[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+bQGUjabQVkN=9C84tj716Ux8GprLwFYJSapWOLy-r50Q@mail.gmail.com>
Date: Tue, 19 Jan 2016 09:30:40 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
linux-crypto@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Cc: syzkaller <syzkaller@...glegroups.com>,
Kostya Serebryany <kcc@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
Sasha Levin <sasha.levin@...cle.com>,
Eric Dumazet <edumazet@...gle.com>
Subject: crypto: GPF in scatterwalk_start
Hello,
The following program causes GPF in scatterwalk_start.
Herbert, I am on commit 5807fcaa9bf7dd87241df739161c119cf78a6bc4 with
all your fixes applied, including the fix for out-of-bounds in
skcipher_recvmsg.
general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
Modules linked in:
CPU: 2 PID: 8902 Comm: syz-executor Not tainted 4.4.0+ #269
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800629f4740 ti: ffff880060f60000 task.ti: ffff880060f60000
RIP: 0010:[<ffffffff827aff31>] [<ffffffff827aff31>]
scatterwalk_pagedone.part.8+0x121/0x210
RSP: 0018:ffff880060f676a8 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: ffff880060f678c0 RCX: ffff880060f678c8
RDX: 0000000000000002 RSI: ffff880060ead000 RDI: 0000000000000014
RBP: ffff880060f676d0 R08: ffffed000c3fc203 R09: ffff880061fe101a
R10: ffffed000c3fc204 R11: 1ffff1000c3fc202 R12: 0000000000000000
R13: ffff880064b7b5a0 R14: 0000000000001000 R15: ffff880060f678c8
FS: 0000000001eb6880(0063) GS:ffff88006d600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 000000002003d671 CR3: 000000006009b000 CR4: 00000000000006e0
Stack:
000000000000000b ffff880060f678c0 dffffc0000000000 000000000000000b
0000000000000005 ffff880060f67748 ffffffff827b0493 ffff8800629f59e0
ffffed000c53eb3c ffff8800629f4740 ffff880060eacff5 ffff880061fe1010
Call Trace:
[< inline >] scatterwalk_pagedone crypto/scatterwalk.c:53
[<ffffffff827b0493>] scatterwalk_copychunks+0x133/0x340
crypto/scatterwalk.c:102
[< inline >] blkcipher_next_slow crypto/blkcipher.c:175
[<ffffffff827b95ab>] blkcipher_walk_next+0xadb/0x1220 crypto/blkcipher.c:254
[<ffffffff827b861a>] blkcipher_walk_done+0x3ea/0x8a0 crypto/blkcipher.c:133
[<ffffffff82805b89>] crypto_ctr_crypt+0x2c9/0x6a0 crypto/ctr.c:147
[< inline >] skcipher_crypt_blkcipher crypto/skcipher.c:66
[<ffffffff827bb164>] skcipher_decrypt_blkcipher+0x1b4/0x260
crypto/skcipher.c:84
[< inline >] crypto_skcipher_decrypt include/crypto/skcipher.h:363
[< inline >] skcipher_recvmsg_sync crypto/algif_skcipher.c:680
[<ffffffff828ca604>] skcipher_recvmsg+0x1174/0x1bf0 crypto/algif_skcipher.c:710
[< inline >] sock_recvmsg_nosec net/socket.c:713
[<ffffffff851b9f30>] sock_recvmsg+0xa0/0xc0 net/socket.c:721
[<ffffffff851bccf9>] ___sys_recvmsg+0x259/0x540 net/socket.c:2100
[<ffffffff851beece>] __sys_recvmsg+0xce/0x170 net/socket.c:2146
[< inline >] SYSC_recvmsg net/socket.c:2158
[<ffffffff851bef9d>] SyS_recvmsg+0x2d/0x50 net/socket.c:2153
[<ffffffff863260f6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 f4 00 00 00 49 8d 7c
24 14 48 b8 00 00 00 00 00 fc ff df 4c 89 23 48 89 fa 48 c1 ea 03 <0f>
b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP [< inline >] scatterwalk_start crypto/scatterwalk.c:37
RIP [<ffffffff827aff31>] scatterwalk_pagedone.part.8+0x121/0x210
crypto/scatterwalk.c:69
RSP <ffff880060f676a8>
---[ end trace 40cf1dffbe6f0df5 ]---
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <pthread.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>
long r[68];
int main()
{
memset(r, -1, sizeof(r));
r[0] = syscall(SYS_mmap, 0x20000000ul, 0x40000ul, 0x3ul, 0x32ul,
0xfffffffffffffffful, 0x0ul);
r[1] = syscall(SYS_socket, 0x26ul, 0x5ul, 0x0ul, 0, 0, 0);
*(uint16_t*)0x2002c02a = (uint16_t)0x26;
memcpy((void*)0x2002c02c,
"\x73\x6b\x63\x69\x70\x68\x65\x72\x00\x00\x00\x00\x00\x00",
14);
*(uint32_t*)0x2002c03a = (uint32_t)0x8;
*(uint32_t*)0x2002c03e = (uint32_t)0x88;
memcpy((void*)0x2002c042,
"\x63\x74\x72\x28\x73\x65\x72\x70\x65\x6e\x74\x29\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
64);
r[7] = syscall(SYS_bind, r[1], 0x2002c02aul, 0x58ul, 0, 0, 0);
memcpy((void*)0x20014b26, "\xd4\x4f\x77\x66\x54\xf2\x63\xd1\xbe\x5c"
"\x6b\xac\xa6\x65\xc1\x0f\x2f\xbd\xea\x09"
"\x2e\x44",
22);
r[9] = syscall(SYS_setsockopt, r[1], 0x117ul, 0x1ul, 0x20014b26ul,
0x16ul, 0);
r[10] =
syscall(SYS_accept4, r[1], 0x0ul, 0x2001f000ul, 0x80800ul, 0, 0);
memcpy((void*)0x2003ef64,
"\x87\x58\xd9\x05\x97\xe4\x75\xad\xbf\x84\x1d\xdf\xc5\x99\x9d"
"\xd5\xa4\xe4\x93\x17\x48\xbe\x4a\x7a\xe0\x1e\xab\xd6\x7b\x3d"
"\x05\x9b\xb9\xf5\x4e\xcd\x3c\xb5\x7d\x9b\x90\x9b\x35\xaf\x32"
"\xc0\x5e\xa2\x72\x06\x35\x5c\x9e\xee\x4a\x06\xa3\x02\x1c\xe1"
"\xfa\x53\x9a\x94\x0f\xe2\x7a\x17\x0e\x09\xff\xf4\xb4\xb7\x33"
"\x6e\x97\xed\xaa\x8b\xe3\x71\x04\xcd\x16\x23\xff\xb9\x2f\x05"
"\xb0\xc3\x26\x26\x80\x2b\xec\x2d\x34\x16\x24\xc7\x0f\x80\x83"
"\xa3\x07\x27\x8d\x2c\xe8\xeb\x05\xc0\x9e\x04\x2c\x91\xc3\x5b"
"\x64\x07\x0e\xbe\x3a\x32\xeb\x15\xed\x4e\x39\x94\x8a\x2f\x32"
"\xad\x4f\x8c\xba\x40\x7c\x6d\xb6\x83\x81\x2b\x12\x2a\x9b\x72"
"\xab\xc1\x98\xe5\xc7\x9c",
156);
memcpy((void*)0x2003e000, "\x03\x00", 2);
r[13] = syscall(SYS_sendto, r[10], 0x2003ef64ul, 0x9cul, 0xc800ul,
0x2003e000ul, 0x2ul);
*(uint64_t*)0x20021fd6 = (uint64_t)0x20034cd9;
*(uint32_t*)0x20021fde = (uint32_t)0x80;
*(uint64_t*)0x20021fe6 = (uint64_t)0x20017b32;
*(uint64_t*)0x20021fee = (uint64_t)0x4;
*(uint64_t*)0x20021ff6 = (uint64_t)0x20034000;
*(uint64_t*)0x20021ffe = (uint64_t)0x3;
*(uint32_t*)0x20022006 = (uint32_t)0x4840;
memcpy((void*)0x20034cd9,
"\x02\x00\xab\x0b\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
128);
*(uint64_t*)0x20017b32 = (uint64_t)0x20034000;
*(uint64_t*)0x20017b3a = (uint64_t)0xac;
*(uint64_t*)0x20017b42 = (uint64_t)0x20034cfa;
*(uint64_t*)0x20017b4a = (uint64_t)0xa9;
*(uint64_t*)0x20017b52 = (uint64_t)0x20034000;
*(uint64_t*)0x20017b5a = (uint64_t)0x1000;
*(uint64_t*)0x20017b62 = (uint64_t)0x20034084;
*(uint64_t*)0x20017b6a = (uint64_t)0x3e;
memcpy((void*)0x20034000,
"\x07\x1e\x93\xc9\xc1\xf6\xd4\xc2\x5a\x07\xbf\xbe\x5a\x8e\x52"
"\xfe\x10\x5c\xb5\x6c\xd9\xc4\x47\x27\x76\x5f\x2f\xb3\xd4\x5e"
"\x6f\x42\x3f\xf8\xbf\x6a\xc3\x4d\x8f\xb4\xe6\x40\x4f\xd5\xb6"
"\x1b\xb9\xde\x02\xe3\xd2\xe4\x83\x48\x9b\x0e\x47\xd5\x5a\x77"
"\x3a\xad\x6c\xb8\xbd\x21\x8f\x75\x00\x1d\xb1\xf3\x36\x4a\x93"
"\xd3\xbf\x60\x1f\xfc\x07\xb3\x9b\xaa\x65\x6e\x98\x39\x66\xc1"
"\xcc\xf0\x2c\xc6\x87\xbd\xa7\xe8\x16\x3c\xf5\x57\xc0\x82\xa3"
"\x81\xb9\x05\xfa\x80\xc2\x94\x37\x1a\x73\x9e\xd7\x7c\xd3\x58"
"\xaf\x74\x3e\x8c\xe2\x78\x0a\xf5\xbb\xb1\x79\x47\x96\x46\x20"
"\x51\x86\x0a\x53\x9b\x03\x39\xb6\x88\x9f\xcb\xf0\x48\xf6\x04"
"\x04\x2b\x3a\xee\x7d\xc6\x38\x2d\xa0\x94\xbb\x17\x2e\x13\x97"
"\xe0\x6d\x86\x3c\x72\x63\xc1",
172);
memcpy((void*)0x20034cfa,
"\x65\x9c\xf6\xb5\x82\xbf\x22\x6f\x46\xf8\xfd\x00\x3e\x6f\xb8"
"\x27\x7a\x06\x4f\x28\x31\xc8\x6a\x7a\xb4\xd7\x00\x56\x91\x8f"
"\xc6\xfd\xa7\x26\xac\x84\x9e\xa5\x1b\x8b\xd1\xf4\x6e\x60\x87"
"\x17\x33\xd3\xbf\x5a\x9e\x93\x20\x63\xb1\x42\x7f\x9c\xd9\xfc"
"\x19\x8c\x45\x33\x0d\x08\x47\xba\xd1\x29\xb6\xa0\x6b\x28\xb2"
"\x46\x5d\xc9\x62\xb1\x23\x7f\xb8\x4e\xb9\xfb\x89\xec\x66\x21"
"\xa4\x88\xf9\x1e\xbc\x75\x4f\x22\xff\xa1\x36\x04\x63\x4b\x2b"
"\x43\x05\x2e\xeb\xb3\xdf\x07\x73\xe2\x0b\xd3\x9b\x85\x6d\x0d"
"\x79\xb4\xfb\xce\x8e\xce\x4d\x89\x97\x1d\xf0\x1a\x02\xb7\x52"
"\x71\xc8\xfe\xe2\x6e\x6b\x5b\x60\x93\x8a\x4c\x99\x70\x37\x32"
"\x20\xec\x66\xea\xb4\x7b\x61\x0a\x0a\x27\x00\x2e\x11\x8b\xf7"
"\x6e\x8a\x4e\x0e",
169);
memcpy(
(void*)0x20034000,
"\x8a\x4d\x72\x9b\x60\x7a\xd7\x99\x48\x01\xdf\x70\x86\x4b\x56\x5b"
"\xd4\xbb\x69\xe4\xbb\xa2\x21\x5e\x65\x93\x1a\x6e\xfe\xe6\xd7\x54"
"\x14\x62\xd3\x37\xcc\x1d\x83\x43\x6c\xe9\x40\x17\x2f\xa8\x19\x40"
"\x18\xf3\x6d\x65\xd7\x21\xc7\x0a\xde\x1c\x9d\x06\x00\x5b\xdc\xa0"
"\x17\xec\xe9\xe0\x44\x3d\x6f\x39\xc0\xa5\x5c\x60\x41\x42\x38\x77"
"\xd2\x53\xcf\xa3\xf4\xce\x5e\xd6\xf6\xd1\xf8\xb0\x29\x7a\x64\xad"
"\xaf\x5c\x41\x08\xaf\xba\x8a\xc6\xe4\x8a\xa7\x78\x04\x5a\x9c\x41"
"\x0d\x4c\xcd\x48\xb0\x53\x1b\x18\x06\x3f\x4a\x5d\xab\x5c\xcd\x73"
"\xd2\x9a\xac\x64\x3e\x48\xf7\xb4\xf5\x8d\xa3\xc8\xc0\x40\x73\xe0"
"\x36\x94\x9b\x34\x94\x58\x4c\xe7\x43\x01\x3c\xa9\xd4\xc3\xa5\xd1"
"\xca\xe0\x0e\xc4\xfb\x2f\xe5\xa9\x3f\x4e\xdf\x64\xdf\x24\x38\xa6"
"\x20\x57\x42\x87\xeb\xfd\x86\xdd\x46\x12\x31\x63\x36\x1a\x78\x16"
"\xce\x70\x1a\x0c\xc5\x74\x5c\xb9\x44\x17\x90\x97\x34\xb0\xf5\xa2"
"\xf5\x54\xfc\x88\xc4\xec\xbc\x20\x9e\xb6\x1c\x8f\xe7\x99\xdf\x64"
"\x38\x05\xe1\xf2\x62\x4d\xc8\x01\x83\x40\x37\x34\xe6\xc8\xb9\xc7"
"\x14\xb3\xf2\x11\x47\x96\x98\x58\x16\x68\xf6\x18\x0e\xd9\x8d\xa5"
"\x9f\xb6\x11\x46\x93\xf8\xd2\x81\xcc\x31\xe4\x56\xcd\x30\x36\x89"
"\xee\x89\x5d\xce\x51\xcd\x54\x9b\xe1\x70\x78\x3f\x9f\x3a\x20\xb4"
"\xca\x17\xfa\x61\xa4\x25\x65\x6f\xee\x19\x79\x5a\xbd\xd3\x9c\xf2"
"\x0d\xf2\x64\xb6\x09\xb1\xa0\xcc\xde\x7b\x31\x15\x71\xa6\xe3\xc6"
"\xad\xd1\xb1\x8e\xf4\x4d\x21\xe5\xbc\xd2\x53\xe7\x9a\xd3\x1a\x3d"
"\xc0\x14\xf3\x9c\x7c\xee\xa3\xdd\xd2\xf9\x0b\x1d\x2d\x32\x6f\xff"
"\xff\x8f\xfb\xb8\xba\x31\xc4\xb5\x96\x78\x74\x7a\x6a\x2e\x74\xe5"
"\x70\x43\x94\x5c\x7c\x4e\x92\x06\x99\x3d\x3a\x1c\xb6\x91\x3c\x14"
"\x4c\x03\x07\x7e\xc1\xf8\xe9\x62\x38\x57\xc6\x55\xb0\x47\x5f\x06"
"\x2a\x5a\x3a\x77\x54\x86\x3f\xfb\xb9\x21\xc7\x92\x46\x86\x78\xa0"
"\x81\xca\x50\xb2\x63\xa8\xef\x2d\x55\xca\x3d\xaf\x0d\x96\x34\x42"
"\x9f\x73\x46\xaa\xba\xb0\xb1\xa5\xcc\xae\x94\xd7\x62\xe0\x62\xa7"
"\x5f\x47\xd1\x48\xd6\x14\x2f\x4f\x47\xc1\xc6\x09\x63\x8d\xab\x07"
"\xdc\xcc\x17\x40\xb8\x49\x12\x02\xd5\xd0\xe8\x85\x06\x95\x38\x0d"
"\xd5\xc9\x14\x56\x27\x57\x0d\x1f\xd1\xe0\x35\xb9\x69\xe3\xb2\x6c"
"\xaa\x6b\x13\xea\x3a\x1c\x1f\xf1\xb8\x24\xac\x60\xe6\x2c\x26\x82"
"\x2a\xc5\xd6\x71\xca\x95\x50\x94\xe1\x03\xcf\x18\xbc\x97\xd3\xac"
"\x62\x15\x06\x33\x45\x34\x2e\xd7\xe5\x17\x5d\x28\x5c\xfb\x1b\xea"
"\x69\xf5\xfc\x40\xda\x25\x68\xd9\x08\xee\xe9\x2d\x3a\x6d\xc8\xee"
"\x02\x54\xae\x17\x51\xbe\x27\x1d\xc2\x5f\xe2\x78\x3d\x2c\x3e\xf7"
"\x53\xa1\x7d\xb1\x50\x79\xe8\xd3\xec\xcb\xe1\x1b\xca\xed\x07\xed"
"\xd1\xd5\xd1\xdf\x9f\x80\x44\x90\x6f\x0a\xe0\xc4\xc3\x95\x6f\xa5"
"\x8a\x33\xaf\x54\x16\x54\x88\xeb\xdf\xb1\x6a\x92\x69\x83\x8d\x44"
"\xbb\x68\x73\xb6\x5a\xdc\x8f\x29\x48\xb1\xe7\x72\x60\x41\x83\x89"
"\x47\x44\x7a\x60\x7a\xff\x91\xfe\xf0\xda\x54\x69\xc4\xd0\xd1\x55"
"\x08\xb9\x68\xde\x9f\x89\x02\xc8\x7e\xd6\x5d\xc6\xb0\x8c\xe7\x77"
"\xf3\x13\x3a\x7e\xb5\xc4\xbf\xff\xa1\x15\x81\x09\xd5\x7f\xfe\x4a"
"\xf4\x51\x6e\x45\x80\xc1\x7f\xe6\xfe\x4e\x7b\x66\x29\x71\x43\xe4"
"\x9f\xe0\x7c\xf6\x65\x44\x76\x96\x30\x73\x27\x99\x31\xfe\x22\x70"
"\xf4\x2c\x90\x82\x9b\xf2\x2c\x35\x8e\x92\x1e\x71\x65\x30\x01\x7d"
"\xa2\x88\x30\x55\x88\xb0\xfd\x07\x90\x79\x99\xa9\xc5\x79\x76\x6e"
"\xa2\x70\xfe\xa9\xaf\x74\x3f\x50\x20\x0e\x89\x09\x7c\x0f\xb5\x7d"
"\x4d\xb8\x2f\x0f\x19\x20\xc6\x5e\x3f\x97\x88\x8c\x84\x1e\xd2\x46"
"\xda\x6c\x4d\xc2\x6f\x51\x73\x97\xa6\x12\x66\x06\x32\x34\xad\xa1"
"\x1c\x7d\x21\xcb\xa8\xa2\xee\x73\xee\x76\xaf\x91\xd9\x51\x9d\x11"
"\x3f\x65\x7e\xc1\x2c\x97\x45\x06\x90\x25\x7e\xd0\xc6\x1a\xd2\x00"
"\xf4\xe3\x47\x11\x65\x19\xc0\xab\x5e\xf9\x93\xc8\x40\xf6\xf3\x53"
"\xaa\x46\xb2\xc4\x48\xe9\xd2\xff\x3b\xe2\xe3\xf0\xf5\x58\x92\xa7"
"\xa4\xe2\x1b\x65\xd7\x71\x02\x11\xc1\x54\x60\xad\xf4\xfa\x1e\x5e"
"\x2f\xe8\x02\x01\x22\x6b\xef\x6a\x5c\x58\xf0\x09\xcc\x89\x38\x58"
"\x5c\xb6\xc9\x18\xdc\xc0\x4b\x7e\x43\xc2\x0b\xa4\x46\xfc\x34\x91"
"\x7c\xac\xfb\x84\x12\x1b\xcb\x70\x7a\x21\xef\xc6\x0f\xa8\x97\x7e"
"\x27\xb9\x47\x5d\x2b\xc1\x6e\xbf\x9a\xd2\xbd\xf8\x9a\xcb\xc9\xa7"
"\x8b\xe7\xaf\xb7\x6d\x58\xa2\x92\xf8\xad\x33\xaf\x3b\x45\x7e\xfd"
"\xd9\xf0\x09\x28\x76\x44\x76\x16\x5f\x72\xc8\xe5\x95\x9e\x56\xb4"
"\x27\x33\x3d\xf9\x44\xf7\x4b\x10\xd3\x6a\x90\xde\x2a\x6e\x13\x6e"
"\x73\xfb\xab\x51\x7a\x85\x54\x65\x8d\x54\xe7\xce\xb8\xc5\x37\x2c"
"\xd8\xdc\x00\x85\xdc\xc7\xac\xb6\x29\x57\x0b\xe0\x30\x3e\x19\xf8"
"\x39\xf3\x23\x61\x52\x9f\xa1\x94\x1b\x5e\xbe\x97\x9f\xb1\x52\x54"
"\xf1\x93\x62\xea\xbf\xcb\xc5\x93\x0d\xd4\x6e\xea\x6c\xe7\xc6\x32"
"\x8e\xac\xb5\x24\xd6\x9e\xa0\xbb\x58\x6d\x1b\xc9\x94\xde\x3c\x89"
"\x6d\x34\xbd\xda\x14\xba\xa4\xc3\x43\xd7\xfb\xb5\x27\x11\x5f\x73"
"\xdb\x53\xbc\xa5\x19\x3a\xb6\x17\xe6\xc5\xde\xe8\xb4\x79\x87\x7c"
"\x6c\x08\xcd\x81\x2e\x84\x0b\x78\xcf\x0b\x59\x7a\xf4\x67\x79\x1d"
"\x19\x81\xb7\x7d\x5a\x98\x7d\xb3\x02\x0b\xfb\xa0\x87\xc9\x04\xf5"
"\xbc\xaa\x16\x61\x9a\x06\x48\xe7\x28\x1e\x7d\xbc\xa9\x10\xe4\x88"
"\x54\x2b\x28\xdc\x27\x8a\x44\xf8\x59\x45\x85\x2b\x77\x94\x78\x3a"
"\xad\x0a\xce\x1a\xd7\x04\xde\x0d\xdd\x25\x3b\x48\xd1\x85\xf4\x88"
"\x32\xf9\x5e\x4b\xfe\xfa\xee\xb8\x3b\x5c\x3d\xba\xb3\x17\x95\x68"
"\x53\xf8\x99\xe7\xdd\x70\x52\xde\xc9\x7a\x96\x80\x8d\x0a\x71\x54"
"\xda\x3b\x3b\xc6\x0b\xf6\x43\x81\x43\x63\x3f\x9d\x32\xc9\x8a\x39"
"\x65\x4d\xa6\x64\x05\x06\x6e\xbf\xc7\x46\xe5\x29\x27\x19\x28\x9e"
"\xf8\xa2\x94\xb7\xf9\xd6\xf6\x3b\xea\x28\xd3\x54\xae\xfb\xc4\x1b"
"\x27\xdb\xda\x4b\xda\x7d\x4d\xd3\x3c\xeb\x1b\x97\x5b\xa0\x3c\x2a"
"\x3f\x13\x5a\xb5\x49\x9c\xc7\x4e\xcc\xaa\x61\xe0\x5f\x2e\x88\x0e"
"\x49\xa8\x38\xa4\x22\xd1\x85\x9f\xe2\x96\xc5\xe8\x08\xe3\x95\xf1"
"\x35\x6d\x89\xc8\x2e\x36\x61\xf5\x07\x34\x6d\xa0\xe8\x8e\x57\xba"
"\x5f\x1e\x2f\x51\x17\x03\xd4\x2f\x4d\x77\xde\x81\xfa\x95\x5c\xde"
"\x11\x9e\x8a\x46\x8a\x12\xc2\x34\x3c\xdd\x80\xc1\x2e\x9e\x80\x02"
"\xe4\xd9\xfd\x6c\x19\x58\x8b\xd7\x25\x70\xcf\x5b\xf7\x6a\xf7\xd4"
"\x35\x9c\x17\xe6\xa2\xf4\xe2\x4a\x0f\x57\x97\xde\x98\xc7\xad\x54"
"\x8a\x66\x44\x27\xce\xcd\x2f\x23\xc6\x69\x12\x2d\xd5\x34\x6b\x20"
"\x72\xde\x75\xbe\x03\x89\x79\x37\x5d\xd8\xb0\x56\x0e\x47\x22\x23"
"\xee\xd2\xed\x55\x74\x6c\x91\xd4\x1d\xd8\x16\x4c\x46\x4a\x95\x6d"
"\x1d\xf4\x1b\x33\x34\x97\xaf\x3c\x07\x71\xed\x7b\x3f\xc4\xd8\x9f"
"\xce\xe5\xbe\xa6\x35\xd0\xf9\x2a\x9a\x1f\x4c\x33\x12\x46\xbf\x3a"
"\x4b\x6f\x5e\x71\x58\xdf\x82\x14\x32\x2a\x28\x8b\x7a\xab\x68\xa0"
"\x3d\xdd\x3c\x5d\x31\xfb\x60\x9f\xd9\x34\x6d\x0c\x27\x6a\x21\xe6"
"\xf0\x2e\x65\x83\x24\x50\x85\xb1\x81\xd3\xeb\x2c\x25\x5c\xab\xa4"
"\x4a\xf3\x26\xa6\xd3\xc4\x47\x70\x5d\xda\xef\xe3\xfd\x46\x7a\xeb"
"\xd5\x6f\x39\x06\x0d\x49\x3c\xe8\xa5\xf9\xe3\xb6\x63\x25\x48\xc8"
"\x11\xef\xca\xc7\x0d\xeb\x2e\xc0\xfb\x00\x5a\x9d\x26\xdd\x2c\x61"
"\xfe\x53\xd1\xaf\xe8\x99\xe8\xe4\x12\xab\x7c\x5b\x86\x5f\x98\xbd"
"\x24\x73\x66\xce\xc0\x7a\x47\x35\x60\x97\x12\x98\x0f\xfc\xfd\xca"
"\xb5\x0a\x70\xa9\xd6\x6c\x69\x61\x83\x34\x46\x97\x47\x31\xc1\x34"
"\xbb\x12\x23\x66\x0e\x37\xc9\xeb\x8c\x48\xbd\xb0\xff\x48\x96\xba"
"\xf5\x08\x3b\x4f\x0b\xba\xec\xa6\x36\xe4\x07\x6f\x0c\x49\xbe\xe8"
"\x68\x98\x86\xd7\xb1\x67\x87\xef\x1f\x7e\x41\x03\xc5\x5f\xf9\x3c"
"\x00\x3f\x8b\x1a\xc5\x6f\x88\x87\x90\xe2\x32\xa6\x0c\x11\xbd\xd8"
"\x55\x30\xb8\x8a\x79\xa8\x4c\xbd\x0e\x58\x8e\xd8\x68\x6e\xba\xfd"
"\x77\xab\x78\x06\x8f\x2a\x83\x78\x9a\xfc\xc0\xcb\xc6\xcd\xc7\x02"
"\x76\xeb\x76\x49\xb7\x3f\x0f\x7e\x47\x61\xeb\xe2\xe2\xb8\xe2\xf2"
"\x20\x86\x62\x18\x3e\xb2\x83\xfc\x35\x95\xbf\xd3\xfc\x16\x3c\x7c"
"\xe4\x62\xd0\xf8\x77\xa1\xc7\xaa\x33\xb0\xe6\xd2\x9c\x5f\x34\xbc"
"\xcc\x65\xba\x64\xe8\x76\xf4\xb9\xe5\x5f\x60\xe5\xa1\x9f\xa5\xcf"
"\xf0\xbe\x49\x3c\x87\x02\x5e\x63\xd6\xbd\x1c\xbc\xb1\x1a\xe4\xde"
"\x9e\xa9\x3f\x24\xa0\xc1\x7c\x82\xcd\x9b\x94\xa3\xfb\x92\xae\xce"
"\xe3\x6f\x56\x17\x77\x5f\x27\x06\x63\x3c\x7a\x70\xc1\xd4\x7a\x23"
"\x03\x4d\xb6\xd6\xbd\x51\x6c\x71\x23\x3b\x9d\x8c\x66\xb0\x17\x91"
"\xaf\xa5\xb7\xd6\xb6\x57\x58\xaf\x2a\xf7\xd4\xa4\x74\xae\xfd\x91"
"\x5f\xb8\x2a\x5f\xa4\xb7\xb6\x31\x5e\x34\xeb\xc1\x94\xd3\x18\x24"
"\xa6\x90\x56\x4b\x27\x24\x3f\xa5\x4c\x9f\xcc\xa1\x37\x84\x5b\x01"
"\x47\x15\xc7\x6c\x02\xd5\x85\x96\x96\xee\x29\x1c\xdf\x87\x57\xe0"
"\x62\x2e\xac\x5d\x21\x90\x5a\xcf\x3c\xfb\xcc\x10\x53\xa2\x3b\xf3"
"\x56\xf2\x60\xb5\x0e\x13\x5d\x8f\x24\x8d\x1f\x2a\x92\x1d\x19\x58"
"\x5a\x2f\x91\xa2\x1d\x99\x9e\xd6\xff\x6f\x63\x2d\x3b\x68\xf0\xcf"
"\x77\xdf\x76\x43\x9d\x3b\xdd\x89\x9a\x8e\x1a\xbc\x76\xe9\x70\x9f"
"\xd7\x74\x17\x92\x5e\x1a\x02\xa9\xe8\x6a\x57\xb8\x35\xbd\xa2\xfc"
"\x9e\x8d\xd2\x18\x3e\x99\x89\x1f\xd5\xde\x3f\x84\xa9\x90\x0d\x6c"
"\x58\x64\xad\x31\xe6\x6d\xd6\x49\x65\x48\xc3\x94\x08\x68\x37\xaf"
"\x5a\x5a\x20\xd4\x81\xf1\xd8\x24\x83\xe3\x07\xf5\x19\xbe\x82\x23"
"\x8f\xb9\xbb\x2e\xd0\x79\x4b\x12\x91\xfc\xab\xa6\x2f\x37\x0d\xc3"
"\xc3\x0c\xf1\x7d\xd3\x36\x3f\x66\xd4\xc4\x38\x5b\x80\x89\xb9\xb3"
"\xc3\x5d\x4f\x74\xf4\x9a\xec\x17\xa2\x19\xcf\xa6\xea\xba\xcc\xfa"
"\x3d\x42\xe1\xaf\xf7\xf9\x73\x5a\x30\x8c\xc8\xf5\x1c\x29\x74\xb7"
"\x00\x40\xab\xe8\xd2\x1e\xf1\x46\xa6\x90\x47\xc4\xf7\x88\x96\x07"
"\xc0\x14\x28\xdb\x27\x3b\x08\xda\x82\x15\x23\xfa\x00\x20\x53\x48"
"\x85\x85\x5f\xfe\x24\xeb\x28\x14\x0b\x4d\x17\xe8\x07\x0e\xbe\xed"
"\x94\xe0\x96\x63\x94\x63\x0d\xe5\x9f\x30\x56\x30\xc7\x7f\x4c\x6d"
"\xf0\x12\xdd\xd5\x58\x30\x95\x80\x96\xf0\x8b\x4f\xfa\x0b\xe9\x55"
"\x33\x34\xde\x95\xf6\x09\x74\x6c\x7b\xb9\x57\x53\x6f\xec\x5f\x5f"
"\x66\xbd\xc0\x21\x2f\x55\x49\xbd\x26\x37\x25\x2e\x27\x8f\xe7\xcf"
"\x63\xca\xd9\x67\x0e\x87\xfb\x22\x0b\x45\x06\xab\x5e\xfc\x9d\xab"
"\xe1\x9a\x46\x84\x7a\x67\x27\x69\xd2\x58\x3f\x19\x05\x0c\xa3\x65"
"\xa7\x12\xc3\x22\x4d\x4b\xc1\x38\x8e\xf0\xda\x64\x02\xf3\xa6\x0a"
"\x95\x24\x65\x84\x80\xc6\x89\xa9\x9d\x17\xe2\x04\xe3\xa3\xcc\x0d"
"\xac\xe4\x7f\x73\xa0\x6f\xf5\x67\x2b\x98\xee\xcf\xa5\xc6\x41\x8c"
"\xdf\x12\xe4\x9a\x7c\xce\xae\xe7\x7d\x11\xbc\x70\x63\xd3\xbc\xfa"
"\xce\x08\xc0\x4b\x59\x54\xf1\xe5\x0e\x52\xc7\x72\x74\xf7\x39\x83"
"\xae\x3a\x55\xa8\xbc\xe3\xb4\x87\xc7\xc0\xa6\x1b\x14\x63\x7c\xda"
"\x39\x26\x76\x8d\x27\x78\x97\x22\xad\x61\xec\xcc\xbd\x26\x36\xb1"
"\x5c\x0e\x3a\x59\x51\xbe\xa4\xa6\x0a\x16\x5e\x64\x54\x51\xe6\x40"
"\x1d\xba\xa4\x93\x5e\xc6\xd8\xd7\xa5\x06\x75\xe8\x64\x9c\x57\x87"
"\xc5\x0a\x51\xb0\xde\x86\x9e\xde\x97\x9f\xd1\xd4\x14\xe5\xfe\xf1"
"\xf1\xc5\xaa\x00\xbf\xa1\x6e\xf5\xaf\x9f\xf1\x13\x7b\xb6\xdc\xa2"
"\x5d\xeb\xf8\x0d\xc2\xbb\x6a\x70\x21\x19\xa0\x17\x04\x41\xa2\x4f"
"\xba\xa7\xe9\x9b\x26\xc5\xa2\xb9\xbc\x34\x7d\xf2\xff\x11\x9d\x98"
"\xfb\xea\x0a\x94\xec\x4f\xb9\x9f\x63\x4f\x5d\xcb\x02\x6d\x7d\xbf"
"\x18\x91\x1d\x65\xd8\xe6\x86\xa7\xf1\x12\xf8\xb9\x02\x3f\xb3\x8e"
"\x5f\xb9\x15\x00\x8c\x4e\x2c\x48\xc1\xd8\xe7\x3e\x2f\xba\xfe\xe4"
"\xc1\xa9\x07\x48\x59\xff\xfd\xbe\x58\xfb\x74\x1e\xa1\x5d\xec\x06"
"\x94\x53\x70\xe4\xb3\xa7\x1b\xfe\x34\x5a\x01\x2e\x06\x3d\xe7\xfc"
"\xfc\xf5\xda\x73\x97\xdd\x55\xae\x36\xbc\x42\x74\x22\xfc\xfc\x27"
"\x3d\x3d\x86\x9d\x0d\x3e\x45\xf5\xd6\x8f\xc5\x29\x38\x96\x95\xb8"
"\x6c\x56\x56\x81\xd6\x59\x58\x49\x75\x97\xce\x33\x59\xd3\x73\x93"
"\x6e\xe5\x9b\x1f\x66\x5b\xfe\xda\x50\x65\x0a\xfc\x2f\x16\xf4\xd8"
"\x11\x80\x53\x94\x42\x46\x02\x8a\x66\x06\x44\x50\xac\x21\xd0\xd4"
"\x3f\xe6\x57\x5c\xfb\xfd\xc2\xfc\x6a\x71\xf5\xf4\x34\xf5\xd6\x91"
"\x0b\x7c\xe3\xbc\x4a\x2a\xe3\x27\x8a\x11\x0c\x77\x22\xd7\x74\x76"
"\xfa\xd8\xe8\x75\x0d\xa9\xd9\x69\xd3\x51\xad\xa5\x20\x71\x60\x1b"
"\x93\xb7\x88\x25\xe6\x1e\xec\x73\xa3\xd0\xfa\x52\x5e\xce\x98\xc1"
"\x4e\x41\x3a\x9e\x9a\xab\xb9\x10\x0e\x7f\x46\xdb\xce\x48\xb0\x1a"
"\xe4\x3e\x9a\xef\x06\x36\x15\x9a\xfc\xe9\x0e\xbd\x41\x79\xf8\xa3"
"\x90\x65\x8f\xbb\xb9\x17\x0c\x48\x49\x03\xf8\x74\x7a\x96\x19\x5e"
"\xad\x24\xc6\x32\xd0\xf4\x29\x3c\xb5\x87\x4a\x5d\xec\x55\xb6\x03"
"\x45\x77\x8f\x41\x50\x00\xfa\x92\xf5\x09\xfb\xff\xc8\xc1\x2d\x48"
"\x6e\xf5\x1c\xa9\x64\x99\x33\xcb\x78\x17\x08\xae\xbe\x7b\x27\xee"
"\xf6\x9e\x7e\x60\x79\xef\x80\x94\xaf\xe3\x4a\x6e\x29\x8a\xb3\x20"
"\x3b\x72\xe8\x67\xee\x27\x14\x96\xb7\x8b\xae\x70\x1a\x66\x9c\x4e"
"\xb9\xbd\x16\x09\xc9\xe0\x9b\x7b\xe5\x5b\xeb\x69\x03\x09\xcc\x5f"
"\xf1\x16\xa5\x95\x24\x08\x60\x51\x3a\xdd\x3a\x23\x26\xd5\x41\x77"
"\x52\xb2\xdb\xd0\xe9\xfd\xc3\x2a\xa1\xb5\xb1\xd4\x3f\xfd\x39\x1a"
"\xa6\x32\x08\xe8\x6a\x27\x94\x8c\xcb\x2a\xc9\x0c\xf0\xd6\x21\x89"
"\xfd\x76\x04\xd3\x5a\xcc\xf0\xa0\xa1\x48\x0b\x28\xf4\x79\x2f\x7c"
"\xb9\xbe\x59\xf7\xcc\xf1\x64\xee\x95\x58\x41\x9b\xba\x75\x82\xb5"
"\xa3\xf0\x17\x5f\x8b\xf9\x11\x61\x39\x47\x81\x6f\x4a\xdf\xd1\x42"
"\x7f\xba\x23\x41\xc9\xff\x8f\xe7\xbc\x9a\xc3\x21\x9c\x59\xf5\x0f"
"\x56\xe9\x5f\x44\x08\x9b\xa6\xb3\x33\x4a\xec\x0f\xb6\xda\xa8\xd1"
"\xe7\xc4\xcf\x61\x17\x31\xcd\x67\x71\xfb\x4b\x04\x01\x04\xfa\x0c"
"\x29\x1f\x98\xec\xae\xab\xdd\x20\xb1\x5a\x4e\x63\x0e\x27\xba\x16"
"\x5d\x34\xf9\xee\x82\x91\xee\xb1\x4f\xbf\xec\x5c\x11\xd2\x1d\xde"
"\x68\xfe\xd4\xa4\xb8\x6f\xd3\xc0\xdb\x86\x5c\x5f\x43\xea\x47\xa8"
"\xc8\xef\x77\x4f\xe3\xbf\xf5\xaa\x32\xe6\x1c\x77\xb6\xa5\x64\x8a"
"\x33\x66\x03\xdf\x65\xce\x0a\x55\xe5\x19\x2f\x0c\xf0\x61\xcb\xe1"
"\x96\xe0\x3a\xa4\x25\x1b\xa8\x3c\xc8\x2c\xd5\x4a\x7f\xc7\x23\xae"
"\x0a\x45\x07\xd5\xb6\xa7\xc7\x78\xe6\x14\x57\xb0\xde\x98\x25\xb5"
"\xe0\xd6\x22\xee\xef\x50\x87\x8c\x8d\xdd\x15\xed\xa8\xb7\x98\x2b"
"\x18\x07\x17\x32\xe3\x50\x51\x22\x29\x22\x1c\x6a\xdd\x24\xb9\x03"
"\x20\x5a\xfb\x35\xd0\xe6\xbc\x1b\x25\x15\xd3\x52\x31\x2c\x04\xcd"
"\x6e\x16\x17\xbb\x90\x86\x25\xc8\xe7\xcc\x58\xd0\x49\xd8\xd2\x1e"
"\x7f\xd7\xea\x9c\xb1\xaf\x7a\x26\x5c\xe4\xbd\x2d\x25\xf0\xa0\x6c"
"\xba\x40\x5c\x67\x35\x12\xe6\x3b\x7d\x5a\x81\x79\x31\x50\x2d\xee"
"\x0c\xf9\x71\xed\xb9\xe3\x42\x87\xf9\x07\x7a\xdb\x42\xbe\x72\x3f"
"\x28\x1a\xd9\x89\x9d\xc8\xd9\xdf\x4d\xc6\x97\xf3\x38\x91\x31\x06"
"\x8f\xa9\x7d\xa2\x8b\x0b\x25\x0c\xba\x78\x9b\x98\x31\x86\xaf\xe8"
"\xb8\x3f\x21\xca\x5f\xd9\x2e\x38\xd8\x67\xf0\x7f\xf9\xd7\x95\x05"
"\x89\x0c\xdc\xe2\x16\x92\xd2\x67\x31\xbd\xd1\x71\x3a\x83\x9e\xb4"
"\xee\x46\xa9\x06\x98\x5b\xfb\xc2\x02\xfc\x64\x0c\xce\x72\xee\xb0"
"\x96\xf0\x24\xbb\xc3\xa5\xe3\x76\x91\xd6\xd9\xbb\x2d\xdb\xab\x96"
"\xe9\x02\x8e\x12\xfb\x9d\xcf\x03\x29\x78\xc1\xea\xbf\x66\xbf\x48"
"\xc9\xce\x56\x0a\x15\x7a\x69\x06\x3f\xf3\xd7\x70\x86\xe9\x04\x5c"
"\x47\x26\x9b\xf4\xbc\x31\x64\xf2\x40\xc1\xa1\x50\xe0\x98\x25\xd0"
"\xd2\xd0\x78\xd7\xc9\xe0\xe3\x7c\xff\x31\x72\x43\x06\x94\x9b\x6b"
"\x2c\x70\x18\x73\xef\xe9\xe2\x7d\x96\x88\xdd\xdd\xae\xd6\xff\x07"
"\x21\x35\xb1\x7c\xcb\x17\x1c\xc9\x3a\x31\xd1\xda\xe6\x05\x13\xb0"
"\xa1\x9f\xba\x74\x24\x50\x7b\x6b\xff\x70\x84\xfd\xdc\xe4\x4c\x3f"
"\x40\x56\x7d\x05\xe3\xa5\x1d\xdd\x53\x95\x3d\x73\x36\xe6\x26\x8c"
"\xdb\x96\xe0\xb3\x7d\x4c\x2b\x60\x82\x47\x4e\xc0\x37\xf1\x4f\x91"
"\x83\x60\xd5\x80\x6f\x96\x63\x20\x19\xb8\x7e\xa8\x4e\x73\xc8\x80"
"\xa1\xe7\xca\x5a\xeb\x7c\x0d\xe3\x3c\xaa\xdb\xb9\xd8\x7b\xd8\x19"
"\x71\x30\x03\x44\xb1\x31\x54\xa4\x0a\x17\xd3\x87\xc9\x5a\x1b\x2e"
"\x7c\x94\x7d\xd7\x6f\x7b\xab\xc7\x55\xc5\xa1\x8f\x11\x60\x03\x69"
"\xa7\x12\x36\xed\xbb\xc4\xc7\xc4\x90\x19\x02\xab\xf5\x7b\x8d\x39"
"\xf5\xa0\x6c\x67\xdb\x27\xf3\x0c\xae\xb3\x2c\x1c\x50\x0b\xc5\x1e"
"\x6e\x12\x87\x73\x05\x28\x43\xb7\x5d\xc6\x1d\x01\x66\xc3\x81\x44"
"\x9a\xf6\x35\x2c\x56\x69\x58\x17\xc1\x7d\xe5\x8f\x95\xd6\xac\x93"
"\x5b\xb8\x64\xa5\x44\xc9\x04\x41\xff\x74\x7c\xc3\xef\xba\x73\xe9"
"\x68\x61\xba\x05\xb5\xf2\x9a\x1a\x61\x8d\x57\xe6\x98\x40\xff\x61"
"\x90\x40\x14\x1d\x86\xab\xe3\xb3\xb1\x2c\x1e\xb3\x22\xfe\x77\x8d"
"\xcf\xa7\x75\x30\x47\x9d\xa0\xbe\x03\x5b\x90\xb5\x2d\x4d\x3c\x64"
"\x5a\xa4\xbf\xfc\x32\xe4\x94\x14\x63\xb2\x00\x93\x82\x12\x60\x32"
"\x6e\x25\x14\x16\x4b\xd5\x6c\x01\xe3\x69\x3e\xc1\x3b\xb1\xe6\xaa"
"\x90\xdc\x44\xe0\x90\xcd\x8d\x44\x98\xd4\xba\x04\xc4\x00\x93\x57"
"\x85\x47\x2b\x34\xac\xaa\x1d\x03\xf2\xaa\x46\x1b\x0c\x5c\x9b\x07"
"\x62\xfe\x85\xd0\x03\x05\xd9\xb9\x3d\x97\x35\xf7\x77\xcf\x1d\x68"
"\x99\x9b\x92\xb9\xd0\xc0\xb8\x8d\x43\x35\x22\x5c\xcd\x08\x76\xe9"
"\xdb\x9c\x1c\x9a\x41\xa7\x98\x33\xf9\x0f\xfc\x0d\xe6\xdd\x49\x46"
"\x2f\x89\xeb\x94\xca\xd7\xf9\x3c\x71\x63\xe7\x1c\x60\x9c\x79\x9a"
"\x05\x66\x31\x2e\x87\xe9\xa2\x08\xab\x12\xf3\xc6\x7f\xb1\xcd\xbe"
"\xa9\x03\x79\x6c\x00\xa1\xff\x45\x1f\x12\x93\x34\xfb\x22\x6a\x9a"
"\x33\x67\x8e\x25\x4a\x1d\xae\xec\x13\x28\x8f\x6f\xda\xc3\x4b\xed"
"\x38\x48\x9c\x24\x3b\xdf\x08\x91\x7e\xf4\xb9\x56\x92\x97\xc9\x11"
"\xed\x17\x98\xc1\x38\x7b\x76\x12\x90\x5c\x15\x16\x15\x45\xbf\x65"
"\xd2\x7c\x83\xc3\x7f\x73\x01\xdd\xa8\xef\xf4\x76\x9b\x85\xbf\xfc"
"\xf5\x44\x44\xd0\x97\x88\x5a\xcc\xd7\x32\xfe\x91\x69\x36\xf4\xed"
"\xa7\x3a\x47\xad\x79\x81\x6e\xe6\xb0\x15\x39\xec\x25\x10\xaf\x0d"
"\x7e\xf4\x62\x38\xd5\x2a\x13\x32\x94\xdc\x16\xbd\x91\xd9\xe3\x26"
"\x67\xe9\xb6\xbb\x99\x02\xe8\xbd\x8d\x24\x9d\xbf\xfa\x42\x5b\x2a"
"\x00\xc4\x2f\x2a\x91\xb4\xdc\xab\xf5\xbb\xd9\xc4\xab\x3f\x0d\x2e"
"\xd0\x2c\xd0\x01\x11\xf4\xbf\xcd\x05\x3a\x25\x9b\x9d\xe9\xd1\x66"
"\x27\xfd\x1f\xf5\x14\x90\x26\x1c\x34\x65\xee\x4c\xb0\xa7\xc8\xc8"
"\x77\x7b\x71\x74\xba\xe5\x82\x70\x42\x1b\x75\xe3\xcd\x77\xd6\x3e"
"\x9d\x4a\x17\x5e\xd0\xed\x8a\xf3\xbf\x14\x0f\x08\x62\xe1\xb9\x18"
"\x88\x95\x10\x40\xeb\xbd\x13\x97\xa3\x7d\x0c\xd9\xf2\x33\x1c\x89"
"\x9d\xad\x8e\xce\x39\xe8\xb4\x4c\xd2\xae\xd6\x1e\x03\x86\x28\x55"
"\x30\xe6\x1a\xae\x7b\xb3\x49\x24\x50\xfa\xd3\x2a\xb7\xcf\x43\x51"
"\x1e\x7e\x84\xe9\x02\x63\xc2\x18\xfd\x9d\xbb\xe1\xa8\xc4\xa3\x0b"
"\x81\xfe\xc2\x79\xa2\x58\x01\xea\x96\xef\xe2\x68\xeb\xb3\xdc\xbc"
"\x1e\x3c\x8c\x4d\x55\x90\x84\x12\xa8\x51\x7c\x83\xb0\xae\xc6\x46"
"\xa5\x6a\xef\x07\x3c\xe3\x43\xcc\xd8\x31\xeb\x27\x77\x19\xae"
"\x66",
4096);
memcpy((void*)0x20034084,
"\x87\x46\x37\x92\xf6\xab\x9a\xe9\xf1\x29\xbf\xb5\x9d\x61\xab"
"\x1f\xf8\x8a\x94\x08\x80\x04\x4f\x4e\x9c\x2f\x54\x63\x00\x2f"
"\xae\x4d\xd5\xbd\x39\xcb\xac\xce\x17\x9f\xb0\xa6\x55\x49\x03"
"\xb4\x20\xb9\xa2\x2e\x42\xd5\xaf\x7a\x6c\xac\x94\x3e\x6d\x3f"
"\xde\xcc",
62);
*(uint64_t*)0x20034000 = (uint64_t)0x12;
*(uint32_t*)0x20034008 = (uint32_t)0x9;
*(uint32_t*)0x2003400c = (uint32_t)0x5;
*(uint8_t*)0x20034010 = (uint8_t)0x8;
*(uint8_t*)0x20034011 = (uint8_t)0xfffffffffffffff9;
*(uint64_t*)0x20034012 = (uint64_t)0x12;
*(uint32_t*)0x2003401a = (uint32_t)0xf63;
*(uint32_t*)0x2003401e = (uint32_t)0xe7;
*(uint8_t*)0x20034022 = (uint8_t)0x2;
*(uint8_t*)0x20034023 = (uint8_t)0xd931;
*(uint64_t*)0x20034024 = (uint64_t)0x12;
*(uint32_t*)0x2003402c = (uint32_t)0x9;
*(uint32_t*)0x20034030 = (uint32_t)0x3;
*(uint8_t*)0x20034034 = (uint8_t)0xac5;
*(uint8_t*)0x20034035 = (uint8_t)0x6;
r[49] = syscall(SYS_sendmsg, r[10], 0x20021fd6ul, 0x1ul, 0, 0, 0);
*(uint64_t*)0x20006ff8 = (uint64_t)0x2003dfec;
*(uint32_t*)0x20007000 = (uint32_t)0x14;
*(uint64_t*)0x20007008 = (uint64_t)0x2003d671;
*(uint64_t*)0x20007010 = (uint64_t)0x5;
*(uint64_t*)0x20007018 = (uint64_t)0x20015f4c;
*(uint64_t*)0x20007020 = (uint64_t)0xb4;
*(uint32_t*)0x20007028 = (uint32_t)0x7;
*(uint64_t*)0x2003d671 = (uint64_t)0x2003dfdb;
*(uint64_t*)0x2003d679 = (uint64_t)0x25;
*(uint64_t*)0x2003d681 = (uint64_t)0x20000000;
*(uint64_t*)0x2003d689 = (uint64_t)0x0;
*(uint64_t*)0x2003d691 = (uint64_t)0x2003de92;
*(uint64_t*)0x2003d699 = (uint64_t)0x1000;
*(uint64_t*)0x2003d6a1 = (uint64_t)0x2003dffb;
*(uint64_t*)0x2003d6a9 = (uint64_t)0xe;
*(uint64_t*)0x2003d6b1 = (uint64_t)0x2003dfc5;
*(uint64_t*)0x2003d6b9 = (uint64_t)0x67;
r[67] = syscall(SYS_recvmsg, r[10], 0x20006ff8ul, 0x1ul, 0, 0, 0);
return 0;
}
Powered by blists - more mailing lists