block: hung task writing to device
From: Levin, Alexander (Sasha Levin)
Date: Sat Jul 08 2017 - 15:09:30 EST
Hi all,
syzkaller seems to be hitting a lockup with the reproducer below:
INFO: task syzkaller490361:8788 blocked for more than 120 seconds.
Not tainted 4.12.0-next-20170706+ #186
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller490361 D18312 8788 5843 0x00080004
Call Trace:
__schedule+0x853/0x1fc0
schedule+0x110/0x460
io_schedule+0x1c/0x70
blk_mq_get_tag+0x670/0xeb0
blk_mq_get_driver_tag+0x4ae/0xa00
blk_mq_sched_insert_request+0x69f/0x8d0
blk_mq_make_request+0x737/0x2540
generic_make_request+0x486/0xef0
submit_bio+0xb0/0x550
submit_bio_wait+0x145/0x1f0
blkdev_issue_flush+0x150/0x210
ext4_sync_file+0xe65/0x1330
vfs_fsync_range+0x10a/0x250
ext4_file_write_iter+0x90c/0x1130
do_iter_readv_writev+0x584/0x8e0
do_iter_write+0x15a/0x540
vfs_writev+0x1e8/0x350
do_writev+0x108/0x2d0
SyS_writev+0x27/0x30
do_syscall_64+0x267/0x740
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4425d9
RSP: 002b:00007fff9ff9e6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004425d9
RDX: 0000000000000001 RSI: 000000002000dfa0 RDI: 0000000000000003
RBP: 00007fff9ff9e70c R08: 00007fff9ff9e70c R09: 00007fff9ff9e70c
R10: 00007fff9ff9e70c R11: 0000000000000246 R12: 000000000007721b
R13: 0000000000000000 R14: 00007fff9ff9e710 R15: 000000000000016d
INFO: task syzkaller490361:8793 blocked for more than 120 seconds.
Not tainted 4.12.0-next-20170706+ #186
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller490361 D18312 8793 5845 0x00080004
Call Trace:
__schedule+0x853/0x1fc0
schedule+0x110/0x460
jbd2_log_wait_commit+0x346/0x520
jbd2_complete_transaction+0x162/0x1b0
ext4_sync_file+0x1093/0x1330
vfs_fsync_range+0x10a/0x250
ext4_file_write_iter+0x90c/0x1130
do_iter_readv_writev+0x584/0x8e0
do_iter_write+0x15a/0x540
vfs_writev+0x1e8/0x350
do_writev+0x108/0x2d0
SyS_writev+0x27/0x30
do_syscall_64+0x267/0x740
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4425d9
RSP: 002b:00007fff9ff9e6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004425d9
RDX: 0000000000000001 RSI: 000000002000dfa0 RDI: 0000000000000003
RBP: 00007fff9ff9e70c R08: 00007fff9ff9e70c R09: 00007fff9ff9e70c
R10: 00007fff9ff9e70c R11: 0000000000000246 R12: 0000000000077226
R13: 0000000000000000 R14: 00007fff9ff9e710 R15: 000000000000017c
INFO: task syzkaller490361:8794 blocked for more than 120 seconds.
Not tainted 4.12.0-next-20170706+ #186
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller490361 D19944 8794 5836 0x00080004
Call Trace:
__schedule+0x853/0x1fc0
schedule+0x110/0x460
io_schedule+0x1c/0x70
wbt_wait+0xa37/0x1030
blk_mq_make_request+0x3d8/0x2540
generic_make_request+0x486/0xef0
submit_bio+0xb0/0x550
submit_bio_wait+0x145/0x1f0
blkdev_issue_flush+0x150/0x210
ext4_sync_file+0xe65/0x1330
vfs_fsync_range+0x10a/0x250
ext4_file_write_iter+0x90c/0x1130
do_iter_readv_writev+0x584/0x8e0
do_iter_write+0x15a/0x540
vfs_writev+0x1e8/0x350
do_writev+0x108/0x2d0
SyS_writev+0x27/0x30
do_syscall_64+0x267/0x740
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4425d9
RSP: 002b:00007fff9ff9e6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004425d9
RDX: 0000000000000001 RSI: 000000002000dfa0 RDI: 0000000000000003
RBP: 00007fff9ff9e70c R08: 00007fff9ff9e70c R09: 00007fff9ff9e70c
R10: 00007fff9ff9e70c R11: 0000000000000246 R12: 0000000000077235
R13: 0000000000000000 R14: 00007fff9ff9e710 R15: 000000000000016e
INFO: task syzkaller490361:8795 blocked for more than 120 seconds.
Not tainted 4.12.0-next-20170706+ #186
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller490361 D18312 8795 5844 0x00080004
Call Trace:
__schedule+0x853/0x1fc0
schedule+0x110/0x460
jbd2_log_wait_commit+0x346/0x520
jbd2_complete_transaction+0x162/0x1b0
ext4_sync_file+0x1093/0x1330
vfs_fsync_range+0x10a/0x250
ext4_file_write_iter+0x90c/0x1130
do_iter_readv_writev+0x584/0x8e0
do_iter_write+0x15a/0x540
vfs_writev+0x1e8/0x350
do_writev+0x108/0x2d0
SyS_writev+0x27/0x30
do_syscall_64+0x267/0x740
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4425d9
RSP: 002b:00007fff9ff9e6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004425d9
RDX: 0000000000000001 RSI: 000000002000dfa0 RDI: 0000000000000003
RBP: 00007fff9ff9e70c R08: 00007fff9ff9e70c R09: 00007fff9ff9e70c
R10: 00007fff9ff9e70c R11: 0000000000000246 R12: 0000000000077235
R13: 0000000000000000 R14: 00007fff9ff9e710 R15: 0000000000000164
INFO: task syzkaller490361:8797 blocked for more than 120 seconds.
Not tainted 4.12.0-next-20170706+ #186
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller490361 D20216 8797 5842 0x00080004
Call Trace:
__schedule+0x853/0x1fc0
schedule+0x110/0x460
io_schedule+0x1c/0x70
wbt_wait+0xa37/0x1030
blk_mq_make_request+0x3d8/0x2540
generic_make_request+0x486/0xef0
submit_bio+0xb0/0x550
ext4_io_submit+0x189/0x220
ext4_writepages+0x1aee/0x3c10
do_writepages+0xff/0x170
__filemap_fdatawrite_range+0x35d/0x490
filemap_write_and_wait_range+0xcd/0x180
generic_file_direct_write+0x2ee/0x3d0
__generic_file_write_iter+0x224/0x600
ext4_file_write_iter+0x861/0x1130
do_iter_readv_writev+0x584/0x8e0
do_iter_write+0x15a/0x540
vfs_writev+0x1e8/0x350
do_writev+0x108/0x2d0
SyS_writev+0x27/0x30
do_syscall_64+0x267/0x740
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4425d9
RSP: 002b:00007fff9ff9e6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004425d9
RDX: 0000000000000001 RSI: 000000002000dfa0 RDI: 0000000000000003
RBP: 00007fff9ff9e70c R08: 00007fff9ff9e70c R09: 00007fff9ff9e70c
R10: 00007fff9ff9e70c R11: 0000000000000246 R12: 0000000000077230
R13: 0000000000000000 R14: 00007fff9ff9e710 R15: 0000000000000176
INFO: task syzkaller490361:8798 blocked for more than 120 seconds.
Not tainted 4.12.0-next-20170706+ #186
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller490361 D20216 8798 5838 0x00080004
Call Trace:
__schedule+0x853/0x1fc0
schedule+0x110/0x460
io_schedule+0x1c/0x70
wbt_wait+0xa37/0x1030
blk_mq_make_request+0x3d8/0x2540
generic_make_request+0x486/0xef0
submit_bio+0xb0/0x550
ext4_io_submit+0x189/0x220
ext4_writepages+0x1aee/0x3c10
do_writepages+0xff/0x170
__filemap_fdatawrite_range+0x35d/0x490
filemap_write_and_wait_range+0xcd/0x180
generic_file_direct_write+0x2ee/0x3d0
__generic_file_write_iter+0x224/0x600
ext4_file_write_iter+0x861/0x1130
do_iter_readv_writev+0x584/0x8e0
do_iter_write+0x15a/0x540
vfs_writev+0x1e8/0x350
do_writev+0x108/0x2d0
SyS_writev+0x27/0x30
do_syscall_64+0x267/0x740
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4425d9
RSP: 002b:00007fff9ff9e6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004425d9
RDX: 0000000000000001 RSI: 000000002000dfa0 RDI: 0000000000000003
RBP: 00007fff9ff9e70c R08: 00007fff9ff9e70c R09: 00007fff9ff9e70c
R10: 00007fff9ff9e70c R11: 0000000000000246 R12: 000000000007723c
R13: 0000000000000000 R14: 00007fff9ff9e710 R15: 000000000000016a
INFO: task syzkaller490361:8799 blocked for more than 120 seconds.
Not tainted 4.12.0-next-20170706+ #186
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller490361 D20552 8799 5837 0x00080004
Call Trace:
__schedule+0x853/0x1fc0
schedule+0x110/0x460
io_schedule+0x1c/0x70
wbt_wait+0xa37/0x1030
blk_mq_make_request+0x3d8/0x2540
generic_make_request+0x486/0xef0
submit_bio+0xb0/0x550
ext4_io_submit+0x189/0x220
ext4_writepages+0x1aee/0x3c10
C reproducer:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <setjmp.h>
#include <signal.h>
#include <string.h>
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <time.h>
#include <dirent.h>
#include <sys/mount.h>
#include <stdarg.h>
#include <stdio.h>
const int kFailStatus = 67;
const int kRetryStatus = 69;
__attribute__((noreturn)) static void doexit(int status)
{
volatile unsigned i;
syscall(__NR_exit_group, status);
for (i = 0;; i++) {
}
}
__attribute__((noreturn)) static void fail(const char* msg, ...)
{
int e = errno;
fflush(stdout);
va_list args;
va_start(args, msg);
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, " (errno %d)\n", e);
doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
}
__attribute__((noreturn)) static void exitf(const char* msg, ...)
{
int e = errno;
fflush(stdout);
va_list args;
va_start(args, msg);
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, " (errno %d)\n", e);
doexit(kRetryStatus);
}
static int flag_debug;
static void debug(const char* msg, ...)
{
if (!flag_debug)
return;
va_list args;
va_start(args, msg);
vfprintf(stdout, msg, args);
va_end(args);
fflush(stdout);
}
static __thread int skip_segv;
static __thread jmp_buf segv_env;
static void segv_handler(int sig, siginfo_t* info, void* uctx)
{
uintptr_t addr = (uintptr_t)info->si_addr;
const uintptr_t prog_start = 1 << 20;
const uintptr_t prog_end = 100 << 20;
if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) {
debug("SIGSEGV on %p, skipping\n", addr);
_longjmp(segv_env, 1);
}
debug("SIGSEGV on %p, exiting\n", addr);
doexit(sig);
for (;;) {
}
}
static void install_segv_handler()
{
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8);
syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8);
memset(&sa, 0, sizeof(sa));
sa.sa_sigaction = segv_handler;
sa.sa_flags = SA_NODEFER | SA_SIGINFO;
sigaction(SIGSEGV, &sa, NULL);
sigaction(SIGBUS, &sa, NULL);
}
#define NONFAILING(...) { __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); }
static void use_temporary_dir()
{
char tmpdir_template[] = "./syzkaller.XXXXXX";
char* tmpdir = mkdtemp(tmpdir_template);
if (!tmpdir)
fail("failed to mkdtemp");
if (chmod(tmpdir, 0777))
fail("failed to chmod");
if (chdir(tmpdir))
fail("failed to chdir");
}
static void remove_dir(const char* dir)
{
DIR* dp;
struct dirent* ep;
int iter = 0;
retry:
dp = opendir(dir);
if (dp == NULL) {
if (errno == EMFILE) {
exitf("opendir(%s) failed due to NOFILE, exiting");
}
exitf("opendir(%s) failed", dir);
}
while ((ep = readdir(dp))) {
if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0)
continue;
char filename[FILENAME_MAX];
snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name);
struct stat st;
if (lstat(filename, &st))
exitf("lstat(%s) failed", filename);
if (S_ISDIR(st.st_mode)) {
remove_dir(filename);
continue;
}
int i;
for (i = 0;; i++) {
debug("unlink(%s)\n", filename);
if (unlink(filename) == 0)
break;
if (errno == EROFS) {
debug("ignoring EROFS\n");
break;
}
if (errno != EBUSY || i > 100)
exitf("unlink(%s) failed", filename);
debug("umount(%s)\n", filename);
if (umount2(filename, MNT_DETACH))
exitf("umount(%s) failed", filename);
}
}
closedir(dp);
int i;
for (i = 0;; i++) {
debug("rmdir(%s)\n", dir);
if (rmdir(dir) == 0)
break;
if (i < 100) {
if (errno == EROFS) {
debug("ignoring EROFS\n");
break;
}
if (errno == EBUSY) {
debug("umount(%s)\n", dir);
if (umount2(dir, MNT_DETACH))
exitf("umount(%s) failed", dir);
continue;
}
if (errno == ENOTEMPTY) {
if (iter < 100) {
iter++;
goto retry;
}
}
}
exitf("rmdir(%s) failed", dir);
}
}
static uint64_t current_time_ms()
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts))
fail("clock_gettime failed");
return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}
static void test();
void loop()
{
int iter;
for (iter = 0;; iter++) {
char cwdbuf[256];
sprintf(cwdbuf, "./%d", iter);
if (mkdir(cwdbuf, 0777))
fail("failed to mkdir");
int pid = fork();
if (pid < 0)
fail("clone failed");
if (pid == 0) {
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
if (chdir(cwdbuf))
fail("failed to chdir");
test();
doexit(0);
}
int status = 0;
uint64_t start = current_time_ms();
for (;;) {
int res = waitpid(-1, &status, __WALL | WNOHANG);
if (res == pid)
break;
usleep(1000);
if (current_time_ms() - start > 5 * 1000) {
kill(-pid, SIGKILL);
kill(pid, SIGKILL);
while (waitpid(-1, &status, __WALL) != pid) {
}
break;
}
}
remove_dir(cwdbuf);
}
}
long r[13];
void test()
{
debug("test\n");
syscall(SYS_write, 1, "executing program\n", strlen("executing program\n"));
memset(r, -1, sizeof(r));
r[0] = syscall(__NR_mmap, 0x20000000ul, 0xd000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul);
NONFAILING(memcpy((void*)0x20000ff8, "\x2e\x2f\x66\x69\x6c\x65\x30\x00", 8));
r[2] = syscall(__NR_open, 0x20000ff8ul, 0xfbfeul, 0x0ul);
r[3] = syscall(__NR_ftruncate, r[2], 0x80100ul);
r[4] = syscall(__NR_mmap, 0x2000a000ul, 0x4000ul, 0x3ul, 0x2011ul, r[2], 0x0ul);
NONFAILING(*(uint64_t*)0x2000ffa0 = (uint64_t)0x2000afa7);
NONFAILING(*(uint64_t*)0x2000ffa8 = (uint64_t)0x1);
NONFAILING(memcpy((void*)0x2000afa7, "\xe1", 1));
r[8] = syscall(__NR_vmsplice, 0xfffffffffffffffful, 0x2000ffa0ul, 0x1ul, 0x0ul);
NONFAILING(*(uint64_t*)0x2000dfa0 = (uint64_t)0x20003000);
NONFAILING(*(uint64_t*)0x2000dfa8 = (uint64_t)0xe00);
NONFAILING(memcpy((void*)0x20003000, "\x78\xf9\x51\x95\x11\x4c\x80\xa7\x2d\xbc\xe6\x2b\x2e\x52\x5b\x81\x2c\x81\xe8\x22\x84\x31\xb8\x06\x71\x2c\xcb\x81\x4b\x9f\x67\x9d\x07\x1f\x73\x20\x82\x23\x3a\xf9\xc2\x70\xc1\x90\x2b\xc7\x1d\xef\x23\x97\x01\xaa\xc9\x2c\xdc\xb6\x91\x9b\x17\x96\x4b\xc3\xdd\x4f\x21\x68\x53\xbd\x93\x0e\x4a\x30\x99\x90\xd0\x87\x9d\xb8\xf8\xea\x1f\xf2\xdd\x57\x95\x4c\xcc\x2b\x35\xe6\x31\x31\xbb\x9f\xf6\x84\x9d\x77\x85\xa7\x09\x52\x2b\x16\xbb\xa0\xf5\xb7\xce\x87\xc6\x55\x97\x87\x91\x4c\xcb\x89\x3c\x12\x97\x78\x1d\x71\xcd\x14\x16\x7d\x38\xf6\xfe\x00\x0e\xdd\x2a\x2e\xf2\x0c\xd8\x24\xf3\xba\xc7\x89\xf0\x7d\x5d\x5e\xc9\x3f\x48\x47\x7e\x35\xce\x2e\xa9\x31\x6b\x46\x6c\x80\xfb\xd4\x9e\x09\xf7\x30\xd8\xb9\xb9\x98\x79\xca\x3f\x2d\x7a\xe1\x0a\x40\x01\xaf\xf5\x63\xab\x2a\x55\xed\x60\xcb\xbb\x56\xd1\xe4\x8e\x9e\xb9\x35\xfe\x16\xab\x9b\x9a\x30\x7c\xf7\xf3\x7c\xec\xd2\x8a\xe6\x9a\xb9\x4d\x20\xfe\x25\x0a\x42\x29\x2b\xdf\x5a\xe7\xa8\xa4\xb0\x57\x84\x4b\x77\x94\x28\xf8\x28\xfa\xd8\xd7\x3a\x2c\x47\x3f\x9a\xb8\xac\x36\x2e\x23\xe9\x1f\xbe\x16\xe6\x8d\x2a\xcc\xf9\xd9\x4a\x9a\x71\x6d\x77\x2b\xac\x13\x33\x5b\x6a\x2e\x44\xa0\xb0\x0e\x39\x1e\x3b\xd4\xa8\xcf\xe9\x7e\xd6\x65\x3b\x4d\x4f\x6b\x2c\xe9\x7e\xa3\x4d\x12\xa3\x66\x17\x32\xe9\xb2\x46\x03\x85\x7e\x01\x0d\xd2\x2d\x16\x37\xf2\x7b\x1e\x86\x3e\xe3\xcc\x58\xb7\xc1\x42\xeb\x05\xac\x11\x0f\x3f\x52\xf3\xcc\x2a\xed\x69\x93\x3e\x91\xc2\x96\x4c\x6e\xf4\xfe\xec\x59\x37\x42\xf3\x70\x08\x4f\xb5\xcc\x34\xd3\xb0\x43\xfb\x10\xd2\x00\x81\x10\x28\xde\xe4\x8b\xcf\x0d\x9e\x8c\x51\xbd\xf0\x18\x4e\x8a\x5e\xe3\xdd\x6f\x92\xa7\x5d\x78\x72\x17\xb9\xfe\xa0\x46\x4e\x01\x09\x59\x08\x24\x6d\xad\x2c\x7f\x12\x2a\x96\xcb\xcc\x9c\x5c\xc8\x8c\x16\x4a\x88\xb9\xa2\xdb\x13\x22\x99\x36\xa5\xcf\xc2\xa2\x9d\x21\x10\x47\xc1\x08\x52\xfb\x42\x93\x21\x9c\x28\xf5\xaf\x32\xa7\x4d\x5e\x8d\x0c\x6e\xc8\x07\x1f\x00\xab\xe7\x05\xe1\xc1\xcc\xa0\xfa\x44\xb7\x19\x3e\xfc\x69\xd8\x2e\x6f\xf3\x39\xe7\xf8\x23\xab\x89\x6a\xcf\x92\x0e\xa0\x4e\xc9\xe1\x13\x66\xf9\x2e\xe3\xc7\x1f\xed\x99\x88\x14\xfe\xd4\x55\x24\x50\x3d\x60\x17\xce\xb2\x5e\x01\xe6\xd7\xd8\x90\xfa\xc9\x4b\x82\x66\x92\xd1\x2b\xe7\xf4\x19\xbc\xf3\xe0\x37\xc6\xbe\x77\x2c\x70\xf2\x2d\x95\x0b\xdb\xfe\x39\x83\xa0\x70\x37\xcd\x57\xee\x31\xb7\x39\xe7\x1e\x68\x7d\x16\x9e\x6f\x9c\x82\x38\x19\xf2\x1b\xfa\xc6\x68\x38\x6b\xe5\x46\x47\x8f\x2c\x1a\xd2\xbc\x85\xcc\x6e\x24\xe0\xb8\x05\x3b\x67\xd2\x3c\xc3\xff\x7d\x53\xd3\x19\xc0\x73\xd7\x36\xbe\xe9\x60\xfc\xe3\xd4\x85\x3a\xb2\xaa\xb6\xcf\xd7\x2b\x0b\x38\xe2\x57\xa7\x98\xee\x9c\x2c\xa9\x40\x62\x70\x46\xcb\x8a\x7c\x37\xb5\x57\x58\xe1\xfb\x02\x81\xff\xcc\x02\x5c\xc8\x46\x81\x92\xef\x81\xbf\x0f\x74\xf8\xe9\xda\xbe\x4c\xee\x0f\xa4\x8d\x82\xcb\xf4\x79\x1d\xe0\xe5\xdb\x57\xd7\xe9\x19\xa0\xa5\xcb\x02\xbc\xcf\x94\xd3\xd0\xbd\xa5\x16\xfd\x36\xec\x99\x14\xb3\x03\x81\xa3\xc2\xcd\xf0\x79\x2e\x83\x71\xfa\xf7\x89\xcf\x52\xcb\xe7\xb7\x8d\xf0\x73\xc8\x3a\x2a\xef\x54\x0c\x6b\xd2\x9d\x05\x2c\x14\xd3\xc4\x5f\x8f\xb0\x4d\x76\x70\x42\xf4\x59\x44\xbe\x6b\x12\xcc\x2f\xbb\x34\x5f\xd7\x2e\x7d\xd1\x64\x16\xeb\x2f\x84\xad\x5e\x8a\x59\x98\x90\xcb\x26\x3f\xdd\xa5\x41\x76\x62\xfd\xed\x1b\x42\xba\x7f\x44\x40\xd6\x20\x25\xdc\x6a\x0e\xfe\x8b\x18\xbb\x7f\x51\xa2\xd0\x27\x44\x2d\x8d\xa6\x93\x81\x20\x4a\x9f\x43\x11\xe0\x41\x03\x81\x15\x48\x11\xfe\x91\xe7\xca\x09\xf1\xa9\xd5\x1d\xd1\xec\x2e\xc0\xd4\xdb\x04\x41\x1f\x82\xd8\xb6\x9d\x15\xc4\x7a\xde\xac\x63\xf9\x4c\x02\xa3\x6a\x19\x90\xf0\x30\xbe\xdb\xb7\x25\x43\xcc\x95\x5d\x07\x9b\x6b\x1f\x52\xbe\xe8\x9d\x01\x60\xad\x1f\x3c\x69\xb9\xa7\xea\x3f\xd0\x0f\x09\x83\xd2\x69\x5b\x00\x31\x4d\xe6\x05\x20\xfd\x1c\xcb\xbc\x46\x1c\x75\xe2\x6d\x97\x6c\x16\x27\x16\xc7\xac\x93\x1b\xf5\xa8\x20\x33\xfa\xa5\xf4\x9e\x69\x98\x31\xb6\xb5\xa3\xcb\xcb\x00\x94\xfd\x53\xec\x25\xac\xeb\x65\xf9\x45\x8b\xd1\xdb\xfd\x44\x44\x0d\xe0\x7f\xca\xf2\xf5\x1a\xa9\xcb\xb6\x44\x8e\x0e\x5e\x40\x4e\x91\x2b\x1f\x3e\xb2\xa3\x03\x56\x6e\x2f\x8c\x85\xbb\x52\x37\x70\xf6\xa1\xa1\xbc\x2a\x93\x44\xfb\x78\x9a\xf7\x31\xb0\x72\x87\x9a\x8f\xff\x19\xf8\x1a\x07\xa2\x97\xc9\xb6\x7a\x75\xbf\xbc\x30\x3d\xd2\xa7\x69\x4b\x17\xb7\x90\xf5\x63\x9e\xc6\x90\x7f\x79\x5c\x3b\x47\x89\x6e\xf9\x49\x6e\xc0\xde\x78\x46\xcf\x36\x17\x2c\x35\xab\xb3\x65\x5d\xe4\xac\x67\xe4\x13\x83\x0e\x34\xdc\x4b\x0d\x7b\x87\xd4\xf7\xbd\x4d\xd1\x1a\x40\xa5\xd9\x76\x48\x8b\xbf\x6b\xd8\x47\x44\xd8\x74\xac\x75\x42\xed\xeb\x99\x88\xc9\xfa\x7f\x00\xea\xed\x76\x80\xf2\xca\xcf\xc3\x2d\x9d\x32\x40\xed\x63\xfa\xcf\x0f\x9d\xbd\x17\xa7\x18\xb0\xbc\x7e\xbc\x02\x5d\x02\xf3\xaa\x37\x4e\x71\x53\xe1\xcb\x30\x5e\xa3\x8f\xbf\xc2\x8f\xfd\xd4\xc7\x5f\xa9\x89\x01\xfe\xf0\x7d\xa5\xdc\xb7\xbd\x53\x8d\x57\x02\x28\x31\xd3\x5a\x31\xfe\xa4\x14\x5f\xd0\xa3\xde\xa1\xa1\x85\xb3\x5d\x0f\x2f\xd3\x04\xa3\x65\x85\xf3\xf9\x0b\x06\x08\x98\x60\x30\xb9\xc7\x8e\xe1\x5e\xe1\x8c\x18\x40\xec\x83\xca\x84\x6a\xee\x3c\x81\x11\xf0\xac\xb8\x9a\x38\xba\xbf\x62\x70\xeb\xe3\x4c\x18\xa4\x91\x4e\xd4\x7a\x02\xf6\x41\x7b\xad\xc7\x7a\x55\x5b\x76\x6c\x13\x66\x3a\x6a\x78\x31\xe8\xd2\xb7\x2c\x4e\xcf\xac\x97\xd0\xa0\xd3\x50\x45\xce\x6e\x25\x4e\xf9\x83\xb7\x2d\x15\x43\xc7\x7b\xf6\xbf\x77\x32\x05\x76\x1c\x4e\x0e\x8d\xf1\x04\xe2\x60\xe3\xb7\xc6\x1f\x02\x42\x87\x24\xb6\xf0\x88\x4f\x27\x6e\x8f\x7a\x0f\x03\x43\x91\x92\x3c\x48\xf0\x0e\x17\x47\x13\x10\x46\xa4\xad\x77\x8c\xf9\xd2\xb8\xba\xee\x03\x9c\x2c\x94\xe0\x56\xa7\x5f\x6d\xe3\xd6\xda\x1c\x94\xd8\xfd\xee\x4f\x0f\x22\xac\xa2\xde\x86\x13\x43\xde\xa3\x5d\x5e\x84\xcb\x68\xf7\x92\x4f\xe5\xee\x69\x9b\x32\xa9\x04\x9b\x95\x2a\x3b\x35\x4a\xc5\xa5\xfd\xc3\x2e\xe6\xae\x5d\x22\xe0\x9e\x77\xbd\x93\x5f\xdb\xc4\xfd\xf5\x4d\x59\x27\x1e\x7c\xa9\x1e\xa0\xbd\x73\xef\x78\x24\x91\x78\xbd\x35\x3e\x5c\x2e\xa7\x7a\x41\xe0\xa0\xa4\xef\xa3\xd6\x17\xa8\x92\x72\x9e\xf0\x7b\xfa\xce\x33\xcf\x5b\x84\x3e\x7a\xe4\x59\xc3\xe6\x6f\x1e\x51\x7a\x78\xfb\x72\x8e\xb3\x74\x31\xeb\x33\x15\x23\x26\x3d\x3c\x90\x0f\xd0\x81\xe7\x44\xc3\x29\x06\xca\x31\x4c\x77\x71\x7c\x49\xff\xc7\x3b\xf0\xc8\x37\x84\x99\x88\xac\x5c\xcb\x0b\x58\x20\x58\xc0\xc2\x1d\x0a\x20\xb6\xd2\x4b\x7b\x8e\xa5\x8a\x0b\x7a\x13\xe5\x09\xc7\xac\xa3\x41\x7c\x8d\x11\x83\x06\x26\xbf\x4d\x5e\xb5\x25\xc4\xbb\xe5\xd4\xad\x98\x4c\x66\x6c\x3a\x77\x8e\x59\x48\x9e\x77\x56\x96\xad\x74\x7e\x30\x99\x8b\x43\x32\x99\x74\x6f\x3b\x34\x3a\xdc\x6a\xdc\xa5\x6e\x89\xa1\x1c\x46\x86\x94\x05\x35\xba\x7b\x45\x42\x17\x5b\x30\x53\x91\x52\xf0\xd3\x8b\xda\x1b\x2d\x56\xfa\xb6\x14\x9d\x12\xdc\x04\x11\xb4\x25\xef\x2a\xe5\xa5\x3d\xe9\xbe\x74\x9a\xa3\xd8\x07\xda\x07\x8a\x8e\x1b\x73\x8d\xee\x68\x08\x3c\xb4\x44\x75\x4f\xca\xbd\x53\x63\x19\x8e\xc1\x9d\x0f\x61\xde\x66\x9d\x7f\x5f\xfe\xd0\x70\x95\x1a\x0f\x86\x76\x7d\xd3\x33\x9e\x47\x31\xee\xc4\x26\xa3\xf1\x17\xb5\xa3\xf3\x3f\x13\x40\x21\xe2\xa2\xb5\x3e\x3b\xa2\x8a\xde\xfa\xec\xca\xef\x76\x4d\x1c\x4e\xc6\x8f\x4f\x7f\x02\x07\x1e\xc3\xcd\xa0\x0c\x7c\x36\xe8\xaf\x8b\x55\x07\xb4\x8b\xdb\x15\x83\x98\x2e\x4e\x5b\x6e\x2b\xf1\x64\x4b\x8d\xb5\x32\x4c\xef\xad\xb9\xe8\xd6\x88\x83\x83\xce\xa8\x4b\xbd\x3c\xd7\xfa\xba\x4d\x11\x2e\x84\xdb\xef\xfb\x77\x78\x1e\x13\x17\xa8\xd0\x1f\xd8\xbf\x89\xcb\xed\x9c\xff\xe3\x42\x12\xae\x5a\xbc\x88\xfd\xfd\x10\x7d\x15\xab\x61\x23\xdf\x03\x1f\xd6\xc0\xa4\x2f\x20\xd9\xe4\x88\xe7\x68\x4e\x28\xf5\xd9\x9c\x41\x57\x0b\xca\x24\xd3\x52\xaf\x31\xcb\xc3\x7e\x34\xde\x52\x14\xf5\x4e\x98\x58\x1b\x72\x89\x8b\xfa\x20\x1b\x18\x63\xba\xb1\xab\x7b\xf0\xeb\x34\xac\x2a\xfa\x96\xaa\xc7\x4e\x28\xbe\x13\x1b\xf0\xf1\xc1\x89\x8b\x46\xb1\x68\x42\xbf\x97\x72\xd1\x9d\x67\xf7\x8c\x5a\x4c\xbc\xc3\xee\xe5\x83\x49\x86\xc1\x34\xe3\x7d\xd7\x62\xf9\xf4\x5e\x50\x33\x9e\xc1\xa0\xec\x89\xde\x6b\x53\xfd\x9a\x7f\xbc\x93\x92\x8f\xdb\xfc\xf6\xf9\x41\x96\xa4\x58\x07\x90\xdd\x56\xa5\xa1\xb3\x77\x8e\x98\xb0\x05\xd4\x2c\xfa\x6e\x02\x13\x02\x27\x57\x57\x76\x84\x95\x1b\x46\xaf\x8e\xd5\x9c\x3c\xb3\x9c\xc4\xcf\x70\x92\xf6\xdb\x3f\xd4\x02\x38\x49\x14\xab\x1e\x79\x65\xfa\x8e\xc5\xc8\xdd\xc5\x5c\x3e\xfb\x68\x6d\xd6\x92\x45\xe6\xc1\x20\x2b\x24\xd7\xe4\x2e\x7a\xfe\x71\x44\x70\x50\xbe\x84\x1a\x1e\x2d\x58\x8a\x91\xb9\xf0\x96\x62\x0e\xbc\x9b\xe0\xa9\x11\x8d\x57\x60\x93\x1c\xe3\x5f\x93\xa5\x41\x0b\x96\xfe\x18\x36\xf7\x2f\xce\x41\x4e\xde\x74\x9c\x09\x96\xd0\x4d\xe6\x2c\x4e\x80\x39\xcb\xab\x8e\x40\xee\x86\x19\x29\x57\xed\x2e\x26\xed\x78\x0b\x4c\x49\x7a\xbd\xa7\x1d\x7e\x03\x2f\x83\x8a\x9e\x3f\x2b\x5e\x01\xe3\xdb\xdc\xdc\x69\x0a\x87\x75\x6c\x2f\xf0\x62\x0f\xe3\xbe\x01\x4c\xaa\xc3\xf8\x07\x59\xdf\x26\x9a\x10\xca\x97\xbb\x88\x52\x36\x11\xe3\x4f\xe7\x53\x3a\x58\xd8\xbb\xf6\x8c\xcd\x83\xba\x58\xc7\xd1\x6f\xdf\x90\x5e\x97\x7e\x97\x4c\x95\x05\x59\x96\x71\x09\x6c\x3a\xb4\x4d\x2a\x79\x7a\x93\x81\x0b\x0a\x22\xa4\x0a\x47\x04\x6b\x95\xe2\x7c\xca\x3e\xce\x34\x6b\xed\xa9\x7c\x3d\x38\xf7\x83\x37\x52\xe9\x83\x97\x26\xc3\xef\x2d\x06\xff\x17\x31\x30\xd5\xac\x72\x4a\xc7\x91\x32\xfa\x9c\x2c\x36\xb9\xad\x48\x13\xf5\x47\xeb\x87\x2b\xc2\x93\x66\xf2\xfa\xe2\x31\x92\xb2\xeb\x15\xfd\xc3\x2b\xe8\x78\x41\xc5\x50\xe9\xbf\x9b\x78\x9c\x19\x28\x93\x76\xd3\xed\xed\xb2\xf8\x80\xef\x89\xaa\x38\x55\xcb\x2e\x65\x7b\xaf\xac\xe3\x26\x5c\x03\x39\x24\x3a\xba\xe6\x74\xf4\x8f\x58\x64\x0e\xc3\xcf\x4f\x8e\xf5\xaf\x39\x3c\xde\x00\x0e\x8d\x24\x35\xa9\x3f\xab\x60\x07\x4c\x02\xa4\x0d\x03\x87\x5b\xf6\x9f\xb4\x87\xe3\xc0\xd4\x39\xbb\xc1\xd6\x2a\xbb\x0c\x3d\x55\xc1\xb8\x58\x5d\x60\x9d\x66\x2e\x56\x9e\xfd\x98\x4c\x9a\xbd\x25\x6e\xc8\xb5\xac\xf4\xe3\xb2\xc9\x8e\x8e\xe4\x77\xc9\x19\x16\x49\x6f\x68\x7a\x11\x40\xd1\x8b\x1a\x0b\xba\xcc\xb1\x65\x5f\xed\xd9\x30\xc1\x2a\x6b\xc7\x5c\xca\x30\xcf\x2f\xd0\x85\xb2\xf4\x7f\xd1\xfd\x3a\xb2\xb8\x9a\xb7\x94\x47\xdc\x01\xfe\x7f\x4f\xca\x96\x4d\x06\x32\x78\x7f\x8a\xca\x93\x37\x6e\x73\x33\x92\xbf\x93\x7d\x6d\x3e\x3b\x7b\xb5\xdf\x3e\x1f\x59\x72\xba\x62\xa9\x26\xc6\xba\xd1\x9e\x4b\x30\xdd\x74\x53\x3b\x12\xc7\xe9\xca\xc0\xcf\xde\x33\x1d\xcd\xc4\x08\x1b\x05\xc9\x33\x18\x9e\x4f\xb6\xa3\x35\x42\xa2\xb3\xdb\x61\xb3\x29\x11\xc8\xdb\x9d\xfa\x9b\x08\xda\xac\x22\xeb\x5e\xb5\xc1\xff\x5e\xb0\x55\xb5\xdf\x5e\x59\xc8\x29\x8b\xf2\x4d\x46\x9f\xf5\x81\x97\x6e\x5f\x83\x84\x60\xcc\xf6\x18\x27\x4a\xde\x1e\xeb\xac\x3a\xda\xc9\x7f\x00\xb1\x58\x40\xb0\x93\x00\xac\x1c\x3d\xc8\x31\xc8\x24\x5e\xbc\x45\x51\x3c\x2d\xed\xe0\x90\xca\xdc\x6e\x5d\x03\x8c\x40\x5d\x39\x3b\xbe\x3e\x51\xa2\xf7\xd6\x91\x94\x55\x85\xa3\xa8\x6b\xe4\x37\x15\x47\x9d\xba\xe9\xc7\x74\x7d\x96\x7d\x37\x35\x74\xb7\xc0\x2d\xd5\x7f\x57\x34\x26\xd1\xb9\x80\xd4\x1b\x1b\x1e\xf6\x53\xc6\xcd\x73\xf8\x74\x3c\x60\x1e\xc4\x71\x71\xa1\x54\xe8\xc7\x27\xf0\x65\x34\x70\x4e\xa8\xad\x11\xd0\x53\xaa\xcf\x3a\x06\xca\x89\xcd\xdc\xb1\x34\x2b\x99\x12\x2c\x45\x81\x42\x4c\x6c\xd6\x02\x35\x01\xc5\x75\x01\x28\xff\xfe\x12\xd4\x91\x68\x1b\xdb\x94\x0a\xff\x9f\xc6\x06\x14\x81\xa7\xad\x8d\xc0\x3d\x51\xaf\x77\x5e\x1f\xa7\xa6\x78\x43\x9e\x84\xb7\xed\xf0\x3a\xdd\x12\x81\x9c\xc1\xc5\x1a\xf4\x0a\x9c\x20\x3c\x4e\x96\x3e\x13\x31\x4e\x2f\x3e\xcd\x3b\x92\xed\x57\x11\x3c\x5e\x72\xac\xc3\xc8\x28\xbd\x5a\xb7\xde\x8e\xa0\xd7\x8e\x1c\x69\x29\x81\x9f\x9d\xf7\x70\x9a\x7a\x6f\xd2\xee\x81\xad\xcb\x21\xa3\x6e\x69\x7b\x99\x39\x43\xa1\x83\xab\x4b\xc7\x59\xf5\x21\x5f\x22\x19\x12\xa6\xf2\xa2\x06\x85\xce\x52\xa9\x17\x25\xa1\xb5\x63\xef\x1a\x42\x49\xc0\x57\xf6\x7f\x49\x0b\x94\x28\x78\x13\xc1\x02\x37\x04\x41\xc4\x47\xb9\xc4\x9c\x4a\x43\xc7\x48\xfa\x55\x34\x68\xb8\x9c\x03\xbf\x1f\xda\x2c\xf7\x12\x27\x0b\x4b\x9f\x36\xa5\x24\xc2\xe9\x00\xe5\x08\xea\xd1\x73\xc6\xe8\x37\x8f\xbe\x68\xa8\x63\xfe\xc0\xde\x7f\x3a\xb1\x34\x18\x0f\x1a\x50\x5e\x07\x2e\x93\x1a\xc2\x32\x50\xb5\x16\x5a\x63\xb8\x2a\xe6\x49\x83\x72\x02\x73\xb1\x99\x55\x77\x76\x85\x59\x7f\x57\xe6\x95\xe3\x41\x2c\x35\xb4\x35\x83\xff\x43\x57\xe6\x4e\xaf\x54\xb9\x5c\x5f\x3b\x74\xc9\x78\x3c\xb9\x81\x2e\x3e\x1f\x30\xcc\xdc\x38\xec\x21\x5e\xe5\xf6\xd5\xff\x30\xc2\xfe\x29\xb9\x1e\x12\xe6\x2a\xd4\x34\xf1\x6a\x9c\x05\xf5\x5c\xb3\x7f\x40\xf9\x27\x7d\x63\xbf\x78\x2c\x0a\x14\x8a\x59\x41\xd1\x2d\x68\x2f\xb7\x09\x50\x27\x82\xe9\x17\xd2\x05\xeb\x80\x24\xa8\xdb\x09\xff\xfb\x9d\x00\x0a\x7f\xf0\x69\x38\x03\xee\xb7\x88\xe1\x6c\x2f\xf8\x5f\xb7\x47\xfa\xba\x94\x6a\x96\x28\x58\x6b\xd6\xf8\x6a\x27\x01\xee\x68\x8e\xbd\xa1\xac\xe8\x52\x79\x4c\x40\x03\x8f\x16\xa2\xfc\x3a\x2d\xb6\xb1\xdf\xbe\x26\x00\xa7\x97\x14\x7b\xd1\xdc\x7c\xbc\xcd\xb9\x5d\xd8\x23\x19\x82\x87\x8b\x78\xdd\xc8\x2b\xd9\xe5\x03\x18\x9e\x8b\x13\x4d\x0d\x14\xb0\x2e\x41\x46\xd9\xa1\x86\xba\xe5\xfa\x89\x5b\x78\x78\xac\xf7\xf1\x5a\xc2\x30\xd1\x63\x54\xa5\xdd\x6c\x42\xc6\x8b\xad\xd4\x27\x6a\xfc\xf4\xec\x85\x82\x1c\xb2\x2a\x71\xfb\x37\x18\x13\xbb\x69\xcf\xfd\x1d\xec\x2d\xc4\xcb\xb6\xf7\xa7\x85\x8f\x52\x04\xbb\x54\x2b\x28\x87\x2e\x45\x73\x03\xe2\xe3\xb6\xc3\x77\xa0\x80\x5b\xaf\x6e\xe1\x2f\x48\xc5\xed\xc7\x43\x57\x06\x4f\x35\xed\xb5\xe9\x21\x24\x9f\x65\x71\x72\x73\xd5\xa2\x3a\x2e\x77\xe2\x05\xda\x5c\x05\xca\x20\xac\xdf\xbf\xda\x73\x6a\xf5\xb2\x9d\xc7\x4a\x13\x6e\x60\xd9\x1e\x13\xcc\x55\x56\x65\xe9\xcf\xe3\x39\xf2\x2d\x02\x49\xca\x88\xb7\x38\x10\xfe\x6a\x98\x13\x9d\x04\x6b\x99\x1f\xb7\xa8\x3f\x54\xfb\x79\xbe\xca\x8f\x79\xda\x7a\xff\x0b\xb4\x20\x61\x88\xb4\xa0\xa0\xe1\x9d\xb4\x50\x41\xee\x36\x45\x7c\xe0\x4d\x77\x55\xf2\x9f\x3a\xc9\x64\xb8\xb0\xe1\x6b\x41\xcd\xf0\x20\x62\xd6\x4e\x9f\x6a\x36\xef\x5e\x80\x58\xa0\x17\xb5\xc2\x2c\xb9\x3d\x34\xff\xcc\x8f\xf8\xf2\x8f\xdf\x87\x46\x04\x93\x36\x18\x3f\x38\x4e\xa1\x84\x41\xf5\xb2\x33\x35\xb8\x1f\x73\xbb\xcf\xfe\x07\x8c\x17\xf1\x55\x15\x74\xe2\x89\x1a\x27\x9d\x86\xa8\xcb\x41\x5c\xe5\xcb\x2b\x9b\xb4\x87\xbc\x5e\xaf\x02\x23\x26\x57\xdd\x6a\x23\xd6\xe7\x4a\x9b\x78\x9e\x26\xe3\xd3\x40\xcd\xcf\x3e\x17\xb0\xe3\x49\x36\xf8\x9b\x80\x5f\x1e\x54\x0e\x9f\x94\xc2\xa4\xcd\x78\x81\x05\x6a\xbc\xd2\x8e\x71\xb3\x80\xdc\x48\x07\x14\x76\x4f\x9e\x04\xd9\x5e\x99\xe3\xcd\x3f\xe9\x8a\x66\x49\xb5\xc7\x2a\x9d\x7a\x5f\xc1\xe4\x47\xa4\xa9\xc4\x16\x98\x00\x61\xf0\x86\x62\x32\x33\x47\x47\x15\xc1\x35\xc1\x5a\x45\x89\x33\x5c\x74\xbb\xab\x24\x00\xeb\xa9\xed\x12\xec\xc4\x33\xc9\x10\xde\x80\xb9\xf3\xa5\xa7\xe7\xb6\xd6\x64\x64\xcd\x67\x07\xb2\x2e\x8f\x87\xa6\x1a\x00\x2a\x46\xf2\x1d\x14\x4c\xcc\x3d\x8a\x2b\xe9\xa9\x54\xe1\x0f\x98\xf6\x83\xc3\x80\xb4\x9b\xea\x6b\x8a\xaf\xae\x42\xc9\xd3\xd1\xc1\xc8\xae\x60\x6d\x7d\xc0\xc4\x29\x6a\x18\x1e\x56\x36\x7e\x7f\x0d\x67\x12\x59\x18\x39\x99\xb4\xd8\x96\x10\xc8\x94\x7b\xaf\x0a\x24\x60\xdf\xd7\x4b\x36\x0a\x40\x0a\x06\x3c\xe5\xba\x34\xd7\xe1\x11\xdd\x40\x8f\x78\xb6\x61\x0a\xe1\x1a\x52\x34\x61\x0c\xf0\x75\xbb\x9d\x87\x3f\xc1\x21\x65\x74\x89\x2c\x76\xd7\xdb\x11\xc1\x1f\x6e\x59\xd0\x09\x87\x7c\x80\x2a\x58\x03\x2c\x6b\x6b\x86\x56\x96\xe5\x60\x13\x3c\x17\x7a\x36\xc2\xc4\x0c\xf3\x93\x56\x1a\x2a\x24\x14\xbf\x6b\x28\xc4\x83\xd0\x9c\x14\xc5\xde\x29\x72\xea\xe2\xc9\x0a\x6b\xcd\x61\xc3\x07\x5d\xf9\x43\x17\x74\x99\x26\xea\x1b\x51\x90\x5d\x2a\x50\xa5\x1f\xed\x44", 3584));
r[12] = syscall(__NR_writev, r[2], 0x2000dfa0ul, 0x1ul);
}
int main()
{
int i; for (i = 0; i < 8; i++) {
if (fork() == 0) {
install_segv_handler();
use_temporary_dir();
loop();
return 0;
}
}
sleep(1000000);
return 0;
}
--
Thanks,
Sasha