// https://syzkaller.appspot.com/bug?id=ad128b9722130dc9361f0cd39868267767b8df00 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \ *(type*)(addr) = \ htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \ (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); intptr_t res = 0; res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10); if (res != -1) r[0] = res; *(uint64_t*)0x20000100 = 0; *(uint32_t*)0x20000108 = 0; *(uint64_t*)0x20000110 = 0x20000180; *(uint64_t*)0x20000180 = 0x20004e40; *(uint32_t*)0x20004e40 = 0x1050; *(uint16_t*)0x20004e44 = 0x38; *(uint16_t*)0x20004e46 = 9; *(uint32_t*)0x20004e48 = 0; *(uint32_t*)0x20004e4c = 0; *(uint8_t*)0x20004e50 = 1; *(uint8_t*)0x20004e51 = 0; *(uint16_t*)0x20004e52 = 0; *(uint16_t*)0x20004e54 = 0x1010; STORE_BY_BITMASK(uint16_t, , 0x20004e56, 0x3c, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20004e57, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20004e57, 1, 7, 1); *(uint16_t*)0x20004e58 = 8; STORE_BY_BITMASK(uint16_t, , 0x20004e5a, 0x8a, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20004e5b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20004e5b, 0, 7, 1); *(uint32_t*)0x20004e5c = 0; *(uint16_t*)0x20004e60 = 0x1004; STORE_BY_BITMASK(uint16_t, , 0x20004e62, 9, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20004e63, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20004e63, 0, 7, 1); memcpy( (void*)0x20004e64, "\xc2\xcb\x97\xa0\x6a\x5a\xe8\xc1\x85\x87\x31\xa8\x03\xb3\x02\x8d\xd2\x9b" "\xb7\x7c\x97\x1b\xa9\xd7\x70\x20\x90\x02\x70\x8e\x2a\x5b\x5e\x11\xeb\x64" "\x3b\xa9\xbd\x7a\xfa\x9d\x54\x48\x7e\xc8\xad\x25\xf4\xd4\x61\x44\x7e\x9d" "\xda\x43\x51\xb5\xfd\xac\xa3\xb4\x3f\xd3\x47\xb4\x1c\xf8\x22\x1a\x58\x01" "\x31\x7e\x57\x9e\x53\xe7\x53\x80\xae\x1b\xef\xdb\x4d\xe8\x56\x14\x78\x10" "\x55\x28\x71\xca\xfd\xb5\x0d\x0d\xfe\x47\x96\x77\x72\xda\xa0\x3b\xe3\x92" "\xfd\xef\x7f\xc6\x90\xb8\xf0\xfb\xb5\xa6\x75\x90\x32\x8b\x15\xab\xcb\xed" "\x8e\xde\xfa\xe2\xd7\xfb\x15\x51\x72\x89\x4f\xfe\xa5\xca\xbf\x54\xcf\x9c" "\xc2\x40\xaa\x82\x7f\xcb\xcb\x88\xa6\x02\xbd\x68\x08\x32\xb7\x0e\x95\x1d" "\xb3\x1f\xbb\x1a\xf6\xfb\x91\x54\xad\x05\x89\x21\x85\xf0\xbb\x5b\x6c\xc9" "\x6f\x48\x23\x51\x07\x9f\xf9\x28\xd6\xbd\x1d\x7c\x55\xe0\x8c\xca\x6b\xb2" "\xff\xc5\x4e\x0b\x90\x6d\xcf\x28\x65\x76\x74\xf5\x84\xde\x12\x6a\x34\xfa" "\x9c\xbd\xe8\xe5\xf8\x65\x30\xcf\x41\xad\x69\xcc\x51\xf0\x86\x53\x13\x0a" "\xe8\x8a\x73\xe5\x71\x86\x35\x11\xda\xd3\x78\x00\x74\xb1\x93\xe4\xe9\xe7" "\xf1\x35\xcf\x79\x85\x0c\x5e\xe9\xae\x88\xe5\x26\xbd\x5a\x35\x61\x8f\xfe" "\x38\x3d\x98\x97\xee\xef\xc3\x50\x96\x03\x25\x91\xd5\x8f\x6f\xa5\x0e\xe9" "\xb6\x93\x5d\x4d\xb2\x20\x21\x53\xda\xd8\xf8\xd3\x4f\x91\xb7\x29\x61\xf2" "\xc5\x82\xe3\x2e\xbb\x78\x1a\x00\x86\xf3\x45\x99\x65\x2e\x75\xf8\xed\x3e" "\xa1\x71\xa5\xb9\x87\xcf\xed\xdc\x48\x47\x40\xb6\xa5\xeb\x9e\x5b\x5f\x47" "\xca\xb5\xba\xb2\xd5\x69\x37\x1c\x7e\x52\x33\x39\x01\x91\xe3\x12\x93\x7d" "\x22\x45\xde\x80\x58\x91\xcf\x44\xa1\x99\xaa\x05\xcd\x31\x46\x5a\xa6\x2d" "\xc8\x4d\x3f\xd0\xc9\x92\xee\xa0\xe4\x5b\x1a\xae\x46\x41\xe6\xf0\x8c\x8e" "\xb4\xee\x90\x3e\x93\x48\x89\xf6\xb4\x41\x85\x4b\x52\xd4\x6c\x52\x9f\xc0" "\x61\xc6\x0e\x1c\xbd\xa2\x1e\x2f\xd1\x84\xba\x88\xd0\x94\x74\xa8\xdd\xd0" "\xab\x89\x8b\x47\x4e\xce\xf6\x28\x35\x5e\xf6\xf4\xa4\x47\xd9\x36\xfd\x1a" "\xc8\x3e\xd0\x2d\x81\x51\x1f\xd8\xd5\x51\x34\x2e\x42\x2a\xa3\x6d\x76\x34" "\x39\x62\xe6\x45\xf3\x83\x48\xa2\x39\x06\x91\xbe\x3a\x2b\xa3\x66\x91\x56" "\x72\x92\xd5\x7b\x6a\x1e\x9f\x09\x20\xc0\x58\xaa\x9b\x21\x39\x19\x88\x35" "\xcf\x40\x0e\xbd\x97\x5f\x74\x27\x1f\xed\xb3\xa5\x5f\x18\xb3\x9c\xc6\x1b" "\x5c\x18\x5b\x09\x17\x56\xf7\xe9\xf1\x23\xb0\x8b\xa5\x50\xc3\x56\x0b\x7f" "\x55\x78\x48\x9c\x72\xbc\x18\x15\x2b\x7b\xfb\x06\x33\xd0\xf4\xaf\x17\x25" "\x1a\x5b\x43\x26\x67\x0f\x57\x15\x0e\x6d\x8c\xd4\xb0\xcd\x80\xf0\x20\x05" "\x2e\x38\x9d\x31\xbc\x0c\x7a\xc9\x34\x18\xa3\xf5\xf1\x16\x72\x68\xb0\xd5" "\x20\xf5\x7a\xff\x1e\x20\x32\xc0\x23\xb4\x5e\x36\x5a\x02\x81\x3d\x8c\x09" "\xb5\x48\x09\x50\x3d\xec\x5a\xd8\x1d\x3a\xaa\x51\xee\xea\xb5\x99\xad\x8c" "\xe9\x03\x9d\xb2\x47\x4f\x0f\x82\xed\x2e\x56\x8d\xfd\xe6\xae\x8a\xab\x41" "\xf7\xfa\x76\x47\x15\xed\xf6\xbe\x66\x50\xe5\x62\xf8\xf4\xf2\x97\xf6\xe3" "\x9d\x30\x43\xf3\xc1\xd8\xf2\xb0\x40\xab\x11\x0c\x43\xb7\xc9\xa9\x72\xc0" "\x39\xf2\x41\x0f\xe1\xfe\xf7\x0a\x8b\x75\x44\x49\x94\x0f\xb1\x42\x5f\x71" "\x5d\xea\xdd\xaa\xd1\x21\xbf\xc1\xa9\x97\x64\x19\xf1\xf3\xe4\x24\x0d\x69" "\xee\xee\x16\x7d\xe4\x46\xbd\xb4\xdd\x34\x83\xa0\x3e\xc2\x0d\x3c\x0c\x7b" "\x68\x8b\x85\xab\xeb\x36\x43\x98\x4d\x08\xf6\x09\xa3\x53\xff\xe5\xae\x23" "\x31\x5d\xdf\x18\x95\x93\xe4\x72\x50\x56\x18\xb6\xde\x0c\xca\x56\x3b\x30" "\x14\x1a\x8a\x7d\x46\x97\xde\x1c\x4f\x30\x83\x8c\xb6\x23\xed\x83\x69\xba" "\x3b\xbf\x44\x33\xd5\x78\x86\x6c\x36\x84\xb4\x5c\xd5\xaf\x51\xf3\x5c\x53" "\xc3\xdb\xa8\xbb\xee\xbd\x91\xf7\x9b\x2a\x80\x60\x75\x98\xc4\x1b\xb6\xec" "\x14\x48\xf4\x5b\x09\xac\xf3\xb8\xff\xde\x69\x21\x77\x75\x5f\x24\xb2\xf1" "\x76\x55\x16\x09\x0c\x15\x32\x31\xbd\x0e\xae\x1d\x00\x95\x2a\xc1\x8f\xf7" "\x75\x0f\xbe\xce\x7d\x5f\x25\xdc\x7b\x67\x22\xb3\xb3\x97\x74\xf3\x9a\x70" "\x2c\x50\x59\x4b\x4c\x2e\xe1\x12\x7c\xca\x7d\x2b\x24\x60\xe4\x4b\x37\x68" "\xb9\xce\xdf\xc4\xdb\x96\x86\x97\xe0\xc6\xab\x4f\x20\x1b\x0f\xe1\x15\x6a" "\x03\xc6\x41\x7e\xee\xbb\xe1\x7b\x1c\x6c\xb6\x53\x8e\x86\xd4\x9d\xad\x79" "\x66\xe4\xc0\xe5\x77\x83\xaa\x66\xc4\x91\x0b\xa0\xf3\xdc\xc2\xfe\x69\x9e" "\x13\xaa\xdd\xb8\x45\x74\x48\xe2\x8f\xda\x1c\x1e\xf2\x66\x8e\x73\x90\x09" "\xd4\x2e\xb5\xff\x84\x88\xaf\x9f\x53\x05\x1b\x4f\xc5\x2c\x66\x31\xc4\xad" "\xb6\xfc\x0a\xd2\x49\x30\x2c\x2a\x87\xa3\xa5\x69\xc3\x38\x8f\xcf\x00\xa1" "\x84\x96\x71\x1d\xcd\x0b\xf6\x3e\x0a\xb0\xea\xed\xc9\x57\xcf\xb1\x70\xbc" "\x88\xcd\x52\x03\xe2\x99\xa1\x65\x28\x58\x1b\x2d\x26\xc4\x40\x69\x53\x19" "\x25\x32\x58\x4a\x79\x80\x71\xea\xdf\xb7\x53\x4d\x4a\x4b\xca\x87\x50\x6f" "\xd5\x88\x93\x11\x10\x78\x61\x18\xa2\x29\xd9\xac\xb8\xed\xbf\xbb\xf4\x44" "\x77\xa5\xf6\xfd\xe1\x3a\x7a\x29\xe9\x35\x5e\x2c\x80\xf3\xf2\x4b\x13\x2e" "\x39\x55\xf6\x35\x08\x4d\x06\xa4\xce\x2d\xd2\x88\x14\x38\x62\x85\x33\xf6" "\x83\x27\x18\x96\x42\xca\xae\x6c\x2d\xe5\xcd\x84\x29\x0b\x36\x5b\x9e\x41" "\x17\x87\xe1\x66\x32\x6f\x5a\x23\xb0\xe8\x32\x87\xe7\x78\x2b\xfc\x34\xe7" "\xaf\xb2\x85\x58\xcb\x55\x52\x7f\xfe\xd5\xc2\x93\xef\x97\x87\x67\x87\x4b" "\x5b\x8f\x7e\xc7\x3b\x6c\x99\x8c\x63\x06\x87\x01\xcb\xda\x87\xbd\x4d\xcb" "\xed\x90\x34\x37\xdf\xe5\x74\xe0\xd1\x53\xe3\xcd\x42\xd6\x48\x08\x86\xf3" "\xbe\xdf\x3a\x89\x99\x1f\x1c\xd2\x86\x2b\xa3\x50\x9a\xc0\xe9\xfc\x2c\xff" "\xea\xc4\x77\x30\xe5\x87\x09\x33\x5e\xfe\x7b\x3d\x67\x06\x22\x90\x18\xd6" "\xc2\x9f\x8b\xc2\x5c\x0b\x8c\x81\x6e\x5e\x2a\xfe\x46\x13\x4a\x3c\x74\x7b" "\x1e\xba\x6b\x1c\x4d\xef\x35\x42\x24\x1f\xc2\x7d\x87\x42\x99\x06\x2c\x50" "\xa7\xf2\x51\xc5\x41\x83\x29\x11\xc2\xc0\xe8\x7d\x70\x24\xe0\x0a\x67\xb1" "\xb0\x67\xc6\x13\x43\x97\x4d\x77\xa9\x52\xa8\x87\xc9\x79\x18\x03\x6e\x11" "\x8b\x12\xda\xcf\xca\xbc\x63\x6a\x74\x55\x0f\xed\x21\x41\x3c\x60\xc9\xaf" "\xcd\x0d\x23\xb2\xbd\x16\xb2\x4f\x3a\x6f\x54\xaf\xa5\x42\x38\x3e\x98\xaa" "\xf2\x38\xdc\xc5\xae\xed\x07\x84\x8e\x79\x0e\x97\x58\x90\x8a\x60\x0c\x88" "\xdf\xf7\xa1\x8a\xac\x0e\xeb\xe6\x59\xd1\xfb\x09\x5d\xe7\xa2\x9e\xb6\xa8" "\x1d\x12\x13\xd3\x57\x9b\x22\xf9\xed\x9c\xef\x96\xa0\x08\x43\x6d\x3e\x0c" "\xd4\x24\xae\x4e\x0b\x96\xc3\x08\x1f\xac\x16\x0d\x3c\xf6\x62\x8f\x33\x1a" "\xb9\xc5\xdf\x4a\xdd\x06\xb8\x41\xee\x17\x9a\xb5\xc2\xd7\xdb\xe4\xf3\x90" "\x14\x7b\x04\x5b\x6d\xe7\xe9\xb3\xe2\xf8\xb1\x16\xf7\xfe\x57\xe2\xe3\x94" "\xd3\x7f\xfd\xab\x9f\xe2\x55\xe0\x7a\x9f\xa1\x61\x4b\x58\xdd\x00\xa5\xc6" "\x68\xab\xcf\x3a\x47\x5c\x3c\x4c\xb7\x91\xc5\x21\x9c\xd0\xa1\xf4\x0c\x36" "\x2b\x0e\x12\x66\x8e\xf5\x5c\x09\xe8\xee\x7f\x96\x66\x35\x0c\x47\xca\xfe" "\x26\x9e\x6e\xa3\x65\x37\x11\x7d\x27\x9b\x63\x84\xc9\x2d\xc5\x88\x92\x38" "\xf7\x55\xf6\x3b\x26\x22\x70\xdb\x76\x0a\xe0\xd2\x99\x28\x62\x48\x28\x11" "\x89\xd6\xb7\x6c\x83\x5d\x66\x35\x5f\xec\x0f\x2b\x5f\xfb\x28\x4e\xdc\x25" "\x7e\xaf\x94\x3f\x41\xe2\x32\x35\xfd\xdc\xea\x39\x5c\x7c\xb6\x7f\x78\x9c" "\x8c\x1e\xb0\xde\x18\xf6\x1e\x8f\xe9\xc9\x9c\x38\x03\xc5\xea\x2c\x14\x86" "\x90\xf5\xd9\x54\xb1\xc9\x1b\x80\x4e\x41\x1e\x3a\x10\xd9\x45\x17\x60\x05" "\x49\x8f\xe8\xfc\xe9\xc7\xb2\x77\x45\xd7\x36\xfe\x36\x96\x65\xab\x93\x6c" "\xf9\xae\xee\x08\x4f\xbd\xb8\xd3\xd2\x2b\x50\xac\xea\x21\x3c\xb6\x31\x1b" "\x1f\x27\x93\xfc\xca\x66\x20\xa2\xe7\xed\x80\x3d\x0b\xc5\x1f\x33\x1a\x53" "\xe5\x9f\x24\x77\x4e\x88\xfa\xc4\x83\x82\xc4\x14\xf0\x8e\xb2\x32\xf4\x43" "\xca\xae\x43\xa2\xfb\x3d\x77\x5e\xf9\xab\x8d\x01\x46\xd3\x0a\xb8\x0c\xe4" "\x31\xfa\x35\xe2\xa8\xd6\xe3\x81\x20\x4c\x39\x15\xef\x34\x3d\x10\x94\x9a" "\xac\x92\x00\x00\x64\xca\x2f\xc8\xed\x8c\x3b\x18\xe0\xb9\xe9\x2c\xbf\x0f" "\x70\x00\xe9\x18\x94\x02\xc1\x2e\xd4\x68\x48\xeb\x79\x75\xd4\x22\x29\x6d" "\x49\x5e\xb5\x2a\xe4\xd4\xfa\x7e\x8d\xe4\x71\x6f\x39\xda\x25\xe4\xfd\x48" "\xb3\x64\x8b\x89\xa5\xf5\xa5\x31\x12\x99\x3a\x75\x67\x50\x15\xfd\x64\xa4" "\x6e\x06\x19\xc9\xa9\xda\x08\x69\xf9\xb9\xe4\xfc\xfd\x9e\xb2\xd3\xb2\xfb" "\x67\x45\xe3\x10\x02\x5b\xbc\x1e\x1e\x50\x31\x8b\xeb\xfa\xef\xd6\x2c\x0d" "\xd5\xe6\x59\xdd\xad\x0f\x7d\xa9\xe9\x54\xc5\x16\xb2\xad\xd8\xe8\x3f\x13" "\x8b\x05\x1e\xfa\x7d\xda\xdd\x5e\x0a\x69\xcc\x5d\x45\xba\xf2\x6f\xe1\x37" "\x1b\x4a\xc8\xb5\x15\x9b\xd2\x39\x0b\xb5\x86\x7b\x91\xc6\x2c\x62\x9f\x87" "\x9a\x8a\x17\x0b\x4f\xd0\x79\x5a\xeb\x93\x82\xac\x88\xe6\x65\xfc\xaa\xa8" "\x42\xe0\xe4\xa2\x00\x96\x8f\x19\x36\xd0\xd7\x41\x3d\xdb\xbf\xc4\xf0\x06" "\x72\x95\x86\x93\x7d\xa2\xea\xec\xa8\x5d\x03\xb1\x9c\x4d\x4b\x2f\x77\xdc" "\x49\xcc\xa2\x1f\x0f\x79\x26\xf3\xcb\x33\x02\x1c\x2d\xb6\x4d\xcd\x54\x60" "\x1f\xfb\xc8\x58\x28\x52\x3a\x54\xcd\x02\xbe\x06\x33\x6c\xf9\xe7\x5e\xb7" "\xc6\xf7\xcb\x8a\xcc\x30\xeb\x05\xbd\x85\x20\xd6\xf5\x56\x28\x02\x07\x95" "\xac\xb7\x94\x99\x2e\xf0\x97\x04\xd3\x72\x36\x2b\x98\x10\x3d\x8f\x08\xf5" "\xc2\x83\x18\x90\xac\x00\x25\xd0\xf8\x23\xbe\x08\x82\x01\xb1\x58\xbf\xb1" "\x28\xe2\xae\x37\x76\x4f\xdf\xa6\xab\xd5\x62\x80\x74\x85\xeb\x3e\x35\x93" "\xcc\xe7\xfb\x96\x5d\x3c\x9f\x9c\xf3\xfd\x14\xf5\x2e\x0d\xf4\x65\xfb\xb4" "\xdf\xba\x84\xe8\xa5\xba\x2b\xf4\x33\xe6\x6a\x9e\x7f\x4c\xa8\xcc\xd9\xf9" "\x30\xef\x47\x1e\xd6\xa8\x32\x9e\x2c\x5e\x12\x2a\x86\x5c\x9a\xfe\x60\x7e" "\xcb\x89\x17\xbd\xd4\xd9\x73\x14\x45\x89\xf0\xb4\x53\xec\xb5\x20\x51\x3e" "\x1f\x50\x90\xb3\xa1\x81\x7f\x46\x08\xa2\xe7\x9c\xa1\xc4\xb3\x3c\xf6\x19" "\x91\x52\x13\x92\x54\xa8\x88\xae\xc4\x34\x81\x34\xc7\x10\x51\x49\x32\xb0" "\xc0\x06\xbc\xf9\x76\x26\x37\xae\xcc\xa1\xa8\xc8\xb9\x01\x5c\x1c\x26\xa7" "\xdf\xdc\xde\x40\xbd\xcf\xdc\x5d\x13\x46\x99\xaf\x6d\x63\x60\xee\xba\xd7" "\xbb\x0e\x96\x5c\x5e\x22\xcb\x80\x68\xd4\x18\xbc\xe3\x94\xa7\x76\xa2\xfc" "\xf8\x93\x5c\x98\x0d\xc1\x5a\x20\x53\x6c\x0a\x2b\x39\x4b\xab\x16\xb3\x36" "\x95\x07\xd8\x64\xd2\xfe\x56\x5e\xe9\x9f\xff\x61\x6f\xb8\xb4\x21\x74\x49" "\xa5\x16\x8a\x99\x23\x1b\x37\xb6\x52\x28\xbb\xef\xa1\x3f\xfe\x88\x53\xf2" "\x69\x28\x38\x93\xa5\x14\xd7\x39\xb5\xb6\x38\xed\xc6\x1b\xcb\xbd\x87\x8c" "\x17\x03\xb9\x46\x05\xdc\xa4\x9d\x8e\xd8\x03\xec\x67\x89\xb7\xc6\xa4\xac" "\x95\x37\x10\x22\x8d\x3c\x39\xbc\x23\xea\x5f\xb7\xba\x93\x7b\xa9\x67\x93" "\x14\x18\x14\xed\x33\x34\xac\x4c\x70\xdd\xac\x88\x97\xc1\x88\x2e\x0e\x59" "\x2f\x2b\x7c\xcc\x46\xc0\x00\x86\x74\x14\x20\xf2\xf5\xda\x9f\x69\x65\x3c" "\xce\x9a\x28\x05\x58\x90\x09\x4f\x1e\x06\xc0\x55\xcb\x5b\x89\x3c\x86\x7e" "\xd2\x5b\xfc\x58\x6d\x89\x2d\x0e\xb3\x99\xf9\x43\xd1\xa4\x18\xde\x75\x5a" "\x16\xf7\x70\x31\xea\xcb\x28\x09\xd2\x94\x43\x6c\x47\x55\xa3\xba\x8d\x5c" "\x16\xff\x82\x8a\x0b\xf7\x8e\x52\x47\x3a\x81\x77\x30\xe8\x79\xaa\x21\x54" "\xa5\xef\xce\xde\x56\xee\x84\x62\x20\x27\x84\xf9\xaf\x7d\xae\x12\xde\x0a" "\x2c\xa3\x50\xc8\x31\xa4\x56\x6f\x7c\xb4\x45\x52\x5a\x24\xb4\x8b\x5d\xdd" "\xc8\x97\x36\xc5\x78\x62\xb9\xa3\xdd\xbe\xef\x49\x0c\x34\x07\xac\x49\xbc" "\x12\x74\x35\x04\x49\xe2\x13\x9f\x88\x87\x83\xf2\xf4\xa4\xb5\x50\x57\xfb" "\xe7\x2c\x90\x80\x9a\x5b\x11\x5b\xe4\xbc\x5a\x94\x48\x42\x42\x53\x5a\xb5" "\xb8\x04\x63\xdb\xe6\x61\xdb\x60\xf7\xf7\x7b\x42\x2e\x2e\x84\x27\xd2\x7b" "\x2b\x3d\xde\x11\x85\x3b\x45\x41\x62\x22\x68\x2d\x92\x82\xb9\x69\x3b\xda" "\x36\xae\x80\xe2\x36\xbc\x62\x33\x93\xf1\x6b\xe2\x39\x23\xe8\x2f\xe1\xdf" "\x19\xde\x00\x63\x3a\xce\x28\xc1\xa8\x33\xa3\x81\xa1\x25\xaf\x85\x1e\x47" "\xda\x53\x99\xd2\x9e\x34\xc3\x28\x8b\xd4\x4f\x78\x73\x58\x40\x2b\x5a\xb6" "\x1e\xa5\x5e\x03\x9d\xb2\xf8\xde\xd1\x3e\x15\x7d\x09\xe3\x75\x0e\x6a\x4b" "\x69\x8b\x0d\xc7\xbe\xe7\x0e\xdb\x91\xbb\xa8\xde\xb7\xe9\x37\x79\x93\xff" "\x8b\x66\x25\x7d\x30\x5f\xd9\xe2\x0e\x18\x4c\xe9\x2c\xc5\x2a\xcc\x3a\x75" "\x1a\x15\xf6\x0a\xf4\x84\x27\x18\xd9\x1c\x6e\xcd\x48\x22\x26\xcc\x3d\x49" "\x75\xb9\x50\x49\xe5\xec\x29\x8b\x44\x37\x1e\x20\x34\xb2\x67\x78\x07\x50" "\x53\x53\xf2\xd1\x4d\xe1\x08\xdd\x4b\x1f\x60\x81\xa5\x50\x82\xc7\x3b\x83" "\xec\x52\x1e\x72\x2c\x41\x7c\x84\x90\x0c\x90\xce\xf3\x64\xa3\xeb\xd7\x55" "\x0d\xdd\x23\xd0\x3a\x1e\x62\x19\x26\x6d\xe0\xd3\xd8\x81\x9c\x1f\xc6\x5b" "\x54\xd2\x6a\xd7\xa9\xb6\x38\x10\xf3\x65\xe8\xba\x37\x43\xf8\xb1\x9e\x2c" "\x77\x8e\xa9\xb3\xce\x38\x49\x53\x5d\x6d\x78\x0a\x63\x3a\x70\x26\x82\xff" "\x22\x36\x12\xcb\x4b\xfc\x8b\x54\xc4\x3b\x4e\xb1\xcf\x36\x51\xc4\x8a\xe3" "\x4a\x9e\xfb\x93\x12\xf7\xce\x68\xcf\xec\xb8\x05\x1e\x61\xc0\xef\x1a\xc7" "\x2b\x95\xfb\x8a\x1a\x8b\x0d\x6f\x08\x0e\x49\x46\x28\x00\xea\x12\x87\xbb" "\x2d\x38\x3d\x02\x7e\x00\xc5\xa9\x86\xdd\xe3\x1d\x7d\x49\x97\x2b\xbf\xd2" "\xa1\x56\xfe\x2c\x7b\x55\xc2\x40\x74\xc2\xb1\xde\xc7\xb8\xa0\xab\xec\xe5" "\x40\x32\xf0\xd4\x5c\x96\xf1\x64\xce\xc3\x9b\x58\xca\x2c\x80\xc2\x29\x7b" "\xeb\x0f\xe9\xf8\x63\x11\xb4\x25\x70\xc5\xa2\x35\x67\x3e\x15\xc7\x0c\xc5" "\xb6\xcd\xbb\xaf\x50\x84\x35\xeb\xf2\x55\x8c\x76\xac\x61\x01\x41\xb2\x5e" "\x01\xe6\xc1\x8a\xf3\xa3\x92\x8c\x45\xaf\x47\xe8\x75\x9d\xf8\xc5\xef\x6d" "\x8d\x3e\xcf\xea\xcd\x71\x3c\xdb\xc7\xc9\xf4\xaa\x74\xed\xbb\x5d\xb8\xbf" "\x08\x11\xa0\x71\x59\xb3\x26\x19\x3c\x92\x19\xd2\x9d\x32\xdc\xa2\xa8\xf0" "\x50\x68\x92\x9f\xec\x17\xb5\xfd\xe5\x95\x62\x06\x66\xa6\xc5\x63\x96\x8d" "\xb7\xff\x5e\xdf\x71\x66\x3d\x82\x73\x05\xd4\xb4\xc9\xf6\xd3\x5a\x0c\xa7" "\x17\x55\xad\x9c\x0c\xec\x4f\xda\x9f\xb2\xbb\x14\xb9\x8d\xaa\x06\x21\x4f" "\x9f\x23\x8e\x97\xb6\x2e\xad\x7e\xb6\xf7\x66\x3c\x77\xa4\xad\xb4\x02\xa2" "\xca\xd9\x6f\x9f\xeb\x57\x1e\xa5\x21\x3f\xdf\x22\x19\x17\x49\x05\xfc\xc9" "\x27\x44\x87\x27\x5c\xeb\xdd\x1e\x2b\xd5\x14\x19\xa9\xca\x79\x54\x65\x0a" "\xd2\x2e\x66\xb3\x1c\x7e\x7c\x0e\x30\xc3\xbf\x5f\x0a\x30\x73\xb8\x81\x84" "\x6d\x99\x16\x12\xf4\x98\x96\xc6\x43\x07\xfc\xe1\x92\x9b\x22\xe0\x25\x7e" "\x8d\x9b\x33\x99\x4e\x79\x6f\xaa\x83\x46\x67\x46\x3d\xdc\x1c\xa5\xc9\x25" "\xe6\x31\x27\xa3\x54\x59\x01\xee\x18\xaa\xcd\x0a\x9e\xd2\x06\x4b\x0f\xb6" "\x7f\x8c\xaf\x7e\x01\x54\xdb\x9c\x34\x9c\x55\x52\xa4\xbb\x14\x68\xa1\x4f" "\x96\x35\x86\x5f\x01\x5f\x31\xf2\xaa\xe5\x70\x11\x9c\x67\xc9\x46\x34\xa0" "\x76\x76\x86\x8c\xbb\x10\x02\x66\xfb\xd3\xb8\xa0\x66\x66\x8d\xd4\xa1\x96" "\x78\xe7\x4b\x5e\x7d\xe5\x67\xd6\x54\xb2\xe9\x32\x14\x5d\x35\x82\xb5\x7a" "\x44\xc6\x9b\x9a\xcc\x48\x4f\x11\x9c\x5e\x92\xd0\x92\xa5\x38\xc3\xb0\x0d" "\x01\x82\xd3\x5f\x81\xde\x88\x18\xdd\xe0\xca\x1f\x0a\x7d\x1b\x5d\xb1\xba" "\xe7\xbe\xa6\x90\x1c\xcc\xad\xba\x89\x64\x4e\xb1\x4e\x4a\x6e\x19\x3f\xb8" "\x47\x36\x32\x5c\x8c\xcc\xbd\x41\x9f\xb6\x52\xa6\x02\x0e\x67\xac\x5e\xf8" "\xe7\x2a\x2d\xeb\x42\xef\x19\x5c\x7e\x2f\x45\xf1\x7b\x52\x8e\x96\x16\xd9" "\xf5\x7f\x27\x5a\xe5\xff\x6e\xde\xbc\xc1\x91\xf8\x95\xed\xff\x3c\xe8\x84" "\x23\x5e\xe3\x4e\xb2\x67\xfa\x35\x6c\x79\x3e\xf1\x30\x69\xeb\x13\xa1\x23" "\x0b\x9e\x1a\xc5\x93\x4e\x6e\x54\xc1\x75\xc0\xce\xef\x37\xee\xb3\xe4\x41" "\xf1\xca\xd8\xca\x06\x8e\x1c\x57\xd2\x07\xec\xc6\x06\x1f\x17\xa4\x67\x6e" "\xdd\xb0\xd2\x51\xd6\x82\x4a\x1d\xb0\xc0\x6e\x0e\x29\xb1\xe5\x39\x70\x2e" "\x9c\x97\x8e\xb5\x1e\xdf\xa8\x73\xba\xc2\xde\x33\x72\xf9\x9f\x99\x5d\x21" "\xd6\x1c\x26\x87\x9b\xf8\xc4\x29\x54\xc5\xae\xbc\x58\x82\x8a\xe2\xbe\x92" "\x69\x66\xf9\x1c\x12\x6a\x7c\x7e\xa8\xc9\x1e\x69\xb8\x12\x68\x9a\x94\x45" "\x9b\xf6\xe0\xea\x38\x37\x6a\x82\xc9\xa3\x12\xe8\xb8\xf8\xd2\x56\x3a\xe9" "\x6a\x92\xfb\x47\xaa\xe7\xb7\x48\x12\xe7\x99\x7e\x2e\xd4\x41\xfe\x55\x98" "\x93\x69\x9f\xb5\x8c\x3d\xcf\x34\x86\x65\xd9\xa9\x23\x48\x9e\x4e\x54\x89" "\x47\xe6\xf8\xf4\xd7\x5f\xd5\x2e\x40\x8a\x5a\x8f\x3e\xcb\x06\xcc\x08\x0f" "\x00\x44\x46\x2d\x6d\xed\x78\x92\x6a\xa6\x80\x78\xd1\xdb\xf0\x1e\x35\x3b" "\x8b\x7c\x93\x0e\xff\x26\x06\x01\xba\x79\x9e\x57\x76\x5a\xb7\xa2\x80\xc0" "\x5f\x85\x11\x24\xbc\x46\xbd\xe0\x22\xf5\xfe\x27\x20\x96\x5a\x0d\xf2\x7a" "\xae\xcc\xd7\xda\x14\x89\x60\x4c\xa6\x34\x42\x53\x4f\x48\xf8\xf4\xcc\x71" "\xa3\x26\x06\x97\x63\xb8\x03\x7b\x5d\xce\x8f\x78\x21\x56\x47\xde\x06\xf7" "\x00\xf0\xfd\xaa\x50\xd5\xda\x4d\xdc\x18\x5b\xe3\xc5\x5f\xf1\x7d\xce\xa4" "\xe2\x91\xc0\xa7\xc2\x3f\x07\x7e\x33\xca\x0b\xd5\xaa\xb7\x9f\x75\xbe\x03" "\xfb\x86\x14\xfe\xf0\xb2\x74\xf0\x99\x94\x23\xac\x8a\x96\x53\xb0\xd9\x42" "\x24\x4d\x4d\xc8\x6d\xa3\xce\xc7\xa9\x22\xc7\x20\xcc\xb0\x61\xd8\xac\xbc" "\x18\xd9\x30\x06\xdf\xe6\xe6\xa5\x29\x38\xe1\xd6\x49\x1c\x55\x6e\x95\x7e" "\x7a\x54\x58\xac\x6e\xf5\xfe\xa4\x05\x9f\x5f\xce\x47\xab\x05\xec\xab\xb6" "\x14\x03\xef\x1f\x3d\x48\x31\x76\x14\x87\x28\x92\xc8\xf8\x1a\xdf\x9c\x27" "\xaf\x3b\xd8\x82\x3d\xc8\x51\x49\xba\xbd\x93\x21\x9e\x19\x0a\xdd\x53\x42" "\x52\x30\x35\xc8\x05\xf4\x07\x31\xf8\xe4\x9c\x28\xb5\x6f\xde\xa9\xa7\x9f" "\xad\x85\x7b\xf1\xcc\x69\x06\x74\xc6\x9f\x74\x74\x2b\xd0\x06\xc5\x57\xc1" "\xdd\x0b\x76\xfc\x17\xfe\xcd\xd4\x54\x06\x66\x0b\x3c\xf8\x5f\x1d\x3a\x6e" "\x03\x9d\x12\xdf\x2e\x7d\x40\x14\x84\x3c\x83\x6f\xf3\xe2\x1e\x12\xf4\x84" "\xea\xcf\xd2\xfc\xe3\xa4\xf5\x4e\xeb\xf6\xa3\xd2\x03\x00\xaa\xf3\xf5\xdc" "\xec\x7b\x93\x8b\xad\xa1\xfa\x1f\x07\x7c\xa9\x58\xee\x2a\x11\xf6\xd8\x14" "\xc1\x79\x2c\x2c\x8a\x55\x49\xb2\x03\x71\x95\x9d\x86\xd7\xae\x54\xb3\xd4" "\xab\xc4\x38\x9f\xa7\x50\x51\x52\xe4\x41\xf9\x3b\x11\x42\x0d\xf2\x4b\x33" "\x6c\xe8\x00\x61\xc1\x05\x98\x3d\x91\x95\x14\x4a\xa4\x00\x55\xd1\x11\x85" "\x75\x2c\xe2\xb8\x48\xa5\xf6\x86\x9f\x74\x2c\x82\x19\x46\x0a\x6d\xe5\x05" "\x17\xd4\x77\x91\xc7\x8c\xba\x9d\x0c\xba\xdb\x4b\x45\xd3\xbe\xe6\x76\xf5" "\x27\x1a\x10\xd9\x4f\xf0\xd4\xcf\x1d\xd5\x59\x0d\x79\xd2\xa0\x22\xe7\x5c" "\xfd\xb1\xd5\x4c\x5c\x45\x72\x75\x14\x16\x49\x6d\x0e\x3c\x7e\x1a\xfd\xdc" "\x6e\xf6\xd3\xc4\xc4\x5e\x2e\x67\xfa\x17\xaf\x84\xb5\xc5\x2a\x57\xae\x38" "\xbf\x45\x9a\x6a\xfe\xb7\xb6\xaf\xc2\xf0\xe2\x17\xdf\x69\x3e\xc4\xa0\xa6" "\xd5\x18\x6b\xa7\xf6\xe4\x84\x5d\x77\x91\x13\xb6\x76\x06\x8e\xae\x8c\xf0" "\x13\x24\x1e\x56\x4e\x99\x5b\x84\x7c\x6e\x0f\x5b\xe4\x10\x6b\x0b\xbb\x3e" "\xfd\xc2\x44\xa6\xae\x88\xe5\xd0\xf7\xa0", 4096); *(uint16_t*)0x20005e64 = 0xc; STORE_BY_BITMASK(uint16_t, , 0x20005e66, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20005e67, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20005e67, 1, 7, 1); *(uint16_t*)0x20005e68 = 6; STORE_BY_BITMASK(uint16_t, , 0x20005e6a, 0, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20005e6b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20005e6b, 0, 7, 1); memcpy((void*)0x20005e6c, "\b\000", 2); *(uint16_t*)0x20005e70 = 8; STORE_BY_BITMASK(uint16_t, , 0x20005e72, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20005e73, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20005e73, 0, 7, 1); *(uint32_t*)0x20005e74 = -1; *(uint16_t*)0x20005e78 = 0x18; STORE_BY_BITMASK(uint16_t, , 0x20005e7a, 0x16, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20005e7b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20005e7b, 1, 7, 1); *(uint16_t*)0x20005e7c = 8; STORE_BY_BITMASK(uint16_t, , 0x20005e7e, 0x75, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20005e7f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20005e7f, 0, 7, 1); *(uint32_t*)0x20005e80 = 0xee00; *(uint16_t*)0x20005e84 = 0xc; STORE_BY_BITMASK(uint16_t, , 0x20005e86, 0x7a, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20005e87, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20005e87, 0, 7, 1); *(uint64_t*)0x20005e88 = 0x1f; *(uint64_t*)0x20000188 = 0x1050; *(uint64_t*)0x20000118 = 1; *(uint64_t*)0x20000120 = 0; *(uint64_t*)0x20000128 = 0; *(uint32_t*)0x20000130 = 0; syscall(__NR_sendmsg, /*fd=*/r[0], /*msg=*/0x20000100ul, /*f=*/0ul); return 0; }