// https://syzkaller.appspot.com/bug?id=e193a2613e93f192b792ca90f7a94651f0fd71c0 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; int collide = 0; again: for (call = 0; call < 6; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: syscall(SYS_connect, -1, 0ul, 0ul); break; case 1: *(uint32_t*)0x20000040 = 0; syscall(SYS_getsockopt, -1, 0x84, 0x107, 0ul, 0x20000040ul); break; case 2: memcpy((void*)0x20000040, "/dev/pf\000", 8); res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000040ul, 1ul, 0ul); if (res != -1) r[0] = res; break; case 3: res = syscall(SYS_fcntl, r[0], 0ul, r[0]); if (res != -1) r[1] = res; break; case 4: syscall(SYS_ioctl, r[1], 0xc0e04412ul, 0x200003c0ul); break; case 5: *(uint32_t*)0x20000000 = 0x1f; *(uint32_t*)0x20000004 = 0xc; *(uint32_t*)0x20000008 = 0; *(uint64_t*)0x20000010 = 0; *(uint32_t*)0x20000018 = 0x1000; *(uint64_t*)0x20000020 = 0x200002c0; memcpy( (void*)0x200002c0, "\x00\x3f\x70\xb8\x55\x3f\x41\x8e\xbf\xdb\x6d\xd7\x24\xb5\x68\xae\x8b" "\x28\x36\x92\x29\x5c\xcc\xcf\x8e\x61\x15\xcd\xae\x0c\xa1\xf8\x4f\xef" "\x01\x38\x3c\x1e\x8b\xd8\x44\xb9\x0f\x0a\x29\xf3\x5a\x66\xc8\xa7\x88" "\x2f\xb9\xbd\x81\x7e\x0c\xac\x15\x18\x94\x90\x47\x72\x81\xc5\xa0\x28" "\xcf\x12\x1d\x0b\xc4\xcf\x2a\xb3\xa3\x65\x44\x84\xde\x8b\x1b\xb9\x97" "\xd7\x7a\x40\x69\x78\xb8\x1b\x1e\x53\x9d\xf3\x61\x64\x35\xdb\x7f\x99" "\x4d\xfd\xc6\xff\x43\xd5\x3f\x75\x1a\xf0\xdb\x40\xf3\x30\x18\x00\x81" "\xff\x8a\xeb\x59\x1c\xfb\xdd\xea\x86\xf9\xe2\x32\xc1\x4b\x01\x28\x9a" "\x2c\x8b\x93\x6e\x0b\xed\x27\x87\x77\x6e\x32\x83\xb8\x75\xa7\x1f\xbe" "\xb6\xbc\x6c\x91\x0f\xa2\x29\x3c\xd3\x13\x88\xfb\x40\xaa\x29\xc5\x5e" "\xc1\x67\xad\x97\x18\x72\x58\x22\x4d\x8a\xf3\xd1\x84\xf2\x9d\x65\xff" "\xeb\xdb\x2d\xbc\x87\x84\x1b\x19\xf9\xd5\xa1\x32\x32\xd6\x4d\xf5\x64" "\x15\x69\x89\xc1\xad\xd2\x75\x4c\xe6\x17\x3c\x99\x79\x8e\x2d\x50\x96" "\x66\x29\xa9\x5e\xc1\x95\xd9\xec\xbe\x0c\x3d\x66\x0b\x32\x0d\x1f\x5e" "\x30\x1d\xba\x99\xb6\x38\x51\x08\x82\x89\x09\xc1\xab\xcf\x06\x1b\xd0" "\xae\x02\xa8\xd2\x83\x12\xe0\x90\x4b\x84\x4f\x11\x53\x63\x07\xe3\x2d" "\xe5\xe3\xe2\xf5\x1f\xe3\xee\x18\x87\x6c\x40\x57\xc1\x90\x09\xce\x54" "\xbd\x0c\x6e\x45\x1c\xbe\x39\x1a\x80\x4c\xf9\x51\xb8\x49\x20\xd3\xc0" "\x9b\xcb\x79\x04\x41\x9d\x1e\x74\xdc\xfc\xb3\x7d\x5c\x78\x30\x4e\x60" "\x14\x4c\xa4\xbc\x74\x85\x94\x40\x64\x8c\x1b\xf1\x02\x24\xf6\xff\x14" "\x14\x9d\x1e\x1f\xaa\x2f\x13\x9f\x5f\x50\x06\x68\x53\x4c\x2d\xfa\x8f" "\x5a\x51\x8c\x16\x6f\x63\xb4\xe6\xbd\xd2\xe8\xa4\x25\xba\x14\xa7\x42" "\xd6\xcc\x99\x5a\x66\x76\x81\xd5\x39\x11\x14\x5b\xa6\x9b\x18\xc9\x49" "\x49\x42\x99\xbd\x3b\x91\x16\x28\xcb\x76\x72\xdf\xff\x2f\xd3\x0c\xe8" "\x65\xc2\xc4\xad\x9f\xf3\xa4\x35\x87\x83\x5f\x04\x8b\xf5\xce\xb1\xa2" "\xe5\x3f\x17\xf9\x57\xbd\xc3\xa8\x76\xe9\xbe\xeb\xe6\x02\x7c\xa7\xc2" "\x75\x17\x80\xe4\x19\xe4\x18\x8e\xc2\x94\xd6\xcc\x10\x1e\x0e\xf5\x39" "\x38\xb8\xb3\xf0\xe5\xa4\x06\x3e\x9b\xcc\x3f\xd8\x60\x3d\xc5\xe2\xbe" "\xbe\xbd\x72\x49\x73\xb2\xcc\x12\xe8\xfe\x30\x7f\x26\x3c\xaf\x9a\xc2" "\x88\xe1\xa2\x22\xdb\xa2\xbc\xfe\x11\x62\x0e\x58\xe0\xe3\x12\x05\x34" "\x5d\x40\x2e\xe6\x67\xa2\xd1\x59\xd9\x84\xe9\x1e\x02\xa0\xfd\xd7\xb0" "\x32\xa1\x3c\x28\x54\xae\x81\x95\x2f\x56\x35\x2b\xe6\xfc\x27\xfd\xe1" "\x9b\x86\xdc\x9a\xca\xdf\x06\x66\xf0\xac\x7e\x6f\x6f\x69\x75\x41\x93" "\x73\x77\x8f\xb9\xc5\x4d\x13\x90\xd6\xfb\x3c\xc3\xad\x36\x31\xf0\x56" "\xd7\xeb\x69\x9a\x99\x5f\x80\x9c\xd7\x76\xfe\xe1\x5b\x1d\x35\xdf\x18" "\x10\x7c\xc2\x43\x31\xe9\xa7\x50\xe8\x91\x71\x49\xf1\x41\x94\xaf\x54" "\x54\x55\x2b\xdd\xfb\x18\x07\x37\x54\xc8\xfe\x91\x90\x8a\xde\x56\x57" "\x5c\x29\xe0\xed\x2b\x3c\x12\xc0\x87\xb6\x22\xd7\xa6\x5d\xf6\x33\x32" "\x1b\x1b\x85\xa8\x64\x90\x69\xdb\x3b\x01\xb8\x9c\x8a\x60\x58\x9a\x48" "\x55\xf6\x57\xb2\x51\xcb\xd8\x89\xa9\x90\x17\x9a\xaf\x12\x4c\xde\xd0" "\xb8\x8f\x75\x68\x13\xe3\x77\x82\xc0\xa3\x3c\xf6\xdc\x06\x36\x38\x2a" "\x5b\x01\x5e\x6a\x96\x4a\x1e\x27\xdd\x52\x69\x57\x39\xe3\xc9\x7b\xeb" "\x98\xb5\x8d\x9b\xd5\xf4\x25\x0b\xbe\xda\x95\x58\xcb\x9a\x0a\x67\x11" "\x35\x15\xa3\x3a\xea\xc8\xd6\xc7\x89\x9d\xf5\xd9\x04\xeb\xd1\x33\xee" "\xab\xe6\x44\xea\xb7\xa5\x35\x85\x87\x90\x1e\xef\x35\xe3\xa8\x41\xa9" "\x64\xb1\x1d\x75\x35\x63\x9d\xfc\xa9\x3a\x27\x6c\x1a\x47\x90\xa9\x1d" "\xa7\xb5\x63\x7b\x71\x5a\x73\x56\x4b\x77\xea\xe9\x09\xde\xcd\xba\x5f" "\x35\x4e\xba\x36\xfe\xf6\xe0\xb3\x6c\x7d\x4c\x99\x41\x4f\x86\xe8\xaa" "\xb3\x11\xd2\xc3\xb2\x06\x78\x7f\xf4\x1e\xfd\x15\xd5\x99\x12\xd4\x03" "\x29\x4d\x63\x4d\xc6\x03\xb3\x1e\xc3\xe4\x1b\x9a\xf4\xca\xf0\xcb\xa6" "\x8f\x29\xf3\xec\x23\xa3\x21\x2b\x6b\xdd\x91\xcf\x8f\x5e\xc5\x08\x63" "\x2b\xf0\x0c\x0e\xc8\x81\xfa\xfa\xb3\xf0\x74\x9e\x2e\xd4\x24\x8a\xce" "\x38\x43\x6d\xb3\x49\x3c\x6f\xc9\xc7\x5e\x96\x53\x4e\x9d\xf8\x24\x73" "\x15\x95\x44\x60\x39\x25\x8d\xca\x0a\xa8\x8a\xe3\x72\x71\xd7\xfa\x74" "\xcf\x39\x8f\x62\xa4\x17\x0e\xc6\x54\x6c\x50\x18\xb1\xd7\x05\x15\x0e" "\xcd\xea\x36\xbb\x3f\x6c\xbc\xda\xad\xa0\x90\x2c\xae\x4c\x30\x6c\x89" "\x00\xcb\x2e\xd5\xb8\x19\x4c\xcb\xcf\xed\x9d\xcc\x51\x2d\x92\x4c\xa7" "\x8d\x10\xe8\x1b\x3c\x7f\xee\x43\xe2\xf2\xf9\xab\x2e\x05\x7d\x23\xe2" "\x61\x19\x8a\xc6\xac\xe9\x50\xcb\xa7\xd6\xa3\xde\xa2\x0d\x34\xc7\xa2" "\xa3\x4b\x3e\x6e\xb0\x5c\xa7\xd6\xf7\x5d\xa9\xdd\x3e\xc7\xaf\x7e\xd3" "\xe1\x50\x1b\xcc\x6d\x17\xaa\xc0\x7b\x56\x41\xc0\xd5\x75\xfa\xa2\x98" "\x67\x27\x59\x93\x5e\xf3\x4f\x84\xff\x25\xe2\xea\xe2\x31\xc8\x75\xc2" "\x02\xbf\x43\x25\x10\x47\x26\x84\x75\x5a\x6c\x24\x21\xc1\x92\xbe\x9f" "\x03\x3c\x8d\x55\x03\x3d\xce\x40\xf0\x32\x5f\x0a\x58\xfe\xc1\xcf\x5b" "\x5c\x80\x24\xbb\xc1\xe3\x85\x9f\xbb\xa4\xb9\xbf\x9d\xb7\x3b\x34\xaf" "\xa5\xe6\x4b\x75\xaf\xd4\x5b\x94\x01\xd5\xe9\x50\xf7\x34\xf9\xd7\x32" "\x49\x60\x82\xcd\x70\x0d\xc1\x24\xcc\x68\xb5\x42\x02\x30\x9a\xee\x5d" "\x12\xac\x86\x3c\x65\xfd\xac\xe0\xf7\xda\xee\x56\x3a\xb4\xb1\xbe\x54" "\xae\x3e\xa9\x5e\x60\xc8\xab\xdf\x32\x3d\x9f\x2a\xc6\xc6\x2c\xb2\xe9" "\xc1\x29\x26\x1b\x5c\x76\xe9\x3a\x00\x3c\x98\xe1\xbb\x5e\xdb\x71\x94" "\xd4\x50\xd5\x66\xd8\xa3\xf9\x6a\xe3\x89\x4b\x69\x29\x2d\x9a\x48\x47" "\xf8\x74\x3a\x1f\x4d\xb0\xb6\xae\x1c\x42\x4f\xe4\x80\x04\x78\x0d\x67" "\xa1\x07\x03\x83\x9d\xb7\xab\xdd\x55\xad\x44\xf4\x29\x7b\x0e\x80\x78" "\xe4\x9f\xd1\x6f\xd2\x5f\x57\x94\xa1\xd8\x26\x2c\xc6\x49\x8a\x25\x88" "\x72\xca\xf4\xc5\xc8\x64\x85\xdb\x2c\x00\x71\xec\x34\x98\x64\xe6\x19" "\x6e\x7b\xd5\xe7\xfe\xc8\xf7\x56\xe8\x43\x3b\x7a\x95\xce\x3c\x17\x92" "\xb6\x58\xd3\xdc\x6f\xaa\x0d\x86\xc7\xb2\x8e\x6c\x1c\xd6\xd4\x64\x39" "\xe2\x86\x4f\x37\xe6\xc8\x4b\x88\x68\xc8\xa0\xcd\x82\x97\xbf\x63\x4b" "\xb7\x27\xcb\x02\xff\xa5\x9f\xf2\x1f\x7f\xc1\x7e\x59\x37\x64\xcd\xa9" "\x67\xda\x04\x16\xf3\xf8\x16\xd3\x2c\xc2\x65\x4e\xb6\x3e\x43\xac\x87" "\x00\x92\x05\xab\x4b\xdf\xd2\xbb\x82\x64\xe5\x62\x24\x4e\xd4\xb0\x6a" "\x13\x43\xe2\xf4\xb0\xd7\x40\x75\xdc\x92\x7f\x07\xf7\xad\x98\x74\x48" "\x8d\xbd\xb6\xce\x44\x5b\xf6\xca\x03\x9a\x23\x14\x78\x51\xeb\xd1\xec" "\x53\xf2\x5f\xf2\xb9\xb1\x97\xee\x30\x7d\xc3\x98\x09\x4c\x87\x75\x71" "\x5a\x26\xbe\x9d\x7d\x5d\xdd\x81\x79\x45\x11\xa2\x53\x13\x29\x79\x78" "\xec\x74\x48\xe9\xff\x77\x10\xdd\x05\xf1\x07\x3f\x70\xe4\x52\xc7\x95" "\x37\xf5\x7c\x40\x44\x6a\x73\x88\xc8\xa9\x92\xaf\x95\x1a\x3a\xa8\x11" "\xc8\xf2\x6f\xed\x10\xc1\x4f\xe4\x83\x40\xcc\x1d\x1c\xc3\x72\x2c\x57" "\xa3\x11\xd1\xca\xe2\x33\x0b\xfa\x7a\x4d\xd1\xb8\x0a\xbf\xc0\x6f\xb9" "\x9e\x71\x69\xdb\x17\x5c\x42\xca\x05\x79\xd3\x9a\xfc\x00\xd9\xed\xca" "\xa0\x81\x91\x48\x31\x19\x7d\x36\xb2\x31\x16\x7f\xb9\x1e\xcf\x20\x25" "\x86\x2b\x55\x83\x87\x8e\xf4\xa5\xa2\x19\xaf\xc4\x7a\x60\xfd\x11\xd0" "\xab\x03\x23\xa2\xc9\x0c\x76\x5f\xb4\x59\xfe\x36\xfa\x2d\xbf\xf0\xa1" "\xb8\xd1\xc9\x31\x2a\xdf\x73\x7a\x8d\xe5\xec\x82\x2e\x9b\x21\x86\x10" "\x34\x07\xf3\x72\xd9\xa3\x84\x41\xff\x53\x47\x64\x21\xa5\x75\xd3\x7e" "\x05\x0e\xb0\xfb\x74\x9c\xd6\x55\x9a\xdb\x40\x39\x2f\x06\x5a\x0f\x19" "\x9e\xab\x53\x80\x02\x8d\xa0\xa7\x31\x7c\x06\x7d\xca\x4b\xa8\x68\x0f" "\x5e\x63\xc7\xe1\x1a\x92\xc1\x23\xa7\xa4\x08\x42\x09\xb6\xf1\xbd\x85" "\x90\xb4\x41\x2b\x28\xb1\x7f\x18\x8b\x95\x59\xc2\x17\xb4\xde\x41\xd5" "\x29\x21\x32\x50\x24\x19\xbc\xf0\xec\xf1\x4c\x1e\xf5\x89\x70\x42\x37" "\x54\xe0\xc6\x79\x42\x36\x1d\x7a\x38\xb4\x79\xc1\x48\x39\x5f\x9f\x29" "\x4c\x48\x09\x4a\xbf\xe9\xc7\x08\x12\xfe\xc9\x3a\x88\xd1\x67\x1f\x38" "\xa3\xf9\x19\x48\xa9\xfa\xad\x76\xb9\x63\x98\xef\xc1\x41\xa1\x77\x0d" "\x0f\x75\xd3\x66\xc8\xfe\x18\x8a\x99\x35\xff\x21\xcc\x5b\x6c\xd1\x8c" "\x20\x4f\xf1\x03\x08\x82\x5d\xd2\xc0\xa7\x00\xbb\x79\x33\xe5\xdb\xcb" "\x30\x87\xac\x6a\x17\xb0\x3d\xfd\x28\xe1\xea\x68\x6e\x4c\xd6\x40\xc5" "\x6d\x99\xeb\x75\xd2\x7d\x83\xa6\x64\x4c\x7a\x5d\x77\x2e\x58\xee\x6d" "\xd5\x3c\xd9\x72\xc5\xd7\x73\x74\xaa\x1b\x27\x16\x66\x82\x63\x80\xae" "\x88\x57\xe0\x79\x4f\x0e\x00\x9f\xda\xc3\xd9\x77\x1a\x9a\xfe\x2e\xc2" "\x00\x0f\x65\x6b\x0a\x50\x0b\x3a\xc4\x18\x0a\x74\xf5\xf9\x90\xe7\x4e" "\x74\xba\xe2\x1f\x73\x4a\x8f\xb9\xda\x64\x3a\x60\xd3\x9d\x7a\x5d\xd2" "\x46\xfd\x65\x99\x3e\xaf\x17\x6b\x23\xd6\xf3\xd3\xf0\x87\xd9\x36\x7e" "\xc3\xac\x32\x1a\x32\x90\xf9\xbd\x7e\x05\xe1\x3f\x60\x50\x9b\xdf\x4e" "\xd7\xa9\xeb\x30\xaa\xba\x60\x44\xba\x66\x08\x53\xf9\x31\x82\xf4\xbd" "\x2a\x2f\xa6\x61\xab\xea\x30\xd8\x50\xf0\x62\x02\x2a\xf1\xb8\xf5\x34" "\xcd\x40\xf4\x5e\x12\x8a\x67\x72\x2f\x30\x9e\xd3\x1f\x87\x8f\x1c\x8e" "\x16\x26\x9c\x49\xde\x27\x99\x41\xc9\x0d\x65\xe4\xd4\x8c\x1c\x54\x4f" "\x00\x8d\xbd\xe5\xdd\x3f\xf0\xbe\xb6\xab\x73\x11\xc7\x45\x88\x35\x64" "\x93\x9a\xc3\x1c\xe3\xcc\x0e\x25\xc8\xa4\x34\x84\x43\xb4\xa1\x94\x30" "\xbf\xa6\x63\x03\xe4\x8b\x96\x21\xd6\x20\xaa\x70\x7c\xf3\x19\x0a\x4e" "\xea\xfe\xd1\x6a\x49\x19\x25\xb1\xe6\xe9\x21\x78\xa8\xee\x7c\xcf\xdb" "\x42\x40\x65\xb2\x5b\x1f\xf0\xad\xe2\x7a\xa8\x80\xa0\x64\xc9\x17\x84" "\x30\xe1\x22\xb3\x1e\x65\x2d\x18\xc1\x9e\xf5\x8b\x26\x6a\x9d\x46\xff" "\x2f\x25\x20\x5d\xb2\x91\xf5\x90\x38\x1c\x47\x7f\xba\x77\x53\x2e\x62" "\xe2\x94\x51\x5b\xc7\x20\xc6\x0b\x5e\x9a\x32\x93\x16\x8c\x04\xd9\x46" "\x1e\x43\xd9\x6b\xe4\xde\xeb\x08\x3b\x9d\x05\xd4\x14\x76\x8a\xd9\x19" "\x68\xf1\xf1\x95\x50\x89\xca\x49\xd8\xa9\x84\x5f\xe7\xfe\xf3\xfe\xe5" "\x61\x3b\xa2\x07\xb3\xee\x74\x91\xcc\x20\xe7\xc4\x7e\xf3\xab\x7b\x00" "\x8b\x3a\x0b\xe7\x74\x31\xc7\xf4\xea\x3d\xf5\x83\xf8\x31\x1a\xcc\x09" "\x2e\x4b\x23\x79\x15\x96\x3d\x8f\xe0\xdc\xed\x18\x88\x01\x24\xf4\xce" "\x60\xaf\x71\xa5\xb5\xf2\x4e\x52\x7e\xc6\xc3\xe1\x08\x38\xa2\xb4\x6a" "\xd1\xa4\x95\x8e\x3a\x53\xc4\x97\x79\x89\x40\xb7\x72\xca\xdb\x10\x1e" "\x1b\xb7\xce\xcd\xc6\xe5\xa5\x63\x8d\x71\x75\x74\x42\x37\x54\xfe\x6e" "\xe2\xc2\xb0\x65\x8a\xe6\x81\xfa\x75\xa8\x68\xf8\xa1\x7b\x87\xb4\x5e" "\x15\x12\xb2\x4f\xb2\x3c\x8f\x26\xda\xa7\xe5\x09\xae\x64\xe6\xf2\xb9" "\x4a\x7c\x97\x50\xf5\x31\xaa\x8c\xab\x46\x63\xe1\xc4\x5c\xb9\x93\x4c" "\x84\x07\x78\x0a\x1e\xc2\xda\x6d\xea\x45\x88\x4a\xc4\xf0\xf7\xc6\x8f" "\xc5\x09\x49\x78\xb1\x24\x59\x78\x7f\x49\x9a\xe0\x23\x99\x7e\x12\xc1" "\x7e\xdd\x57\xdb\x16\xb7\x54\xef\x5a\x62\x16\x03\x9a\x9c\x3d\x04\x0f" "\xfd\x47\xaf\xba\x92\xb2\xb3\xc1\xeb\xa4\xed\xd3\x9f\x09\x68\x57\x36" "\xe4\x40\x66\x11\x02\xc7\xdc\x40\x3f\x44\x76\xfd\xc3\x9e\x39\x6e\xf1" "\xf6\x5b\x41\x01\x4c\xcf\x46\x59\x54\x11\xdd\xcb\x42\xae\x61\xff\xab" "\x97\xec\x98\x56\xe2\xca\xe6\x42\x77\x31\x98\xf2\x35\x23\xd8\x65\xc3" "\xbc\xd4\xb0\x4d\x22\xda\x04\xdb\x14\x30\xa1\x96\x4d\xd6\xd3\x25\xcb" "\x0f\x8c\xda\xe5\xaa\x4d\xa9\xe1\x8e\xe8\x6c\xb8\x83\x07\x97\x85\xd7" "\x59\x3a\x86\xe8\x91\x20\x0b\x33\x88\x70\xc4\x3b\x8d\x42\xe4\x43\x68" "\x18\xf0\x69\x4c\x0a\xef\x53\x21\xef\xf9\x23\x96\x27\x05\x9e\x3c\xf2" "\x1a\xe8\x10\xb8\x65\x2e\x26\xb4\x1f\x53\xc0\xbf\x7b\x1e\xfd\xf5\x42" "\xaf\x15\x74\x4c\xd2\xa7\x25\x05\xb3\x28\x51\xc3\x4c\xeb\x23\x84\xa9" "\x29\x42\x06\x6b\xcc\x93\x3a\x7b\x2b\xf7\x9c\x26\x23\xd1\x22\xe8\x60" "\x48\x46\xeb\x02\x40\x15\x3f\xb9\x18\x93\x9c\x19\xd7\xee\x58\x45\x05" "\x43\xb2\xef\xc6\x81\x93\x05\xc9\x13\x3b\x63\xf1\xf8\xeb\xf8\x02\x71" "\x74\x1d\x48\x42\x17\x83\xa7\xaf\xf9\x07\x9a\xd8\x4a\x51\xae\xdc\xa4" "\xce\xb5\xc8\x00\x23\x24\x36\x20\xbe\x07\x7f\xfe\x73\xbd\x5c\x9b\xf5" "\x8e\x8d\x03\x1f\x7f\x4b\x3b\x97\xa3\xfb\xf6\x46\xc2\x41\xff\x41\xe9" "\x9b\x94\x69\x85\xdb\x3d\x23\x2f\xb4\x04\xaf\x3b\xbd\x9d\xdb\xd2\xa0" "\x50\x09\xf1\x4c\xfb\x23\x3f\x84\x2e\xbb\x14\x52\x40\x04\x04\xeb\xca" "\x10\xe6\x09\x23\x7c\xf5\x50\xe6\xbe\x1d\x28\x62\xfb\x23\xd0\x15\x1e" "\x10\xc5\x04\x5a\xf4\xd7\x55\x0d\xac\x15\x78\x97\x22\x5a\x44\x35\x18" "\x55\xb2\x65\xe8\x69\x6a\x5a\xbf\x53\x68\x5f\x04\x78\xe1\x27\x2e\xec" "\xec\xd6\x97\x38\x80\xdc\xe1\xc0\x6d\x92\xc2\xb2\xd6\xc7\xe1\x03\x6a" "\xb5\x44\x42\xc1\x85\x97\xf5\x20\xaa\x13\x49\xdd\xa4\x7f\x34\x7a\x93" "\xf1\xe3\x39\x42\xf5\x8e\x4e\x3b\x20\xe2\xf7\x09\xf7\x62\xa8\xa5\xef" "\xe1\x8f\x79\xdc\xd9\x4d\xf3\xa5\xa7\xcb\xce\xc0\x4a\xb5\x29\xe4\x69" "\x74\x76\x09\x5f\x8a\xc8\x2a\x1d\x37\xce\xf5\x5a\xf2\x97\x0f\x9d\x99" "\x3f\x67\xd1\xe6\x47\xb9\xac\xc2\x7c\x4f\xec\x6a\x86\xd3\x43\xc8\x9e" "\x53\x97\x98\x69\xc8\x04\xf6\x47\xf2\xba\x47\x07\xea\x7c\x84\xe7\x80" "\x58\x08\x49\x68\x50\xc1\x4a\x77\x94\xee\x4b\x81\x0d\xb0\xb9\xc6\xc9" "\x57\x19\x80\xd5\xb3\x8c\xf8\xe9\xe7\x4e\x05\x09\xba\x0c\x02\x13\x67" "\x8a\x4f\xaf\x3e\xa8\x8c\x1c\xd8\x9c\x46\xbc\xdd\x14\x86\x70\xac\x4e" "\x32\x1d\xb3\xdd\xc6\x64\x55\xea\xfc\x8a\xee\xaf\x91\x3e\xd9\x50\x36" "\x1a\x45\x20\x15\xcc\x3e\x1f\xe7\x8b\x6e\x97\xfb\xc0\xc5\x16\xe5\xf1" "\x63\x2b\x77\xdc\x92\x84\x6d\x04\x74\x25\x82\xa3\x17\x4a\x4e\x7d\x9c" "\xee\x69\x5f\x88\x6c\x16\xd5\x73\x80\x3c\x2f\xea\xe0\xd9\x7b\xab\x2c" "\xd5\x65\xb4\x5f\xbd\x0b\xda\xf0\xa9\xea\x1a\x87\x94\x69\x0a\xfe\xc8" "\xca\x08\x73\x51\x8d\x57\x3d\xfa\xc9\xbc\xbf\x96\xe8\xb9\x48\x39\x31" "\xb4\xc8\x16\xd6\x7d\xf6\xda\xa4\x5e\xa6\x00\xb4\xa8\x32\x08\xe3\x50" "\x3a\xfc\x9e\x97\xd3\x62\x63\x37\xce\x0b\x13\xf5\x75\x90\x18\x8a\x5c" "\x5e\xd8\x25\xb1\x73\x8d\x81\x84\x5e\xf8\x48\xba\xc6\xcc\x12\xf5\xc8" "\xca\xe6\x6a\x8e\x0d\x7a\xe3\x40\x7b\x7b\xf0\x9a\xcf\xd7\x8f\x0f\x8e" "\xb7\x1e\x57\x97\x48\xf6\x81\xae\x25\xce\x54\xcc\xb4\x2c\x1e\xf7\x2f" "\xb9\x4b\x9a\x5a\x57\x0b\xf5\x39\x05\x61\x93\x54\x83\x77\x3c\x8f\xd2" "\x8d\xa6\xb9\x87\x62\xec\x9a\x1e\x4c\x90\xf6\x3a\x21\xd2\x8c\x3d\x4c" "\xaf\x7f\xbc\x68\xbb\x10\x80\xc6\x95\x91\xe4\x8e\x30\x23\x24\x06\x99" "\x70\x7c\x1e\x34\xfe\x05\x50\x44\xd5\x0b\xd2\xae\x32\xfc\x13\x6d\xdf" "\xfa\xc4\xcb\xdb\x35\x44\xb2\x3f\xaa\xbe\x2f\x1c\x25\x5a\x71\x73\xec" "\x63\x71\xd7\xcb\x71\x63\x7e\x2d\xd9\x55\xd0\xf3\xf3\x44\x2d\x9f\xd1" "\xc9\x1f\x0f\x34\x50\x2f\x30\x17\xd3\x84\x70\x09\x6f\xdd\x0e\x59\xfd" "\x75\x0b\xdb\x71\xe3\x2d\x5c\xb8\x56\x22\x02\x27\x71\xcc\x13\x4e\xa0" "\xc0\x25\x8a\x1d\x90\xec\x15\x48\x31\xdc\xd7\x25\x78\x6e\xdc\x9a\x2a" "\x77\x11\xfd\x57\x5a\xb3\x51\x9d\x32\xa9\x2b\x03\x22\x29\xd3\x8f\xda" "\x05\xee\x37\x27\x56\x3c\x93\xfb\x98\xa4\x8f\x60\xe6\xf2\xaa\x94\x34" "\x54\xf4\x4c\x44\x92\x91\x48\x1b\xa9\x62\x92\xca\xc4\x8f\x3c\x2b\x60" "\x45\x8a\xe3\x5d\xb5\xfc\xc5\x5e\x5b\x9f\x21\x32\x06\x3a\x95\x72\x7f" "\x34\xb4\xe5\xd2\xc6\xeb\x24\xa3\xde\xa3\x2d\x60\x0f\x78\x31\xfb\x5e" "\x32\x24\xa5\xbd\xf6\x6c\x7f\x5c\x21\xa3\xaa\xdc\x86\xa5\x6e\xc8\x8f" "\x6b\x98\xde\xc5\x2a\x0a\xa9\x58\x76\x07\xd2\xbe\x82\xf9\x6f\xdf\x7d" "\xc6\xae\x6c\x44\x6e\xa1\xe9\x99\xb8\x39\xdb\x27\x46\x66\xb0\x7e\x85" "\x61\xdb\xe2\xd9\x6a\x5a\xf6\x91\x81\xf5\x36\xe6\x1b\xb0\x4c\x68\x17" "\x99\xa2\x25\x64\x33\x8a\xd0\xcb\x7b\xbf\x76\x4e\x03\xa6\x2c\x84\x91" "\x61\x9b\x9a\x55\x02\xf3\x5f\x42\xdc\xe5\xa8\x6b\xee\x99\xce\xf9\xb4" "\x98\xa6\x87\x47\x2a\x22\xaf\x39\x12\xee\x86\xcd\x6f\xbc\xf3\xdb\x3b" "\xf0\x5a\xb8\xc9\x86\xb8\x6a\x68\xa9\x5d\x3c\x50\x4c\xfb\x8e\x96\xef" "\x92\x14\x96\xa3\x23\x9c\xb0\x3d\xc7\x8d\x4a\x3a\x61\x88\x5e\xe4\x0d" "\x89\x6d\xf4\xc2\xbf\xe9\x36\x17\xc5\x58\x35\x69\xb1\xc1\x7c\x51\xf6" "\x2d\xdd\xfd\x26\x63\x4d\xc9\x29\xce\xa2\x89\x26\x57\x95\x22\xba\x61" "\x8f\xcc\xfc\xfa\xe1\x48\x63\xe3\xdc\x0b\xfa\x61\x1d\x68\x4a\xe8\x5c" "\x18\x24\xd6\xc3\x95\xee\x38\x53\xc1\xaf\x8a\x80\xc4\x12\x6a\x86\x27" "\xb9\xc2\xf8\xc0\x69\x15\x35\x5f\x65\xf7\xdf\x2e\xb9\x2d\xee\xc4\x98" "\x76\x1a\xfe\x63\x9a\xe4\xe6\xa6\x37\xd6\x4a\x4d\x08\x6c\xee\xf4\x2f" "\x8a\x0f\xa4\x8f\xbc\xe0\x73\xb9\x0d\xe8\xa1\xf5\x2b\x18\xec\x83\x88" "\xb6\x70\x1e\x6e\x7a\xb6\x02\x68\x15\x69\xdd\xdb\x91\x4e\xbb\x45\x45" "\x86\x45\x3d\x3c\x6c\x2a\xbe\x51\x8a\x7e\xeb\x22\xf9\x7e\x98\x06\xb3" "\xdf\x29\xe6\x3a\x50\x82\x97\x5f\x2a\xd1\xc4\x37\x85\x1e\x8c\x62\xf2" "\x12\xe2\x5f\x40\xd1\xb2\x14\xbd\x5e\x93\xea\xff\xb0\x01\x1a\xda\x75" "\x92\x7d\xe2\xa1\xdf\x24\x24\xa0\xa2\x0a\xcf\x04\x05\x21\xfe\xc4\xcc" "\x87\xe3\x4a\xc0\x24\x56\xc0\x14\x6f\xfa\xdc\xd7\x25\x3a\x34\x29\x51" "\xc0\x8d\xdf\x8c\xa8\xbe\x77\x32\xb0\x4f\x7d\x59\x5a\x16\x76\x7b\x3e" "\x28\x8b\x79\x05\x5a\x7d\xf3\x8b\x3b\x35\x9b\x89\x00\xcc\xb8\xf7\x52" "\x00\x13\xda\x2c\x35\x07\x2a\xe1\x61\xec\x94\xe3\xab\xdd\xa7\x92\xe2" "\x12\xda\xb2\xc9\xcd\x91\x98\x69\x14\xd8\xc5\x15\x63\x76\x8c\x57\x86" "\x3b\xdf\x1d\xa8\xe5\x92\x69\xef\x84\x40\x15\x75\x8a\xc8\x6d\xed\x2b" "\xc4\x0d\xf9\xd5\x4f\xb1\x3c\x56\x27\x0a\xab\xcb\x2b\x3d\x77\x7e\x39" "\x8b\x49\x3c\xa9\x47\x06\xf8\xa8\x30\xcf\x08\x87\xf6\xd0\xed\xdb\x6a" "\x55\x16\x7b\x4e\xe3\x6c\x3c\xa7\x2c\x78\x45\x80\xef\xde\xb7\x0c\x55" "\x85\x8b\x63\x30\x40\x72\x0a\x5e\x14\x14\x70\x75\xc4\x19\x6a\x46\x4f" "\xe3\xdc\xac\xd7\x38\xe7\xe4\x96\xe3\xe1\x78\x7c\xfb\x19\x50\x13\xd9" "\xc4\x49\x6b\xb6\x13\x09\x17\xe9\x5a\xc0\xfe\x11\x30\x85\x9b\x00\xd8" "\xd7\xce\x61\xe7\x9f\xff\xf5\x83\xe1\xc6\xaa\x4b\x67\x83\x61\xf6\xbb" "\xaf\xa4\x88\x41\xda\x71\xb4\x9d\x9a\xbf\x44\x43\x6b\x39\x03\x5e\x28" "\xdd\x37\x86\x3e\xe3\xff\x13\x24\x36\x90\x8f\x49\x31\xd4\xa7\xd8\xd0" "\xe1\x11\xd9\x04\x45\x89\x01\xab\x45\x10\xd2\x5e\x70\x9e\xff\xc4\xee" "\xd7\x30\x3b\xc0\xc8\xf6\x15\x43\x0e\xde\xda\x5a\x9e\xd4\xa6\x78\x98" "\xf2\xaa\x27\x98\xc6\x83\xe5\xbd\x99\x61\xce\x02\xba\x36\xf8\x4f\xe5" "\x98\x1f\x1d\xfa\xfa\x91\x63\x0f\x3b\x88\x9e\xb2\x22\xa2\xf1\x1c\x2b" "\xdc\xd0\xde\x56\xec\xab\x55\x2e\x87\x8e\x70\x25\x45\x46\x78\xfc\x95" "\xd6\x71\x1d\x8e\xaf\x76\xfd\x87\x03\xe2\xd2\x7a\xad\x09\xfd\xd4\x82" "\xa9\xea\x19\x30\x96\x6c\x60\xd9\xab\x77\x1b\x50\x66\xe4\x81\x37\x74" "\xe4\x2f\x76\xa3\x33\x8c\x02\x88\x52\xb6\xa0\x9b\x5e\x40\xd4\x1a\xa1" "\xd6\x3c\x87\x03\x36\x92\x40\x59\x31\x8e\xb3\x15\x11\x63\xc4\xaf\x9a" "\x54\x8c\x2d\x40\xa7\x19\xd5\xee\x69\xa8\xca\x3c\xae\xcc\xdc\xde", 4096); *(uint32_t*)0x20000028 = 0xc0000; *(uint32_t*)0x2000002c = 5; *(uint32_t*)0x20000030 = 0x1f; *(uint32_t*)0x20000034 = 0; *(uint32_t*)0x20000038 = 0x1ff; *(uint32_t*)0x2000003c = 0xfff; syscall(SYS_ioctl, r[1], 0xc040636aul, 0x20000000ul); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul); loop(); return 0; }