// https://syzkaller.appspot.com/bug?id=4d7de0e6a195b6a5ffef01d2776e737a52c7de60 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[5] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; *(uint64_t*)0x20001e80 = 0x20000480; *(uint64_t*)0x20000480 = 0; *(uint32_t*)0x20000488 = 0; *(uint32_t*)0x2000048c = 0; *(uint16_t*)0x20000490 = 0; *(uint16_t*)0x20000492 = 0xfffb; *(uint32_t*)0x20000494 = -1; *(uint64_t*)0x20000498 = 0x20000380; memcpy((void*)0x20000380, "\x14\xa9\xef\xd7\x8a\xdb\x7d\x1c\xb7\xa2\xe1\x22\xac\x60\x32\x2d\x1b" "\xcb\xe9\xc6\x54\x8c\x5b\xf1\x7c\x88\x68\xcc\xec\x66\x7d\xc7\x22\x58" "\x1e\xc1\x98\x86\x17\x1a\x90\x34\x0f\x42\x8f\xb9\x86\xc7\xc6\x88\xcc" "\x9c\xcf\x43\x5e\x2e\x45\x5c\x45\x0b\x68\xae\x55\x70\x9f\xf1\x21\x78" "\xb0\xbd\x09\x28\xb1\x13\xec\x07\xc0\x93\x60\xaa\xb1\xf5\x9e\xb3\x5d" "\x19\x44\x4c\x99\x9d\xbf\x04\x3c\xb3\xc3\x25\x7d\x75\x52\x9c\x1d\xf4" "\x88\xdf\xa3\x13\x67\xa5\xd6\xaa\x8c\x7a\x55\xcb\xf3\x9f\x9d\xe9\xeb" "\x59\xdd\x5b\x62\xfc\xf2\x90\xde\x51\x8a\x89\x15\x3e\x0f\xec\xd8\xab" "\xc5\x5f\x6b\x52\x61\xb6\xae\x10\xfd\xb3\x8f\xaa\x75\x75\x7c\xaf\x9e" "\x6c\x4e\x2e\xac\x19\x96\x78\x72\x8e\xe0\x08\xf3\x2c\x0d\x81\xa2\x53" "\x56\x24\xaf\xed\xb5\x48\xb9\x05\x14\x45\x24\x8d\xd0\xdb\x32\x2c\x3c" "\x37\x25\x32\xa9\xbf\xd9\x9b\x96\x20\x74\xef\xea", 199); *(uint64_t*)0x200004a0 = 0xc7; *(uint64_t*)0x200004a8 = 8; *(uint64_t*)0x200004b0 = 0; *(uint32_t*)0x200004b8 = 0; *(uint32_t*)0x200004bc = -1; *(uint64_t*)0x20001e88 = 0x200004c0; *(uint64_t*)0x200004c0 = 0; *(uint32_t*)0x200004c8 = 0; *(uint32_t*)0x200004cc = 0; *(uint16_t*)0x200004d0 = 2; *(uint16_t*)0x200004d2 = 8; *(uint32_t*)0x200004d4 = -1; *(uint64_t*)0x200004d8 = 0x20000880; memcpy( (void*)0x20000880, "\x9f\xfb\x6e\x02\x03\x28\x21\x95\x6e\x59\x95\x71\xe2\x96\x2f\x4d\x86\x77" "\x9f\xc7\x3a\xd0\x88\x7c\x62\x58\xbf\x1e\x85\x8a\xc6\x06\xf4\x93\x94\xbf" "\x91\xb4\x35\xe2\xcb\xa2\x0c\x23\x30\x2a\x27\x65\x68\xa0\x84\x42\x54\x82" "\xfe\x81\xe8\xa6\x36\x1c\x81\x6d\x70\x7a\x7d\x03\x55\x5a\x0b\xae\xc0\x7a" "\x6c\x89\x20\x2d\xe5\xf5\x73\xb7\x24\xd2\x70\x7a\x31\x61\xed\x2e\x6f\xcd" "\xd7\xb3\x4e\xc7\x5f\x22\x32\x73\x44\x7e\x5e\xba\xeb\x3f\x26\xd5\xaa\x48" "\x24\x6f\xdf\x70\x82\xab\xef\x63\x19\xb3\x25\xba\xa5\x74\x92\xb9\x34\x2b" "\xfa\xe2\xee\x47\x56\x74\xc3\x07\x37\xe7\x15\x76\x63\x65\x51\x7d\x7c\xfe" "\x4c\xd0\x22\xe8\x92\x8c\xc7\x6d\x7f\x7d\x55\x2b\x75\xd4\x44\xfe\xa3\x0a" "\xdf\xfe\x70\x36\x44\xba\x68\xc5\x97\xfa\x00\xdd\xd3\x72\xe5\x34\x28\x96" "\x3e\x44\xe2\x2e\x8d\xca\xe4\x88\x38\xa3\x1b\xeb\x08\xca\x7c\x10\x01\x9d" "\xf6\x1d\x1d\x39\xe3\x5d\x29\xc3\x41\xf9\x76\x1a\x0f\x8a\x76\xa2\xa7\x5c" "\x4d\x50\x17\x4d\x18\xcf\x84\x72\x6d\xf8\x59\xea\x58\xd9\xc8\x96\xe4\x0d" "\x25\xfb\x67\xb9\x41\x92\x55\x66\x6a\x3f\x08\x7d\x03\xa3\xfd\x3f\xe2\x18" "\x18\xe3\xb6\x4f\x7e\x34\x6f\x16\x1f\xdd\x7f\x1c\xc9\xfe\xa3\x18\x93\x9f" "\x09\x47\x4a\xc7\xde\x08\x3e\xad\x57\x9b\xcf\x2f\x1e\xec\xfc\xfc\xc1\x8f" "\x15\xaa\x24\xc3\x46\x16\x1a\xe0\x9d\x93\xae\xb8\xf0\xd3\xbe\x2d\x46\xc4" "\xdf\x5b\xcc\x92\x5e\x74\x50\x7d\x5f\x67\x78\x4e\x2d\x7c\x5a\x5e\x9c\x46" "\x23\xa4\x96\x40\x9f\xf4\x35\xe7\xcc\x87\x31\x92\x66\xe0\xd5\x8b\xcf\xb4" "\xd0\x82\x8f\x92\xd7\xca\x43\x35\xd5\x62\x58\x21\xae\x46\x42\xf7\x75\x80" "\xf8\x08\x45\x84\xae\x4e\x5f\x31\xb0\xd1\x23\x41\x15\x74\xe7\xa1\xb9\xb3" "\xe8\x07\x94\x61\xd5\x44\xe3\x93\x0a\xc3\x15\xf1\xbe\xa3\xd9\xf5\xb5\xa5" "\xfe\xa3\xc3\xec\x67\x31\x92\xaa\xde\xe1\x83\xac\x2f\x41\x40\xf7\x27\xa4" "\xb6\x21\x80\x98\x92\x21\xec\xe5\x5c\xfa\x73\x2c\xf1\x0c\x65\x3b\xc4\x54" "\x72\x9f\x3f\xd2\x5d\xd3\xd7\x5a\x2a\xe9\x5e\x6d\x55\x3c\x45\x9b\x60\xdc" "\x92\x67\x4b\x37\x9b\xd5\x6a\xdf\x8e\x5f\xde\x7b\x45\x7a\x13\x1f\x7f\x89" "\x17\x1d\xaf\x3c\x37\xfa\xd6\x96\x50\xc5\x7d\xc3\x5b\x32\x48\x6d\x70\x40" "\xde\xf7\x48\x5b\x1b\x1f\x55\xd7\x91\x6b\x9b\x62\x1d\x81\xf0\xdb\x01\x23" "\x5c\xad\xa3\x59\xd9\x83\xba\xd6\xad\x76\x35\xa4\x42\xa2\x94\xcc\xe3\x3e" "\xed\xb7\x65\x91\x49\x3d\x0f\xe8\x8a\x78\x27\xc1\x8d\xa9\xa5\xd9\x8d\xea" "\xb7\x68\x00\xb6\x5e\x25\x37\x5f\x19\x4e\xe1\x93\x61\x5a\x88\x9a\x28\x7a" "\x91\xf5\xe1\x87\x4e\x5c\xa3\xfc\x11\xc2\xe7\xcb\x0d\x8d\x0e\x6b\x34\x50" "\x11\x85\x4e\x20\x45\xb3\x61\x66\x13\x59\x3b\x31\x8d\xf6\x0e\x94\x6f\x30" "\x43\x50\x10\x39\x97\xfe\x58\x5c\x97\x51\xcb\x51\x4f\xd1\x8d\xd4\xe2\xd9" "\xb4\xf0\x49\x3e\xdc\x24\x03\xb9\x60\x73\x82\x5c\xd9\xf7\xe8\xe9\x16\xcb" "\x73\xd7\xd9\xb7\x26\xcb\x0f\x74\x54\x54\xc5\x44\x90\xb5\xf6\x4b\x56\xb3" "\x44\xc5\xd7\x19\x31\xbc\xc6\x3e\xe5\x67\xd6\x5e\x45\x13\x72\xa6\x49\x0f" "\x11\x37\x12\x6e\x1d\x41\xf0\xbc\x8c\x9e\x59\x9e\x5b\xef\x35\x4f\x6e\x25" "\xec\x9a\x5b\xdb\xf3\xf1\x12\xc3\x83\xda\x14\xcc\xc7\x4a\xe0\x3f\xd4\xc4" "\x5d\xf7\xc7\xb7\x1d\x9d\x8c\x48\x13\xfd\x2f\xd4\x32\x82\xdc\x35\xad\xc8" "\x47\x50\x40\xab\x1a\x70\xf2\x41\x4a\xfd\x98\xc2\x8a\xd8\x5d\x34\xc2\x69" "\x93\x43\x90\x4f\x04\xc4\xb2\x9a\x5f\x27\x14\xcc\xc4\xc9\x94\x7d\x1b\xda" "\xf9\x37\xae\x5d\x75\x9e\x86\x90\xf3\x9a\xd6\x35\x76\x7b\x61\x8d\xb7\x35" "\x96\x6a\xe8\xf3\xa8\xa3\x36\xac\xf6\x9f\x0a\xd5\x0c\x74\xe9\x24\xd0\x22" "\x97\xc8\xc6\x26\x5a\x80\x7c\x51\x07\x8c\xf8\x8c\x15\x1d\xde\xab\xe3\x89" "\x37\xb6\xad\xf9\x61\x77\xd0\x6e\xaf\xad\x01\xc0\xab\x2f\xe4\x78\xa7\xa0" "\x6a\xad\xec\xfe\xee\x3b\x72\xa6\x35\x6c\x92\xf5\xd0\x0c\xc7\x74\x46\x50" "\xfe\x8a\xb7\x7c\xc4\x56\x9e\x48\x56\x5e\xa6\xf6\x72\x54\x14\x43\x46\x8c" "\xc8\xdf\x47\x63\x2e\x8f\x55\x61\xfc\xfb\x75\x2a\xf0\xd4\x99\x99\x98\x6b" "\xdd\x21\x87\x0b\x8b\x19\x6e\xfa\x11\x00\xb5\x22\x03\x98\x07\xfd\xbb\x2f" "\xff\x31\xab\x10\x6b\x88\x6f\x17\x9f\xcd\xa2\x9b\x18\xa4\xa0\x5c\x47\x54" "\xbf\xa7\x30\xa3\x2d\x50\x68\x5e\x38\x20\x9c\x82\xad\xf9\x03\xdb\x54\x12" "\x9a\x7f\xf7\xde\xbe\x43\x00\x83\x21\xc5\x47\x5b\x52\x29\x21\xea\x82\x0d" "\x19\xb2\x5b\xc2\xfc\xb4\xfc\xa1\x37\x55\xba\xf8\x5b\x0c\xd4\x0d\xce\x8e" "\x8e\x33\xf6\x0d\xc8\xea\xf8\x33\x11\x74\xea\xcc\xb1\x18\xdc\xc6\xe3\xb1" "\x79\x90\x5c\x51\x13\x55\x9d\xd9\x14\xcb\x37\xff\xa2\x96\x66\x4e\xc5\xc4" "\x66\x54\x13\x71\x24\x14\xfc\x33\x06\xf3\x91\x87\xcb\xcb\xed\x45\x61\x26" "\x9f\x08\xc0\x56\x32\x21\x89\x67\xab\xec\xcb\xb7\xee\x48\xd4\xb5\x4d\xbf" "\x60\x8e\x8f\xc0\x54\x47\x60\xfd\xe0\x7c\x47\x57\x7c\x9d\x3d\x58\xac\x85" "\xfa\x3b\x01\x25\x28\xa4\xa1\xa0\xfb\x8f\x71\x87\x15\x10\xaa\xc5\x5a\x15" "\xa5\xb9\x1f\x88\x7c\x2b\xbd\xbc\xaa\x18\xdc\x20\xed\xdf\xb8\xf3\x8a\xff" "\x97\xfd\x78\xfb\x19\x88\x61\x0b\xbc\x63\x82\x37\x8f\xef\xa3\x73\x66\xa0" "\xf8\x01\x26\xab\x00\xec\x20\x06\xf8\x33\x15\x3a\x9c\x93\xad\xd7\xe6\x5e" "\x80\x56\x74\x53\x57\x6e\x24\xbb\x39\xfb\x3b\x8a\xe6\x2c\x92\xf1\x8b\xf7" "\xbe\xcf\xca\xf6\x6f\x68\x9f\xec\x73\xf6\x95\x39\x7a\x47\x17\xe4\x1f\x55" "\x5a\x5e\x2b\x11\xf4\x93\xdc\x79\x15\x7d\x83\xd4\x1e\xb4\x21\x67\xc5\xe5" "\x10\xa8\xba\xd3\x00\x6c\xd5\xba\x46\x76\xf3\xa7\x50\xe0\xd2\xbe\x33\x9b" "\xd9\xac\x6f\x32\xd0\xc2\x2f\x0d\x14\x8d\x58\x04\x9e\xfb\x4b\x9c\x68\xfe" "\x0f\x85\xc6\x79\x25\xde\x1f\xd6\xac\xe5\x8b\x4d\x20\x2e\xd0\x34\xc4\xfb" "\xd9\xdd\x03\xe3\x87\xbb\x51\x58\xa0\xef\x7e\x68\x27\x2e\x92\x88\x31\x0d" "\x82\xaa\xef\x5f\xf8\x32\xaf\x58\x69\x10\x7f\x5e\xda\x48\x36\xb4\x05\x83" "\x8f\xb5\x81\xf2\xf3\x6d\x10\x7f\x03\x31\x83\x74\x19\x7d\x21\x27\xa6\xe1" "\x36\x74\xe9\x22\xe2\xd4\x22\xfa\x6c\x69\xa7\x7f\xb1\x29\xae\xb6\x00\xf1" "\x53\xda\x08\x74\x8c\xbe\x95\x86\xca\x3c\x33\x8d\x45\x8e\xa7\xbc\x48\x58" "\xc9\x9e\xc6\x44\x38\x99\xe8\xb3\x7d\xff\xd4\xbd\xf9\x05\xca\xa6\x60\xae" "\x89\x0d\xb0\x05\xe1\x34\x54\x40\xf4\x51\x3a\xc5\xf3\xd5\x57\x9c\x3c\x2e" "\x91\x11\x90\x8b\x97\x4e\x30\x8f\x03\xc3\x99\x73\x98\x18\xa2\x78\xe3\x4b" "\x17\x9c\x4d\xef\xa1\x31\x81\x0d\x61\x0a\x2b\xc9\x55\xac\x03\x63\xba\x08" "\x57\x62\xb0\x88\xe2\x6d\xe0\x6d\x8c\x02\x66\x1c\x84\x73\x41\x94\x26\xf4" "\x69\x5b\x66\x6e\x7d\xcc\xb7\x1a\x98\x83\x65\x1b\x96\xff\xe7\x67\x45\x06" "\x1f\x92\xfc\x90\xca\xbe\x06\xc5\xa0\xa3\xee\x5c\xce\x82\x5e\xd5\x30\xe5" "\xbd\x63\x2e\x66\x06\x60\xc9\x72\xc0\xea\xfe\x8d\x03\xbc\x87\x98\x43\x01" "\x4d\x88\xfc\xd6\xa8\xe4\x5d\xc1\x97\xc9\xa7\xad\xf9\x35\x25\x25\x07\xd7" "\xb5\xd6\xf8\x20\x86\x7c\x9b\x28\x76\x26\xd4\x67\x15\x8b\x7e\xcc\x3e\x3c" "\xbd\x34\x13\x78\xab\xa6\x7f\xa0\x60\xf1\xb5\xe7\x43\x3e\x0f\x57\xd2\xc0" "\xd8\x99\x6c\xbb\xca\x8c\xe1\xa6\x2c\xb3\x34\xbd\x23\x1a\xdd\xd1\x26\xf5" "\xf8\x06\x07\xb0\x7a\xc8\x4d\x46\x97\x32\x6a\x85\x3f\x9c\x27\x74\x40\x1e" "\xdb\xa2\x83\x6d\xca\xa4\x1a\x3d\xe1\xf6\x07\x3a\xf8\x35\xb2\xa7\x36\x77" "\xa1\xf8\x25\x64\x4e\xf2\x40\x3e\xd7\x71\x4d\xae\xee\xad\x1e\xa1\xe0\xba" "\x12\xe6\x31\xdd\x69\xfe\x44\xda\x30\x4e\x02\x42\xc4\x3a\x11\x0d\x76\xee" "\xba\x5c\xe2\x8f\x00\x41\x8c\xad\xff\x42\x85\x56\x77\xd9\xcd\xb4\x2b\x8a" "\xbd\xc6\x95\x3d\xfe\x5c\x43\x86\x97\x05\x45\x51\x82\xfa\x02\x28\xd9\xf6" "\xbf\x43\x49\xf8\x19\x94\x46\x1d\xce\xbe\x66\x0d\x8f\x26\x05\x57\xd2\x2b" "\x08\x5c\xa8\x52\xf2\x21\x10\xf8\x7e\x8a\x32\xe6\x18\x0b\xd6\xa4\xfb\xbd" "\xbf\xe3\xb1\x13\x74\x42\x8e\x6b\xab\x70\x0e\x23\x83\xfd\x18\x0f\xfb\x00" "\xef\xa7\x11\xdc\xf5\x7e\xc8\x59\xae\xa9\x39\x06\x43\xe7\x5d\xf5\x2d\x5f" "\xc1\x51\xec\xb6\x97\x43\xa1\xa3\xf4\x77\x4a\xa7\x49\x7e\xe3\x78\x10\xde" "\x07\x68\xbc\x86\x83\x38\x61\x8e\x11\xf0\xb2\x22\xc1\x65\x7d\xc4\x2c\x94" "\x8e\xa6\xc3\x29\xcc\x8d\x5a\x01\xc4\xb3\x0d\x96\x7c\x2f\xc5\x40\x9c\x73" "\x60\x1b\xb5\xd2\xb2\x96\x4c\xc9\x5b\xa0\x07\x25\xd7\xc5\x8f\xfe\x11\x10" "\xc4\xa7\x7a\x1f\x10\x60\x63\x1b\x6d\xb4\x64\x5f\x4e\x0e\x6a\x92\x4d\xad" "\x93\x56\x03\x0c\x93\x5f\xb4\x19\xc4\x99\xe2\xff\x30\x79\x0b\x05\x16\x4d" "\x52\x5f\xf4\x87\x88\x0e\xba\xeb\xd3\xeb\x72\xa5\xf2\xe0\x18\xfc\x19\x39" "\x63\x88\xcf\x41\xe8\xa4\xcd\x76\x21\xd2\xc7\x08\x7f\xd0\x58\xde\x0c\x16" "\xd4\x90\x13\x7b\xf6\xb0\x3b\x44\x46\x7b\x8f\x36\xd2\x91\xf8\x45\x2c\x05" "\x7a\x87\x6e\xbe\x8e\x66\x04\x19\xbf\xad\xd4\xa5\x23\xbb\xcb\x61\xfc\xaf" "\x88\x4e\x84\x29\x30\x3c\xbc\xaf\x85\xf2\x3c\x97\xf7\x98\x2b\x8a\x6e\x8f" "\xe7\x6e\x7d\x8a\x80\x7c\x85\x5e\x23\xed\xda\x17\x16\x2f\xac\x56\x6a\x3d" "\xf1\xbb\xdf\x86\x5c\x7c\x0f\xec\x26\xda\x9f\xde\x39\xbc\xf3\xc9\x11\xb7" "\xd8\x50\xfd\xb4\x35\xeb\xd8\x68\x18\xe6\x07\xe8\x9e\xa0\x34\x13\x88\xaf" "\x5d\x2c\x90\xf2\x6a\xab\x4f\x8e\x96\x6a\xd1\x91\xf4\x50\xa3\x90\xd6\xfe" "\x26\xaf\x6d\x23\x5b\x18\x80\xec\xf0\xa5\x06\xaf\x7f\xa1\x09\xf9\x07\xc6" "\xe5\xf0\x4b\x93\x6b\x23\xa3\x08\xac\xa2\x22\x37\xe5\x1b\x7d\x27\xd4\xfa" "\x90\xe3\xaf\x27\x29\x28\x44\x63\x8d\x41\x68\x09\xba\x2d\x28\x78\xbf\x90" "\xff\xa2\x38\x00\xbe\xa3\x2e\x80\x18\xab\x9e\x8b\x86\xc4\x89\x05\x2c\x96" "\x5f\xdb\x83\x85\x92\x78\xad\x13\x1c\xea\xb3\xb1\xb5\xb2\xe7\x4b\xe5\x12" "\x76\xaa\x6e\x2b\x1f\xaa\xba\x8d\x95\xd9\x3f\xcb\x70\x98\xd6\x29\x9a\x91" "\x82\xb2\x76\xc8\x85\xc8\xef\x9d\x99\x39\xb8\x12\x27\x2f\xd9\x05\x59\xc3" "\xa3\x98\xd9\xc3\x7a\x84\x28\x2b\xe2\xdc\xce\xf3\x92\xa0\xa2\xec\x8b\x22" "\x6b\xee\xbd\x00\x43\x48\x38\x19\xcb\x19\x16\x6d\x70\x87\x3c\xd9\x42\x73" "\x0e\x7a\x4b\x11\xba\xd8\x44\xcd\x02\x2c\x8d\xff\xcc\xb0\x47\xa6\x29\x96" "\x06\x17\xed\x69\x44\x8b\x64\x29\x72\x6e\x57\xbc\x69\xde\x90\x1c\xfc\x7a" "\x7c\xae\xcd\xbe\xe0\xcb\x38\x6f\x29\xa4\x00\x03\xa8\xec\xfd\x48\x0d\x16" "\x54\xaf\x18\x22\x09\xe1\xc8\x20\xb6\x21\xf9\x9d\xc9\x59\x3b\x1c\x4b\xf4" "\x0a\x9d\x65\xd7\x92\x83\x0b\xac\xc5\xa6\x1c\x44\x70\xc5\xaf\x34\xdd\x32" "\x70\xcb\x36\xf4\x31\xd5\x43\xec\xa5\x52\xb6\x6f\x61\x91\xd5\x3e\x49\xbd" "\x25\x1c\x1c\xf5\x6e\xd3\x30\xea\x3e\x85\x43\xc2\xd1\x0f\x0c\x27\xf4\xfc" "\x1b\x17\xbf\x64\x7b\x7d\x7a\x84\x2f\x79\xac\xa7\x5f\xe2\x1a\x96\x2f\xf1" "\x6a\x63\x66\x3c\x54\xbd\x4a\xac\x26\x5c\x72\x88\x42\x57\xb0\xcb\x09\x1e" "\xf6\x88\xe9\xae\x4c\x71\x07\x02\x8a\x8c\x75\x46\x0b\x60\xdd\x72\x7a\x20" "\x49\xcd\x39\x54\x52\xcd\x2c\xdb\xf7\x91\x8b\x2d\xc8\xba\x19\x72\x38\x6b" "\x84\x46\xa1\x87\x9b\x21\x4d\xe0\x10\x37\x51\xc1\x6e\xcd\x72\x34\xc1\xa3" "\xb6\xf5\x92\x46\x65\x83\x5f\x01\xf8\xb4\xde\x35\xac\x18\x2d\xdc\x01\x8b" "\x9c\xa6\x8d\xfe\x39\xe0\xe9\x51\x4a\xb7\x2a\xf4\xed\x92\x9b\x0d\xbf\xb2" "\x4c\xef\x3e\xd8\xa2\x21\x5f\x92\x57\xa2\xac\x18\xc7\xaa\xc4\x74\x94\xd0" "\x39\xf7\x8c\xd3\x13\x2d\x11\xeb\x52\x50\xd3\x19\x79\xe0\x5f\xc0\x38\xd0" "\xb5\xe3\x81\xd9\x02\x5f\x0f\x37\x6c\x7c\x25\x8b\xa7\xba\x45\x39\x1f\x78" "\xc1\xca\xf0\x9e\x81\x95\xc6\x5f\x9c\x90\x4d\x36\xbb\xd4\x93\xbc\x68\xf4" "\xf8\x49\x5a\x9b\x2a\xa8\x58\xdb\x73\xc0\x66\xe3\x26\x74\x25\x37\x18\xca" "\x82\x50\x0d\xca\x4b\x3a\x7c\xb6\x3f\xd6\x0e\xc1\x56\xa5\x92\xf5\xee\xdf" "\x70\x99\xe2\xf6\xbd\x72\x8b\x28\x6d\x6f\x76\x13\xe2\x9d\xde\xdf\x1b\x56" "\xba\xce\x1b\x49\x0a\xf7\x0d\x85\x03\xdd\x40\xa9\xc2\x35\x7e\xb0\x95\x68" "\xa4\x04\xe8\x42\xf2\x5e\x42\xb5\x39\x6e\x4d\x40\x31\x85\xf8\x5d\x96\x4f" "\x82\x08\x5a\x82\x49\x6d\x25\xf3\x5d\x7f\xc0\xae\x0c\xd0\xb4\xd2\x4a\x1a" "\x76\x59\xad\x8d\xf3\xbb\x3f\x41\xc2\xaa\x93\x61\x8b\x9c\xf6\x78\x84\x38" "\x8a\xfa\x0c\x39\x72\x40\x04\xd2\x6f\x36\xd4\xff\x57\x71\x1e\x14\x4e\x84" "\x95\xdb\x73\x30\xe9\xc4\xbf\x80\x3d\xca\x08\xe5\x32\xe1\xa5\x1d\xf5\x9b" "\x5d\x05\x07\x43\x36\xfb\x50\x1f\xb1\x88\x7a\xb7\x45\xde\xd8\xe5\x19\xec" "\x80\x30\x0b\xb5\x52\x2c\x8a\xbf\xa5\x72\x57\x76\x4e\x8a\xd0\x70\x17\x2d" "\x86\x6d\xc6\x69\xd9\xf1\x89\x58\xd3\x46\xde\x3c\xb5\x22\xc3\x35\xd5\xe4" "\x1e\x4e\x5d\xce\xd0\xcc\x9f\x84\xc5\xe8\x14\xed\xe2\x56\xcb\xef\xa9\xe5" "\x89\x27\x6d\x4e\x1d\x39\xeb\x29\x8e\xe8\x3c\xc6\x40\xc8\x24\x81\x7e\xbf" "\xbd\x48\xa4\xa4\xa6\xbf\x91\x14\x35\x69\x4b\x28\xb3\xb8\x24\x78\xd4\xd7" "\x05\xa0\x0e\xc4\x62\x71\x08\x9b\x2f\x94\xb5\xb5\x34\x75\x5d\x72\x86\xdf" "\x10\x5c\x98\x85\x7d\x9b\xca\x17\xea\xc4\x5d\x68\x6c\x14\xd8\x43\x0e\xd7" "\x80\x52\x08\xe2\x07\x39\xb3\x27\x50\x1b\x45\x6a\xea\xf3\xc2\xb0\x5c\xbe" "\xaa\x53\xc5\xe4\x73\x1c\x4c\xb3\xe4\x0b\xcd\x10\xf3\x94\x58\xdb\x57\x87" "\x92\x5e\x88\x5a\x25\xe2\xe0\xbb\xb8\x7e\xd1\x85\x62\x57\xdd\x96\x5c\x8a" "\xe1\xa1\xfc\x48\xae\x76\xc7\xba\x32\xd4\x27\x3b\xb1\x31\x7a\x42\xc5\xe6" "\xa8\x8e\x07\x1c\xac\x64\xfc\x55\x4c\x14\x7f\x0b\x68\xb9\x7e\xa8\x92\x64" "\x4c\xb4\x23\xc8\x7f\x50\xfc\x43\x4f\x10\xf9\x63\x32\xf0\x17\x17\xd5\x99" "\x92\xc9\x09\xc4\x55\x20\xd7\x49\xa6\xd9\x16\x6d\xbc\x72\x48\x98\x1e\xf9" "\xdb\x3f\x48\x83\x62\x79\xcc\x79\x52\x01\xeb\xba\xa7\x70\x40\x2f\x8c\x24" "\x56\x20\xee\x0b\xbd\x81\xfb\x5d\x8d\x67\x31\x20\x92\xa0\x44\x87\xdf\x23" "\x3e\x44\x09\x7e\xfe\x51\x96\xa2\xac\xa3\xca\x0c\xb2\x62\x83\x56\xaa\x5e" "\x57\x22\xc5\x2f\x85\xae\x8f\x3f\x9a\x11\xb8\x87\x8b\xca\xe2\x75\x9d\x31" "\x73\x08\xe6\x81\xdc\x4b\x84\xca\x52\x18\x06\x90\x74\xd9\x6c\xce\xc7\x5d" "\x62\x67\x11\x08\x00\xce\x98\x94\x51\x2d\x22\xf5\x1b\x97\x17\xf1\x91\xc7" "\x9a\x33\x69\x5c\x43\xba\xdd\x29\x1b\xcd\x0f\xc4\x64\xee\xac\xc0\x48\x71" "\x9f\x98\xca\x63\xac\x6c\x9e\xf6\x7b\x29\xd8\x22\x94\x12\x4c\xee\xee\xdb" "\xa2\x1d\x0e\xed\xcf\x2e\x6e\xaf\xf4\xf8\x60\x70\x94\x06\x34\xdb\x91\x43" "\x45\x22\x1d\x46\xe3\x13\x1a\x2e\xf0\xe0\x70\x4c\xff\xc6\x5a\x4e\x2f\x82" "\x83\xaf\x63\x05\x1f\xef\x3d\x4c\x57\x05\xf3\xd0\x48\x54\xd6\x70\x22\x29" "\xd0\xd9\x41\x20\x77\x0a\x0a\x04\x1b\x59\xaf\x21\xb4\x97\xd4\x94\x28\x38" "\xb5\x50\x0f\x16\xfd\x7d\x2f\x8e\x02\xda\x34\x68\x6a\x3a\xda\x84\x02\x89" "\x9f\x9f\xe9\x50\x92\x63\x71\x42\x86\x7a\xf4\xe5\x78\x9d\x68\x1b\x32\x09" "\x75\x18\x4e\xcb\x38\x56\x04\x86\xa5\xd0\xa6\x3c\x29\x99\x75\x16\xf5\x92" "\x05\x43\xec\x39\xbe\x09\x31\x6e\x4a\x80\x4b\x9d\x1c\x62\x14\x54\xfd\x33" "\xea\xcb\x65\x19\xcb\x81\x6c\x48\x1d\xf1\xd6\x11\xa0\xbc\x1a\x9f\xda\xb7" "\xc8\xe3\xf5\xae\x7a\xde\x7e\x55\xc3\xb4\xb6\xfb\x28\x5f\xe8\x25\x92\x6c" "\x1a\x69\xde\x95\xed\xcd\x14\xb7\x90\x34\x5d\x8f\xad\x15\x8c\x92\x0e\x18" "\x70\xee\x51\x24\x90\x60\x39\x21\x29\x5c\xaf\x6b\x04\x86\xc1\x80\x8e\xbe" "\xfa\x51\x1d\x07\xd9\x69\x7e\x4e\x59\x69\x05\x69\x5b\xa9\x62\xe1\x01\xf0" "\xe3\x1b\x1f\x6e\x7a\x47\x99\xf8\xdd\xa0\x5f\xf0\xb1\x2d\x12\xc1\xbc\x7d" "\x8c\xe7\xf5\x65\x80\xde\x50\x8e\xc2\x69\xe5\x24\x0e\x62\x49\x02\x60\x69" "\x27\xd9\x04\x30\x06\x4b\xb3\x0f\xf7\x93\x31\x72\xb8\x1e\xb8\x38\xaa\xdb" "\x9a\x23\x58\x7a\x8c\x69\x6f\x96\xcc\x3f\xa7\xc5\xb8\x75\xed\x0e\x8a\xbc" "\xbf\x38\x1d\xb3\x44\x19\xba\x53\x64\x9b\xbf\xde\xe5\x04\x2d\xe1\xd9\x53" "\x0b\xec\x40\xbb\x9e\x9e\x89\xe4\x1f\xe2\x47\x2a\x31\x30\x73\xbc\x7a\xdc" "\xcd\xdb\x5f\x05\x6c\x54\x81\xe8\x70\xf1\x3e\x5e\x99\xdf\xbb\x30\x1e\x4d" "\xa0\x4f\x3c\x84\xab\xb6\x61\x85\xf8\xc9\x1e\xdd\x02\x86\x43\x01\xf8\x8d" "\xfe\x13\xc5\x2e\x97\x20\x51\x9b\xae\xe2\x1d\x02\x5b\x88\xdd\x25\xe1\x23" "\x8d\xbc\x4c\x38\x18\x14\x74\x70\x3a\xab\xb1\x0f\x66\xf4\x2b\x23\x7e\xc0" "\xb9\xfa\x88\x37\xe0\xe4\x24\x33\x3a\xea\xf0\xaf\x56\x23\xc6\xc3\x84\x9a" "\xf0\xd7\xfb\x17\xf3\xef\x12\xac\xce\x95\x6c\x99\x4e\x48\xc5\x31\x24\x3e" "\x46\x6a\xb6\xc0\x43\xf5\x02\xa9\x40\x5c\x50\xae\x2e\x39\xce\xf5\x98\xef" "\x0c\xda\x91\xc3\xef\x3d\xdf\x37\xd1\x79\x50\xb5\x80\x06\x8b\xf3\x92\x7e" "\x01\x8a\x1c\x88\xb9\x4e\x27\x6b\x09\xc2\xd5\x38\x8c\x43\xae\x64\x27\x60" "\x33\x97\x93\x90\xbe\xea\x7b\x2c\xaa\x1c\x4e\x88\xff\xb7\x13\x77\x5d\x98" "\x70\x4c\xbc\x27\xf9\xad\xec\x0c\xa9\x32\x03\x60\x9b\x58\x2c\xf5\xe3\x25" "\x4d\xe5\x34\x79\xf2\x0b\xc1\x7a\x24\x20\xde\xbe\xf1\x93\xda\xc9\x26\xb8" "\x07\x43\x6f\xec\x50\x7a\x6f\xa7\x01\x86\x88\x5d\x06\x42\xf9\x22\xd1\x31" "\xc8\x68\xe6\xda\x06\x2c\x77\xa8\x07\x66\x14\xac\x0c\x5e\x76\xb0\x67\xda" "\x4d\x78\x4a\x87\x16\x18\xdd\x33\xb0\xd5\xd2\x0d\xbe\xe9\x48\x3f\x1d\x43" "\xeb\xe9\x8c\xc1\xd3\xbf\x76\x01\x5b\xb5\xc3\x02\x35\x83\x81\xb7\x26\x9f" "\x43\x39\x7c\x91\x30\xac\xd1\xab\x7c\xbb\xd3\x28\x4c\xa2\x8c\x66\x8b\x62" "\xf0\x36\xda\x55\x19\xb9\xfe\xe0\x75\x28\x0b\xd0\x0b\xee\xdc\x9c\xa9\x55" "\x30\xeb\x28\xa8\x16\xfb\x59\xcc\xac\x49\x04\x62\xe4\x66\x60\x75\x0a\x29" "\xa0\xae\x4e\xbb\xd5\xbc\x9f\x4b\x1f\xff\xb7\x3d\x73\x90\x4f\x3f\x73\x58" "\x27\xf6\xdd\x76\x52\xef\xfd\x6b\x8d\x7a\xc8\x01\x9f\xe2\xb2\x9d\x14\xfd" "\x87\x29\xc4\xeb\x3a\x5c\xfd\x6d\x8f\x77\xc0\x35\xef\x55\xf2\x1b\x72\x8c" "\xfe\xca\x5d\x56\x5b\xdd\x60\x0b\x9f\xf3\x8c\xcf\xad\x3a\x81\xe6\x1f\x56" "\x75\xff\xc6\x1e\x7c\xf3\x99\x59\x0b\x42\x0b\xe4\x79\x9d\x1b\x81\xf2\x28" "\x42\xa5\xb6\xf7\x4c\x49\x8b\xe6\x4a\x64\x52\x3c\x89\x69\xf2\xde\x4c\x00" "\x45\x71\x50\x00\x81\x1a\xb6\xa6\xc3\x79\x9f\xb8\x4b\x74\x4e\xec\x7d\xbd" "\x56\x1d\x46\x77\x41\xe3\xe5\xf7\x91\x82\xfa\xb3\xdf\xd9\x10\x0e\x9b\xb3" "\x33\xa5\x06\x60\xac\x74\x56\xac\x23\xd1\x89\x02\x77\x6b\x78\x26\xb0\x73" "\x69\x6a\x29\xa5\x08\x46\xcb\xb8\x5a\x8a\x6a\xc4\xe3\xa1\x94\x01\xc4\xf7" "\x8f\xb7\x69\x0f\xe2\x2f\xab\x25\x7a\x27\x35\x11\x3f\xfa\xe6\xc3\x1a\x4e" "\x8b\xd1\x53\xe2\x7d\xbd\x34\x8b\xde\x2e\x39\x06\x91\x5d\x25\x8d\xfd\x0d" "\x20\x95\x36\x10\x78\x24\x56\xe8\x21\xbf\xb9\x07\x78\x92\x61\x69\x55\xd0" "\x80\x46\xb5\x54\xd1\x99\x33\xfe\xbd\x2b\xc1\x4f\x7b\x17\xbd\x4c\xa9\x7a" "\x3a\x32\x3a\x4f\xce\x70\xd3\x47\x2c\xcd\x89\x27\x26\xd1\x3e\x43\x6c\xcd" "\xca\x8b\x11\x11\xa0\x8d\x19\x6f\x9c\x5b\x7b\x3d\x4c\x57\x8c\xb0\x15\xfa" "\xf6\xd4\xdd\x1f\xc0\xfb\x53\x55\x76\x40\x6d\x85\x08\xc6\x14\x64\x10\x49" "\xbd\x66\x99\x35\x0b\xe2\xed\x95\xe5\xda\x92\x70\x9b\x4d\xf2\x3b\x8e\x0b" "\x2f\xe7\xfc\x39\x76\x0f\x65\xc2\xd1\x8c\x2e\x1e\xb4\x45\xca\x36\x72\x61" "\xca\x43\x8a\xb0\xea\xb7\xce\xd2\x16\x60", 4096); *(uint64_t*)0x200004e0 = 0x1000; *(uint64_t*)0x200004e8 = 8; *(uint64_t*)0x200004f0 = 0; *(uint32_t*)0x200004f8 = 3; *(uint32_t*)0x200004fc = -1; *(uint64_t*)0x20001e90 = 0; *(uint64_t*)0x20001e98 = 0; *(uint64_t*)0x20001ea0 = 0; *(uint64_t*)0x20001ea8 = 0; *(uint64_t*)0x20001eb0 = 0; *(uint64_t*)0x20001eb8 = 0; *(uint64_t*)0x20001ec0 = 0; syscall(__NR_io_submit, 0ul, 9ul, 0x20001e80ul); memcpy((void*)0x20000140, "cpuacct.stat\000", 13); syscall(__NR_openat, -1, 0x20000140ul, 0ul, 0ul); memcpy((void*)0x200000c0, "/dev/kvm\000", 9); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x200000c0ul, 0ul, 0ul); if (res != -1) r[0] = res; res = syscall(__NR_ioctl, r[0], 0xae01, 0ul); if (res != -1) r[1] = res; res = syscall(__NR_ioctl, r[1], 0xae41, 0ul); if (res != -1) r[2] = res; *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 0; *(uint64_t*)0x20000108 = 0; *(uint64_t*)0x20000110 = 0x2000; *(uint64_t*)0x20000118 = 0x20000000; syscall(__NR_ioctl, r[1], 0x4020ae46, 0x20000100ul); *(uint64_t*)0x20000200 = 0; *(uint64_t*)0x20000208 = 0; *(uint64_t*)0x20000210 = 0; *(uint64_t*)0x20000218 = 0; *(uint64_t*)0x20000220 = 0; *(uint64_t*)0x20000228 = 8; *(uint64_t*)0x20000230 = 0xfb; *(uint64_t*)0x20000238 = 0; *(uint64_t*)0x20000240 = 0; *(uint64_t*)0x20000248 = 0x20; *(uint64_t*)0x20000250 = 0; *(uint64_t*)0x20000258 = 0; *(uint64_t*)0x20000260 = 0; *(uint64_t*)0x20000268 = 0; *(uint64_t*)0x20000270 = 0; *(uint64_t*)0x20000278 = 0; *(uint64_t*)0x20000280 = 0; *(uint64_t*)0x20000288 = 0; syscall(__NR_ioctl, r[2], 0x4090ae82, 0x20000200ul); res = syscall(__NR_socketpair, 1ul, 5ul, 0, 0x200002c0ul); if (res != -1) { r[3] = *(uint32_t*)0x200002c0; r[4] = *(uint32_t*)0x200002c4; } *(uint64_t*)0x20000080 = 0; *(uint32_t*)0x20000088 = 0; *(uint64_t*)0x20000090 = 0x200001c0; *(uint64_t*)0x200001c0 = 0x20000000; *(uint32_t*)0x20000000 = r[4]; *(uint8_t*)0x20000004 = r[3]; *(uint64_t*)0x200001c8 = 0; *(uint64_t*)0x20000098 = 1; *(uint64_t*)0x200000a0 = 0; *(uint64_t*)0x200000a8 = 0; *(uint32_t*)0x200000b0 = 0; syscall(__NR_sendmsg, -1, 0x20000080ul, 0ul); syscall(__NR_ioctl, r[2], 0xae80, 0ul); { int i; for (i = 0; i < 64; i++) { syscall(__NR_ioctl, r[2], 0xae80, 0ul); } } return 0; }