// https://syzkaller.appspot.com/bug?id=03f4404da0737d2be5145ac3ed936712fcfd504c // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_sysctl() { int cad_pid = fork(); if (cad_pid < 0) exit(1); if (cad_pid == 0) { for (;;) sleep(100); } char tmppid[32]; snprintf(tmppid, sizeof(tmppid), "%d", cad_pid); struct { const char* name; const char* data; } files[] = { {"/sys/kernel/debug/x86/nmi_longest_ns", "10000000000"}, {"/proc/sys/kernel/hung_task_check_interval_secs", "20"}, {"/proc/sys/net/core/bpf_jit_kallsyms", "1"}, {"/proc/sys/net/core/bpf_jit_harden", "0"}, {"/proc/sys/kernel/kptr_restrict", "0"}, {"/proc/sys/kernel/softlockup_all_cpu_backtrace", "1"}, {"/proc/sys/fs/mount-max", "100"}, {"/proc/sys/vm/oom_dump_tasks", "0"}, {"/proc/sys/debug/exception-trace", "0"}, {"/proc/sys/kernel/printk", "7 4 1 3"}, {"/proc/sys/kernel/keys/gc_delay", "1"}, {"/proc/sys/vm/oom_kill_allocating_task", "1"}, {"/proc/sys/kernel/ctrl-alt-del", "0"}, {"/proc/sys/kernel/cad_pid", tmppid}, }; for (size_t i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].name, files[i].data)) { } } kill(cad_pid, SIGKILL); while (waitpid(cad_pid, NULL, 0) != cad_pid) ; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 6; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(__NR_socketpair, /*domain=*/0x1eul, /*type=*/1ul, /*proto=*/0, /*fds=*/0x20000000ul); if (res != -1) { r[0] = *(uint32_t*)0x20000000; r[1] = *(uint32_t*)0x20000004; } break; case 1: *(uint64_t*)0x200003c0 = 0x20000180; *(uint16_t*)0x20000180 = 0x1e; *(uint8_t*)0x20000182 = 1; *(uint8_t*)0x20000183 = 0; *(uint32_t*)0x20000184 = 0; *(uint32_t*)0x20000188 = 0; *(uint32_t*)0x2000018c = 0; *(uint32_t*)0x200003c8 = 0x10; *(uint64_t*)0x200003d0 = 0x20000380; *(uint64_t*)0x20000380 = 0x20000480; memcpy( (void*)0x20000480, "\xc3\xe9\x72\xbd\x85\xa6\xd8\x41\x36\xd6\xdd\x55\x04\x8d\x35\x93\xa7" "\x4f\x33\x8c\xe6\x77\x2a\xb9\xa6\xf6\x40\x41\xc2\xf6\xfb\xbe\xcd\xc0" "\x8e\xbc\xd3\x19\x2b\x6a\x53\x66\x2d\xae\x7c\x8e\x9c\x66\x5e\x80\xa5" "\xd0\x92\x5f\x72\x8d\xca\xc3\x0c\x29\x79\x39\x92\xe5\x88\x95\x26\x53" "\xd4\x14\xcb\x8c\xcd\xab\xc3\x87\x67\xfe\xe8\x19\xec\x5a\xf0\xc5\xee" "\x93\x68\x80\xfe\x85\x49\xb4\xed\x34\x77\x79\xca\xb4\xff\xd4\xe0\xb6" "\x2c\x53\xa1\xc0\x1d\xb2\x8f\x2b\x3f\x91\xc3\x42\x11\xc9\x35\x3b\xc1" "\xde\xce\x61\x51\x19\x17\xc2\x24\x5f\xd6\x6c\xb8\xdf\xfe\xac\xb4\xd4" "\x6d\x62\x7c\x97\xb4\x98\xbf\x1f\xf6\xb3\x13\xbf\xbc\x97\x65\x45\x7c" "\x83\x17\x71\xd5\xee\xc7\x99\x7e\xc2\x42\xe4\x50\x5f\x01\xc1\xbb\x3e" "\x06\x9b\x2e\x63\x0f\x42\xa2\xbe\x86\x59\x8a\x61", 182); *(uint64_t*)0x20000388 = 0x64; *(uint64_t*)0x20000390 = 0x20000300; memset((void*)0x20000300, 86, 1); *(uint64_t*)0x20000398 = 1; *(uint64_t*)0x200003a0 = 0x20001600; memcpy( (void*)0x20001600, "\x3e\xed\x50\xd0\x12\x57\x19\xa8\x10\xf8\x8e\x3f\x47\x18\x6f\xe4\xda" "\xe7\x41\x82\xdf\xd1\x09\xa2\x58\x7c\x47\x97\x41\x0c\x9b\x8e\x39\xbd" "\x3d\x9a\xa1\x44\xd5\x90\x86\x47\xc3\x0c\x8d\xb6\x9b\x5c\x17\x08\x4c" "\x9b\x1b\xfb\xb8\x68\x07\x37\xc4\xf8\x8a\xbc\xdb\xc7\xd2\x94\xd7\x2a" "\xb1\xb3\x44\x27\x09\x15\xdf\x9d\xdf\x56\x35\x64\x4c\x35\x1c\x22\xb2" "\x9d\x94\x8a\xc4\x10\x6b\xce\x71\x07\x57\x0b\xee\xd6\x30\x77\xcf\xbc" "\x98\xef\x71\x69\x9e\xae\x65\xd3\x77\x24\xd9\x95\xb5\x53\xe7\xa3\xad" "\xe6\x19\xb5\x22\x31\x3a\xb3\x82\xca\xf8\x79\xfe\xb4\x89\x42\x87\x8e" "\x60\x5e\xe3\xee\x28\x72\x79\x4e\x3a\xbe\x22\xa3\xf0\x25\x06\x8b\x62" "\x8a\x5d\x92\x46\x80\x92\xa5\xcc\x64\x9b\xbb\xd9\x78\xb5\x77\x2e\x53" "\x79\x39\x43\x2a\x50\x21\x22\x23\x5c\xed\x31\x2d\xaf\xd1\x08\xc9\xff" "\xeb\x0b\x38\xcc\x16\xda\x94\x18\xca\x01\xd4\x85\xa6\xaf\xb5\x82\x7d" "\xa4\xdf\x6e\x11\x21\xec\x30\x7d\xe1\x4b\xb3\x2b\x6a\x97\x76\x08\xe4" "\x57\x6a\x99\x81\x82\xdd\x93\xd5\x92\xff\x43\xe5\x5b\xfd\xbb\xce\x23" "\xec\xd5\x01\xe4\x3b\x3e\x93\xef\x8d\x9d\x01\x71\x1d\xff\x54\xc3\x01" "\xe2\x99\xd3\x80\x1a\x3c\xff\xe6\xc9\x88\x3f\xbd\x0e\x47\x12\x4d\xc0" "\x25\x69\xf6\x2d\x48\xb8\x78\xfc\xb5\x8c\xe9\x9f\xcf\xfc\xd2\xa5\x16" "\x6e\xff\x3a\xd9\x3c\xf1\xd1\x37\x27\x49\x93\xd8\x6a\x3b\x37\x30\xd6" "\x3d\xed\x75\x9f\x6c\xa8\x8f\xa4\x49\xe5\x57\x5b\x15\x32\x1e\x5a\x58" "\xa1\xf8\x88\xee\xd7\x46\x6d\xb4\x97\x6c\xe3\x5f\x6d\x2e\xfb\x5a\xd0" "\x5d\x99\xa6\x64\x82\xdc\x60\x7c\xb5\xac\xb2\x4d\x32\x68\x03\xbd\x33" "\x75\x19\xcc\x98\x10\x3f\x59\xc6\x3b\x59\x62\xcd\x72\xe4\x49\x7d\x1b" "\x00\x81\x7d\x6e\x09\xde\x70\x27\x0a\x09\xb4\x93\xc2\x22\x66\x17\xb1" "\xc9\xef\x9d\x50\x6b\xe0\x0d\x6e\x07\xf1\x46\x33\xa9\x66\xf0\x4e\xcc" "\xa9\x0f\xb8\xd2\xb9\x63\xad\x6f\x38\x17\x93\x5b\xd6\x53\x4f\xa3\xda" "\x1c\x5d\xc4\x68\x78\x9c\xbf\x11\x92\xf3\xc0\xbf\xf3\x77\x7f\x1e\xdd" "\x2a\xda\x5d\x35\xf8\x8f\x12\xf2\x9e\x95\x2c\x44\x44\x5c\xe6\x23\x50" "\x9d\x66\x81\x1c\x80\xa9\xe0\xf1\x3a\xd8\x5a\xba\x37\xd8\x6f\xf0\xda" "\x4d\xda\x60\x1d\x9e\x8a\xcb\x26\x42\x33\xbc\x93\x9f\xb0\x56\x31\x66" "\x12\xcf\xf6\x87\xd5\xc4\x41\x57\xbe\x05\xbc\xc8\x8b\x33\x3f\xf2\xa4" "\x00\x41\xd9\x8f\x1a\xcf\xe6\xe2\x23\x1a\x84\xe0\x9b\xd7\xa5\x4a\x04" "\x42\xcf\x87\xce\x3e\xe8\xfd\x8d\xa3\x9d\xa1\x86\x28\x62\xae\x40\xfc" "\x3c\xb3\x05\x5c\x8b\x70\xe6\x2f\x24\x38\x50\x70\x73\x41\xf5\x14\x26" "\xbb\x3e\x71\xc7\xa4\xff\xfe\xfa\xb0\x60\xdb\x78\x60\x00\x61\x8b\x05" "\xeb\x08\x7a\x42\x4a\x2f\x30\xf6\xa2\x32\xff\x44\xb6\x05\xf7\x0c\xee" "\xc0\xa8\xf7\x0e\x37\x90\x7f\x6e\x0b\xbb\xa2\x1e\x9d\x5b\x7e\xcb\x6d" "\x28\x77\x42\xb7\x5c\x10\x1b\xa7\x95\x25\x91\x8c\x34\x73\xea\xe3\x8f" "\x3c\x17\x72\x49\xdf\xa8\x81\x66\x61\xc9\x92\x1f\x0b\x0c\x85\x8d\x53" "\xab\x87\xc8\x40\x7b\x97\x95\x0c\x84\x21\x11\x00\x2e\xdd\x1d\x1e\x80" "\xb8\x01\xb4\x95\xda\x28\xbc\xd5\x40\x9b\xc9\x71\xe5\x5d\xab\x18\x57" "\xe1\x88\xac\x97\x28\xef\xc8\xf9\xa4\x54\x39\x45\xf8\x6a\xde\x13\xb4" "\x45\xea\xce\xcb\xbf\x84\x8a\x96\x41\x0a\xc3\x7c\x57\xe3\xe9\xe8\xbc" "\x8b\x8f\xad\xd5\x59\xd2\x25\xc7\x46\x86\x39\xda\x2b\x5d\x12\x08\x55" "\x8b\x51\xe9\x4c\x14\xfa\xa7\x94\x7a\x7c\x60\xe8\x1a\x96\xbb\x5d\x19" "\x4c\xc7\x28\x9a\xdb\xc0\x2e\xbb\x4b\x49\xbe\x1f\x1e\xfc\x42\x9d\xb2" "\xf9\xb7\x9b\x5a\x22\x91\x9d\xba\x0c\x35\x34\x10\x42\xc5\x77\x69\x42" "\xc5\x23\x65\x36\x7c\x4b\xfc\x95\xb4\x2b\xe3\x83\xcc\xa7\x10\x71\x61" "\xde\xd7\xe8\x51\xd0\x12\x6d\xa3\x3d\x58\x1f\x1e\x2b\x08\xd0\xc0\x61" "\xe8\x6d\x31\xe7\xa8\x3f\x9b\x51\xc7\x9b\x40\x34\xc7\xde\xda\x76\x97" "\x03\x4e\x14\x04\xc6\xe8\xe4\x59\xf7\x6c\x2e\xfe\x64\x35\x01\x46\xc7" "\x43\x7e\xf8\x08\xe0\x4c\xa1\x4d\xf5\xf6\xf5\x00\x26\x4f\xd9\x77\x27" "\x2b\xbf\x8f\xc0\x96\x77\x4e\x8e\xb6\x1d\x09\x63\x43\x07\x51\xac\x14" "\x25\xa0\x73\xf8\x43\x46\xb0\xeb\xa3\x68\xcb\xa7\xfa\x34\xad\xc4\x20" "\x80\x0d\x4f\x99\x92\x72\x80\xeb\xa1\x99\xf9\x69\x5c\xf8\x81\x24\xfa" "\xfc\x3a\x2b\x12\x26\xd2\xf2\xab\x3e\xa2\x7c\x69\xa1\x27\x65\x0c\xf5" "\xc7\x25\xb5\x4c\x02\xbd\x87\x29\x03\x3c\xf6\x99\xce\x7f\x03\x0f\x9a" "\x34\x42\x05\x62\x44\xda\x3c\xfb\x61\xa8\x12\x6d\xba\x11\x37\x76\x24" "\xf3\x9e\xb0\x09\x24\x21\x52\xfd\x7b\x8b\x88\xde\x7d\xd8\x60\x57\xf2" "\x9b\xfc\xb7\xb7\xdf\x0e\x65\xe7\xe9\xac\x9e\xea\xa4\x1a\xfa\x62\x74" "\x36\x98\xbf\xf0\x3d\x5b\x2d\x51\xfb\x6b\xca\x2d\x92\x29\x4e\x8e\x17" "\x7c\xfa\x36\x61\xb2\x6f\x1c\x04\x0e\x9b\xed\x98\x3b\x7b\xc0\xaa\x15" "\x4e\xb9\xc9\x2e\x4e\xe2\x50\x91\x31\x8c\x53\x11\x3a\x1c\x23\xac\x62" "\xd2\xd7\x15\x04\xcb\xa9\x90\x41\xf2\x9a\x4f\x33\x21\x33\x29\x2c\xf2" "\x0a\xbe\xc9\x22\x2a\x2a\xcc\xa5\x7c\xac\x48\xfa\x6c\x06\x68\xee\x5e" "\xec\xb4\x94\x74\x1a\x64\xd3\x3b\x01\x1d\xcc\xa7\x46\x96\xd4\x61\x4c" "\x5b\x45\xa5\xd2\x09\x83\xb1\x70\x8d\x36\x5e\xd3\xff\xa6\x0f\x91\x61" "\x97\x2a\x61\x1c\x22\x64\x2c\x3c\x25\x9b\x41\xf9\x43\xf6\xd7\xa8\xb6" "\x0f\x28\x4d\x32\x5e\x38\xfe\x76\xf0\x64\x5e\x06\x9f\xf7\x0c\xae\x38" "\x85\x0c\xcf\x97\x31\x93\xb6\x23\x2c\x98\x7d\xf2\x62\x39\xa5\x74\x69" "\x1f\x7f\x07\xff\xfa\x6d\xea\xe1\xeb\x03\x24\xfe\x54\x65\x73\xc3\x6f" "\x2a\x2c\x31\xcd\x44\x25\x17\xa9\xb0\x36\xae\x6a\x2a\x49\x1e\x73\x43" "\x86\x46\x93\xc1\x07\xa5\xdc\x25\x85\x82\x08\x63\xc1\x46\xc1\xba\x6c" "\xaa\x4f\xea\x9b\x87\xd5\x67\x71\x6f\x4c\x8c\xa1\xa9\xd2\x84\x80\x55" "\xcd\x75\x05\x12\xd3\xb7\x41\x5d\x09\x00\x19\xdc\x8a\x04\xa1\xa1\xd2" "\x89\x31\x09\x3c\xd8\xf0\x0e\x94\xc4\x07\xca\x1f\xa2\xa5\xce\x90\x3d" "\x9d\xf2\x6e\x00\x8c\x07\xcd\x13\xaf\xa7\x83\x22\x0e\x1b\xd5\xe6\xb6" "\x06\x45\xf3\xdb\xb6\xec\xb4\x15\x6f\xed\xaf\xa2\xdd\x25\x49\x8c\x6a" "\x99\xd9\x4f\x0b\x38\x12\x5e\xa7\x74\x1b\x75\x10\x9d\xca\xc9\xf8\x06" "\x35\xf7\x9f\x5c\x8a\x04\x83\xbb\x9f\x05\xa3\xa5\xbf\x72\x1c\x75\x41" "\xed\xb2\x52\x44\x9f\x8b\x13\xe6\x3c\x37\x0a\x61\x46\x33\x2f\x03\xca" "\x1f\x1b\x6f\xe0\xbe\xd9\x84\xf1\x37\x44\xbb\x7f\xa0\xfe\x32\x2e\x83" "\xdd\xf9\xff\xb2\x08\x3e\x94\xf3\x36\x04\xa0\xa1\x99\x22\x0c\x45\x0d" "\xad\x94\xbf\x15\x48\x05\xe7\xf9\xe4\x35\x0c\xa2\xd8\x1a\xdf\x29\x78" "\xc8\x7d\xcc\x8a\x8a\x7d\x56\x29\x7e\xc1\x24\xbf\xef\x0d\x28\xf3\x57" "\x77\x20\x5e\x97\x32\x72\xc8\x7e\x01\x07\x0f\x14\xf5\xb1\x4d\xaa\x3b" "\x51\x04\xd9\xff\x6b\x29\x6c\x4f\x16\xed\x49\xeb\x42\xd3\x5e\x7b\xa3" "\xbc\xcb\x7a\x26\xc3\x3a\x26\x3d\xf8\x8a\xad\xd5\x96\xe9\xd9\xde\x0a" "\xbb\xd4\xd4\x49\xdf\x11\x08\x1f\x2c\xd6\x2e\x1d\x89\x62\xb9\xb9\xfe" "\xb2\x5a\x3b\x8e\x03\x53\x7d\x61\xa6\x1c\x11\xac\x22\xb7\x21\x1d\x12" "\xc8\x4e\x60\xa6\xab\xcc\x21\x9e\x55\x8b\x25\x13\xd8\xc5\x30\xb3\xc7" "\xa5\x7c\xdc\x47\xde\x54\x5a\xaf\xbb\x2a\x13\xc0\xe6\xc7\x5b\x1b\x92" "\xfa\x24\x1c\x71\x3c\x83\xa0\x9c\x92\xb2\xb6\x1d\x56\x51\x20\x37\x2a" "\x91\x43\x41\x55\x83\xc9\x59\x6f\x27\xa6\x63\xd4\x96\x7c\xd6\x53\xb0" "\x8c\xeb\xd6\xcb\x96\xc1\xf0\xdc\x80\xd5\x72\x67\xac\x9a\x82\x81\xd7" "\x14\x9b\xde\x88\x08\x28\xee\x27\xd6\x9a\x68\x18\xdb\x58\x32\x0d\xb2" "\x9d\x1b\x04\x4e\xaf\x6a\xb8\xa5\x10\x8b\xc5\x22\xde\x40\x69\x90\xb5" "\x39\x3b\x1f\x7e\x7b\xab\x71\xbf\x6c\xf8\xee\xd1\xcd\x59\xc7\x60\x7d" "\x66\x2e\x8b\x31\x3f\x5c\x4f\xce\x0f\x59\xb1\x02\x73\x71\x38\x10\x11" "\xb6\x3d\xd5\xb2\xb0\x97\x39\x08\x2c\x0d\x62\xff\xad\x96\xe3\x01\x53" "\xa3\x95\x23\x49\x37\xd3\x77\xc3\x2f\xe7\xaf\x82\xac\xa3\xa1\x9d\x0e" "\xbc\x4a\x5c\x5f\xb5\xff\x19\x0f\x14\xd5\x69\x5c\x70\x3b\x57\x1f\xb4" "\xbf\x03\x75\x66\x35\xca\xfc\x6c\xf6\x26\x7e\xab\x83\x6c\x34\x7a\x9d" "\x07\xe8\x08\x9f\xc1\x05\x34\x69\x34\xcf\x33\x64\xe5\xbe\x37\x0b\x3c" "\x42\xb9\x4b\xc5\xae\x3d\x17\xa8\x17\x39\x85\x66\xa2\x95\x32\x51\xeb" "\x91\x69\x7d\x67\x27\x81\x45\xdf\x9a\x4b\x91\x7b\xcc\xa1\xbf\x21\x17" "\x80\xb2\x2f\x4c\xaa\xcf\xcb\x76\x04\xc8\x4f\x94\x3d\x05\xf6\xfd\xf8" "\xed\xbd\x25\x8d\x7d\x8d\xbf\x84\xf9\xd9\x9e\x57\x47\x2c\x5b\x1c\x23" "\x37\xd7\x49\xa1\xf3\x45\xe6\x62\xe2\x53\x6d\x23\xc7\xa6\x3b\xbb\xbf" "\x00\xf8\xb5\xb0\xa2\x10\x6a\x03\x42\xab\x27\xb9\xa1\x0b\x82\xe8\x26" "\x68\xcd\x49\xe0\xcb\xb0\x9d\x7b\xe0\x21\x76\x45\xf1\xdd\xa3\xbe\x59" "\xc8\x23\x2f\xa2\x90\xd3\x47\x91\xcd\xa5\x2a\xa5\xb5\xce\xc6\x33\x9a" "\xb9\x6a\x2e\xb3\xf5\x32\x8c\xc7\xc0\xe6\x71\x7c\x28\x24\x34\x45\x47" "\xa2\xed\x51\x8f\x6b\x2b\x4e\x4f\xe5\xb6\x84\x59\x6a\xa6\xa9\xd3\x98" "\x8f\xc5\xd5\xff\x4c\xb4\x6c\xec\x99\xd9\x51\xb8\x38\x6b\x10\x94\x9a" "\x16\x3a\xf9\x74\xb7\x54\x3d\xf9\x7b\x48\x82\xa4\xed\x60\xe9\x27\xa1" "\xde\xb6\x7c\x5f\x81\x42\x35\xbe\xf6\x5f\xea\x79\xa2\xc7\x12\x81\x5b" "\xe7\x40\x3c\x93\xa3\x70\x7f\xb9\x0d\x46\x04\xec\x3a\x6a\x3b\x09\x28" "\xf2\x53\xf6\xab\x6b\xd5\x6c\x95\x8e\x02\x6c\x8c\x58\x17\x2c\x4a\xc2" "\xa3\xef\xe2\xec\xd5\xce\xa7\x0c\x83\x13\xf9\xac\x2d\x63\x8b\xc2\x96" "\xba\x99\xe2\xca\x86\xd2\xfd\x06\xb5\x40\x2c\xdc\xdd\xc3\xf3\xc9\x84" "\x5d\x5a\xe7\x7f\x6f\x36\x96\x3b\x91\xe8\xf6\xcd\xcc\xd1\x7a\xbe\x8d" "\x40\xed\x02\x46\x3a\xf4\xbb\x0e\x49\x63\x44\xf3\x50\x09\x7f\x1c\xc1" "\x33\x13\xfa\x1e\x17\x2b\x63\x55\x6e\xd2\xb8\xa8\x12\x1c\x01\xa5\xfb" "\x34\x3f\xf7\x76\x78\x21\x62\x6f\xc4\x9b\x0d\x6b\xd5\x22\xe1\xc9\xbf" "\x13\x7d\x5a\x5b\xcc\xb4\xbc\x8d\xbb\x64\xc8\x3a\x82\xef\x6c\x28\x94" "\xf3\x89\x6c\x9f\x6b\xf0\xc3\x76\x40\x11\xd5\x3e\xeb\x6d\xb9\xea\x9d" "\xae\x22\xd3\xeb\xcc\xa4\x94\x2d\x58\x28\xc0\xbc\xa0\xd9\xea\x37\x70" "\x1d\x5a\x06\xc0\x66\xac\x4f\xe3\x18\xe1\x1e\x9c\x0d\x6c\x65\x8a\xc8" "\x10\xfb\x5d\x78\x36\xcf\xff\xe4\xcc\xbb\x09\x34\xe5\x56\x7d\x74\x69" "\x59\x80\xa1\x56\xd4\xbf\x1c\x18\x86\x1c\x5a\x29\xcc\xd3\x49\x99\x9d" "\xc2\x05\x62\xd0\x0e\x1f\x6c\x18\x51\xae\x56\x35\x41\x08\x64\x38\xd6" "\x0b\x97\x5c\x8c\xeb\x46\x64\x14\xff\x60\xef\xa0\xb2\xde\xe7\x90\xfd" "\x06\x59\xff\xa9\x8b\x92\x41\x4c\x13\xd5\xa6\x82\x53\x68\xf5\x6c\x49" "\x84\x41\x22\x05\x04\x1c\xd8\xe0\x06\xc7\x12\x7d\x43\x95\xec\xdf\xfb" "\x5a\xdd\xf8\x0e\xf9\x38\xce\x54\xa3\x67\x15\x4c\x4f\xc2\x86\xd5\xf9" "\x69\x32\x5c\x12\xb1\x36\x55\xa9\xa9\x56\xdd\x3b\x98\x28\x1f\x53\x7e" "\x83\x76\x69\xfc\x55\xd8\x93\x06\x76\xe8\x07\xaa\x8c\xd0\x46\xe0\xf4" "\x58\x3d\x59\xf8\x6c\xb9\x9f\x3f\x7a\x7d\xdd\xe1\xfb\x39\x11\x1f\xde" "\xc7\x67\x7d\x2f\xee\x4b\x8f\x48\x14\xa5\xde\xf5\xeb\xcc\x67\xc6\x53" "\x38\x4c\xe8\x0e\xaf\xfd\x88\x04\x05\xf7\xed\xf8\xfd\x3e\xa0\x49\xf0" "\x40\x59\x5d\xf4\xa7\x5e\x2f\x89\x2e\x7a\x85\xe0\xba\x35\x1f\xb8\xd2" "\x63\xbf\xff\x71\x68\xbb\x85\x01\x7b\x36\x0f\xcd\x2b\xa8\x93\x46\x68" "\x2a\x6e\xa7\xcc\xc4\x6a\xfb\xdb\x5a\xb4\x44\xe3\xf4\x77\x23\x8b\x2a" "\xb5\x03\xbd\xe9\x14\xd3\xcf\x17\x89\x53\x9c\xde\x9c\x06\x21\x15\x2c" "\xd9\x7b\xff\x9f\x23\x5d\x88\xa1\xef\x4e\xa4\x30\x9d\xb3\xa0\x5d\x40" "\x1a\xf7\xfb\x82\x78\x4b\x05\x0e\xf5\x29\xda\xb4\xf1\xf0\x03\xeb\x29" "\x71\x0a\x96\x2f\x75\x38\xc5\x21\xe6\x17\xe2\xf0\xef\xac\x36\x18\x2d" "\x09\x98\x5e\x1d\x72\x5c\xc3\x8c\x38\x33\xa5\x37\x42\xa0\x2f\x76\xfb" "\x28\x54\xa9\xe4\x5f\x0f\xeb\xac\xf3\xbd\xa8\x3f\x11\x18\x3e\xf5\xb9" "\xfe\xf0\x2e\xbc\xdf\x56\xd4\x10\x4b\x17\x5b\xad\x93\x7d\x8f\x61\x96" "\x4f\x97\xd6\x73\x57\x7c\xdc\xbb\xb4\x8d\x8e\xb6\x2b\x06\x3e\xe6\x56" "\x3b\x9f\xf0\x53\x71\x9b\xaf\xf8\x71\xbc\xd8\x38\x22\xd8\x65\xb2\xf7" "\xef\x02\x30\x76\x42\x5a\xc5\xcd\x71\xb1\xf2\x30\x9d\xe0\xc6\xf1\x4c" "\xc9\xc4\xd3\xe8\xfa\xd9\x45\xf7\x56\xa7\xc8\xa0\x84\xea\x1b\xfd\xf5" "\xac\x6e\x74\x00\x43\xe7\xf7\xbd\xac\xa0\x67\x74\xb0\x84\xae\x31\x4c" "\x26\x36\x52\x9d\x4f\xdc\xd9\x65\xc7\xf8\xc0\x71\x56\x57\x26\x20\xb8" "\x27\xd6\x94\xef\xdc\x9d\x2b\xfc\x5a\xa9\x39\x12\x20\xa8\x37\x65\xf2" "\xc7\x1f\xcd\x48\xd4\xac\xae\xd6\x0a\xfb\x53\xd1\x01\x3f\xa3\xb1\x5e" "\x94\x8e\xc4\x15\x9f\x7d\x13\x0e\xf8\x5b\x59\x40\x18\x34\x6e\x99\x03" "\x4c\x18\x73\x82\x85\x22\x3e\xa5\x3a\x6b\x1d\x5c\xf1\x1a\x60\x7d\xe2" "\xe1\x96\x08\xba\x03\xec\x97\x0a\x91\x5b\x77\x38\x24\x26\x1f\x3f\xc9" "\x31\xdd\x6d\x3b\x93\x4d\x89\xf0\x7b\xaf\x14\x77\x63\x14\xc3\xee\xb8" "\xcd\x05\x37\xef\x57\x36\xf5\x65\xfb\xd1\x4e\x52\x0d\x4a\xb2\xf7\x7e" "\xd9\x59\x7b\x76\xff\x91\xf8\xd1\xf9\x9e\xbd\x6e\x47\x3e\xfd\xa7\xac" "\xcb\x27\x39\x75\xa0\x69\x44\xd1\x03\x70\x32\x12\x99\x92\xb9\x94\xca" "\x79\x1a\x09\xb4\xd8\x39\x80\xa1\xe4\x94\xb0\xf9\x70\x98\xdf\x5f\x6f" "\xb6\xbb\xb0\x27\x22\xad\xb1\x1d\xc3\x19\xc5\x65\xc2\xc3\x63\xcb\xd1" "\x9d\x9f\xb3\xef\xb4\x61\x3b\x62\xd6\x58\x4c\xd5\x3f\x7b\xd8\x0e\x3e" "\x89\x30\x4f\x44\x4c\xe9\xdd\x18\x35\x66\x1e\x3b\xb4\xde\x02\xcc\xf5" "\x68\xa2\xa5\xda\xaf\x0d\x56\x89\x8d\x42\x86\xc3\xfb\x62\xe2\x2a\xf6" "\x2d\x7a\xc3\x18\x68\x58\x34\x46\x7f\x33\x75\x61\xdd\xe2\xe0\xc1\xe2" "\x82\x7c\xdf\xfc\xf4\x2c\x17\x72\x8e\xe6\x4b\x3f\xf4\xcc\xc0\x22\x75" "\x90\xba\xdd\x0b\xd7\xe4\x48\xb8\xcc\xa0\x89\x2d\x6a\x5e\x01\x30\xd2" "\xac\x66\x5f\x47\xc6\xb2\x8d\xaa\x10\x1c\x1b\x31\x98\x69\xbd\xd3\x9f" "\xa9\x24\xd6\xd9\xba\x7d\x72\xfe\xda\x5f\x21\xac\x78\x64\x1c\x7d\x48" "\x01\xd4\x1c\x78\x79\x72\x1b\x3b\xe4\xda\xb4\x0d\x9c\x4a\x78\x55\x24" "\x40\x10\x1f\x37\x34\x89\xcc\x52\x40\xb0\x14\x4a\x9c\xe3\x26\x91\xa7" "\x84\xb6\xdf\xe9\x71\xa2\x1b\xb5\x98\x0f\xf6\x7d\xa2\xd1\xbb\x90\xb2" "\x23\xc9\xe1\x92\xa3\x9c\x1a\xea\xdd\x1f\x5c\x79\x08\x11\x07\x9c\x0b" "\x51\xa9\x71\x05\xc9\x9b\x6f\x95\xd7\x1b\xb3\xea\x47\xc3\x3d\x9d\xcb" "\x0a\x53\xc9\x29\xc4\x44\x99\xe1\x84\xa3\xcd\x72\x2c\x90\x8d\x3b\x0d" "\x15\x7e\x28\xff\xde\xb2\xed\x71\x92\xe7\x80\xd9\x6a\x7a\x2f\x0f\xd5" "\xa8\x7b\xdc\x97\x3e\x04\x9d\xa0\xca\xf9\x31\xf2\x6f\x5a\x21\x81\x3e" "\x2e\x60\x2c\xeb\x22\x59\x99\x7e\x02\x05\xce\x48\xfd\x94\x24\xbd\x6d" "\x4d\x75\xdd\x43\x01\xf4\x29\xee\x30\x74\x5c\xd8\x39\xa4\x0d\xbe\xab" "\x4c\x3d\xb2\xf0\xf1\x0b\xba\xea\x07\x1c\xa4\x1d\x13\x92\x38\x56\x81" "\x73\x0a\x36\x78\xa5\xf6\x0f\x60\x4d\xbe\x19\xcb\x9d\x7d\xd2\x34\x33" "\x7e\x32\x74\x51\xb8\xcc\x65\x39\x4a\xf3\x99\x43\x2e\xf7\xfc\x37\x65" "\xd0\x55\x87\x4e\xbd\xca\x14\xe5\x99\x92\x92\xd6\xf7\x2f\x31\xe9\x2b" "\xac\xf2\x5d\xb5\xef\x8f\x52\x12\x95\x2c\x19\x10\xde\x06\xdd\xbe\x16" "\x87\xa0\xe1\x83\x79\x22\xf2\x22\x82\x89\x91\x6e\xd3\xae\xb7\xb9\xcc" "\x24\xda\x3a\xe4\x71\x39\xe3\x71\x93\x0a\xfa\x6d\x35\x73\xdf\x67\x32" "\xc2\x6c\x0c\x7a\xe0\x6d\x9c\xed\xfa\x77\x16\x07\x11\xbc\xb0\x6e\x65" "\x53\x33\x8d\xea\xe4\xc5\x73\x1c\xf5\x3c\xc1\x54\x11\x30\x96\xd0\x2f" "\x30\x36\xd7\xd9\xed\xfc\xdc\x33\x1e\x4b\xb8\x60\xc5\x20\x84\x89\x21" "\x2e\x90\x4e\xab\x70\xe7\xf8\x60\xb0\x37\x98\x95\xcb\xde\xcb\xf7\xa0" "\xb7\xa2\x5e\x5b\x85\x3c\x7d\xbe\x08\xa4\xe2\x96\xa3\x0a\xfe\xc8\xcf" "\x5a\x9f\x6e\xa4\xae\xf3\x2a\x50\x86\x55\xd5\x39\xa7\x70\xb2\x1e\x66" "\x0c\x9e\xe1\xd7\x68\x8c\x56\xab\xeb\x7c\xf1\xaf\xcc\xc8\xd5\x97\x80" "\xcf\x26\x31\x25\x89\xe0\xc8\xe1\xbc\x00\xad\x7b\x13\x25\xcd\x9a\x5d" "\xd6\x92\x46\xe0\xb3\x34\x07\xc3\x81\xea\x09\x26\x51\x54\xae\xc2\x97" "\xe4\xcc\xdf\x97\x85\xa1\x04\x2a\x83\xe7\x7c\x13\xd4\xce\x43\x60\x78" "\x2f\x24\x28\xf9\x91\x6b\x5c\xd1\x23\xb0\x89\xeb\x68\x3d\x30\xc1\xe8" "\x95\xb9\x94\x4a\xa9\x05\xa1\xa5\xb5\x23\x01\xd8\xcc\x5e\x47\x41\x83" "\x4e\xad\x6e\xbd\xb5\xdc\x05\xc9\xc4\x9c\x5e\x88\x3e\x99\xd4\x0b\x98" "\x38\x03\x7b\xea\xf8\x76\x53\x4d\x74\x78\x56\x10\x3e\x59\xca\xf6\x26" "\x6f\xbb\xe7\x60\xb6\xef\x83\xd0\x04\x63\x4b\x74\xf1\x4f\x8e\xb4\xae" "\xf9\x3c\x4c\xc9\xcb\xbd\x78\xd8\x3d\x53\x2c\x70\xfe\xef\x51\xea\x3f" "\x17\x0b\x25\xd8\x1a\x6a\x9b\x07\x4b\xfc\xa7\xe9\xb3\x77\x1b\xf8\x35" "\x17\xe0\xdd\x9d\x06\x00\xf7\x0b\x86\xb2\x0f\x61\xfe\x36\x07\x6f\x8b" "\xad\xa3\x34\xb2\x39\x0f\xa9\x54\x97\x3b\xc9\x01\x61\x9a\x3c\xfd\x03" "\x93\x49\xcb\x32\x86\x25\xf4\x95\xab\x28\x8d\xbd\xd6\xdb\xfd\x02\x2c" "\x2a\x83\xf5\x9e\x0b\x99\x86\x19\xa1\x2e\x35\x89\x1b\x5a\xe9\xe8\x3a" "\x71\x76\x55\x07\xb4\xa5\x71\xcd\x22\x41\xe5\x88\x5c\x70\x52\x44\xc1" "\x02\x26\x88\xbe\xf7\xc5\x06\x5f\xbc\xf2\x19\xfc\x01\x75\x3a\xdb\x61" "\x1b\x3f\xbc\x09\x40\x3d\xcb\x10\xa4\xf9\x9d\x78\x86\x67\xef\xf7\x5f" "\xa2\x70\x74\xca\x84\x81\xa6\x33\x53\x0e\x26\x16\x3c\xcf\x7d\xad\xa0" "\x49\xd2\x3e\x71\x7e\x06\x7b\x6f\xa5\xb2\xf6\x52\xbc\x50\xab\xda\x9e" "\x7c\xcd\xc5\xf2\xf3\xc3\x5e\xcc\x2c\x44\x31\xc8\x19\xc9\x69\x1b\xe4" "\x42\x2e\x37\x97\x50\x77\x4e\x9f\x39\xda\xe0\x6f\x26\x42\x3c\x8a\x42" "\x78\x78\x9c\x9f\x31\x11\xb4\x3f\x6d\xd2\x5b\x0a\xd4\x7c\x4c\xc5\xfd" "\xa3\xf3\xed\x82\x07\x9c\x93\x66\xe0\xad\xce\xd8\x83\x48\x8f\x42\x9c" "\x1d\x7e\x1b\x35\x1f\xd0\xbb\x20\x4d\xd7\x97\x7e\xf2\x24\xc4\xdf\x6d" "\x7a\x5f\x76\x97\xbc\x65\x00\xa7\xd0\x3a\x8a\x91\x41\x54\x77\x9f\xa7" "\x09\x2b\xf1\xbe\x6b\xad\x40\x92\x36\x7c\xe5\xd2\x95\xa5\xd5\xd0\xe7" "\xc4\x69\xf3\x72\xca\x20\x11\xd6\x12\x63\x70\x25\xe8\x9f\x17\x8a\xe9" "\xad\xa0\xc5\xb7\x3b\xcb\x7d\x7c\x03\x4f\xf5\x95\x26\x3c\xd4\x21\x6e" "\x3c\x76\xba\x5f\x3d\x81\x93\x2a\x08\x8a\x90\xbf\x80\x43\xe8\x77\xe2" "\x99\xc6\x70\xef\x16\x22\xa0\x98\xd5\x51\x9d\x9a\xdc\x4e\xe7\xd4\xcd" "\x00\xe5\x93\x4a\x43\x75\xfa\x83\xfd\xb8\x12\x14\xb8\x92\x48\x2b\x31" "\xbd\xde\x59\xa7\x0a\xaf\x25\xcb\x7f\x41\x7c\x3a\x2a\x91\xc4\xe5\x4b" "\x48\x14\x9f\x6c\x41\xd9\xd3\x96\xee\x6f\xf1\x3e\x30\x28\xc6\x4a\x7c" "\x9b\x1f\x2e\x7c\x6e\x67\x18\x4a\x3d\x52\xd6\xf5\x70\xdb\x3d\x22\x5c" "\x94\x74\x23\xc4\xc6\x53\x3f\x22\xdf\x57\xd1\x5c\x5e\x5a\x31\x83\x42" "\x2b\xd3\x78\xb0\x6f\xe4\x73\x2a\x94\x01\xdc\xb1\x98\x40\xfb\x8f\xa5" "\xc5\x0a\x0f\xf4\x97\xfe\xf3\x62\xc5\x07\x75\x3e\x46\xb8\x88\x1d\x3e" "\x76\x7f\x3b\x1d\x89\x3a\x38\x05\x94\x1c\x94\xf2\xef\xa0\x5c\xe3\x4b" "\x9e\xa8\x1d\x71\x69\x84\xaf\x68\x34\x23\x0d\x47\x07\xa8\x70\x89\xd4" "\x07\x79\x50\x3e\xe6\xa9\xbb\x24\x5d\x7d\x99\x7f\x14\xac\xb8\x0e\x89" "\x73\x1c\x04\x2b\xbb\xbe\x3d\xcd\x05\x17\x7b\x0e\xe0\xee\xc2\x34\x55" "\x83\x0e\xf5\xb6\x5a\xca\x35\x7f\x2b\x0b\x88\x7e\x0b\x98\x21\xc0", 4096); *(uint64_t*)0x200003a8 = 0x1000; *(uint64_t*)0x200003b0 = 0x20000340; memcpy((void*)0x20000340, "\xb7\x68\xeb\x20\x30\x4f\x2f\xdc\x5a\x96\x94\xa4\x86\x78\x40\xd9" "\x31\x70\xca\x1a\x86\x40\x6f", 23); *(uint64_t*)0x200003b8 = 0xfffffec0; *(uint64_t*)0x200003d8 = 4; *(uint64_t*)0x200003e0 = 0; *(uint64_t*)0x200003e8 = 0; *(uint32_t*)0x200003f0 = 0x8010; syscall(__NR_sendmsg, /*fd=*/r[0], /*msg=*/0x200003c0ul, /*f=*/0ul); break; case 2: *(uint64_t*)0x20003b00 = 0; *(uint32_t*)0x20003b08 = 0; *(uint64_t*)0x20003b10 = 0; *(uint64_t*)0x20003b18 = 0; *(uint64_t*)0x20003b20 = 0; *(uint64_t*)0x20003b28 = 0; *(uint32_t*)0x20003b30 = 0; *(uint32_t*)0x20003b38 = 0; *(uint64_t*)0x20003b40 = 0; *(uint32_t*)0x20003b48 = 0; *(uint64_t*)0x20003b50 = 0; *(uint64_t*)0x20003b58 = 0; *(uint64_t*)0x20003b60 = 0; *(uint64_t*)0x20003b68 = 0; *(uint32_t*)0x20003b70 = 0; *(uint32_t*)0x20003b78 = 0; *(uint64_t*)0x20003b80 = 0; *(uint32_t*)0x20003b88 = 0; *(uint64_t*)0x20003b90 = 0; *(uint64_t*)0x20003b98 = 0; *(uint64_t*)0x20003ba0 = 0; *(uint64_t*)0x20003ba8 = 0; *(uint32_t*)0x20003bb0 = 0; *(uint32_t*)0x20003bb8 = 0; syscall(__NR_sendmmsg, /*fd=*/r[1], /*mmsg=*/0x20003b00ul, /*vlen=*/3ul, /*f=*/0ul); break; case 3: res = syscall(__NR_dup2, /*oldfd=*/r[1], /*newfd=*/r[0]); if (res != -1) r[2] = res; break; case 4: *(uint32_t*)0x20000040 = -1; syscall(__NR_setsockopt, /*fd=*/r[0], /*level=*/1, /*optname=*/0x21, /*optval=*/0x20000040ul, /*optlen=*/4ul); break; case 5: *(uint64_t*)0x200029c0 = 0; *(uint32_t*)0x200029c8 = 0; *(uint64_t*)0x200029d0 = 0; *(uint64_t*)0x200029d8 = 0; *(uint64_t*)0x200029e0 = 0; *(uint64_t*)0x200029e8 = 0; *(uint32_t*)0x200029f0 = 0; *(uint32_t*)0x200029f8 = 0; *(uint64_t*)0x20002a00 = 0; *(uint32_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0; *(uint64_t*)0x20002a18 = 0; *(uint64_t*)0x20002a20 = 0; *(uint64_t*)0x20002a28 = 0; *(uint32_t*)0x20002a30 = 0; *(uint32_t*)0x20002a38 = 0; *(uint64_t*)0x20002a40 = 0; *(uint32_t*)0x20002a48 = 0; *(uint64_t*)0x20002a50 = 0; *(uint64_t*)0x20002a58 = 0; *(uint64_t*)0x20002a60 = 0; *(uint64_t*)0x20002a68 = 0; *(uint32_t*)0x20002a70 = 0; *(uint32_t*)0x20002a78 = 0; *(uint64_t*)0x20002a80 = 0; *(uint32_t*)0x20002a88 = 0; *(uint64_t*)0x20002a90 = 0x20000f00; *(uint64_t*)0x20000f00 = 0; *(uint64_t*)0x20000f08 = 0; *(uint64_t*)0x20000f10 = 0; *(uint64_t*)0x20000f18 = 0; *(uint64_t*)0x20000f20 = 0x20003bc0; memcpy( (void*)0x20003bc0, "\xb6\xc7\x05\x2c\x34\xb0\x70\x7c\x30\xfc\xba\xc8\x98\x75\xa1\x28\x61" "\xbc\x68\xee\x8d\x7c\x84\x5f\x2f\x7e\xfe\xde\xca\x05\xb3\x95\xbb\x39" "\x5b\x08\xf7\xa5\x9b\xab\xc4\x60\xf0\x16\xc1\x0a\x6d\x1a\xa6\x15\xcc" "\x83\xf5\xd3\x72\x81\xb9\x54\x24\x51\xaf\x4b\xf0\x67\x6c\x13\x01\x6a" "\x1f\x72\x3a\x4f\xa9\x7d\x08\xcb\x9f\xdb\xfc\xcc\xae\x4b\x2d\x05\xfe" "\x6c\xdb\x40\xef\xc7\x3e\x09\x2a\x26\xe4\x3b\x75\xf7\x0e\xbf\x07\x59" "\x10\x9b\x5b\x0d\x80\x50\x72\x08\xff\x80\x3b\x02\xc4\xf9\x8b\x40\x1f" "\xd2\x0f\x3b\x0a\x82\x48\x78\x6b\xed\x7c\x5c\xd4\xf3\x39\x94\x09\xb8" "\xd2\x3b\x60\x40\x40\x54\x99\x06\x1c\x5f\x88\x0b\x5b\xbd\x53\xd7\x27" "\xd4\xc5\x5f\x7b\x89\x9a\xc2\x09\xf2\xc5\x72\xbd\x81\xdb\xb3\xf6\x1e" "\xca\x80\xf7\x4d\x3a\xce\xdc\x04\x03\x55\xc1\x51\x8b\xeb\xad\xf0\x30" "\x9b\xfd\xfa\x82\x6d\x6d\x76\x65\xd1\x99\x57\xaf\x35\xdd\x04\xe2\x29" "\x7a\xb8\xbf\x5c\x49\xa1\x7c\xfc\xe2\xf5\x2f\xe5\x30\x78\x51\xa3\x1f" "\xba\x19\xb3\x16\x3d\xec\x8c\x9e\xbd\xd4\xc0\x4b\xfa\x54\x32\x21\x05" "\xb8\x73\x20\xef\xbc\x40\x7c\x4c\x16\x2a\xa7\x68\x87\x75\xef\x26\x79" "\xe9\xcf\xb2\xbe\xc7\x1b\x6e\x59\x53\x59\x56\x18\xaa\x25\x3e\x77\xf7" "\xcc\x97\x0b\x49\xd4\x41\x31\x97\xfe\xf5\x3c\xe0\xf0\x8d\x4d\x08\x86" "\x43\x74\xcc\x36\x17\xed\x99\xe7\xbe\xd5\x88\xad\xef\xb0\x18\xc9\xee" "\xfc\x90\x45\x46\xbc\xed\x43\x98\xc7\x08\x19\x01\x20\x27\x07\x5b\xd9" "\xf5\xd9\x5d\xd2\x9e\xb4\xc5\xd7\xc2\x1b\xe7\x9a\xc0\x3a\x58\x5e\x46" "\xd1\x4e\x6d\xf3\x0a\x77\xb5\xff\x6b\xcc\x6c\xf5\xcd\xff\x23\xeb\x9c" "\x7d\xfd\x54\x37\xf0\x10\xbc\x6e\x06\x27\x09\xc2\xc4\xb8\xa2\xed\xb2" "\x3e\xde\x0b\x3f\x81\x77\x21\x21\xe9\xa2\x71\xde\xcb\xc2\x40\x93\x21" "\x04\xa9\xb6\x02\x2a\x13\xbc\x0c\x1e\xf3\x41\x76\xbb\x67\x14\xa5\xe4" "\x77\x90\x4f\x43\x2f\xe7\xe8\x1c\x5a\xf2\x2e\x02\xfd\x3c\x30\x07\xd6" "\x7b\xd7\x3f\x75\x6f\xf9\x4d\xfd\x79\x31\x23\xb2\x3c\x80\x6d\xff\xc2" "\xc2\x3e\xee\xd9\xf6\xba\x18\xc0\x61\x4c\x6c\x64\x0a\x10\x3f\x59\xe1" "\x2a\xc9\x1a\xb1\x81\x50\xf3\xc8\xac\x04\xcc\x33\xd0\x68\xad\x7d\x42" "\x1d\x8c\x33\x6f\x45\x32\xd4\x6b\xa3\xdf\x0f\x4a\x28\x7f\xb7\x90\xe9" "\x39\xf1\xda\xe7\xf2\x93\xd3\x51\xa2\x40\x01\x65\x11\x15\xb3\x61\x5f" "\x0d\xf8\xef\xf5\x28\x33\x33\x02\xf7\x24\x47\xf5\xcb\x9d\xfe\x4f\xe2" "\x8c\x43\xcc\x94\x26\xa3\x14\x62\x1c\x5e\xf6\xd8\x4f\x24\xb5\x4f\x81" "\x93\x4d\x56\x95\xfa\x7e\xf7\x68\xc0\x4f\x62\x7c\xcb\xe9\x6e\xe5\x94" "\xbe\xa4\x64\x42\xcf\x3f\x33\xcc\x87\xa9\xcf\x2d\xa8\x0c\x45\xe9\x86" "\xc0\xc1\xb2\xc5\x51\xb9\x31\x95\x34\xe1\xb3\x46\x51\x0e\xc0\x8e\x15" "\x2f\x59\x13\xd9\x65\x17\x5d\x2e\x5d\xaf\xe3\xbc\x51\x88\x40\x85\x93" "\xf6\x42\xcb\x9e\xef\xc5\x3f\x4e\x75\x0c\xf4\xce\xb1\x36\xed\xb0\x68" "\x21\xdd\x2c\xd2\x36\xcf\xdb\xc2\x21\x9c\xe2\x42\x1d\xcc\xb0\x48\x88" "\x5d\x03\x3e\xfc\x55\x43\x82\x8f\x3c\x90\xb8\x3d\x62\xc1\x95\xb3\x15" "\xda\x59\xce\x08\xb2\x76\x04\x23\x78\x31\xf5\xac\x96\x2d\xa1\x64\x4f" "\x62\x80\x5b\xef\x1f\x2b\xb3\x97\x67\x87\xf8\x2c\x6f\xd8\x7c\x20\xce" "\x14\x85\x01\x66\x59\xaa\x6f\x44\x0c\x38\x39\x7c\xc3\xd7\xdb\x7a\x80" "\x13\x35\x47\xee\x59\x31\xbc\xdc\xba\xed\x8d\x8c\x37\x19\x4b\x4a\xdc" "\x29\xa2\x35\x08\x2d\xde\x24\xe7\x01\x40\x0d\x85\x06\x0c\xc8\xee\xbd" "\x96\xb7\x92\x50\xcf\xcd\x3d\x30\x29\xf7\xb6\x36\x1e\xed\xdf\x32\x19" "\x84\xfc\xfa\xcd\xad\x64\x51\x55\x2d\x56\x36\x1f\x2f\x92\x0d\x00\x9c" "\x2e\xea\xfd\xf3\x4a\xe9\x84\xbe\xee\xa4\x15\x78\x90\xc9\x98\x81\xbc" "\x50\x03\xa9\x9d\x2e\x7e\x53\x4a\x3f\x20\x41\x20\x53\x08\xe3\x11\x99" "\x23\x0f\x49\x38\x8a\x2a\x64\x28\xe1\x12\xf3\x82\x37\xe4\x9d\x84\x23" "\x80\x4a\x43\x22\x17\x8f\x8a\x2e\x21\xba\xca\xd5\xe6\x1c\x2d\x35\xa5" "\xc7\x3d\x0d\xc8\xef\xf9\x21\xb8\x0b\x24\x07\x2c\x30\x20\xc1\x7f\x56" "\x30\x9e\xb3\x66\x33\xbc\x2f\x07\x53\x9b\x27\xda\x89\xe9\x93\x89\x59" "\xd4\x27\xd9\xc9\x93\x2b\xa5\x30\xdb\xc3\x15\x7b\x12\x26\x02\x24\xc7" "\x55\xbb\xc5\xeb\xa8\xbe\x7c\xca\x73\x3a\x65\xd0\x3f\xad\x12\xf6\x04" "\x76\xa1\x9b\x06\x05\x6f\x45\xa3\xb6\x43\xeb\x92\x33\x3b\x1f\x68\x51" "\xca\x9f\x31\x91\x23\x99\x10\xc5\x5e\xd1\x90\x3b\x7e\xe5\x9b\x95\x6f" "\xc6\x18\x7f\xc7\xbc\x8c\x20\x81\x97\x8a\x73\x94\xaa\x6c\x2d\xb4\x10" "\xdf\xd1\xf3\x08\x8d\x63\x6c\x33\xfd\xae\x26\xeb\xbb\xa2\xe3\x1a\xfc" "\xf8\x35\x57\x31\x90\xcb\x10\x88\x9e\xfa\x81\xae\x91\xe1\xd0\x4e\x75" "\xf0\xe5\xaf\x53\xfb\x6f\x55\xdf\x4e\x15\xe6\xf2\xfd\x96\x5b\x0b\x1d" "\xa5\x7f\xd3\xec\x42\xfd\xd0\x3b\x6c\x59\xff\x8c\xb2\xf5\x2d\x54\xa1" "\x13\xd1\xfa\x74\xff\xd0\x17\x8d\xd5\x9a\x55\xf9\xe1\x6e\x80\xe6\xf6" "\x56\x46\xaa\x5e\x40\xb7\x4e\x8f\xcf\x2e\xfe\xf6\xa2\x59\xe4\x4a\x02" "\x0c\x43\xcb\x55\xa1\xfb\xb2\x24\xb2\xed\x9e\x83\x3d\xdf\x3b\x53\x57" "\xcb\xf7\x7b\xed\x18\x99\x74\x8d\xa7\x99\xa2\xdc\xbb\x28\xbf\x84\x77" "\xb7\x53\x9c\xe6\x62\x18\xf4\x9c\x44\xd4\x1b\x2a\xe2\xdf\x0b\x22\x5d" "\xd9\xfa\x40\x04\xec\x36\xee\xec\x56\x09\x73\xea\xb9\x74\xec\x55\xa6" "\xfa\x45\x00\xcf\xc4\x29\x95\x7f\x2c\x08\xeb\xa8\x6e\xd6\x3f\x28\x84" "\xd8\xcc\x90\x9a\x19\xf6\xa8\x70\x1a\x4a\xa8\xa9\x39\xb7\x8a\x45\xf3" "\x07\x89\x87\x4c\x94\x77\xec\x25\xd6\xb8\x23\xec\x91\x00\x5f\xd7\x48" "\xbd\xa7\x37\xd0\xe7\xb8\xb6\x96\xb1\x77\xd2\x01\xc1\x8c\x4f\xf9\xce" "\x69\x27\xce\x8e\x41\x07\x56\x62\x4d\x9e\x57\x23\x32\xc0\xb0\x39\x84" "\x34\x06\x66\xf5\xd4\xb0\x5b\xd2\xb7\x84\x3b\xdb\xb6\x87\x99\x00\xea" "\xe0\xba\x93\x15\xa4\x70\xa5\x8a\x00\xad\xf6\xae\x49\xbe\xe1\xe0\x70" "\x40\x7a\xc4\x93\xc2\x49\x09\x72\x49\x34\xad\x96\x88\xea\xaf\xd8\x00" "\xeb\xf4\x09\x28\x85\xf1\x1b\xeb\x0d\xf0\x7a\x35\x55\x7d\xf2\x4b\x2a" "\x49\x59\x17\x3b\x74\x3a\x29\x3f\x13\xe9\x79\xce\xa1\x37\xf6\x93\xae" "\x4c\x82\x16\x06\xad\x39\x4d\xdb\x65\xb0\x15\xd6\x0c\x17\xb5\x6e\x40" "\x28\x13\x22\x64\x4c\xcd\x43\x86\xa8\x1a\x78\xda\x1f\x45\x8f\xec\x77" "\xe0\x31\x2a\xcc\x96\xaf\x80\xb8\x30\x7b\xdb\x5b\x1a\xf4\x71\x8b\x22" "\x25\x08\x27\xa4\xe4\xce\xcf\x93\x7a\x87\xcc\xbc\x60\xb7\x23\x8c\x32" "\xdc\x08\xa8\xc9\x3c\x99\x37\x24\x2e\x51\xd5\xb8\x58\xcc\xdc\xff\x6d" "\x47\x5d\xb8\x2e\xa9\x01\xaf\x7e\xb6\xee\x8a\x30\x3a\xbc\x1e\x89\x83" "\x24\x4d\x90\x3f\xf0\x06\x4a\xe8\x87\x10\x1a\x84\xcc\x7e\x1f\x78\xb3" "\xae\x3c\xf4\x72\xac\x0c\x78\xe0\x55\xb7\xce\xcc\x2a\x83\xfa\xac\x5c" "\x83\x91\xb7\xa8\x06\x5f\x4c\xd2\x41\x03\xee\xc8\xb3\xce\x0e\x28\xc7" "\x41\xde\x60\x43\xf5\xee\xe5\xe6\xb6\x72\xf7\x29\x32\x5f\x3f\xb6\x2c" "\x8b\x99\x2f\x22\x29\x68\xe2\xdf\x4b\xe1\x28\xb1\xf8\x5a\x99\x7a\xcd" "\xaf\xda\x36\x42\xb8\xe9\x2c\x6d\xf8\xb9\xa8\x03\x30\x71\x4c\x85\xa8" "\xa9\x5c\x85\x06\x4f\x0a\x41\xe4\x37\x13\xa3\xfb\x25\xea\x5a\xe7\xe5" "\xdf\x85\x1d\x7b\xd7\xae\xdb\x3c\xae\x69\x9d\xff\x61\x28\x1b\x41\xfc" "\x9a\xfc\xba\x68\xf9\x16\x2c\x99\xd1\xa9\x85\xe9\xfb\x6d\xfc\xb9\x07" "\xb6\x6a\xda\xae\xc5\xe7\xcf\xd3\xac\x41\x9d\x8a\xae\x73\x2b\xff\x21" "\x11\xb9\xb6\x13\xb5\xd3\x24\x08\x7d\x49\xcb\x12\xce\x41\x6e\xe7\xff" "\x0b\x39\x9b\xc1\x5f\xcd\x7b\xd4\x67\x78\x68\xed\xcb\x05\xf5\xe2\xe8" "\xe7\x35\x11\x79\xe2\x7c\xa2\x7d\x4e\x8c\x86\xf8\x01\x99\xc8\x5e\xcd" "\x1f\xf5\x43\x94\xfe\xe4\x5b\x81\x88\xa8\xdb\x6e\xcf\x32\xb1\x97\x8c" "\x02\xf3\x96\x7e\x64\x91\x93\x19\x92\xaf\x38\xcc\x0f\x9e\x77\x3a\x3f" "\x24\x96\xed\x88\x5c\xa8\xf7\x52\xd8\x9a\x38\x8d\x3c\x7e\x88\x73\x2b" "\x7e\xd6\x71\x43\x2c\x8e\x89\x87\xc8\xc3\x63\x71\x50\xc3\xf9\x0c\x90" "\x4c\x23\xca\x9c\x0b\x4f\xe9\x34\x09\x14\x3c\x46\x83\x7d\x20\xe0\x0f" "\x74\x78\x2e\xfc\x7d\x22\x8a\x2f\xb2\x4d\x26\x4b\xa1\xae\x0f\x13\x14" "\xfe\x2f\xcb\xb6\x4d\x68\xd9\x9f\x5b\xa2\xc8\x9d\x23\x77\x5f\x0f\x7b" "\x56\x20\x18\x5c\x2a\x14\x11\x50\xb5\x8b\x0a\xac\x89\xc4\xeb\x33\x93" "\xc3\x58\x4b\x50\x8c\x60\x93\x65\x24\x83\xfe\x9c\x0a\xb9\xf8\x99\x1a" "\x20\x96\x82\x5b\xbf\x73\xf6\xd2\xe5\x97\xea\xeb\xb8\xcc\x22\x2b\xce" "\x9e\x96\x1b\xcf\xf2\xa9\xaf\x9d\xc8\xfd\x62\x6b\x68\x89\xf6\xa9\x82" "\x03\xf0\x5e\x08\x06\x51\x3a\x5f\x5a\x81\xe2\x09\x1e\x01\xd4\xf2\x8d" "\xb8\x11\x3c\x92\x33\x01\xc2\x85\x5b\x46\x41\x88\x6a\x69\x06\x41\xa3" "\x91\xb6\x43\xb7\xc1\xac\x81\x6e\xc7\x5e\x2a\x3c\x52\x48\x06\x01\xa9" "\x49\x15\xab\xe5\xf6\x0d\x64\x03\xbf\x17\x51\x69\xd8\xbf\x0f\x1d\x68" "\xd9\x03\x20\x1e\x6a\x5d\xb1\xf7\xfb\x40\xd7\xb1\x42\x5a\xb1\x03\xd2" "\x08\x49\x34\x57\x7d\x78\xb2\xfc\xb9\x7f\x3c\x89\xbb\x52\x48\xb8\x44" "\xc5\x4f\xce\xfc\x2e\x79\x68\xa0\x30\x48\x1e\x78\xf5\x22\xc1\xdc\x86" "\x0c\x68\x1c\x95\xa2\xd5\x82\x17\x98\x67\x87\xb0\x6d\x6e\xa9\x55\x09" "\xda\xff\x8f\xa1\xbe\x07\xea\xa3\x7c\x39\x4e\x86\x97\x59\xeb\x9e\xf1" "\x5e\x1c\xb6\x44\x23\xd8\x0b\x4a\xec\x2c\xa1\x6e\x22\x8c\x26\xe9\x1c" "\xa9\xac\x9c\x5d\x4d\x53\xda\xe3\xfb\x8e\x4c\x93\x93\xff\x67\x3d\xbc" "\x16\xad\xae\x81\xa4\xd7\x98\x14\x5b\x79\x2b\x4c\xc2\x71\x08\x9e\x00" "\x81\xa0\x09\xa0\x6c\x45\x99\xdd\xce\xd5\x03\xbd\x5b\xc6\xb9\x5e\xe0" "\x9f\x3c\x38\xa0\x08\x5b\x2d\xbd\xe9\x1e\x2f\x5a\x1f\x9c\x71\xa1\xa0" "\x79\x6d\x68\xc3\x5f\xad\x3b\xaa\xa1\xf3\xbf\xb2\x2d\x97\x2d\x65\x20" "\xbd\x84\x7d\xd1\x42\xea\xd3\xe1\xfc\x08\xb3\x8e\xf7\x02\xb9\x18\xd2" "\xea\xe5\xd0\xaa\xe9\x2f\x02\x32\xba\xf3\xfb\xaf\xb9\xf9\x38\x17\xaa" "\x77\xe4\x7f\x35\x4b\xdb\x04\xf3\xf6\xa7\xcb\xe9\x31\xc7\xee\x0d\x91" "\xae\xd2\x9b\x7b\xca\x64\xa7\xa7\x59\x21\x45\x0f\x1b\xd7\x66\x81\xd8" "\x57\x25\x51\x59\x4e\x93\x0c\xc5\x2c\xda\x58\x4d\x04\xd5\x7a\x77\x16" "\x7e\x06\x9d\xf2\xc8\xf0\x46\xac\x65\xf8\xfa\xde\x68\xac\x35\x5f\xc9" "\xba\xd7\x1d\xe1\x98\x1b\x02\x60\x70\xe5\x7e\x5d\x9a\x74\x09\x5c\x6d" "\x18\xea\x58\x4c\x45\xfa\x8c\x36\xe2\x9f\x2f\x1d\x84\x2e\xbe\x83\x3b" "\x54\x87\x3c\x84\x0e\x0b\xc2\x4e\x1d\x8d\x4a\x6f\x97\xa2\x7f\x23\x38" "\x86\x7d\x7d\xdd\x2d\x44\x00\xeb\x3d\x45\x98\x1c\xa6\x8c\x9c\x7f\x9c" "\xd5\xb9\x9e\x3f\xed\xfe\x46\xdb\x7c\x9d\xc4\x2e\x71\x16\x23\xa5\x4e" "\xae\x3d\xc6\x2f\x0c\x86\x1f\xe9\x82\x73\xc9\x8b\xb7\x29\xec\xef\x9a" "\x64\x0e\xff\x86\x1c\xdd\x65\xd5\x92\xe4\xed\x57\xcb\x99\xe2\x4b\xcb" "\x8f\x0a\x28\xd1\x63\xd0\xb7\xe9\xa1\xc8\xe2\x93\x0a\x7f\x90\x55\x6a" "\x2f\x88\x70\x42\xb5\x45\xa1\xb0\x3b\x09\xff\x3f\xcf\x97\xcb\x6d\x1f" "\xc2\x04\x9c\x1a\x11\x86\xf9\xdd\x58\xb0\x06\xd4\xb0\x5c\x62\xe3\xb2" "\x88\x96\x23\xd8\x73\x0b\x87\xf6\x59\x5c\x18\x2f\xe5\x18\x1b\x15\x43" "\xe7\xfc\x36\x86\x35\xf3\xdb\x8c\xf7\xa5\x27\x8f\x72\x12\x44\x89\xa4" "\x0b\x0a\x4a\xa3\xb8\x4a\x78\x0f\xac\xef\x41\xe5\x0a\xc7\x49\x4a\xcc" "\x04\xa5\xa5\x80\x13\xb5\x50\x60\x73\x7b\x4c\x14\xae\xb2\xf2\x36\x74" "\x82\x06\xc2\x1a\x57\xb1\xff\x75\x4e\x22\x83\xda\x51\xf5\x33\x82\x7e" "\x68\xb8\x66\xf7\x73\xaa\xf9\x65\xae\x39\xea\x87\x96\x7a\xe9\xc7\x92" "\xca\x7c\x5d\x78\x27\xd9\xa3\x6d\xc9\x76\x27\x22\xef\x51\xb8\xc0\x1d" "\x1a\x9a\x58\x1f\xab\x70\x36\xde\x7f\xe8\xa0\xd9\x67\x99\xd9\xa4\x7a" "\x49\xb8\x8b\xfc\x9b\x5f\x75\x9b\x0e\x2c\xaa\xb2\x49\x9b\xc3\x9e\x8d" "\x95\x37\x75\x78\x1e\x05\xf6\x43\x45\xee\x49\x6b\x25\xef\xc1\xf4\xfd" "\x15\x88\xb6\x58\xbe\x2a\x88\x01\x2e\xc5\x56\x09\xf3\xc1\xe5\x1f\xd3" "\xc7\x17\xdd\xf6\x78\x2a\xff\x14\x0c\x43\x4f\x50\x98\x20\x46\x82\x91" "\x6f\xe7\x26\x97\xee\xa3\x8d\xd2\x43\x3b\x39\xf7\x31\xca\x28\x84\x09" "\xd3\x79\xae\xa5\x0b\xb2\x56\x4e\x42\x8c\x67\xd3\xf2\x27\x35\xd5\x79" "\x42\x3b\xd2\x5c\x6f\x56\xb4\xc4\x3d\x62\xf3\x1b\xe9\x7c\x34\x28\xbb" "\x72\x9d\xe7\x98\xa9\x5e\x19\x8d\xdd\xbf\xee\xc3\xeb\x5d\x0b\xe4\x88" "\x8a\x21\xab\x7e\x52\x9f\x57\x4a\x68\x61\xfb\x18\xb0\x85\x21\xbb\x82" "\x89\x80\xd9\x05\x5b\x39\xb1\x37\x53\xb0\x04\x08\x2f\xaf\x4b\xe5\x91" "\xff\x38\xc8\x33\xc1\xe8\xa5\x97\xab\x1e\x91\xe1\x5f\x77\x30\x0d\xa9" "\x7a\x40\x4f\x47\x73\xd3\x67\x7e\xf7\xa1\xe0\x6c\xd1\x32\x2f\xc3\x79" "\x5e\x55\xe8\xbf\x23\x0b\x3f\xf7\x78\x07\x3b\x56\xc5\x37\xc5\xde\x6b" "\xad\x6a\xeb\x20\xeb\x6f\x5a\xb3\x5e\xe7\x51\x94\xfe\x7b\xf9\x1e\x12" "\x6e\xcf\x70\x53\x20\xf3\xc3\xd5\x34\xb8\x84\xb9\xd1\xc2\xec\x34\x8b" "\x82\xc1\x41\xb1\x40\xf0\x7f\x52\xb5\xe6\x69\x79\x30\x8c\xeb\x33\xf2" "\x0d\x56\x7e\xb7\xd6\xf3\xad\x79\x70\x88\xa3\xc1\x31\x50\x38\xb5\x66" "\x7d\xdc\xe4\xda\x70\x19\xe3\x5e\xf0\x7b\x4e\x13\x25\xfc\x0d\xa3\x8d" "\x18\x17\xe8\x26\x3d\x3d\x87\x22\x76\x37\x21\xc4\x22\xde\x19\x31\x65" "\xce\x54\x4d\xbf\x95\xa7\x48\x84\x42\xca\xc7\x8a\xa4\x20\x5d\xca\x90" "\x9d\x32\x35\x43\x25\x39\x13\x25\x75\xc3\x5e\x71\x7d\xaf\x48\x06\xb2" "\x4d\xd3\x65\xec\xeb\xa3\xce\xfd\xdb\xdf\x0c\x04\xa9\xac\xc5\x75\xc3" "\x78\x88\x17\x4f\xfa\x34\x85\x26\xda\x60\x07\x41\xca\x26\x42\x64\x34" "\x41\x91\x87\x69\x0b\x72\xea\xd1\xb7\xc9\xae\x88\x27\xf9\x5d\x92\x01" "\x66\xef\xf7\x3d\x63\x3f\xf6\x23\xe3\x4b\xac\xc6\xa8\xbb\xae\xf3\x1f" "\x52\x40\x6a\x7a\xcd\x3e\xcc\xbb\xb6\xe4\x06\x6e\x38\xb8\x1f\x8d\x9b" "\xd7\xa1\xe9\x04\x3d\xc0\x27\x75\x2f\x77\x8b\xb0\xa4\x64\x14\x4b\x1f" "\x30\x74\x1d\xa8\xf8\x7a\xa8\x17\xdb\x5a\x85\x92\xf5\x68\x55\x07\x37" "\x84\xe6\x4c\x41\x1b\x3b\x3a\x25\x0f\x93\x1d\x7f\x3d\xc1\x6d\x4b\x13" "\x5f\x89\xf7\xe2\xc6\x12\xfe\xcd\xc6\xa2\x70\xf5\x9f\x09\xc5\x9c\xd7" "\x5d\xe6\xde\x1d\x43\x61\xd9\xce\x9c\x7e\x02\x51\xbd\x76\x68\x6c\x47" "\x41\xd3\x22\xb4\x2d\x8c\x04\x2e\x04\xa8\x1d\xdd\xfb\x37\x4e\x05\x8a" "\xa4\x0d\xcb\xcd\xda\x59\xce\xfe\x6e\xa4\x0a\x21\x29\xe9\xb6\x30\x29" "\x11\x77\x41\x93\x14\x5b\xa0\x7a\xd8\xd9\x42\xe0\xdd\xa2\x5a\x85\xca" "\x67\xbb\x84\xb2\x9d\x65\x60\x77\x74\x2e\xf8\x3f\xde\xbc\x37\x39\xdc" "\xd5\x04\x32\xcd\xa8\x36\x81\xaf\x1e\x1c\x6e\x41\xd4\x5d\xab\x59\x65" "\xf0\x12\xcd\x43\x6f\xcf\xec\x5d\xc0\x38\x62\xec\x07\xb5\x24\xc0\x25" "\xb7\x44\x16\xab\xdb\x34\x0f\xf3\xec\x9c\xd4\x09\x19\x31\x62\x1d\x34" "\xed\x00\x8a\x45\x14\x50\x3e\x79\xe7\xbf\x80\xdb\x09\xe1\x03\x38\xdc" "\x5f\x41\xa6\x94\xad\x5b\xc2\x82\xf1\xfd\x4c\x40\xf8\x0f\x1f\xf5\x80" "\xa5\xf3\xc1\x3b\x79\x9c\x37\x28\xed\x0b\xcf\xb5\x99\x21\x69\x53\xfe" "\xd2\xa9\x8f\xad\x07\x35\x12\xbe\xe2\xec\xba\x7f\xb0\x73\x8b\x7c\xfd" "\xf1\x8b\x66\x26\x66\x31\xdc\x10\xf1\x64\x9f\x47\x23\x41\x4b\xad\xf4" "\x7d\x49\x01\xfb\x68\xe7\x3d\x93\x75\xe6\x3f\x0d\x1d\x16\x13\xd4\x5a" "\xd7\xdc\x30\xb4\xa2\x17\x54\xea\xaa\x30\x4f\x9f\x08\xbe\x9b\x72\xa7" "\x4c\x10\xc0\x4b\x93\xca\x1a\x2e\x7c\x11\x88\x02\xf4\xd8\xd2\xf9\x5e" "\xbf\x02\x7e\x8a\x3b\xd5\x42\x39\x45\xcd\x8b\xac\xcb\xfe\xc6\xb0\xe0" "\x1b\xa8\x51\x19\x56\x0d\xf9\xd6\x60\x33\x6b\x96\x3c\x51\x1f\x0e\x28" "\x95\xe4\x04\x44\xd4\x15\xb0\x94\x35\x34\x82\x76\xcf\x94\xd5\xd7\x1b" "\x99\x6b\x2b\x9f\x7a\x65\xef\x9f\xf6\xd2\xf8\x55\x4e\xad\x12\xae\xa6" "\xbe\x2b\x90\xb9\x6a\x21\x1e\x31\x3a\x60\x63\x84\xc2\xa0\xfd\xe9\x79" "\xcd\x55\x56\xe7\xb4\x11\xaf\xb1\x3c\x09\x50\x61\x4f\x2a\xdc\x63\x2f" "\x59\x9e\x8c\x3e\xcc\x13\x90\x1d\xad\xf9\xee\xc8\x69\xe3\x99\xff\x31" "\x3e\x9b\xa2\x07\x26\x29\x47\x34\xf0\xfa\x3f\x61\x22\x30\x1a\x89\x5b" "\x71\x75\x23\x00\x7c\x36\x14\x60\x57\x01\xf0\xe5\xa9\x5d\x2f\xc3\xce" "\x84\xa7\xc5\xe9\x5e\x74\xe6\x67\xa2\x4e\xc7\xdd\xdd\x2a\x45\x63\x1a" "\xb9\xb9\x19\x36\xfe\xd7\x0e\xb4\xd8\x36\x12\x82\x03\x6d\x86\x56\x3e" "\xa2\xa0\xa6\x6a\x8c\x13\x39\xbb\x6a\xa8\x62\x7d\xf7\x39\x8b\xda\x76" "\x31\x77\xb1\x40\x87\x6d\x72\xa7\x37\x33\xc8\xd4\x89\xb5\xc9\xb5\xb9" "\x66\x67\x1b\xb8\xc5\x17\x6f\x64\x8d\xd3\x78\x40\x73\x0c\x0d\x50\x37" "\x99\xce\xff\x13\xff\x4e\xdd\xfc\xa5\x58\x24\x6e\xf1\x48\x28\x15\x40" "\xe6\x19\xcc\x77\x2f\x99\x39\x53\xe6\x9b\x9f\x23\xd9\x96\xc1\xd6\x37" "\x1f\xe7\x77\xae\x01\xc7\x86\xe7\x9d\x5a\x18\xaa\xdc\x40\x1c\x6e\xa8" "\x5a\xc3\xc0\x2c\x74\xdb\xa0\xee\x3e\xb6\x3b\xa3\x1a\x22\x9d\x60\x2a" "\x64\xcf\x09\x13\xd7\xf2\x94\xee\x55\xa3\x7f\x96\xd6\x58\x8b\xb7\x9e" "\x2d\x98\x38\xf1\x42\xea\x5a\x8f\xa9\xbc\x6e\xcf\xb2\x35\x8b\x2f\xf1" "\x08\x97\xf9\x2d\x38\x6d\x73\xdc\xa7\xa2\xcd\xab\xc5\x95\xc2\xb2\x16" "\x06\xd2\x83\x5a\x8f\xd1\xef\xab\xe8\x8a\x0f\xda\x05\x5d\xf5\xa9\x3d" "\x89\x28\x9c\xfa\xe2\xd7\x35\xb9\x07\x64\x29\x18\xda\xe1\x24\x2d\x13" "\x8c\xdf\x16\x7b\xe0\x68\x09\x25\xd7\x4b\x80\x0a\xc9\xde\xb5\xcd\x27" "\xc0\xd2\xed\x97\x2f\x75\x76\xf2\x1c\x8f\x3a\xcd\xbb\xad\x8f\xfc\x6b" "\x05\x05\x57\xe3\x06\xcd\xb6\xba\xc5\x4e\xa8\x2d\xce\xf0\xf8\x88\xd3" "\xea\xa5\x16\xd9\x6f\x60\xc4\x15\x6a\xfc\xf7\x37\x39\x47\x84\x32\x31" "\x73\xb2\x94\x93\x07\x61\x1d\x52\xec\xcd\xc5\x96\x6b\xf8\xc3\xd0\xef" "\xc7\x6f\xf0\x99\xff\x07\x49\x7c\x88\x3a\x6c\xa5\x33\xca\x5b\x5d\x62" "\x14\x29\xea\x0d\xb6\x11\x57\x68\x74\xad\xc9\xf9\xe5\x67\xce\x48\xca" "\xd4\xd1\xf7\xed\x1f\xcf\x04\x77\x1e\x0f\xac\x23\x40\x9a\xd8\xd6\x1d" "\x75\xf8\xd8\xaf\x64\xea\x19\xe9\xc6\x71\x17\x9c\x15\x65\xfc\xe7\x3c" "\x68\xfc\xf8\x68\x12\xa1\x0e\xa9\x28\xe9\x08\x0d\x28\x25\x41\x17\xd7" "\x8f\x97\x56\x36\x12\xb3\xe8\xbd\x05\x52\x8a\x95\x7b\xf7\x53\x52\x03" "\x41\xb9\xba\xb3\x44\x26\x91\x9d\xac\xf0\x15\x27\xe3\xe7\x19\xd6\x4a" "\x69\x48\xc6\xb5\x02\xca\xec\x4f\x67\x7b\xb6\xcd\x8e\xb5\xb3\x16\x6b" "\xc7\x4b\xd1\x3f\xfb\xc3\x19\x3e\xda\x6d\x53\xad\xc6\x6e\xe7\xdb\x08" "\x23\x00\xa8\xe4\x8d\xfb\x67\x2b\xfc\x08\x99\x38\x70\xe9\x61\x3a\x7e" "\x53\x39\xbc\xd2\x2f\x64\x4d\x04\x4e\xdc\x3c\x44\xb1\x45\x0c\xc3\xa7" "\x79\x7c\x7f\x0c\x4d\xd9\xbd\x58\xd2\xe9\xf9\x26\xc8\xf4\x6e\x6f\x38" "\x49\xdf\x04\x27\xf7\x92\xf9\x38\x92\x19\x78\xb4\x9a\x10\x03\x77\xb0" "\x7d\xb5\xb7\x93\xec\x56\x2f\x05\xe4\xa1\xb1\xd7\x87\x6c\x7d\x36\x55" "\xe7\x7a\xc3\xc4\xd2\x5e\x29\x2d\xf8\x03\xfc\x28\x75\xd5\xe9\x8b\x58" "\x5a\xbb\xe6\x85\x8d\x47\xc2\x3f\x83\x07\x57\x21\x08\xe0\x1b\xc4\x4d" "\x26\xdb\xcf\x48\x9a\xf0\xec\xf2\xd9\xb8\xfe\x3b\x29\xdb\x8f\x45\xbc" "\xd7\xfa\x90\x8d\x5c\x7e\xee\x35\x92\xb9\x10\xe3\xb2\x9f\x80\x05\x47" "\xa1\xe2\x86\xcf\x23\x31\x51\x07\xe5\xa5\x65\xeb\xc6\xe1\x41\x42\x62" "\x30\xae\xb3\x43\x57\xc6\x67\x11\x23\x52\x4c\x8e\xcd\x8c\x17\x3d\x6f" "\xaa\xda\xa3\x2f\x9c\xdb\x75\x97\x5e\xf2\x9e\xc1\x74\x90\x41\xfa", 4096); *(uint64_t*)0x20000f28 = 0x1000; *(uint64_t*)0x20000f30 = 0; *(uint64_t*)0x20000f38 = 0; *(uint64_t*)0x20002a98 = 4; *(uint64_t*)0x20002aa0 = 0; *(uint64_t*)0x20002aa8 = 0; *(uint32_t*)0x20002ab0 = 0; *(uint32_t*)0x20002ab8 = 0; *(uint64_t*)0x20002ac0 = 0; *(uint32_t*)0x20002ac8 = 0; *(uint64_t*)0x20002ad0 = 0; *(uint64_t*)0x20002ad8 = 0; *(uint64_t*)0x20002ae0 = 0; *(uint64_t*)0x20002ae8 = 0; *(uint32_t*)0x20002af0 = 0; *(uint32_t*)0x20002af8 = 0; *(uint64_t*)0x20002b00 = 0; *(uint32_t*)0x20002b08 = 0; *(uint64_t*)0x20002b10 = 0; *(uint64_t*)0x20002b18 = 0; *(uint64_t*)0x20002b20 = 0; *(uint64_t*)0x20002b28 = 0; *(uint32_t*)0x20002b30 = 0; *(uint32_t*)0x20002b38 = 0; syscall(__NR_sendmmsg, /*fd=*/r[2], /*mmsg=*/0x200029c0ul, /*vlen=*/6ul, /*f=MSG_BATCH|MSG_PROBE*/ 0x40010ul); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); setup_sysctl(); const char* reason; (void)reason; loop(); return 0; }