// https://syzkaller.appspot.com/bug?id=5735d842f7ea3ed9220aca64952ac4aba7ba741c // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include #include #include #include #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } #define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1) #define BITMASK_LEN_OFF(type, bf_off, bf_len) \ (type)(BITMASK_LEN(type, (bf_len)) << (bf_off)) #define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \ if ((bf_off) == 0 && (bf_len) == 0) { \ *(type*)(addr) = (type)(val); \ } else { \ type new_val = *(type*)(addr); \ new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \ new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \ *(type*)(addr) = new_val; \ } static void use_temporary_dir() { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv; rv = vsnprintf(str, size, format, args); if (rv < 0) fail("tun: snprintf failed"); if ((size_t)rv >= size) fail("tun: string '%s...' doesn't fit into buffer", str); } #define COMMAND_MAX_LEN 128 #define PATH_PREFIX \ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin " #define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1) static void execute_command(bool panic, const char* format, ...) { va_list args; char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN]; int rv; va_start(args, format); memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN); vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args); va_end(args); rv = system(command); if (rv) { if (panic) fail("command '%s' failed: %d", &command[0], rv); } } static int tunfd = -1; static int tun_frags_enabled; #define SYZ_TUN_MAX_PACKET_SIZE 1000 #define TUN_IFACE "syz_tun" #define LOCAL_MAC "aa:aa:aa:aa:aa:aa" #define REMOTE_MAC "aa:aa:aa:aa:aa:bb" #define LOCAL_IPV4 "172.20.20.170" #define REMOTE_IPV4 "172.20.20.187" #define LOCAL_IPV6 "fe80::aa" #define REMOTE_IPV6 "fe80::bb" #define IFF_NAPI 0x0010 #define IFF_NAPI_FRAGS 0x0020 static void initialize_tun(void) { tunfd = open("/dev/net/tun", O_RDWR | O_NONBLOCK); if (tunfd == -1) { printf("tun: can't open /dev/net/tun: please enable CONFIG_TUN=y\n"); printf("otherwise fuzzing or reproducing might not work as intended\n"); return; } const int kTunFd = 252; if (dup2(tunfd, kTunFd) < 0) fail("dup2(tunfd, kTunFd) failed"); close(tunfd); tunfd = kTunFd; struct ifreq ifr; memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, TUN_IFACE, IFNAMSIZ); ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_NAPI | IFF_NAPI_FRAGS; if (ioctl(tunfd, TUNSETIFF, (void*)&ifr) < 0) { ifr.ifr_flags = IFF_TAP | IFF_NO_PI; if (ioctl(tunfd, TUNSETIFF, (void*)&ifr) < 0) fail("tun: ioctl(TUNSETIFF) failed"); } if (ioctl(tunfd, TUNGETIFF, (void*)&ifr) < 0) fail("tun: ioctl(TUNGETIFF) failed"); tun_frags_enabled = (ifr.ifr_flags & IFF_NAPI_FRAGS) != 0; execute_command(1, "sysctl -w net.ipv6.conf.%s.accept_dad=0", TUN_IFACE); execute_command(1, "sysctl -w net.ipv6.conf.%s.router_solicitations=0", TUN_IFACE); execute_command(1, "ip link set dev %s address %s", TUN_IFACE, LOCAL_MAC); execute_command(1, "ip addr add %s/24 dev %s", LOCAL_IPV4, TUN_IFACE); execute_command(1, "ip -6 addr add %s/120 dev %s", LOCAL_IPV6, TUN_IFACE); execute_command(1, "ip neigh add %s lladdr %s dev %s nud permanent", REMOTE_IPV4, REMOTE_MAC, TUN_IFACE); execute_command(1, "ip -6 neigh add %s lladdr %s dev %s nud permanent", REMOTE_IPV6, REMOTE_MAC, TUN_IFACE); execute_command(1, "ip link set dev %s up", TUN_IFACE); } #define DEV_IPV4 "172.20.20.%d" #define DEV_IPV6 "fe80::%02hx" #define DEV_MAC "aa:aa:aa:aa:aa:%02hx" static void snprintf_check(char* str, size_t size, const char* format, ...) { va_list args; va_start(args, format); vsnprintf_check(str, size, format, args); va_end(args); } static void initialize_netdevices(void) { unsigned i; const char* devtypes[] = {"ip6gretap", "bridge", "vcan", "bond", "team"}; const char* devnames[] = {"lo", "sit0", "bridge0", "vcan0", "tunl0", "gre0", "gretap0", "ip_vti0", "ip6_vti0", "ip6tnl0", "ip6gre0", "ip6gretap0", "erspan0", "bond0", "veth0", "veth1", "team0", "veth0_to_bridge", "veth1_to_bridge", "veth0_to_bond", "veth1_to_bond", "veth0_to_team", "veth1_to_team"}; const char* devmasters[] = {"bridge", "bond", "team"}; for (i = 0; i < sizeof(devtypes) / (sizeof(devtypes[0])); i++) execute_command(0, "ip link add dev %s0 type %s", devtypes[i], devtypes[i]); execute_command(0, "ip link add type veth"); for (i = 0; i < sizeof(devmasters) / (sizeof(devmasters[0])); i++) { execute_command( 0, "ip link add name %s_slave_0 type veth peer name veth0_to_%s", devmasters[i], devmasters[i]); execute_command( 0, "ip link add name %s_slave_1 type veth peer name veth1_to_%s", devmasters[i], devmasters[i]); execute_command(0, "ip link set %s_slave_0 master %s0", devmasters[i], devmasters[i]); execute_command(0, "ip link set %s_slave_1 master %s0", devmasters[i], devmasters[i]); execute_command(0, "ip link set veth0_to_%s up", devmasters[i]); execute_command(0, "ip link set veth1_to_%s up", devmasters[i]); } execute_command(0, "ip link set bridge_slave_0 up"); execute_command(0, "ip link set bridge_slave_1 up"); for (i = 0; i < sizeof(devnames) / (sizeof(devnames[0])); i++) { char addr[32]; snprintf_check(addr, sizeof(addr), DEV_IPV4, i + 10); execute_command(0, "ip -4 addr add %s/24 dev %s", addr, devnames[i]); snprintf_check(addr, sizeof(addr), DEV_IPV6, i + 10); execute_command(0, "ip -6 addr add %s/120 dev %s", addr, devnames[i]); snprintf_check(addr, sizeof(addr), DEV_MAC, i + 10); execute_command(0, "ip link set dev %s address %s", devnames[i], addr); execute_command(0, "ip link set dev %s up", devnames[i]); } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 160 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } } static int real_uid; static int real_gid; __attribute__((aligned(64 << 10))) static char sandbox_stack[1 << 20]; static int namespace_sandbox_proc(void* arg) { sandbox_common(); write_file("/proc/self/setgroups", "deny"); if (!write_file("/proc/self/uid_map", "0 %d 1\n", real_uid)) fail("write of /proc/self/uid_map failed"); if (!write_file("/proc/self/gid_map", "0 %d 1\n", real_gid)) fail("write of /proc/self/gid_map failed"); if (unshare(CLONE_NEWNET)) fail("unshare(CLONE_NEWNET)"); initialize_tun(); initialize_netdevices(); if (mkdir("./syz-tmp", 0777)) fail("mkdir(syz-tmp) failed"); if (mount("", "./syz-tmp", "tmpfs", 0, NULL)) fail("mount(tmpfs) failed"); if (mkdir("./syz-tmp/newroot", 0777)) fail("mkdir failed"); if (mkdir("./syz-tmp/newroot/dev", 0700)) fail("mkdir failed"); unsigned mount_flags = MS_BIND | MS_REC | MS_PRIVATE; if (mount("/dev", "./syz-tmp/newroot/dev", NULL, mount_flags, NULL)) fail("mount(dev) failed"); if (mkdir("./syz-tmp/newroot/proc", 0700)) fail("mkdir failed"); if (mount(NULL, "./syz-tmp/newroot/proc", "proc", 0, NULL)) fail("mount(proc) failed"); if (mkdir("./syz-tmp/newroot/selinux", 0700)) fail("mkdir failed"); const char* selinux_path = "./syz-tmp/newroot/selinux"; if (mount("/selinux", selinux_path, NULL, mount_flags, NULL)) { if (errno != ENOENT) fail("mount(/selinux) failed"); if (mount("/sys/fs/selinux", selinux_path, NULL, mount_flags, NULL) && errno != ENOENT) fail("mount(/sys/fs/selinux) failed"); } if (mkdir("./syz-tmp/newroot/sys", 0700)) fail("mkdir failed"); if (mount(NULL, "./syz-tmp/newroot/sys", "sysfs", 0, NULL)) fail("mount(sysfs) failed"); if (mkdir("./syz-tmp/pivot", 0777)) fail("mkdir failed"); if (syscall(SYS_pivot_root, "./syz-tmp", "./syz-tmp/pivot")) { if (chdir("./syz-tmp")) fail("chdir failed"); } else { if (chdir("/")) fail("chdir failed"); if (umount2("./pivot", MNT_DETACH)) fail("umount failed"); } if (chroot("./newroot")) fail("chroot failed"); if (chdir("/")) fail("chdir failed"); struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) fail("capget failed"); cap_data[0].effective &= ~(1 << CAP_SYS_PTRACE); cap_data[0].permitted &= ~(1 << CAP_SYS_PTRACE); cap_data[0].inheritable &= ~(1 << CAP_SYS_PTRACE); if (syscall(SYS_capset, &cap_hdr, &cap_data)) fail("capset failed"); loop(); doexit(1); } static int do_sandbox_namespace(void) { int pid; real_uid = getuid(); real_gid = getgid(); mprotect(sandbox_stack, 4096, PROT_NONE); pid = clone(namespace_sandbox_proc, &sandbox_stack[sizeof(sandbox_stack) - 64], CLONE_NEWUSER | CLONE_NEWPID, 0); if (pid < 0) fail("sandbox clone failed"); return pid; } static void execute_one(); extern unsigned long long procid; void loop() { while (1) { execute_one(); } } #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif uint64_t r[3] = {0x0, 0x0, 0xffffffffffffffff}; unsigned long long procid; void execute_one() { long res = 0; *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 0x70; *(uint8_t*)0x20000088 = 0; *(uint8_t*)0x20000089 = 0; *(uint8_t*)0x2000008a = 0; *(uint8_t*)0x2000008b = 0; *(uint32_t*)0x2000008c = 0; *(uint64_t*)0x20000090 = 0x7fff; *(uint64_t*)0x20000098 = 0; *(uint64_t*)0x200000a0 = 0; STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 0, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 1, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 2, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 3, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 4, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 5, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 6, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 7, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 8, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 9, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 10, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 11, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 12, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 13, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 14, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 15, 2); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 17, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 18, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 19, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 20, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 21, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 22, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 23, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 24, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 25, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 26, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 27, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 28, 1); STORE_BY_BITMASK(uint64_t, 0x200000a8, 0, 29, 35); *(uint32_t*)0x200000b0 = 0; *(uint32_t*)0x200000b4 = 0; *(uint64_t*)0x200000b8 = 0x20000000; *(uint64_t*)0x200000c0 = 0; *(uint64_t*)0x200000c8 = 0; *(uint64_t*)0x200000d0 = 0; *(uint32_t*)0x200000d8 = 0; *(uint32_t*)0x200000dc = 0; *(uint64_t*)0x200000e0 = 0; *(uint32_t*)0x200000e8 = 0; *(uint16_t*)0x200000ec = 0; *(uint16_t*)0x200000ee = 0; syscall(__NR_perf_event_open, 0x20000080, 0, -1, -1, 0); syscall(__NR_mlockall, 1); *(uint32_t*)0x20000540 = 0; *(uint16_t*)0x20000544 = 0x4b; *(uint32_t*)0x20000580 = 8; res = syscall(__NR_getsockopt, -1, 0x84, 0x18, 0x20000540, 0x20000580); if (res != -1) r[0] = *(uint32_t*)0x20000540; *(uint32_t*)0x200005c0 = 0; *(uint32_t*)0x200005c4 = -1; *(uint32_t*)0x20000600 = 8; res = syscall(__NR_getsockopt, -1, 0x84, 0x75, 0x200005c0, 0x20000600); if (res != -1) r[1] = *(uint32_t*)0x200005c0; *(uint32_t*)0x20001940 = 0; *(uint16_t*)0x20001944 = 0xa; *(uint16_t*)0x20001946 = htobe16(0x4e24); *(uint32_t*)0x20001948 = 0; *(uint64_t*)0x2000194c = htobe64(0); *(uint64_t*)0x20001954 = htobe64(1); *(uint32_t*)0x2000195c = 0x80; *(uint32_t*)0x200019c4 = 7; *(uint32_t*)0x200019c8 = 7; *(uint32_t*)0x200019cc = 0x74a; *(uint32_t*)0x200019d0 = 2; *(uint32_t*)0x200019d4 = 6; *(uint32_t*)0x20001a00 = 0x98; res = syscall(__NR_getsockopt, -1, 0x84, 0xf, 0x20001940, 0x20001a00); if (res != -1) r[2] = *(uint32_t*)0x20001940; *(uint32_t*)0x20002840 = 0; memcpy( (void*)0x20002844, "\xea\x40\x00\x00\x45\x9f\x0a\x6c\x2b\x0a\xc2\xf2\x5d\x3b\x87\x55\x75\x60" "\x41\x87\x01\x7d\xb4\x74\x01\x61\xb3\x04\x8a\x58\xe2\x83\x74\x2d\xe5\x7f" "\x41\x35\x4b\x14\xfe\xf6\x9f\xd4\xa7\xd5\x29\xa1\x6b\x62\x46\x44\xf0\x39" "\x07\xf7\x91\xea\x89\xb3\xdc\x31\xb4\xb1\x42\x1d\x31\x60\x0c\xd7\x84\x65" "\xa2\xfe\xc2\xeb\x80\x00\x49\x6f\x6c\xe1\xbb\xdb\xac\xad\x2b\x72\xb1\x86" "\xc7\xd2\xdc\x48\xef\x90\x1d\x40\x6d\x58\x20\x64\x50\xd2\x37\x02\xa3\x97" "\xd3\xd6\xe0\xbd\x08\x36\xac\xfd\x23\x2d\x0c\xba\xbd\xaa\x0c\xa5\x0b\x1d" "\x5b\xcf\xad\x2c\x45\x06\x0a\x14\xfc\xce\x26\x99\x33\x2e\x1c\xf0\x91\x7e" "\xcc\x84\xf4\xc7\x59\x06\x35\x1e\x09\x00\x00\x00\x00\x00\x00\x00\x3b\x27" "\xf0\x19\x1e\x8f\xad\x6e\xda\xb3\x84\x73\x9c\xa7\x70\x15\xb4\x90\xb3\xab" "\xf5\x82\xec\xec\x16\x05\xe9\x81\x8d\xd3\x27\x39\xd9\xa9\x2b\xfa\xbc\x52" "\x43\xce\xe6\xfd\x96\x50\x93\x80\x35\x0f\x69\x47\x75\xba\x91\x6f\xe3\x8e" "\x15\xbe\x88\xb4\x26\x90\x35\x2f\x19\x9f\xb3\xc2\x63\x56\x81\x49\x1b\xd6" "\xd1\x64\x18\x0b\xd7\x3a\x57\xa5\xe9\xd1\xe9\x85\xf0\x40\x50\x77\xbf\x4f" "\x73\x43\x6e\x4c\x13\x9d\x57\xed\x8e\x2d\x27\xc6\x7a\xb5\x04\xae\xd3\xfe" "\xc9\x84\x10\x22\xd5\xc5\xc4\x9f\xc5\x74\x8c\x87\xeb\xc0\x8d\x39\x87\xeb" "\x39\xb8\x95\xd4\x12\xe0\xda\x1c\x02\xe1\x1b\x6a\x11\x22\xbf\xc2\x58\x89" "\xce\xb7\x37\xd3\xdf\xee\xe4\x72\x00\x00\x31\x79\xd7\x86\x95\x30\x1d\x20" "\x55\x82\x0a\x2d\xaf\x04\x2b\xde\xcd\xed\x9f\x81\xe2\x79\x92\x2f\x17\xb5" "\x59\x67\x3e\xbb\xad\x39\xe7\x23\x59\xf6\xe7\x95\x79\x67\xfe\x46\xf3\xe4" "\xec\x3d\x5f\xe6\x90\x13\x9d\x32\xd2\x04\xbd\x8a\x85\x4c\x00\x43\x13\xfa" "\x82\x18\x98\xdf\xbc\xd0\x6b\xa9\xe2\xbc\x95\xa1\x5b\x94\x53\x96\xf0\x37" "\x50\x94\x2e\x16\x20\x10\xab\xb0\x49\xe5\x85\x72\x3b\x16\xc1\x83\x4e\x0f" "\x28\x47\x06\x1d\xc5\x61\x2e\xfa\x97\x76\xaa\xa9\xfd\x49\xdc\x17\x99\x8d" "\xbe\x6a\xd9\xa8\x28\x42\x80\xbf\x35\x31\xb4\xdf\xae\x3b\xce\xf1\x86\xf8" "\x7a\x2d\x73\xfc\x30\x71\x36\xff\x93\x22\xc7\xa0\x6f\xc9\xef\x1c\xa8\x9f" "\xcb\x1c\x4c\xca\x38\x6c\xf0\xc5\x28\x17\xf9\x5f\x9a\x4b\x4f\x63\xe0\x29" "\xf7\x0f\xe8\xa7\x8d\x73\x5e\xdf\xc4\x34\xc8\x9d\x30\x56\x1d\x82\x81\x43" "\xb2\x10\x40\xde\xb5\x98\x6c\x41\x59\x1c\x03\x38\x52\xc3\x63\x71\xae\xdb" "\x7e\x94\x32\xa5\x83\x89\xd8\x74\x4b\x60\x91\x5f\x3f\x1d\x61\x99\x6e\x5d" "\x6d\x17\x2b\x69\xaa\xf6\xe3\x7d\x1d\x3a\x40\x0f\x71\x33\x62\x90\x92\xbc" "\x56\xd6\x56\xbf\x1c\x90\x26\x6f\x94\xd0\x3e\xab\x42\x18\xf5\x0c\x5c\x41" "\x67\xb6\x49\x29\x5e\x56\x90\x54\x2e\x58\xf2\x40\xe5\x04\x56\x00\x2f\x66" "\x44\x49\xc0\x05\x9a\x09\xd3\xa0\x63\x8e\x78\x00\x64\x4b", 608); *(uint32_t*)0x20001b40 = 2; syscall(__NR_getsockopt, 0xffffff9c, 0x84, 0x6d, 0x20002840, 0x20001b40); *(uint64_t*)0x20002400 = 0x20000280; *(uint16_t*)0x20000280 = 0xa; *(uint16_t*)0x20000282 = htobe16(0x4e23); *(uint32_t*)0x20000284 = 0x25; *(uint8_t*)0x20000288 = 0xfe; *(uint8_t*)0x20000289 = 0x80; *(uint8_t*)0x2000028a = 0; *(uint8_t*)0x2000028b = 0; *(uint8_t*)0x2000028c = 0; *(uint8_t*)0x2000028d = 0; *(uint8_t*)0x2000028e = 0; *(uint8_t*)0x2000028f = 0; *(uint8_t*)0x20000290 = 0; *(uint8_t*)0x20000291 = 0; *(uint8_t*)0x20000292 = 0; *(uint8_t*)0x20000293 = 0; *(uint8_t*)0x20000294 = 0; *(uint8_t*)0x20000295 = 0; *(uint8_t*)0x20000296 = 0; *(uint8_t*)0x20000297 = 0x12; *(uint32_t*)0x20000298 = 0xb9; *(uint32_t*)0x20002408 = 0x1c; *(uint64_t*)0x20002410 = 0x20000300; *(uint64_t*)0x20000300 = 0x200002c0; memcpy((void*)0x200002c0, "\x9d\xdf\x36\x0a", 4); *(uint64_t*)0x20000308 = 4; *(uint64_t*)0x20002418 = 1; *(uint64_t*)0x20002420 = 0x20000340; *(uint64_t*)0x20000340 = 0x20; *(uint32_t*)0x20000348 = 0x84; *(uint32_t*)0x2000034c = 8; *(uint8_t*)0x20000350 = -1; *(uint8_t*)0x20000351 = 2; *(uint8_t*)0x20000352 = 0; *(uint8_t*)0x20000353 = 0; *(uint8_t*)0x20000354 = 0; *(uint8_t*)0x20000355 = 0; *(uint8_t*)0x20000356 = 0; *(uint8_t*)0x20000357 = 0; *(uint8_t*)0x20000358 = 0; *(uint8_t*)0x20000359 = 0; *(uint8_t*)0x2000035a = 0; *(uint8_t*)0x2000035b = 0; *(uint8_t*)0x2000035c = 0; *(uint8_t*)0x2000035d = 0; *(uint8_t*)0x2000035e = 0; *(uint8_t*)0x2000035f = 1; *(uint64_t*)0x20002428 = 0x20; *(uint32_t*)0x20002430 = 0x8000; *(uint64_t*)0x20002438 = 0x20000380; *(uint16_t*)0x20000380 = 0xa; *(uint16_t*)0x20000382 = htobe16(0x4e21); *(uint32_t*)0x20000384 = 0x10000; *(uint64_t*)0x20000388 = htobe64(0); *(uint64_t*)0x20000390 = htobe64(1); *(uint32_t*)0x20000398 = 0x101; *(uint32_t*)0x20002440 = 0x1c; *(uint64_t*)0x20002448 = 0x20000500; *(uint64_t*)0x20000500 = 0x200003c0; *(uint64_t*)0x20000508 = 0; *(uint64_t*)0x20002450 = 1; *(uint64_t*)0x20002458 = 0x20000640; *(uint64_t*)0x20000640 = 0x30; *(uint32_t*)0x20000648 = 0x84; *(uint32_t*)0x2000064c = 1; *(uint16_t*)0x20000650 = 8; *(uint16_t*)0x20000652 = 0x8209; *(uint16_t*)0x20000654 = 0; *(uint32_t*)0x20000658 = 0x1ff; *(uint32_t*)0x2000065c = 0xe5; *(uint32_t*)0x20000660 = 0xdd; *(uint32_t*)0x20000664 = 0x40; *(uint32_t*)0x20000668 = 7; *(uint32_t*)0x2000066c = r[0]; *(uint64_t*)0x20000670 = 0x30; *(uint32_t*)0x20000678 = 0x84; *(uint32_t*)0x2000067c = 1; *(uint16_t*)0x20000680 = 0; *(uint16_t*)0x20000682 = 0; *(uint16_t*)0x20000684 = 0x800d; *(uint32_t*)0x20000688 = 0xd2; *(uint32_t*)0x2000068c = 0x5f8; *(uint32_t*)0x20000690 = 0xd3c9; *(uint32_t*)0x20000694 = 4; *(uint32_t*)0x20000698 = 0x101; *(uint32_t*)0x2000069c = r[1]; *(uint64_t*)0x200006a0 = 0x18; *(uint32_t*)0x200006a8 = 0x84; *(uint32_t*)0x200006ac = 5; *(uint16_t*)0x200006b0 = 0x30; *(uint32_t*)0x200006b4 = 0; *(uint64_t*)0x200006b8 = 0x18; *(uint32_t*)0x200006c0 = 0x84; *(uint32_t*)0x200006c4 = 7; *(uint32_t*)0x200006c8 = htobe32(0xe0000002); *(uint64_t*)0x20002460 = 0x90; *(uint32_t*)0x20002468 = 0x15; *(uint64_t*)0x20002470 = 0x20000700; *(uint16_t*)0x20000700 = 0xa; *(uint16_t*)0x20000702 = htobe16(0x4e23); *(uint32_t*)0x20000704 = 0x7fff; *(uint8_t*)0x20000708 = -1; *(uint8_t*)0x20000709 = 2; *(uint8_t*)0x2000070a = 0; *(uint8_t*)0x2000070b = 0; *(uint8_t*)0x2000070c = 0; *(uint8_t*)0x2000070d = 0; *(uint8_t*)0x2000070e = 0; *(uint8_t*)0x2000070f = 0; *(uint8_t*)0x20000710 = 0; *(uint8_t*)0x20000711 = 0; *(uint8_t*)0x20000712 = 0; *(uint8_t*)0x20000713 = 0; *(uint8_t*)0x20000714 = 0; *(uint8_t*)0x20000715 = 0; *(uint8_t*)0x20000716 = 0; *(uint8_t*)0x20000717 = 1; *(uint32_t*)0x20000718 = 0; *(uint32_t*)0x20002478 = 0x1c; *(uint64_t*)0x20002480 = 0x20000840; *(uint64_t*)0x20000840 = 0x20000740; memcpy((void*)0x20000740, "\xc1\x17\xae\x87\x9a\xb0\xcb\x13\xe0\xaf\x31\x62\x71\xd9\x8b\xd4\x00" "\x04\x27\x57\x1b\xb0\x8b\x9d\x79\xda\x52\x7a\x46\xbf\xfb\xc1\x5d\xda" "\xbb\x99\xfe\xa6\xfa\x2b\x81\x6e\xa0\x9e\x98\x2a\x72\x7e\x67\x9d\x36" "\x0e\xe5\xeb\x47\x48\x3c\x97\xde\x9f\x34\x4c\x6a\x77\x1e\x82\x14\x54" "\x19\xff\x6e\x7f\x98\x33\xc6\x6b\x6a\xf9\x27\xc3\x2f\xcb\x2d\x87\x85" "\xd4\x87\xec\x99\x81\xf6\x9c\x64\x42\xaf\x35\x80\x08\x4d\x5d\x29\x2d" "\xd4\x78\xc6\x3d\x46\xb9\xe6\x76\x40\x2d\x85\xb8\xd9\x58\x12\xde\xec" "\x8f\xb3\xc9\x16\x11\x3f\xf4\x5b\xda\x81\x3f\xab\x87\x28\x8c\xaa\xbc" "\xf5\x81\x7f\xa5\x5c\xf7\xca\xb0\xcb\x25\xe7\x46\x25\x76\xaf\x01\xc4" "\xb2\xc7\xa2\x9f\x34\xa6\xc8\xef\x84\x9e\x38\x4c\xfa\xd0\xd3\x02\xc9" "\x9a\xb6\x13\xf4\x75\xd8\xbd\xe9\x55\xa1\x66\x17\x55\xd4\xa6\x9a\x46" "\xf4\x2d\x77\x71\x88\xa6\x39\x9e\xb8\x55\x8a\xb6\xa0\x37\x51\x64\xc0" "\x60\xc6\x09\xac\xc6\x0c\x73\x6b\xe9\x25\xbb", 215); *(uint64_t*)0x20000848 = 0xd7; *(uint64_t*)0x20002488 = 1; *(uint64_t*)0x20002490 = 0x20000880; *(uint64_t*)0x20000880 = 0x18; *(uint32_t*)0x20000888 = 0x84; *(uint32_t*)0x2000088c = 6; *(uint16_t*)0x20000890 = 6; *(uint64_t*)0x20002498 = 0x18; *(uint32_t*)0x200024a0 = 1; *(uint64_t*)0x200024a8 = 0x200008c0; *(uint16_t*)0x200008c0 = 0xa; *(uint16_t*)0x200008c2 = htobe16(0x4e23); *(uint32_t*)0x200008c4 = 5; *(uint8_t*)0x200008c8 = -1; *(uint8_t*)0x200008c9 = 1; *(uint8_t*)0x200008ca = 0; *(uint8_t*)0x200008cb = 0; *(uint8_t*)0x200008cc = 0; *(uint8_t*)0x200008cd = 0; *(uint8_t*)0x200008ce = 0; *(uint8_t*)0x200008cf = 0; *(uint8_t*)0x200008d0 = 0; *(uint8_t*)0x200008d1 = 0; *(uint8_t*)0x200008d2 = 0; *(uint8_t*)0x200008d3 = 0; *(uint8_t*)0x200008d4 = 0; *(uint8_t*)0x200008d5 = 0; *(uint8_t*)0x200008d6 = 0; *(uint8_t*)0x200008d7 = 1; *(uint32_t*)0x200008d8 = 9; *(uint32_t*)0x200024b0 = 0x1c; *(uint64_t*)0x200024b8 = 0x20001900; *(uint64_t*)0x20001900 = 0x20000900; memcpy( (void*)0x20000900, "\x07\x02\x3e\x04\x70\x7f\x24\xef\x66\xc5\xf1\x40\x10\x71\xa4\xbf\xf7\x10" "\x17\xfd\x32\xd0\x31\xdf\xbd\x6b\x50\x9a\xbe\x53\x0c\x11\xea\x8a\x4d\x74" "\x94\xdc\x34\x3c\x79\x8e\x77\x29\xa3\x58\x74\xb7\x1c\xa7\xe6\x7f\x73\x77" "\xb4\x94\x19\xa7\xd2\xbe\xa9\x67\xa1\x47\x5b\x7e\x95\xdb\xf7\xea\xd6\x48" "\x00\x86\xfe\xba\x00\xda\x5b\xcf\xbe\x85\xc3\x5f\x92\x31\x5e\x7f\x93\x69" "\xdc\xc0\xe2\xbc\xd6\x6a\x37\x53\xf5\x71\xff\x43\x5b\xf6\xd9\x7d\x03\x9e" "\xc2\x7c\x96\x5d\x9f\xe5\x46\xde\x70\xee\x78\xe9\xb7\x1f\x4d\xba\x40\x29" "\x02\xb8\x4d\xc4\x66\x43\xda\x7f\xd0\x75\x56\x67\x41\x0b\x13\x4e\x40\x3c" "\xc9\x7c\x47\xef\x3c\x8d\x3d\x90\x6e\x78\xd9\x13\x54\x19\x74\xf5\x5b\x5d" "\xba\xd6\x1a\x2a\x04\xd5\x03\x28\x04\xd6\xac\xad\x3e\xe0\xba\x4e\xda\x77" "\xa6\x61\x5c\x95\x9e\x16\x50\x99\x8a\x2c\x3f\x33\xfb\x4a\x29\x5d\x8c\x83" "\xdb\x76\x90\x8e\xd7\xa4\xba\xde\xfc\x51\xa9\x8a\x7e\x96\xca\x90\x79\xd1" "\xbd\x49\xe5\x93\xf0\xb1\x7e\xdd\x8e\x52\x6f\xd6\x7d\x4d\x8c\x8f\xc1\x24" "\x84\xbe\x62\xb0\x84\x3b\x42\x6a\x38\xc7\x61\x24\x4b\x7e\x2b\xc9\xcf\x89" "\xbb\x37\xf4\xf9\x7a\x8c\x04\xc5\x00\xea\x50\x5e\xbd\x0b\x5a\xcf\x7c\x8c" "\x30\x7d\x2b\xd5\xb0\xdd\x60\x74\x53\x99\xfd\x0e\x49\xde\xe0\xf2\x3c\x75" "\xb9\xd4\x6d\xd3\x50\x9c\x96\x58\xf6\x23\x22\x61\x0c\xa2\xbd\xae\x08\xb2" "\xe4\x43\x9a\xbd\xbd\x30\x47\xaf\xb3\x42\x6a\x57\xdf\x8b\xd9\x04\x74\x81" "\x60\x8e\xb8\xfb\x26\x76\x59\xe0\xcc\xcb\x52\x78\x09\x72\x2d\x1d\x76\xa8" "\xb6\xe9\x28\xb0\xb8\x60\x2c\xd9\x66\x30\xcf\xc3\xac\x1a\x7a\x42\xbd\xfb" "\xf8\x6e\xbc\x57\x07\xa2\xb7\x97\xc8\x11\x0e\x8f\x70\xa5\x3e\x87\x78\x47" "\x1e\xa1\x36\xed\xee\x15\xc5\x3c\x1b\x55\xc4\x5b\x35\xc1\x25\x4f\xfd\xed" "\xee\x8d\x93\x7a\xd7\xcf\xd9\xba\x5c\xd9\xee\x4f\x0e\x89\x2d\xad\x76\x0d" "\x75\x04\x6c\x95\xa9\xce\x74\x11\x14\x29\x29\xf0\x6e\x76\x77\x97\xc9\xaa" "\x76\x64\xaa\x18\xff\x47\xff\x7c\x9c\x41\x6e\xbd\xbc\x22\xed\x6c\x65\x73" "\x27\x32\x8a\x85\x4d\xeb\x49\x67\x2d\x62\xd9\x7f\x88\x19\xb4\x3a\xf5\xb1" "\x85\x18\x2e\x98\x6b\x12\x0d\x7c\x01\xb2\xa9\xac\x1d\xcf\x72\xc4\xbc\x40" "\x3f\x7b\x96\x6f\x11\x87\x32\x25\x57\x47\xcd\x13\xf1\xa7\x22\x77\x1d\x60" "\x92\x8a\xbe\x3b\xd1\x56\x26\x5c\xf8\x2c\xbf\xd9\x2d\x78\x79\x1f\x24\xc5" "\x10\xc3\xb7\x33\xa9\x7d\xa0\xb3\x2a\xbd\x1a\x8a\xa1\xf1\x96\x0f\x70\x1a" "\x2f\x42\x96\xdc\x44\x38\x49\x1b\xc6\x86\x2f\x12\x5d\x1f\x36\x73\x62\x52" "\x67\x5f\xd2\x5c\x9c\xbf\xb3\x43\x58\xc2\xb1\x40\x06\x8a\x1c\xf4\x80\x32" "\xa5\xb3\x00\x38\x63\xc0\x1e\xc3\x8f\xef\x0b\xea\x01\x99\x6b\x33\x4a\x64" "\x35\x18\x19\x3e\xbd\x77\x15\xbd\x2b\xc2\xbd\x6e\xa9\x5a\x7a\x47\x76\x9d" "\x9d\x9a\x97\x1c\xae\x1a\xf0\xc8\xd2\xd1\x99\x5d\x40\xe7\xc0\xdf\xeb\xab" "\x21\x7a\x67\x48\x09\x7a\xaa\x13\xb3\xa2\x22\x15\x85\xa3\x6b\xa5\xe2\xb8" "\x15\xef\x71\xc1\xfa\xab\xa4\x0b\xbc\xab\xbb\x8f\xcc\x79\xf0\x4e\x68\xf7" "\x0e\xa7\x55\x8f\xd4\xee\xf8\x6c\xab\xd0\xa5\x33\x22\xef\xd5\x0c\x44\x2e" "\x87\xd1\xdc\x34\x89\x2f\xf4\x3c\x00\xd2\x90\xa8\x93\x06\xb0\x51\x32\x4e" "\x02\x00\xfd\x6b\xd6\xa9\x5c\x5a\x3d\xd8\xfa\x9f\xdf\x31\x39\x53\x80\x8c" "\x51\xac\x52\x98\x20\x03\x6e\x05\x0a\x97\x21\x6e\x8b\xdb\x37\xd5\xde\x1b" "\x7d\xcf\x31\x55\x8e\x84\xff\xad\x1d\x21\xcb\x41\xef\x72\x28\x64\xbe\xaf" "\x51\xfa\xd0\xae\xf3\x70\x83\x66\xa1\xa7\x1b\xb3\xa4\x87\xea\x0b\xd2\x27" "\x4d\x21\x88\x96\x61\x6a\xe8\x0f\x36\xe1\xab\xd3\xa4\x66\x3b\x89\x0e\x18" "\x36\x75\x5f\x9b\xf0\xf6\x66\xa4\xc7\xca\x11\xb6\x40\xf6\x00\x31\x7f\x6d" "\xb3\x2a\xf9\x2c\x94\x3f\x67\xc2\xcf\x13\xab\x40\x57\xec\x5c\x42\xb3\x27" "\x24\xe1\x2f\xf6\xb2\x41\x33\x19\x0c\x3f\xd3\x19\xe6\x36\xfe\x69\x3b\xa0" "\x2f\xc3\x9c\xdd\x7a\x61\x5c\xae\x3e\x49\x8d\x5f\x79\xc7\x22\xf5\x92\xe6" "\xc0\x4f\x29\x35\x02\x6a\x9c\x7a\x83\x6f\x8c\xa8\x4e\xee\xeb\xd4\x30\x2a" "\x24\xd7\x11\xf0\x33\x95\x2a\xf8\xf8\xd1\xbb\x0f\x47\x53\x32\xad\xbb\x11" "\x7c\x82\x04\x18\x9e\x89\xa9\x15\x1d\x68\xc1\xbc\x55\x06\x59\x20\x61\x29" "\xd5\x29\x67\xc9\x31\xdc\x18\xd9\x37\x7e\x0f\x31\x2d\x1b\x1d\x85\x75\x17" "\xc5\xc2\xd8\xda\x72\xa7\x08\xde\x61\x25\x89\x21\x79\x5c\x1c\x4a\x9f\x8e" "\x6d\x71\x08\xed\x01\xac\xf7\x36\x4a\x6f\x7e\xbd\xce\x88\x17\x4f\x5e\xb7" "\xf3\xea\xe6\xca\x11\x0c\xfa\x46\x4e\x9b\xe2\xb5\x20\x18\x41\x16\x1e\x28" "\x68\x45\xc9\x6c\x01\x17\xf4\x56\xc4\x94\x55\x08\x84\x10\xfb\x1e\x55\x0e" "\xa5\xb8\xd6\xda\xa9\x1f\xa5\x9c\x0e\x2d\x5a\x94\x2f\x41\x45\x5b\x07\xd2" "\x33\x33\xc0\x66\x24\xfa\x9e\x62\xe6\xfb\xfd\x6a\x51\x91\x17\x4e\xa0\xe9" "\x52\xd1\xa4\xea\x62\xf7\x54\x1d\x8d\xd6\x7b\x9c\x54\xd3\x06\x2e\xeb\x89" "\x75\x57\x7f\x63\xd7\x39\x1a\x78\x10\x1b\xdf\xbd\x7b\x97\xce\x6f\x8e\x6c" "\x43\x8d\xe9\xb4\xdd\xa2\xd8\xb1\x0e\xda\x87\x8c\x53\xea\xbb\xee\x5c\x6d" "\xca\xe5\x4c\x7c\x28\xfc\x09\xa4\xe9\x56\x91\x2a\x9f\x65\xa4\xa4\x71\xd0" "\xc0\x61\xfd\x28\xef\x5c\xb7\xa8\xda\xd6\xce\x62\x0f\x9d\x22\x30\xfa\xcc" "\x73\x33\x9a\xea\x0c\x44\xc0\xa3\x5b\x32\x8a\xf3\x8a\xbc\xea\xe4\xcb\x30" "\x0d\x79\x45\xeb\x5d\x40\x02\x91\xb4\x61\x6b\x5b\x23\x22\x6e\x19\xb0\xce" "\x6c\x6e\x54\xd4\x44\xb5\x58\xa5\x14\xc6\x09\x9d\x9a\x67\x70\x55\x3f\xbc" "\xe0\x7f\xed\x65\x18\x72\xb4\x32\x75\x84\x0d\x81\xe3\x45\x49\x46\x5a\xdb" "\xfd\x8a\xd4\xf1\x84\x95\x48\x1c\x02\x82\x25\xd8\xc2\x26\xbc\x10\x78\xcb" "\x65\x8f\x57\x40\x42\xa2\x4b\x42\x93\xb8\x15\x36\x1b\xa0\x38\x36\xd0\x20" "\xca\x08\xcb\xa7\x8d\x08\xe0\x96\xb0\x66\xeb\x30\x53\xf7\xa5\x91\xd9\x3b" "\xc1\xc3\x34\x25\xf1\x85\xfb\xce\x90\xe5\xa4\x2d\x8b\x63\xaf\xd9\xa0\xd0" "\x0d\x4e\x7a\x51\x89\x7c\x0d\xcb\x0e\x7b\xa8\x52\x5c\xe2\x65\x0b\x75\xcf" "\x8b\xfc\x0e\x33\x06\x51\x0e\xb8\x01\x4f\xb3\x18\x49\xff\x6a\x4f\xfc\xed" "\xf8\xfc\x44\x90\xaa\x9e\x89\x41\x28\x8e\x71\x0d\x63\xcd\x49\xa7\x6c\x27" "\x31\x59\x8e\x80\xee\xa1\xd1\x62\x15\x51\x4e\xef\x36\x5d\x8d\xad\xed\x5d" "\xf3\x8e\x1a\x61\xaf\xb4\xf6\xcd\x15\x01\x16\xcd\x8a\xd9\x86\x23\x99\xae" "\x5e\xdf\xd4\x6c\x8d\x67\x2f\xcc\x84\xf4\xaf\xbc\x7d\xde\x4b\x28\xfc\x05" "\x0f\x5a\xe0\xf7\x42\xa9\xfc\x94\xc2\xf2\x32\xe9\xee\x05\xd7\x6f\x39\x13" "\x27\x61\x70\x3b\xfd\xab\xa1\x4c\x3a\xc1\xd5\xda\x9f\x3d\x1e\x83\xe8\x7f" "\x23\x32\xf3\xdc\x8c\xf1\x2b\xb5\x2d\x5e\xd4\x67\x88\x8f\x3c\x53\x18\x21" "\x5b\xe3\xe8\x79\xad\x28\xee\x2a\xec\x57\x0e\x4f\x66\x39\x60\x36\x45\xea" "\xb7\x9c\x6b\x1e\xc9\x7a\xc4\x91\x39\xd6\x28\x08\x6a\xcd\xd0\x0c\x7b\x4c" "\xb1\xf6\x56\x80\xfa\x61\x99\xd3\x84\x34\xf0\x32\xad\x4a\xaf\xd3\x16\xf0" "\xa6\xa3\xc3\x5e\x61\x12\x4f\x89\xf6\x7d\xf0\x4e\xc9\x92\xb8\x1f\xb9\xd6" "\xbf\x7a\x36\xe7\x70\x8d\x63\xe2\x0e\x39\xb6\x11\x8f\xc1\x5a\xbb\xc1\xd6" "\x6e\xf2\x15\xf9\x41\x44\x56\x1e\xa0\x19\x54\x05\xfd\x6a\xf0\x63\x3d\x22" "\x81\xa8\xae\x6f\x73\x03\x73\x02\xd8\x2a\x16\xad\x09\x15\xc3\x65\xcf\x67" "\xb7\x6d\x05\xd6\x6b\x8d\xf1\xd5\xd9\x26\x08\x5f\x06\xa6\x03\x2f\xc9\x7b" "\x5b\xf7\x33\x47\x97\x26\x46\xca\xb7\xcb\x58\x47\xb7\xd9\x52\x2c\x39\x4b" "\xbf\x60\x7d\xf6\xed\xe3\x88\x73\xb2\xcd\x81\x6b\x5f\xf4\xa7\x0d\x37\x37" "\xcd\x92\xf9\x01\xbc\x75\xf5\xde\xf5\x3c\x29\x1c\xd3\x49\x00\x4b\x3f\xab" "\x1d\x37\x11\x44\xdb\xd1\xd6\xde\xf8\x46\x1a\x25\xde\x02\x8d\x21\xc9\xad" "\x1f\x51\x23\x9c\x30\x5b\x93\x97\x7d\x02\xc2\xae\x7c\xa7\x41\x6e\x69\xaf" "\xa8\x53\x8b\x38\x7c\x50\xf9\x79\x42\x6f\xbc\xc9\x2e\x18\x68\x89\xf1\xfc" "\x26\xc1\x30\x32\x0d\x7b\x68\xdf\xdc\xe6\xa3\x89\xcc\x9e\x4d\xd5\x0b\x64" "\x50\x22\xc5\x45\x39\x79\xa3\x4c\x8e\x92\xcf\x5e\x27\xce\xb0\x64\x62\x50" "\x93\xfd\x93\x92\x72\x3a\x81\xd8\x18\xe7\xc1\x34\xa2\x9c\x3b\x04\xb8\xdc" "\x51\x3c\xf0\x0c\x29\xe0\x74\x85\x1e\x83\xb7\x4f\x65\xfe\xab\xf3\x35\x0d" "\x14\x18\x81\x5a\x04\x2e\xb9\x85\x35\xbe\xa3\xa6\x4c\x5d\xbd\x1e\x67\xfd" "\xd5\x11\x7b\xd3\x40\x3f\x84\x0a\xf4\xd3\x38\x4e\xf6\x97\x91\x7d\x26\x72" "\x2d\x75\x09\xe3\x77\x23\x7b\x24\x8a\xa0\x65\xfb\xf4\x51\x90\xd2\x5b\x74" "\xf9\x85\x3e\x83\x2b\xd3\x47\x36\x29\x2f\x13\x51\xf5\x7c\x3d\x60\x56\x05" "\x07\x1a\xaa\x4b\x26\x1b\x0c\x86\x2e\x29\x0b\xaa\x46\xd2\x67\xd1\x4e\x90" "\x37\xa9\x12\x0c\x5d\x1f\x78\xeb\x1e\xeb\x5c\x90\x06\x1a\x0a\xeb\xfe\x44" "\xb2\x35\x19\x4f\x46\x22\x23\x79\x46\x38\x4c\x52\x9d\x8f\xb9\xda\x45\x30" "\x89\x45\x02\xdb\x0e\xa2\x54\x19\x57\x5b\xe9\x6b\x0b\xb4\x19\xe1\x7d\x06" "\x9c\x4e\x63\x1e\x86\xc4\x5d\x24\xd1\x40\x2e\xf5\x34\x13\x22\x22\x93\x38" "\xc0\x52\xef\x48\xdf\x94\xa9\x93\x28\xdd\x3f\xe9\x29\xf3\x08\x0a\x28\x30" "\x0f\x3b\x11\xbd\xa5\xda\x27\xb3\xad\x86\x26\x2f\xcd\xaf\x58\x49\x7a\x17" "\x3e\xe8\xc9\x3b\xc2\x47\xff\x97\x54\xef\x03\x75\x95\x02\x69\xa0\x0a\xda" "\x3c\x3a\x30\xd5\x16\x75\x01\xb6\x58\xee\x74\x8b\x98\xde\xb8\x07\xc5\xf3" "\x0e\x5e\xe4\x56\xef\xc5\x7b\x61\x3f\x59\x47\x52\xfa\xe9\x95\x13\xd7\x38" "\xb0\x59\x29\x8b\xfd\xc5\xe7\xc9\x1d\x92\x09\x07\x03\xdb\x81\x58\xda\x37" "\xe4\x60\xc2\x41\x77\x55\xc2\x8d\xbe\xf6\xd9\x4d\xdf\xff\x89\x34\xd7\x6a" "\x47\x55\x28\xc1\x68\x89\x23\xa7\x79\xe5\x41\x3a\xbe\xef\xea\x62\xb5\x5a" "\xf8\xeb\x03\x67\x4c\x32\xeb\xe1\xf0\x4b\x31\x05\xed\x16\xf1\x4b\xd1\x8b" "\x34\xf4\x47\x7e\xba\x2f\xb5\xd8\x1e\xf6\x0a\x3f\x1f\xb9\xf4\xb9\xda\x9f" "\x73\xa5\x8f\xfd\x98\x9a\x9a\xef\xae\xc5\xa5\xe7\x00\xcb\x24\x7c\xb9\xd8" "\x5f\xb2\x72\x46\xe3\xc9\x1d\xed\xe0\xd2\xa6\xe0\xc2\xcb\x83\x1c\x13\x4c" "\x30\x55\x62\x53\x4f\x6d\x55\x43\x8c\x13\xdd\x84\x5b\xcd\xfa\x4b\xfe\x2d" "\xdd\xb8\x32\x61\x6f\x19\x89\x17\xb8\x17\x7e\x26\xc3\xa1\xd9\x11\x8b\x84" "\x6f\x6f\xdb\x75\x74\x6b\x7e\x8d\x6b\x60\x54\x9a\xbc\x89\xed\x67\x5a\xb9" "\x49\xd9\x03\x77\x1e\x47\x90\x96\x6d\xfc\xc0\x62\x28\xfe\x4a\xa7\xea\xf5" "\xee\xb1\xa3\xc2\x08\x93\x29\x05\xce\xcf\xc0\xe4\xbd\xf3\xc2\xc6\xb1\x14" "\xbe\x70\xf5\x34\x24\xf2\x58\x96\x91\x00\xe2\x94\x9a\x21\xac\xa6\x47\x44" "\x71\xe1\xb9\x35\x81\x4b\xfa\xf4\x77\x8f\xd8\x22\x9c\x94\xdc\xbb\x7a\xe8" "\x63\x59\x8a\x8c\x61\xa7\x04\x6b\x6d\xbd\xcf\xa8\x08\xf0\xa5\x86\x22\x11" "\x63\xd0\xb1\xf2\xc9\xe5\x54\x2c\xde\x4f\x53\x0f\x8e\x2f\xc9\x33\x0e\x8f" "\xd4\x43\x17\xc0\x47\x66\xcb\x43\xf4\x10\x62\xca\x5a\x29\x70\xa4\x44\xc3" "\xae\x7a\xb6\xd5\xe8\xf7\x1f\x90\x58\xd3\x0b\xdb\x36\xd4\x37\x52\x82\x5d" "\x9c\x37\x33\x10\xd3\xc5\x9b\xee\xce\x27\xe6\xa9\x28\x82\x41\xdd\x22\x1b" "\x2b\x45\x10\x52\x78\xff\xcd\x1f\x2d\x61\xcb\x53\x04\x1e\x58\xa1\x14\xf9" "\xe8\x94\x24\xa8\x63\x32\xa3\xe4\xf8\x57\x0e\x15\xc2\x7a\xf9\x7b\x9f\x64" "\xbc\x3e\xe2\x53\x86\xab\x95\xd9\x60\xae\x6b\x07\x44\xd4\x55\xcc\xae\xfa" "\x3f\x8e\x70\xba\xf6\xc7\x4e\x44\xbe\xe6\x15\xe8\x88\xd7\x0a\x99\x50\x25" "\x1f\x46\x63\x07\xe8\x46\xb2\x65\x96\xc7\x78\x0e\x1d\x86\x41\x6d\xed\xff" "\x2d\x97\x0a\x9d\x99\xe7\x1f\xbb\x3d\xe5\x5f\xb9\xf0\x8c\x44\xce\x96\x4b" "\x87\xd2\xa5\x68\xc5\x60\x08\x25\x61\x9a\x82\x6c\x40\x72\x98\x42\x4d\x90" "\xc9\x0d\x6f\x35\xe9\xef\x14\xa5\x23\xe2\xdf\x14\x00\x49\x2a\xc0\xcf\xd0" "\x68\x06\x2e\x15\xcb\xdf\xa0\x30\xa7\x71\x78\x0f\x06\x7e\xe3\xfe\x40\x33" "\x6b\xa4\x69\x42\x21\xe7\x2b\xb5\x5f\x1c\x17\x0a\xc8\x98\x74\x8b\xdc\xbb" "\x50\x24\x7c\x8c\x37\xc9\x75\x8b\x9b\x0c\x76\x96\xed\xdf\xe4\x1a\xae\x4b" "\x61\x49\xc5\x11\x57\xd8\x22\x96\x95\xac\x75\x59\x66\x92\xf8\x58\x6a\x8c" "\x7b\x0e\x27\x28\x32\x1b\x35\xdc\x68\x34\xe3\xff\xeb\x9f\x05\x8b\xfe\x87" "\x19\x46\x79\x07\x69\x2b\x61\x80\xd6\xd7\x97\x1e\xc6\x1a\x3a\x1a\x2b\x27" "\x18\xfd\xbe\xdc\x90\x7b\x62\xcd\xae\x31\x02\xa6\x5f\x96\x02\x52\x0e\x3f" "\xa3\x09\xe5\x49\xd8\x1a\x5a\x7b\xdb\x4f\x78\x08\x99\xb0\xb4\xc6\x60\xcf" "\xf6\xd6\x87\xa7\x8a\xfd\xf5\x42\x31\x2d\x18\xcf\xc2\x55\x6a\xea\x3c\x61" "\x05\xc2\x0b\x36\x24\x24\x8d\x45\x9a\x7f\x3c\x16\x09\x63\xf2\x48\x3b\xa1" "\xfe\x9a\xdc\x30\xda\xa2\xbf\xe3\xde\x40\x8f\x90\x71\x49\xdd\xd0\x55\xc4" "\xc9\x06\xfe\x3d\x3c\x6e\x47\x07\xff\xa7\x1f\x70\x67\xeb\xb3\xad\x84\xda" "\x08\x88\xef\xdc\x5d\xb0\x84\x99\xb2\x44\x38\xf7\xbd\xbe\x6c\x63\xd3\x28" "\x97\xb3\x39\x67\xa5\x4b\x48\x88\x2b\x8b\x41\x74\xe6\xb2\xc2\xa3\xc6\xe7" "\xaf\xa3\xd3\x56\x21\x4d\xb9\x44\xbd\x0f\xf1\x21\x0f\xbd\xcd\x33\xab\x9a" "\xda\x59\xe8\x21\x1d\xac\x3b\x8e\x81\x79\x42\x32\xf5\xe7\x7e\xe2\xf4\x57" "\x69\xbe\xc0\xd6\x05\xbd\xdd\xde\x71\x18\x1d\xb9\xd6\x61\xe4\xcb\x0f\x93" "\xd2\x6c\x52\xbe\x21\x3d\xef\x5f\xc7\xbf\x32\x85\x02\x64\x47\x90\xa1\xec" "\xad\xd7\x50\x2f\x19\x85\xf6\x15\xcb\xe4\x5d\x47\xc1\x33\xc9\x5c\xc7\x1c" "\x4b\xc2\x22\x0c\x0e\x09\xbd\xcd\x3c\xe2\x82\xb0\x78\x54\xe0\xa4\xd5\x86" "\xd7\xf9\x7c\x91\xd6\x52\x29\x05\xc0\x3d\x3c\x50\xc0\xfb\x78\x51\xa6\x9c" "\xc1\x2f\x92\x85\xbb\x8e\x85\x98\x6b\x08\x54\xd0\x43\x66\x77\x11\x89\xcc" "\x38\x62\x6c\x82\x59\x39\x58\x67\x49\x23\xaf\xe9\xde\x4c\x4b\xb0\x70\xfb" "\x2d\x2b\x12\xea\xe7\xea\x71\xe5\x27\x66\xe7\x76\xf0\xc7\x49\x79\x2b\x53" "\xe2\x5b\xf2\x5e\x96\x17\x12\x5a\xf9\xc5\x97\x1c\xdc\xd8\x4d\x3c\x73\xc5" "\x0d\xd7\x90\xcd\xc1\xc2\xd9\x03\x25\x01\xc1\x00\x5b\xba\xd6\x82\x9c\x55" "\xcf\x22\xe4\xf6\x67\xca\x91\x40\x8c\x9f\xa9\x13\xa1\x07\x05\x8c\x93\x17" "\xe0\x27\xbe\x00\xdf\xfd\xf1\x1f\x2b\x7e\x15\x51\xa8\xf5\x36\xa0\x12\xf2" "\x0e\x68\x02\xf8\x62\xa4\x6e\xe9\x20\x9e\x54\xda\x86\x80\x03\x57\x6d\xb8" "\x6a\x14\x2c\x6e\x89\xe8\x3f\xa9\x25\xc4\xde\x0d\x35\x10\x67\x73\xc4\xb5" "\x79\x5e\xff\x70\x20\x61\x2f\x3b\x33\x7d\xfc\x6e\x78\x70\xca\x00\x85\x17" "\xc9\x14\x13\xa7\xa4\x1f\x90\xf6\x4a\x22\xac\x07\x64\xa4\x8c\x7b\xca\xaa" "\x2b\x17\xb8\x33\x07\xd5\x2a\x61\xb0\x87\xa1\x15\x50\xfc\x93\x72\x9a\x31" "\x80\xb6\x92\xd0\xba\x30\x44\x19\xcf\x20\xd5\x9a\xb5\xc5\x4d\xef\x48\x95" "\x3c\x67\x4d\xf3\x33\x9a\x1b\x15\x88\xa0\xcb\x7d\x15\xed\x54\xe2\x97\x02" "\x8c\x00\x3c\x36\x15\x93\x9c\x9e\xea\x9e\x90\x9c\xf9\x8d\x75\x3d\x88\xaf" "\x1a\x1c\x27\x5c\x3c\x09\x1b\xa8\x6d\x69\xb2\x1a\x53\xb5\x1a\x08\x77\xce" "\xe9\xab\x62\xcd\x0f\xe1\xdb\xbf\xcb\x50\xbf\xb4\xaf\x2a\xf7\x05\x75\x7e" "\xcc\xa6\xd8\x95\x60\xf5\xea\xd2\x89\x76\x70\x26\xed\x01\xbc\x6a\xce\xb3" "\xa4\x8c\xd4\xb8\x33\x8a\x7d\x5d\x32\x4c\x75\x24\xec\xaf\x1a\x9a\xb4\xde" "\xb7\xd6\x93\xbc\x08\x93\x74\x21\x59\xdc\x55\x33\x41\x65\x0a\x41\x03\xaf" "\x9c\xf6\xd1\xab\x71\x5c\xff\x00\x7a\x46\x07\xed\x6f\x9f\xe9\x29\xae\x90" "\x89\x89\x5a\x12\x55\xd7\xd0\xa1\x53\x5c\x0a\x67\xdf\x1a\x14\xb4\x2b\x5a" "\xc5\xa0\x37\xa9\xe8\x3e\x0e\x6b\x07\x61\x31\x5c\x40\x53\x74\x62\xb0\xdd" "\xfa\x2d\x9c\x48\x54\xbb\xff\xfb\x32\x1c\x7a\x7a\x88\xa7\x14\x33\x4e\xa4" "\xe1\x0b\xbd\x78\x06\x1f\xe1\x88\x4c\xe2\xe9\xb7\x57\x04\xf6\x67\x4c\x27" "\xb0\x0a\xb1\x7c\x58\x4b\x9f\x61\xde\xfc\x5a\x1d\x4a\x44\xbb\x9d\x0b\x31" "\xc7\x13\x32\x57\xa3\xf9\xa8\xee\x88\xed\x04\x76\x6f\x51\xb8\x23\x52\xb4" "\xbf\x54\x76\x3d\xc6\x83\xf2\xca\xed\x11\x4c\x7b\xba\xb0\xf4\x9d\xe7\x6b" "\x9c\x84\x24\xbd\xe1\x90\x25\x29\x82\x9a\xf7\x7d\xf7\x35\x3b\xd6\xc4\x5a" "\x9f\x75\xe0\xfe\x19\x59\xef\xec\xf5\x81\x69\xfa\x31\x62\x09\x4c\x4b\x96" "\x7a\x77\x0f\xe2\xdc\x5a\xe2\x3e\x6e\x63\x38\x0f\x55\x60\xf2\xa4\xe5\x34" "\x8e\x6d\xe4\xb4\x90\xbf\x14\xd0\x15\xa5\x1c\x92\x6d\x0b\x77\xd2\x37\x05" "\x0f\x32\x4b\x08\x89\x5a\x45\xd8\x4a\xca\x76\x5e\xfd\x48\x1f\x69\x93\x93" "\xbc\xf8\xb8\x64\xca\x11\x09\xf4\x85\xf5\xae\xd8\xe9\x36\x54\x7f\x35\xd6" "\x28\x3a\x76\x22\xdf\xe7\x8d\x4b\xf9\xeb\x32\xe2\xa8\x8d\x96\xad\xe7\x63" "\x7a\x5c\x16\xe6\x19\x81\x94\x50\xa9\x4b\xb1\xeb\x41\x34\x18\x82\x8a\xd0" "\x13\x20\x75\xb1\xf0\x41\x88\x46\x9e\x1a\x1a\x7f\xaf\xed\xc3\xd2\x79\xaa" "\xcc\x3d\xb5\xbe\x65\xcf\xc6\xc4\x17\x5c\xa7\x7b\x27\x3f\x33\xd0\x21\x36" "\x25\x89\xe0\x1f\x2e\x5d\x49\xb0\x76\xd6\x7d\xce\x72\x4a\x9d\x6c\x9e\x7b" "\xfd\xe0\xe5\x6e\xab\x66\x8b\xa8\x26\xe6\x14\xe0\xf9\xc9\xdf\x16\x05\xd6" "\x65\x3d\x47\xdb\x88\xc6\xce\x01\x41\xd5\x02\xf0\xef\x68\x85\x4d\x3c\x1d" "\x41\x7a\x1b\xe7\xb1\x86\x31\x29\x79\xab\x45\xf5\xa6\x6f\x8a\x9c\xc0\x42" "\x0c\x91\x5e\xe4\x18\x55\x4b\xfb\x94\x5a\x3d\xb2\xc6\xc6\xd9\xba\x20\x15" "\xfe\x16\xa7\xd0\x02\x20\x2b\x5a\x00\xf0\x29\x07\xb1\xc1\x91\x0b\xdc\xdf" "\xf6\x55\x50\xe9\x98\x8c\x05\x7d\xfd\x7c\x68\xbf\x2b\x95\x12\xe9\x96\x11" "\x21\x76\xf8\x2a\xff\xb0\xf7\x2c\x56\x75\xb1\x08\x94\xb8\xc6\xe8\x31\xac" "\xd4\x29\x4e\x5e\x8e\xba\x4f\x45\x85\x62\xc0\x5e\x3a\x58\xfa\xbb\xfe\xab" "\x6d\x53\x1a\x98\xd2\x17\x86\x9f\x48\x9a\xbb\xe2\xcc\x03\x5f\x3a\x7e\x35" "\xfd\x2f\x31\xa7\x96\x49\x01\xc3\x9e\x7e\x31\x0d\xa5\xc8\xf5\x11\x93\x90" "\x88\x51\x7e\x96\xa3\x29\x3d\x33\x9d\xa8\x54\x71\xba\x1c\x8e\x0b\x5b\xa5" "\x8f\xc3\x23\x46\xad\xd6\x9b\xc9\xab\x8b\x55\x1e\xc9\x7d\x91\x19\xca\x78" "\x78\x74\xa3\x9c\x97\xe6\xd7\xde\x43\x45\xb0\x6d\xcd\xbf\x0c\x84\xa6\xf6" "\x5c\xf6\x07\xfe\x8a\x2a\xe2\x51\x7f\xe1\x5f\xcc\x3a\x5e\x51\xba\xfb\x3c" "\x63\x95\x58\x7e\x65\x35\x53\x70\xc3\x54\xf1\x7a\x85\x1a\xc4\x43\xf5\x0f" "\xc9\x9e\x7c\x78\x26\xed\x5b\x1b\x05\x75\xd1\xd5\x77\x9e\x6a\x53\xdb\x34" "\xed\xd5\x78\xb8\x9a\x52\x42\x68\xe1\xe2\xb5\x6c\x30\xc7\x90\x27\x12\x6e" "\x8b\x4b\x88\x48\xdc\x4d\x43\xf1\xda\xa6\x8b\x29\x89\x3f\x23\x42\xb8\xde" "\x58\xbf\x3d\x3e\xae\xd8\x5f\xa1\xfd\x5f\x2f\xe3\xfe\x1f\xbd\x83\x3e\xe0" "\xda\x01\x9d\x4b\xf8\x90\x87\x5a\x25\x22\xc1\x4c\x18\xda\x11\x63\x3e\xea" "\x57\x7b\x41\xd4\x51\xab\x07\xe3\xd1\xc1\x1b\x09\xae\x2f\xd3\x5e\xed\xb5" "\xe3\x3e\xff\xa9\x63\xfd\xa1\x6e\x02\xb0\x50\xa9\x29\x70\x5d\x0b\xf5\x8c" "\x6c\x23\x76\xc2\x3b\x9b\xd9\x49\x6a\x43\xe3\x6c\xcd\x5d\xe3\x5e\x15\xdb" "\x4b\x24\xd4\xef\xed\x12\x15\xca\x4c\xc1\x75\x0d\xf5\x5a\x58\xac\x01\x79" "\x93\x6e\x21\xf3\xb1\x9b\xa2\xc7\xab\x0b\x0f\xe9\x14\xac\x85\xb4\xaa\xd1" "\x6b\x75\xcf\xf7\xb4\xb6\xa6\xf9\x89\x2f\xd7\x83\xdc\xe2\xdf\x9e\xd1\x1e" "\xcb\x70\x76\xa4\x68\x3f\xd9\x1b\xe1\x12\x9b\xe3\x91\x64\x50\x15\x86\x1b" "\x74\x10\x51\xc3\x3f\x19\xfb\x95\x2e\xf7\x48\xd6\xd8\x6d\x65\x85\x24\xd6" "\x95\xaf\xeb\xe2\xeb\xb5\xd7\x73\x60\x37", 4096); *(uint64_t*)0x20001908 = 0x1000; *(uint64_t*)0x200024c0 = 1; *(uint64_t*)0x200024c8 = 0x20001b80; *(uint32_t*)0x20001b80 = r[2]; *(uint64_t*)0x200024d0 = 4; *(uint32_t*)0x200024d8 = 0x20040000; *(uint64_t*)0x200024e0 = 0x20001e00; *(uint16_t*)0x20001e00 = 0xa; *(uint16_t*)0x20001e02 = htobe16(0x4e21); *(uint32_t*)0x20001e04 = 3; *(uint64_t*)0x20001e08 = htobe64(0); *(uint64_t*)0x20001e10 = htobe64(1); *(uint32_t*)0x20001e18 = 0x7a7d; *(uint32_t*)0x200024e8 = 0x1c; *(uint64_t*)0x200024f0 = 0x20001e40; *(uint64_t*)0x200024f8 = 0; *(uint64_t*)0x20002500 = 0; *(uint64_t*)0x20002508 = 0; *(uint32_t*)0x20002510 = 0x40c1; *(uint64_t*)0x20002518 = 0x20001e80; *(uint16_t*)0x20001e80 = 0xa; *(uint16_t*)0x20001e82 = htobe16(0x4e20); *(uint32_t*)0x20001e84 = 0x55; *(uint8_t*)0x20001e88 = -1; *(uint8_t*)0x20001e89 = 1; *(uint8_t*)0x20001e8a = 0; *(uint8_t*)0x20001e8b = 0; *(uint8_t*)0x20001e8c = 0; *(uint8_t*)0x20001e8d = 0; *(uint8_t*)0x20001e8e = 0; *(uint8_t*)0x20001e8f = 0; *(uint8_t*)0x20001e90 = 0; *(uint8_t*)0x20001e91 = 0; *(uint8_t*)0x20001e92 = 0; *(uint8_t*)0x20001e93 = 0; *(uint8_t*)0x20001e94 = 0; *(uint8_t*)0x20001e95 = 0; *(uint8_t*)0x20001e96 = 0; *(uint8_t*)0x20001e97 = 1; *(uint32_t*)0x20001e98 = 4; *(uint32_t*)0x20002520 = 0x1c; *(uint64_t*)0x20002528 = 0x20002340; *(uint64_t*)0x20002340 = 0x20001ec0; memcpy((void*)0x20001ec0, "\xf5\x05\xd9\x04", 4); *(uint64_t*)0x20002348 = 4; *(uint64_t*)0x20002350 = 0x20001fc0; *(uint64_t*)0x20002358 = 0; *(uint64_t*)0x20002360 = 0x20002040; *(uint64_t*)0x20002368 = 0; *(uint64_t*)0x20002370 = 0x20002200; memcpy((void*)0x20002200, "\x7c\x95\xac\x2d\x5e\x6c\xfb\x65\x7a\x4a\xd1\x6d" "\xed\x04\x0b\xd0\x95\x49", 18); *(uint64_t*)0x20002378 = 0x12; *(uint64_t*)0x20002380 = 0x20002280; *(uint64_t*)0x20002388 = 0; *(uint64_t*)0x20002530 = 5; *(uint64_t*)0x20002538 = 0; *(uint64_t*)0x20002540 = 0; *(uint32_t*)0x20002548 = 0x40000; syscall(__NR_sendmmsg, -1, 0x20002400, 6, 0x20000000); memcpy((void*)0x20000180, "/dev/md0", 9); syscall(__NR_openat, 0xffffffffffffff9c, 0x20000180, 0x101400, 0); memcpy((void*)0x20001a40, "\x73\x79\x73\x74\x65\x6d\x76\x62\x6f\x78\x6e\x65\x74\x31\x00\xb3\x23" "\x8d\x8c\x40\x94\xb9\xae\x24\x9f\xee\x77\x81\x1c\x52\x89\xcf\x18\xfc" "\x17\x59\xed\x39\x19\x83\x1a\x6d\x98\x55\x16\xd5\x1e\xe2\x14\xda\x50" "\x55\xc6\x2f\x7a\x44\x7e\xcf\xb2\x90\x59\x48\xc4\x4d\x42\x04\x9b\x36" "\x4e\xe4\xe8\x90\x75\x17\xed\xa6\x5e\x95\x1a\x92\xfc\xb5\xe8\x94\xe1" "\xc8\xc3\xa9\x80\x70\x03\x69\xed\xe4\xdf\x51\xfb\x88\x98\xe8\xd1\x80" "\x98\x8b\x09\xbf\xef\xeb\xe1\x94\x6a\x9f\x13\x5b\x73\x33\x9f\xea\x45" "\xd0\x16\x19\xbc\x0b\x9d\xb6\xac\x7b\xcc\xe4\x8d\x88\xbe\x42\x78\xed" "\x39\xa6\xb3\xa0\xe3\x74\xb9\xe5\x84\x72\xfe\x61\x6e\xd8\x16\x8d\xd0" "\xbd\x8d\x16\x72\xfb\xd9", 159); syscall(__NR_memfd_create, 0x20001a40, 0); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); char* cwd = get_current_dir_name(); for (procid = 0; procid < 8; procid++) { if (fork() == 0) { for (;;) { if (chdir(cwd)) fail("failed to chdir"); use_temporary_dir(); int pid = do_sandbox_namespace(); int status = 0; while (waitpid(pid, &status, __WALL) != pid) { } } } } sleep(1000000); return 0; }