\x44\xab\xf6\x66\xe8\x5e\x8f\xd1\x0e\xd7\x01\x1c\x30\x1b\xf0\x79\xc0\xbb\xf1\x53\x1b\x71\x3b\x29\x9a\x1e\x13\xab\x44\x31\x2e\x5d\x00\xe8\x0a\xdd\x85\xc0\x85\xbe\x9a\xa3\x5d\x2d\xbd\xb1\x46\xab\xfd\xc4\x65\x3f\x44\xbf\x4e\xf8\x6d\xc1\x81\xac\x57\xa5\x4e\x64\x12\xa2\x81\x55\x09\x62\x89\xdc\xa0\xe2\xf9\xa6\xaa\x25\x62\xb9\xe7\x2f\xa1\x37\x29\xb2\x3e\x8b\x48\x3c\x66\x72\x78\x3e\x4d\xc9\x8e\x05\xdf\x9a\xaa\xb3\x19\xbf\x61\x03\x03\x9b\x86\xd1\xf2\x36\xad\x5b\x90\xc2\xad\x11\x51\x63\x75\xbe\x54\xc7\xc3\xc6\x88\x75\x69\x47\x74\xa0\x5a\x4f\x7d\x96\x65\x8b\xac\xc8\x3b\xb2\xef\x73\xb1\x27\xf5\x43\xa1\xf0\xa7\xba\x48\x3f\x38\xb3\x6e\x19\xc4\xed\xf7\x83\xbb\x79\xbb\x23\xae\x12\xa1\x45\x69\xa5\xf1\xda\x65\xbe\xb5\xad\xa1\x76\xb3\x7e\xe5\xfa\x7b\x16\xcf\xf1\x11\x31\x5a\x36\x12\xc8\x28\xb1\x05\x8c\x20\xde\x3b\x67\xa4\x6e\x25\x0c\xec\x13\x04\xb4\x3f\x58\xf3\x80\xe8\x96\x0a\xfe\x6d\xd8\xc6\xfb\x75\x7b\x74\xda\x89\x0e\x8a\x05\x71\x31\x65\x34\xc1\xf4\xfd\x68\x5e\x3c\x68\xd1\x98\x79\x63\x44\xd0\xa1\x26\x23\xae\x76\xbc\x6b\xf6\x27\x37\x5a\x53\xfc\x51\xba\x3c\x4a\xb5\xcd\x91\xfb\xfd\x01\xda\x30\x50\x7d\xd0\x46\xf5\x9e\x4a\x4c\x25\x40\x54\x53\x67\xa9\x80\x69\xbd\xaf\xb3\x8b\xb7\x30\x05\x8d\xfd\x47\x0f\x75\x5c\x37\x24\x23\xb4\x12\x8d\xf8\x9a\x42\x55\x75\x8f\x43\x99\x59\x00\x78\xf7\xcd\x95\xf6\x34\xab\xfe\xe0\xb6\x8f\x9f\xd4\x61\x11\xa4\xb6\x3c\x4e\x81\xaf\x94\x54\x6a\x88\x4d\x0b\x8b\x2e\xbf\x25\x84\x0b\x7a\xff\xbc\xf1\x40\x18\x73\x18\xda\x14\xa3\x10\x18\x89\x92\x99\xb1\x07\xa4\x73\xf1\x6a\x84\xae\xdb\x0b\x44\x05\xd1\xb5\xb6\x3c\x19\x7b\x24\xef\x49\x8a\x21\xdc\x0d\x8b\x06\xc8\x16\x95\xc9\x20\x73\xe8\xbc\xf1\x6a\x26\x23\xc2\x00\x2a\xad\x8c\xbf\x86\x53\x1d\xda\x9a\x07\x52\x2c\x2e\xcf\xa6\x7f\x4d\xfa\xc8\x55\xd8\x3a\xcf\xc2\xa1\xf7\xf2\xd3\x5b\x3f\xf6\x07\xa9\xf7\xf8\x53\x3a\xd6\xec\xe8\x3f\x7d\x3d\xfc\x81\x11\xb6\x04\xe2\xb1\x9e\x69\xa1\xe9\x00\x2f\xd9\x19\xc3\x8f\x36\x18\xb2\x5d\xb7\xce\x40\x13\x9a\x0b\x54\x38\x9b\x04\x0c\x6e\x5e\xa4\x14\x11\x26\xeb\xbb\x2f\xb4\x6c\x07\xbc\x23\xeb\x20\xd8\x0f\x01\xcd\xcf\x43\xba\xcb\x87\x19\xdc\x1f\xf0\x09\xd2\x49\xc4\xe7\xb9\xf5\x85\x20\x9c\x4b\x15\xc9\x72\x71\xed\x2d\xac\xc1\x7f\x41\x87\x9c\x0b\x10\xf5\xd4\xc1\xbf\xe1\x93\x04\x09\x31\xc7\x01\x1f\xc0\x8e\xb2\x67\x0a\x98\xf0\xaa\x3c\x02\x2c\xe7\x4e\x9a\x93\x5e\xd6\xf7\x2a\x0d\xb7\xf0\x60\x7a\x31\x73\x72\x4d\xf0\x12\x5a\xec\x64\x5b\xd9\x34\xc9\xd5\x41\x7b\x17\x66\x00\xfc\x7b\x23\x43\x0e\x9c\xb9\x61\x33\x85\x44\x03\x76\xd2\xeb\x88\x80\xf9\x78\x15\x7c\xb2\xfa\x5a\x5b\xe2\x8c\x4b\xef\x41\x74\x84\x3b\xba\xad\x45\x5b\x8a\xae\x41\x75\x32\xb6\xbc\x5d\xba\xc1\xf6\xb2\xf0\xae\x50\x76\x2b\x0a\x6d\x76\xaf\xa1\x32\x8f\x67\xfd\xe8\x17\x40\x8a\x2f\x8d\x4a\x6f\xd4\x7a\x4c\x87\x74\x6d\x3b\x17\x84\x85\x8b\x3e\x46\x73\x88\xac\x9f\xa1\x0d\xa6\x33\x6a\xac\xb5\xd7\xc1\xc9\xa9\x8a\x55\xe0\x0d\x32\xc8\x8a\x61\x3b\xce\x16\x87\x98\x51\xa7\xd6\x8d\x7d\x0e\x58\xb5\x68\xac\xfb\x93\xd9\x0c\xc9\x22\x96\x9b\x0d\xff\xa9\x93\x62\x1a\x7a\xa0\x05\x66\x2d\x68\x71\x75\x99\x21\x8e\x63\xe9\x86\x96\x49\xc2\x42\x7a\x08\x4e\x4c\xfb\xc7\xea\xc3\xf9\x4f\x10\x4f\x4c\xce\x59\x66\x23\x6e\x9d\xcd\x31\xf5\xb4\xa6\xa6\x99\x94\x32\xaf\xe0\x71\x89\x23\x71\x79\xf3\x42\xde\xa5\xb6\x74\xbf\x78\x66\x9e\xef\x00\x36\x6c\x3c\x27\xfa\xcc\xa8\x00\xf6\xd4\x73\x85\xcd\xa7\x7a\x47\x78\x99\x43\xe7\xcc\xcd\xa7\x09\xbd\x70\x20\xf4\xa0\xa8\x25\xbd\x66\x77\x71\xb7\xa5\xb2\x7e\xa0\xc2\xd8\xa8\x1e\x63\x47\x28\x90\x41\x78\xe5\x5d\xe2\x8f\xaf\xda\x1f\x88\x8b\xbe\x31\x34\xfc\xff\x57\x77\x4b\xfe\xe7\x0e\x8d\x38\x56\xce\x20\x95\xc9\xd9\x03\x17\x01\x17\x40\x01\x78\xac\x1b\xd9\xfe\xca\xbf\x0b\x1b\xfc\x46\x7f\x9b\x37\xe0\xb2\x98\xc1\xdd\x42\xea\x6e\x38\xfd\x8c\x90\x3c\x3e\xbc\x42\x2c\x18\x94\xde\xe5\xab\xc4\x7d\xa6\xea\xb9\x80\x80\xfc\xb9\x48\xfb\x33\x07\x5e\xcb\x7d\x0e\x74\x36\x2e\x6e\x00\xff\x74\x4f\xae\x99\x19\x23\x77\x66\x06\x34\x1f\x92\xb1\xfc\xd6\xb7\x2a\xcf\xcc\xcc\xb8\x75\x27\xb4\x93\xb3\x0a\xc2\xfd\x6d\xbb\x21\xd6\xd9\xa2\xea\xce\x67\xc8\x8f\x3c\xc4\x98\x41\x11\x2b\xea\x64\xfa\x6d\x7e\xb0\x4a\x16\x25\x45\x47\x85\xe4\x98\x20\x86\xa0\xed\x20\x43\xb6\x9b\x30\x4d\xdb\x59\x32\x8a\x8c\xb4\x86\xac\x86\xc0\xf6\x4f\x02\x01\x5c\x6c\x27\x95\xcf\x3c\xef\x28\x1e\xb7\xce\x9a\xc9\x21\xbb\xfb\xa9\x6c\x90\xd3\xec\xa7\x79\x02\xd8\x8b\x39\x58\xd8\x69\xdd\x5e\x48\x65\xdc\x82\x5b\xe2\xb2\xf5\xd0\x2e\x6b\x80\xa0\x9f\xa0\x0d\x25\x27\x2a\xa6\xc2\xc3\x85\x0a\x8b\x38\x2a\x5e\x48\x88\x8b\x33\x4e\x3b\x05\x68\xac\x15\x2c\xcf\xc4\x08\xb1\xcf\x11\x78\x95\x2b\xde\xbe\x62\xd5\x69\xc1\x9b\xe8\xa9\xec\x33\x8a\xe3\x5c\xc9\x92\xc1\x7c\xd2\x99\x82\x24\xe3\x70\x44\xb3\xb6\x54\x99\x4b\x6d\x41\xbe\x70\xd5\x3b\x39\xf9\xd6\x10\xa7\x31\xd4\xe9\xf9\xec\xc2\xd7\x21\x95\x7c\xb6\x4d\xa0\xff\xe9\x7f\x99\xcd\x64\x50\x18\x8c\xe1\x1d\xb5\xc5\xa8\x2c\xdc\x7e\xcc\x0f\xf4\xb7\x9d\xf3\x2f\x1d\xbc\x5e\x8c\x07\x2b\xd5\xbd\x1f\x69\x0b\x46\x92\xb5\x49\xd1\xfb\xc4\x13\x9a\x08\x5b\x46\xa1\x51\x83\xd3\xe7\xcf\x34\x85\xb9\x52\x25\x6c\x04\xac\xf8\x5f\x7e\x4a\x9b\x45\xab\x57\x31\x9a\xb7\x1a\xbc\x0d\x2c\xfa\x63\x6f\x41\xf8\x66\x4c\xac\xaf\x30\x54\x8d\x95\xff\xa4\x8f\x5e\x7a\x7f\xeb\x14\x0e\x6c\x1c\x98\x60\x13\x9c\xa0\x0d\x17\x47\xff\x3d\x85\xd2\xb5\x72\xe2\x90\x5a\x1a\x3a\xa8\xb7\x24\xd6\x48\xd2\x61\xe5\x71\xd1\x00\x3d\x33\x4b\x28\xce\x9c\x83\x6c\xae\x11\x44\xe9\x5f\x78\xc7\x45\x09\x2c\xea\x97\x24\x2a\x5c\x89\x12\x30\x05\xe1\x7a\xc3\x34\xf7\x10\x31\x41\xa2\x05\xd3\xfc\xb7\x6a\x11\x88\x72\x1d\x69\xe2\x5c\x89\x33\x49\xe6\x21\xa6\x05\xcd\x76\x97\x9d\xc3\xc8\x50\x26\x6f\x90\x21\x81\xed\xa1\xc3\x90\xda\x80\x49\x02\xef\x2b\xa5\x64\x3c\x1e\x11\xd7\x0b\x36\x34\xe7\x32\xf9\x0f\xb4\x17\x7c\x10\x5a\x2f\x1a\x59\xcd\xa4\x14\x06\xcd\x42\x85\x04\x5b\x78\x4f\xf6\xe3\x5b\xd7\xe3\xa2\xb7\x8b\x05\x87\x94\x3c\x8a\x18\xd6\x32\x0e\x6c\x5c\xdd\x4f\xab\x1c\x61\x92\x2f\xaa\xa4\xee\x3d\x86\x73\xbd\xc0\xf3\x8a\x27\xbf\x8a\xcb\xc8\x8a\x43\x87\xcf\x33\x66\x6b\x04\x84\x9c\x30\x56\x1d\x47\xdf\x6c\x14\x7a\x9e\xee\x3b\xe2\x4b\x5d\x49\xdd\x9b\x40\x42\x92\x0c\xc1\x1c\xfa\xac\x21\x28\x40\xb2\x15\xc1\xe6\x4c\xac\xeb\xe7\x35\x9d\xf9\x54\x9d\x19\x20\x85\xf6\x29\x3d\x55\xb7\x42\xf2\xd7\xcc\xd2\x97\xcd\x55\xce\x0a\x3c\x4e\xdd\x7a\xf5\xf2\xdd\xe9\xed\xed\x96\xb9\xae\x94\x83\x74\x09\x3f\xfd\x92\xff\xc8\xed\x9d\x94\x1a\x5c\x97\xd4\x15\x76\x13\x7c\x4b\xfa\x08\xe3\xe0\xe3\x90\xcf\x6a\xe9\x42\xd1\x48\x4e\xae\xd9\x96\x04\x03\x82\xfd\x13\xeb\x76\xf7\x9b\x69\x3b\xe1\xd6\xc6\xd8\x9c\x69\x3a\xc4\xb2\xc4\x4e\xc0\x70\xc7\x14\x2b\xf1\xdb\xc0\x42\xa5\x12\x05\x46\x23\xfa\x95\x3b\x0f\x83\x83\x46\xcd\x90\x56\xd0\xf8\x01\x01\x03\xe2\x29\x21\x6a\x29\xd7\x41\x35\x1b\x51\xf1\xcf\x4d\x55\x04\xad\x1b\x17\xe2\x78\x3c\xa3\xc5\xec\x46\xa8\xdf\xd2\x2c\x1b\xce\x83\xf3\xed\xab\xa0\x2c\xf1\x30\x90\x9f\x89\xe2\xa0\xbe\xf6\x12\x33\xba\x54\xb1\xa5\x0e\xf1\x65\x15\xa7\x62\x86\xb7\x5b\x02\xec\xb3\x8a\x42\x64\x43\x56\x2b\x13\xad\xbc\x66\x31\xdb\x99\xb8\x18\xf8\x94\x08\xae\xf4\xa4\xed\xc6\x7e\xe5\xaa\x57\xe9\x9b\x9f\x8d\x85\xfc\x3c\xf7\xd0\x03\x61\xf4\x68\x02\xea\xa4\x9d\x27\x06\xec\x2e\x89\x64\xe1\x00\xa3\xa8\xfe\xd6\xf7\x71\x87\xbe\x06\x2e\xce\x8e\x91\x51\x95\xdc\xdd\x7a\x02\xdb\x6a\x82\x5d\x61\x3a\x89\x25\x69\x17\x21\x95\xe4\xd3\xf8\x74\x1a\xe9\x1a\xcf\x6d\x26\xf6\x13\xbd\xef\x85\xa7\x43\xef\x59\xb4\xb4\x82\x1a\x77\x36\x19\xcc\xaa\x89\xea\xa9\x7b\xdc\x1c\x0a\x53\x18\x3a\x9b\xaf\x49\xc6\x5e\x67\x9d\x45\x5a\xa2\xe6\x65\x15\x20\xaa\x6e\x1e\xd1\x59\x1e\x9c\x7d\xdb\xca\xb0\x17\x15\x88\xbd\x0e\xae\xd6\xf4\x47\x0d\x58\xe0\xa0\x49\x2e\x54\x44\x85\x2d\x12\x57\x76\x68\xdb\x39\x35\x19\x95\xcf\x87\x71\x62\xf5\xa3\x4d\x05\xc7\xb9\xba\x4f\x56\x40\x2d\xba\x21\x72\x62\xbc\x5b\xa9\xd7\xb0\x90\x9b\x8e\xcd\xcd\xdc\xa2\xae\x74\xe4\x94\x3d\x44\x5b\x12\xe1\xfc\x18\x7e\xee\xb2\xd6\x40\x1e\x55\x41\xe0\x67\x3f\xb0\x15\xc0\x10\x74\xfe\x8a\x91\x3e\x4a\xf3\x60\xd7\xb0\xdd\x84\xd0\xca\x89\x7b\x43\xc1\xa4\x6a\x5c\x64\xf2\xed\x23\x64\xfc\xf6\xb6\x78\x0b\xa8\xd0\x27\x2f\xd5\xa3\x20\x3d\x5f\x75\xe6\xd4\x28\x85\xe9\x5c\xf9\x89\x45\x59\x2a\xfa\x2b\xc0\x27\xa9\x19\x16\xf6\x4f\xb8\x34\xc7\x47\xc8\xe8\x99\x83\x8f\x00\xdc\xab\x97\xd3\x47\x2d\x05\xea\x94\xed\x77\xb6\x01\x20\xad\x81\x35\x07\x87\x56\x09\xf5\x07\x70\xea\x84\xda\x53\xe9\xd7\xb4\xe9\x8a\xa5\x72\x34\x08\x20\xe1\x65\x0f\x3e\x65\x83\x58\x90\x6f\xa7\xe5\x03\xb8\xc3\x3e\xf7\x76\x03\xa2\x19\x09\x26\xa0\x42\x2a\xe7\xea\x9d\xe5\xae\x10\x72\x0b\x7a\x9c\x3c\x83\xb5\x80\xe2\x3b\x9d\x69\xda\xe0\x08\xf1\x5a\x49\x30\x85\xf1\x06\x76\x7e\xfa\xa7\x10\x3c\x02\xdd\x88\xec\xaf\xa7\x82\x0f\xcd\xcc\x96\x5f\x83\x6f\xe0\x82\xca\x87\xb6\x97\x4c\xb2\x81\x11\xac\xc7\xf6\x79\x3d\x37\x95\x35\x57\x8b\x20\x2b\x11\x58\xc5\xe0\xac\x44\x72\x18\x87\x12\x94\x8b\xc2\x64\x5a\x4f\xe3\x39\x06\xb4\x5b\x3c\x2f\x58\x95\x3d\xbf\xb9\xe9\x5f\x00\x50\x75\x05\x6e\x85\xa6\x11\xa1\x4a\x18\xd6\xaa\x91\x54\xc8\x24\x0c\xae\x45\x54\xb2\x44\x67\x2c\xc7\x48\xda\x44\xa1\x53\x55\xcb\xdd\x37\x4b\x7e\xfb\xf1\x4a\xc4\x62\x2d\xa8\x85\xb8\x13\x9c\xff\x9e\xf4\x97\xde\xb4\x6c\x1e\x81\xe6\x10", 3271);
*(uint64_t*)0x20002628 = 0xcc7;
*(uint64_t*)0x20004658 = 7;
*(uint64_t*)0x20004660 = 0;
*(uint64_t*)0x20004668 = 0;
*(uint32_t*)0x20004670 = 0;
*(uint32_t*)0x20004678 = 0;
syscall(__NR_sendmmsg, r[0], 0x20004640ul, 1ul, 0ul);
return 0;
}
[-- Attachment #3: reportsyz.txt --]
[-- Type: text/plain, Size: 4023 bytes --]
Kernel 5.15.54 on an x86_64
localhost login: [ 104.557712] ------------[ cut here ]------------
[ 104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358 __alloc_pages+0x38a/0x410
[ 104.559584] Modules linked in:
[ 104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1
[ 104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
[ 104.562190] RIP: 0010:__alloc_pages+0x38a/0x410
[ 104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb c5 <0f> 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff
[ 104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246
[ 104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX: dffffc0000000000
[ 104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI: 0000000000040cc0
[ 104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 104.569196] R10: fffffff900000000 R11: 0000000000000001 R12: 0000000000000001
[ 104.570194] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 104.571201] FS: 00007fda701c7740(0000) GS:ffff888107080000(0000) knlGS:0000000000000000
[ 104.572330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4: 00000000000006e0
[ 104.574149] Call Trace:
[ 104.574503] <TASK>
[ 104.574838] ? __sanitizer_cov_trace_cmp4+0x25/0x90
[ 104.575535] ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0
[ 104.576391] ? bpf_ksym_find+0x171/0x1c0
[ 104.576985] ? selinux_socket_sendmsg+0x207/0x2d0
[ 104.577938] ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[ 104.578739] alloc_pages+0x191/0x3f0
[ 104.579258] kmalloc_order+0x34/0xb0
[ 104.579794] kmalloc_order_trace+0x19/0xa0
[ 104.580375] sco_sock_sendmsg+0x10f/0x300
[ 104.581228] ? security_socket_sendmsg+0x8e/0xc0
[ 104.581915] ? sco_send_frame+0x3d0/0x3d0
[ 104.582489] sock_sendmsg+0x15b/0x190
[ 104.583052] ____sys_sendmsg+0x32d/0x870
[ 104.583659] ? kernel_sendmsg+0x50/0x50
[ 104.584233] ? __ia32_sys_recvmmsg+0x2a0/0x2a0
[ 104.584895] ? release_pages+0x5e0/0x1320
[ 104.585474] ___sys_sendmsg+0x104/0x180
[ 104.586056] ? __pagevec_lru_add_fn+0x669/0xa00
[ 104.586724] ? sendmsg_copy_msghdr+0x170/0x170
[ 104.587355] ? cgroup_rstat_updated+0x2d/0x2e0
[ 104.588034] ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[ 104.588827] ? __do_huge_pmd_anonymous_page+0x162/0xec0
[ 104.589601] ? __sanitizer_cov_trace_const_cmp4+0x25/0x90
[ 104.590362] ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
[ 104.591153] ? sockfd_lookup_light+0xcc/0x180
[ 104.591806] __sys_sendmmsg+0x197/0x450
[ 104.592362] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 104.592985] ? vm_iomap_memory+0x1f0/0x1f0
[ 104.593610] ? alloc_fd+0x226/0x5d0
[ 104.594125] ? cgroup_rstat_updated+0x2d/0x2e0
[ 104.594789] ? __sanitizer_cov_trace_const_cmp4+0x25/0x90
[ 104.595571] ? __sanitizer_cov_trace_cmp4+0x25/0x90
[ 104.596280] ? __audit_syscall_entry+0x3fb/0x540
[ 104.596960] __x64_sys_sendmmsg+0xa1/0x110
[ 104.597569] do_syscall_64+0x3b/0x90
[ 104.598102] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 104.598852] RIP: 0033:0x7fda6fabe289
[ 104.599367] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 db 2c 00 f7 d8 64 89 01 48
[ 104.601917] RSP: 002b:00007ffd1d267ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 104.603000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fda6fabe289
[ 104.604008] RDX: 0000000000000001 RSI: 0000000020004640 RDI: 0000000000000003
[ 104.605003] RBP: 00007ffd1d268020 R08: 29814bfc69644598 R09: 0000000000000000
[ 104.606007] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004004c0
[ 104.607019] R13: 00007ffd1d268100 R14: 0000000000000000 R15: 0000000000000000
[ 104.608030] </TASK>
[ 104.608350] ---[ end trace 9b3fdfb44b690636 ]---
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Backport request to fix a WARNING in sco_sock_sendmsg on LTS
2022-07-27 7:56 Backport request to fix a WARNING in sco_sock_sendmsg on LTS Harshit Mogalapalli
@ 2022-07-27 8:11 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2022-07-27 8:11 UTC (permalink / raw)
To: Harshit Mogalapalli
Cc: stable, Luiz Augusto von Dentz, Marcel Holtmann, johan.hedberg,
harshit.m.mogalapalli, Ramanan Govindarajan, linux-bluetooth,
LKML, George Kennedy, John Donnelly
On Wed, Jul 27, 2022 at 01:26:49PM +0530, Harshit Mogalapalli wrote:
> Hi,
>
> We have seen a WARNING message while fuzzing with syzkaller.
>
>
> Kernel 5.15.54 on an x86_64
>
> localhost login: [ 104.557712] ------------[ cut here ]------------
> [ 104.558404] WARNING: CPU: 1 PID: 15544 at mm/page_alloc.c:5358
> __alloc_pages+0x38a/0x410
> [ 104.559584] Modules linked in:
> [ 104.560030] CPU: 1 PID: 15544 Comm: repro Not tainted 5.15.54 #1
> [ 104.560896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.11.0-2.el7 04/01/2014
> [ 104.562190] RIP: 0010:__alloc_pages+0x38a/0x410
> [ 104.562864] Code: ff 4c 89 fa 44 89 f6 89 ef 89 6c 24 48 c6 44 24 78 00
> 4c 89 6c 24 60 e8 c4 e5 ff ff 49 89 c4 e9 43 fe ff ff 40 80 e5 3f eb c5 <0f>
> 0b eb a5 4c 89 e7 44 89 f6 45 31 e4 e8 c4 9f ff ff e9 4a fe ff
> [ 104.565421] RSP: 0018:ffff88801b4577f0 EFLAGS: 00010246
> [ 104.566182] RAX: 0000000000000000 RBX: 1ffff1100368aeff RCX:
> dffffc0000000000
> [ 104.567177] RDX: 0000000000000000 RSI: 0000000000000012 RDI:
> 0000000000040cc0
> [ 104.568185] RBP: 0000000000000000 R08: 0000000000000000 R09:
> 0000000000000000
> [ 104.569196] R10: fffffff900000000 R11: 0000000000000001 R12:
> 0000000000000001
> [ 104.570194] R13: 0000000000000000 R14: 0000000000000000 R15:
> 0000000000000000
> [ 104.571201] FS: 00007fda701c7740(0000) GS:ffff888107080000(0000)
> knlGS:0000000000000000
> [ 104.572330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 104.573146] CR2: 0000000020004640 CR3: 0000000020c34000 CR4:
> 00000000000006e0
> [ 104.574149] Call Trace:
> [ 104.574503] <TASK>
> [ 104.574838] ? __sanitizer_cov_trace_cmp4+0x25/0x90
> [ 104.575535] ? __alloc_pages_slowpath.constprop.0+0x16c0/0x16c0
> [ 104.576391] ? bpf_ksym_find+0x171/0x1c0
> [ 104.576985] ? selinux_socket_sendmsg+0x207/0x2d0
> [ 104.577938] ? __sanitizer_cov_trace_const_cmp8+0x27/0x90
> [ 104.578739] alloc_pages+0x191/0x3f0
> [ 104.579258] kmalloc_order+0x34/0xb0
> [ 104.579794] kmalloc_order_trace+0x19/0xa0
> [ 104.580375] sco_sock_sendmsg+0x10f/0x300
> [ 104.581228] ? security_socket_sendmsg+0x8e/0xc0
>
>
> I have attached the report and the reproducer. A similar warning is seen
> on some testing previously.
>
> Ref: https://lore.kernel.org/linux-mm/812dab5c-845d-df58-2752-abea7c07890@google.com/
>
> Commit: 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by
> memcpy_from_msg()") is backported to LTS. So we have this bug on LTS
> branches.
>
> The Fix commit is not backported to LTS.
> Commit: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg
> with bt_skb_sendmsg")
>
> I have tried backporting onto LTS locally.
>
> Can you please backport the following commits to these branches.
> 4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y LTS. (applying from 1 to 7)
>
> 1. commit 38f64f650dc0e44c146ff88d15a7339efa325918 upstream
> ("Bluetooth: Add bt_skb_sendmsg helper")
> 2. commit 97e4e80299844bb5f6ce5a7540742ffbffae3d97 upstream
> ("Bluetooth: Add bt_skb_sendmmsg helper")
> 3. commit 0771cbb3b97d3c1d68eecd7f00055f599954c34e upstream
> ("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg")
> 4. commit 81be03e026dc0c16dc1c64e088b2a53b73caa895 upstream
> ("Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg")
> 5. commit 266191aa8d14b84958aaeb5e96ee4e97839e3d87 upstream
> ("Bluetooth: Fix passing NULL to PTR_ERR")
> 6. commit 037ce005af6b8a3e40ee07c6e9266c8997e6a4d6 upstream
> ("Bluetooth: SCO: Fix sco_send_frame returning
> skb->len")
> 7. commit 29fb608396d6a62c1b85acc421ad7a4399085b9f upstream
> ("Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks")
>
>
> Notes:
> 3 is the fix for the WARNING.
> 1,2 are prerequisites for applying 3. At this stage the WARNING is fixed.
> 4,5,6,7 are necessary as they are fixing newly introduced commits by us.
>
> This is a clean cherry-pick series(7 commits) on all mentioned branches(LTS
> 4.14->5.15)
>
> I have tested all mentioned LTS branches with the reproducer(only) and the
> WARNING is fixed after applying these 7 patches.
All now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-27 8:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-27 7:56 Backport request to fix a WARNING in sco_sock_sendmsg on LTS Harshit Mogalapalli
2022-07-27 8:11 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox