// https://syzkaller.appspot.com/bug?id=79a95578b90721ff58f3a8e5217fc28a0a36c963 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_getpid #define SYS_getpid 20 #endif #ifndef SYS_ktrace #define SYS_ktrace 45 #endif #ifndef SYS_mmap #define SYS_mmap 197 #endif #ifndef SYS_open #define SYS_open 5 #endif #ifndef SYS_openat #define SYS_openat 468 #endif #ifndef SYS_sendmsg #define SYS_sendmsg 28 #endif #ifndef SYS_socketpair #define SYS_socketpair 135 #endif static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[2] = {0x0, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; memcpy((void*)0x200000c0, "./file0\000", 8); syscall(SYS_open, /*file=*/0x200000c0ul, /*flags=*/0x615ul, /*mode=*/0ul); res = syscall(SYS_getpid); if (res != -1) r[0] = res; memcpy((void*)0x20000000, "./file0\000", 8); syscall(SYS_ktrace, /*tracefile=*/0x20000000ul, /*ops=*/0ul, /*trpoints=*/0x53eul, /*pid=*/r[0]); res = syscall(SYS_socketpair, /*domain=*/1ul, /*type=*/1ul, /*proto=*/0, /*fds=*/0x20000000ul); if (res != -1) r[1] = *(uint32_t*)0x20000004; *(uint64_t*)0x20002700 = 0; *(uint32_t*)0x20002708 = 0; *(uint64_t*)0x20002710 = 0x200024c0; *(uint64_t*)0x200024c0 = 0x200010c0; memcpy( (void*)0x200010c0, "\xc8\xc9\x8e\xa2\x2b\x4c\xac\xfb\x93\xba\x49\x30\xeb\xa6\x7e\xfc\x8c\xb3" "\xca\x7c\x6c\x0b\xf1\xdf\x9d\x8c\x3b\x55\x69\x1e\xf1\x5a\x3c\xad\x03\x10" "\xb1\x18\xf0\x83\x98\x3c\x77\x13\xc6\xc0\xba\x67\x09\x87\xae\xaa\xe0\x8e" "\x4d\x90\xa9\xb4\x34\x95\x3c\x3e\xa6\xb0\x6c\x8f\x7c\x73\x01\x80\x6a\x48" "\xda\x90\x62\xa4\xa9\x51\x03\x82\xc1\xcb\x15\x49\xfc\x86\xeb\xdf\xa4\x14" "\x7e\x16\xaf\x95\x78\x1f\x7d\x29\x93\xca\xe4\x36\x4e\x05\x59\x2f\xca\x48" "\x67\x27\x21\xfe\xfe\xd0\x3a\x66\x84\xb9\x11\x4c\x46\x30\x14\xa9\x22\x93" "\x52\x1b\x3b\x1a\x3f\xd1\xaa\xf6\xf4\x97\xf4\xc4\xe2\x72\x83", 141); *(uint64_t*)0x200024c8 = 0x8d; *(uint64_t*)0x200024d0 = 0x200011c0; memcpy((void*)0x200011c0, "\x8a\x6b\x10\x9f\x5b\x23\x81\xfb\x1a\x6d\x20\xbd\xe1\x18\xaf\x58\x1e" "\xbe\xbf\xcd\x5a\x10\xc6\x31\xbc\x67\x71\x0d\xa7\x32\x85\xa8\xe8\xdc" "\xec\x0a\xdc\x99\xea\xbe\x30\x08\x05\x2e\x2d\xba\xa1\x7e\x84\xb5\x8d" "\x76\x45\x30\x90\xa4\x83\x83\x9e\x9f\x93", 61); *(uint64_t*)0x200024d8 = 0x3d; *(uint64_t*)0x200024e0 = 0x20001200; memcpy((void*)0x20001200, "\x39\x9f\xa3\xcc\xfe\x2c\x20\x47\xbe\x0a\xb4\x0f\x35\xa6\x3c\xaa\x9e" "\x1d\xc4\x12\xb4\x9a\xe7\x5b\xaf\x12\x8f\xb2\x5d\x61\xc8\xf1\x05\xbc" "\x15\x6c\x62\x9c\xac\x09", 40); *(uint64_t*)0x200024e8 = 0x28; *(uint64_t*)0x200024f0 = 0x20001240; memcpy((void*)0x20001240, "\x98\x65\x3c\x78\xa0\x3d\x63\xed\xb5\xd6\x64\x07\x9a\x6e\xa6\x1a\xf3" "\xe9\xec\x00\x17\x8c\xcf\x16\x4d\x61\x5c\x1c\x9a\x5a\xcb\x0e\x43\xba" "\xf3\x3f\x6a\xea\xb8\x6f\x40\xf2\xe9\xe3\xe1\x15\x71\x4e\xc7\xa8\x79" "\x07\x7d\x61\x23\x23\x26\xda\x64\x7d\x0d\x02\x58\x4a\xd1\xbd\x98\x66" "\x46\x2e\x20\x69\x43\x4b\x55\x58\xec\x52\x55\x5c\x64\xa5\x44\xa6\x70" "\x18\x1a\x7c\xad\x0e\x99\xc7\xb3\x17\x08\x7a\x3a\xa7\x8f\x43\x9e\x04" "\xc2\x09\xa2\xd2\xdf\xf9\x87\x59\xe5\x5c", 112); *(uint64_t*)0x200024f8 = 0x70; *(uint64_t*)0x20002500 = 0x200012c0; memcpy((void*)0x200012c0, "\x48\xd0\x4f\xf1\x35\x5c\x08\xd3\x98\x15\xd4\x7c\x65\x4b\x6d", 15); *(uint64_t*)0x20002508 = 0xf; *(uint64_t*)0x20002510 = 0x20001300; memcpy( (void*)0x20001300, "\xcd\x1e\x63\x59\xf0\xd0\xd0\xd4\x95\x50\xe1\xc0\xa7\x29\xa6\x8f\x4c\x0e" "\xd3\x0d\x30\xb7\xbf\x2d\xc9\xdb\x17\xf9\x0a\x6c\xce\xa2\xc0\x98\xfc\x19" "\xc0\x7f\x24\x62\x73\xa4\x28\x0f\x5e\x35\x94\x21\x65\x1b\xb6\xe5\x74\x63" "\x03\xfa\xbd\x7d\xfd\xa4\x3f\xac\x58\x5b\x24\xc0\xa3\x0e\x67\xae\xd8\x98" "\x27\x7f\xba\x3b\x82\x15\x99\x40\x71\xd4\x8d\x9a\xb4\x0a\xc3\x42\x2e\x3f" "\x0b\x93\x5d\xaa\xb8\xdc\xb9\xec\x0b\xa6\x6c\xeb\x03\x1a\x1b\x57\x07\x1d" "\x8f\x08\x6c\x49\x09\xb0\xbd\x8d\x77\xca\xd0\xa2\xac\x98\x56\x15\xd4\x46" "\x46\x36\x7f\xbd\x16\x9a\xdd\xf1\x0e\x9f\x1f\x47\xbf\xa1\x0d\x41\xf9\x97" "\xc4\x5c\xad\x8e\x55\xd2\xa6\x0d\x63\x29\x23\x22\xa5\xb4\xa9\x94\x3f\xa8" "\xee\x40\xa3\xac\x85\x9d\x96\xf3\x0c\x23\x99\xe4\xf4\x4e\xcb\x22\x40\x5e" "\xc9\x5a\xac\xb0\x26\xb7\xdb\x26\x5e\x38\x00\x29\x5b\x8d\x26\xe1\x81\x0c" "\x10\xc5\x5c\xd1\xd4\x90\x51\x16\xb6\xaa\x24\xfe\xa1\xbc\x8a\x01\xd6\x26" "\x07\xf2\x69\xea\x2d\x6f\xd3\x49\x9b\x64\xc6\x78\x41\xc9\xe2\xf8\x9f\xbd" "\x87\x77\xc7\x5a\x5a\xc0\x0a\x10\xb3\xe8\x3f\x5f\x1b\x4f\xf1\x77\xd6\xb6" "\x08\x6d\x13\x58\x82\x67\xe1\xb9\xf4\x44\x4a\xab\xdc\x95\x37\xcc\x54\xf4" "\xb2\x36\x42\x5c\x6b\xf3\x02\xa5\x04\x66\x11\xd4\xf7\x91\x2c\x37\xa6\x1a" "\x90\xcc\x79\x1c\xe8\xc1\x19\x64\xd7\x1a\xdf\x9a\xba\xd5\x81\x18\x9f\x47" "\x83\xdb\xbd\xd5\xfd\x3a\x11\x09\x1c\x48\x8d\x87\xc8\x5e\x06\x9c\x6a\xbb" "\x3f\xa3\x2d\x4c\x61\xe4\x9e\xfc\xa2\x10\xe6\xbe\xdf\xde\xd1\xef\x54\x97" "\xc2\x81\xbb\xba\xd2\xd5\x77\x9d\x55\x6b\xea\x68\xc8\x24\x8f\x78\xec\x36" "\xc5\xca\xf1\x1d\x04\x5d\xe8\x43\x47\xca\x8b\x66\xc9\xee\xe6\x1e\x87\x3c" "\x15\xe8\x36\x3e\x61\x8a\x08\xc8\x7d\x18\x9d\x3d\xfc\x8d\x0a\x1e\xa5\xfd" "\x48\x59\xef\x2f\x13\x6b\xc7\xf3\x33\xc8\xaf\x3e\xa7\x24\x75\xed\x5b\xae" "\xc0\x7e\x4d\x52\xd2\xf2\xbf\xe5\x76\x29\x90\x01\xc8\xb6\x8e\xee\xdc\xe2" "\x34\xe2\x75\xed\x6d\xc4\xf3\x44\xa7\x4b\x02\x41\xc9\xd5\x8f\x93\x6c\x90" "\x35\xf5\xf9\xb1\xb6\x5b\xc3\xb6\x6a\x38\x87\x26\x29\x05\xe6\x71\xf9\x89" "\x7e\x2e\x16\xe8\x38\xcd\x6a\x39\xcc\xca\xb6\xf3\x0e\x11\xb3\x78\x21\x92" "\x9b\x45\xcc\x21\xe6\x52\xd6\x2d\x86\x5f\x19\xb2\xb2\x27\xd4\x5e\x64\x3d" "\xc3\xad\x01\x41\x6b\x06\xc5\x44\x78\x7a\x50\xa5\xd2\x23\x40\x30\xc0\x40" "\x3e\x7f\x30\x10\xea\x74\x7b\xa5\x8e\xbb\x1e\x72\x51\x4d\x04\x27\x67\xf4" "\x65\xbb\x3b\xe0\x57\xac\x9f\xb7\x49\x5a\x91\x56\xbb\x6e\x39\x9c\xd6\xd3" "\xa7\xbe\x34\x0c\x7a\x87\xb5\xb0\x75\x30\x6c\x51\x55\x86\x29\xfe\x74\x86" "\xda\xa8\xe9\x56\xba\xb7\x5d\x56\x20\x6e\xd5\xdc\x58\xd5\x58\x18\x50\x3b" "\xf8\x73\x8e\xd7\xb9\x02\xc9\xc6\x30\x0c\x00\x2e\x72\xb4\xdc\x42\x37\xc2" "\xbf\x25\x6c\x58\xd1\x9d\x7b\x7a\xff\x1e\x2c\xa1\x7a\xbe\x75\xf9\xdc\x4e" "\xa6\xb6\x11\xdd\xc4\xfb\x89\xd2\x00\xa8\xdb\x43\xe4\x4c\xe5\xed\x50\x59" "\xc3\xb0\x4c\x73\x1d\xca\x60\xc6\xa6\xbe\xae\xf1\x7b\xa1\x37\xb9\x0a\x07" "\xc2\xe5\xa9\xa0\xb4\x13\xef\xb6\x79\x2f\xa1\x0b\x61\xd6\xbe\x62\x60\xf8" "\x02\xf5\xef\x32\x52\xdb\xec\x86\xfd\x83\x28\xa4\x68\x9c\x95\x26\x61\x47" "\xca\x96\xcf\x3f\x89\xe1\xd8\x71\xdf\x0f\x9b\xae\x68\x91\x4a\x35\x1f\x98" "\x43\x29\x1d\xac\xc0\xca\x53\x62\xf4\x19\xcc\x3e\x7f\xce\x5d\xa9\xc3\xfc" "\x0b\xd7\x7a\x8c\xcd\x36\x30\xf8\x6e\x77\x7b\xc6\x61\x7b\x4f\xbb\xa0\x09" "\x4a\xc8\x9f\xfe\x6e\xf0\x44\x8b\x06\x80\xc2\xc5\x08\x07\xf2\x56\xd4\x59" "\xfb\xfb\x30\xd0\xd0\x9a\x25\x5f\x55\x91\x67\xb9\xd8\x1a\x00\x7e\xd4\x67" "\xe7\x9c\x66\x9c\xb7\x30\x3a\x46\x01\xa2\x87\x0f\xc8\x2e\x38\xae\x1e\xd9" "\xb7\xb8\x0b\x1b\x66\x5f\xdf\xf8\x69\x2a\xb8\x1f\x81\x99\x49\x24\x58\x66" "\x0b\xa9\x1c\x42\x23\xfa\x84\xbb\x51\x98\xa8\x14\xee\xf3\xc9\x1c\xe1\x83" "\xbe\x7f\x96\x8e\x91\x28\xb5\xd5\x06\x4e\xcd\xf6\x24\xde\x4a\x6b\x2e\xda" "\x80\x32\xf5\xec\xb7\xd9\x83\x95\x98\x00\x93\x85\x00\xb2\x64\xb5\x10\x48" "\x36\x3a\x67\xc3\x8b\x7d\x2d\xc8\x2f\xa8\xb1\xa5\x38\xbd\x6d\xf3\xda\x5e" "\xbb\xf5\xb3\x7d\xd0\xf0\x77\x7f\xd1\x0b\xeb\x9f\xf0\x5f\x1f\xa2\x22\xe2" "\x28\x61\x62\xe0\xf9\xd9\xfb\xe6\x29\x66\x62\x11\x7a\xed\x95\xa9\xee\x99" "\x9e\xa9\x04\x65\xf6\x90\x5f\x94\xf2\xc0\xa5\xce\xc6\x64\x8c\x1c\x91\x90" "\x38\xd8\x96\x57\x61\xda\x9a\x1b\x00\x7c\xff\xe9\xb9\xed\x6f\x5a\xb9\x99" "\x83\x49\x8a\x11\x61\x5a\xa5\x52\xcf\xbf\x8f\x67\x4c\xb0\x97\x9e\xd0\xac" "\xc0\x28\x60\xc1\x41\xbb\xea\xbc\x57\x5d\x81\x99\x17\x14\x98\x6e\xfd\x70" "\x14\x8a\xf0\x3e\x9f\x2a\xcb\x75\x5a\xa6\xe5\xc9\x26\x3b\x45\xaf\xcd\x21" "\xae\x60\xef\xc1\xf1\x30\x00\x37\xa7\xd2\x79\xe3\x63\xf6\xa8\x7d\xf4\x60" "\x1b\xc7\x9d\xa2\x46\x33\x12\x9a\x70\xb5\xf3\xc1\x21\x9d\xaf\xd1\xcb\xb7" "\xda\x97\x1d\x52\xd5\xed\xc3\xe1\x36\x21\xb7\xfb\x2b\x05\x3d\xde\x17\x70" "\x7b\x89\x12\x84\x83\xc1\x0e\x74\x71\x92\x70\x8a\xbc\x53\x65\x4d\xbb\x2f" "\x77\x2f\x94\x92\x09\x36\xf5\xd5\x22\x59\x1a\xb6\xd5\x6b\xc1\xef\x34\x34" "\x23\xa6\xc8\x37\xf9\xe7\x34\x63\x4c\xf6\x06\xc7\x8e\x0b\x76\x55\xef\x35" "\xe0\xaa\x80\x0e\xed\x14\x5f\x09\x26\x88\xbd\xff\xf5\xf8\x40\x3c\x93\xbb" "\x61\xb0\x00\x7f\x95\xf9\x1a\x46\xeb\x66\x64\x05\x7b\x58\x64\x6c\xca\xe8" "\x7b\x90\x0e\x30\x26\x1f\xcf\x25\x76\xa0\x7d\x45\x91\xc5\x47\xd9\xb6\xd9" "\x59\x7f\x39\x48\xcf\x38\xbd\x52\xaf\x53\xff\x79\xa2\x5b\x84\x09\xc5\x4f" "\xac\xb7\x5f\xce\xb5\x04\x93\x68\x45\x3c\xd6\x29\x82\x65\xf4\x33\xbd\x5e" "\xba\x0c\x0a\x37\xf7\xc3\xf9\xdb\x98\x10\x14\xdc\xca\xa5\xa0\xcb\xcb\x33" "\x56\x43\x6c\x83\xf2\x66\x55\x45\xa7\x8b\x40\x1f\x19\x53\x18\x98\x24\xb5" "\x68\x30\x72\x66\xe6\x0e\xb3\xbd\x5d\x22\x76\x62\x65\x43\x7f\xc1\xb5\x4d" "\x82\xec\x26\x8e\xb9\x91\x49\x01\x00\x8a\xd7\xbb\x9e\xe8\xbf\x16\x6d\x98" "\x8a\xba\xa8\xab\xe4\x17\x65\x5a\xcc\x95\x5d\x08\x1a\x43\x7a\x32\x36\x32" "\x5e\xcd\xd1\xfa\xd7\x39\x51\xaf\xc5\x5c\xcf\x8f\x4d\x36\xea\x3f\x49\x6f" "\x9c\x1e\x19\xce\xb1\xe9\x90\x54\xbc\x20\x8b\xf9\x1d\xc3\xd3\xa6\x92\x0a" "\x14\x47\x69\xe9\x01\x8d\x4a\xe4\x3d\x5e\x30\x12\x9c\xbb\x53\x5c\x52\xd4" "\x3e\x00\xbb\x7d\xaf\x56\x58\x11\x3d\xe8\x2c\xf7\xb2\x15\xb1\x06\x3c\x92" "\x89\x5a\x93\x78\x38\x30\xf1\xd1\x01\x35\xe2\x20\x5d\xed\x63\xf4\xa8\x2e" "\x86\x29\x7c\xe2\x4d\x07\x1e\xb6\x42\x97\xb7\x45\x61\x74\xb8\x00\x14\xa6" "\x9c\x72\xb4\xca\xda\xb8\x9f\x16\x93\x64\x6b\x44\xcd\x70\xae\x98\x9b\x87" "\x67\x4f\xa3\xcc\x28\xb6\x45\x15\x12\x98\x42\x58\x24\x3c\xc4\x28\x54\xd8" "\x02\x6b\xaf\x60\xce\x06\x3f\xf4\x16\x07\xbd\xde\x2d\x80\xab\x97\x48\x3c" "\xe2\x48\xe5\x44\xb8\xf3\x54\xb6\xb7\xf8\x1d\x55\x85\x0d\x63\xea\x29\x7f" "\xb0\xea\x26\xe9\xb5\xbc\xdd\x2f\x80\x66\xce\x73\x6e\xcf\xd1\x7d\x23\x70" "\xbb\x42\xb3\x27\x4e\x57\x22\xe3\xc6\x74\xe8\xc9\x6e\x69\x81\x7c\x33\x11" "\x71\x1f\x9c\x91\x96\xd5\x77\x61\xfc\x48\x67\x4c\xbb\x14\x0b\x6a\xa8\x75" "\x52\x14\xe1\x74\xad\xcc\x5c\x80\xf6\xd6\x1e\x92\x1a\x0f\x94\x35\x40\x20" "\xf0\x08\xb3\x8a\x36\xa8\x95\x9e\x04\xd5\xb4\x86\x2f\xe1\x52\xa5\x55\xdb" "\x8d\xdc\x84\x2e\x8c\x61\x61\x23\xea\xe9\x4d\x95\x09\x8f\xb8\xad\xf8\x2c" "\xfb\x34\x2c\xf3\x7c\x9b\x68\xc8\xfe\x28\xc2\xb9\x91\x9f\x84\x0d\x01\x73" "\xd0\x5e\x80\x6f\xed\x4f\xb3\x28\xc9\x90\x93\x0a\x80\xdf\x72\x8b\x7c\x44" "\x8c\x52\x0c\xe5\xd3\x35\x61\x12\x4d\x01\x8e\x32\x48\x47\xbf\x50\xb8\xf8" "\x3a\x4e\x2c\xf9\x0f\x86\x39\x59\xcd\xa0\xa3\xcd\xec\xbd\xb7\x7b\x40\x38" "\xe2\x6c\x0f\xbd\x4a\x33\xdd\x79\x0d\x5b\x94\x59\x08\x33\xcf\x74\xf8\x3b" "\xc2\x23\x1b\x0d\x05\x25\x55\x97\x0b\x05\x64\x4e\x94\xe2\x73\x61\x02\xb7" "\xce\x90\x5d\x8a\xa8\xbd\x82\xfd\x22\x07\x04\x47\xcc\x65\xfe\xed\x74\xbd" "\x10\x89\x3c\x4f\x62\xb5\x27\x5c\x12\xb5\x4a\x05\x3c\x9d\x88\xad\x8e\x99" "\xab\xa7\x45\x08\xd1\xa2\x44\xad\xec\x94\xf2\x4a\xb3\x7f\x05\x85\x8d\xf8" "\xe3\x44\xc6\x9c\x51\x8b\xef\x30\x14\x42\x9c\x4a\x4e\x4a\x03\x7c\x00\xf8" "\x9d\xf2\x96\x32\xe3\x30\x6d\xe0\x1d\x6a\xbd\x7c\x4e\x41\x49\xa7\xb2\x51" "\xb4\xf0\x63\x20\x72\x9b\x0b\x39\x31\xfc\x6a\xc1\x98\x13\x03\x1b\xe3\xc0" "\x6e\x3c\xde\x97\x51\xb8\x9d\x30\x32\x51\xb4\xb4\x35\xd8\x9f\x25\x47\x8b" "\xf8\x39\xfb\x89\x18\xc8\x66\x01\x4e\x36\x69\xd0\x09\x0b\xc9\x9c\x64\x45" "\x0b\xab\x21\x34\x67\xc5\x4e\xa6\xb4\x79\xbb\x0f\x9e\xb6\xc6\x7b\xf6\x9e" "\xbc\xab\xea\x59\x56\xa2\x55\xe2\xde\xe7\x8a\xb4\x76\x44\xa6\xb8\x2e\x3e" "\x9f\x4b\x74\xd1\xe8\x57\x2b\x8c\x37\x72\x3f\x37\x28\x1d\xc5\x29\x8b\x57" "\xa2\xe2\x9f\x59\xe8\x6a\xed\xed\x79\xdb\x44\x84\x33\xed\x00\x19\x42\x96" "\x8a\x0a\xa7\xff\xab\xfc\x89\x5d\xbd\x24\x99\x17\x10\x3f\xec\x06\x8b\x68" "\x64\xd0\x8d\x9e\x8c\x9a\xb7\x68\xf7\xb1\x1f\xa0\x66\xa9\xa1\x71\x1c\xd0" "\x01\x43\x20\x00\x81\x4b\x1f\xa1\xe0\xa8\xf4\x5e\xd9\xa2\x4f\x50\x5f\x22" "\xb7\x5a\xc9\x0c\x78\x89\x81\x5b\xd3\x34\x04\x5e\x99\x8e\xa2\x60\xdd\x36" "\x1e\x65\x8f\x12\xbe\x1f\x6f\xbf\xa3\x8b\x51\xba\xe3\xd0\x2f\xb8\x80\xd6" "\xb5\xad\x4f\xee\x3e\xfd\x4e\x32\x16\xfc\xae\x00\x3b\x8e\xbd\x68\x4a\xe0" "\x3d\x2d\x0f\x76\xa9\x31\xe0\x1e\xfc\x9e\xc9\xaf\xc9\x03\x9a\xf2\x16\x2c" "\x32\x45\x0d\xaf\x8a\xd9\x8a\x08\x6d\x31\x08\x72\x43\xbf\xe8\xfd\xa2\x17" "\xad\xf2\x46\xcb\xf7\x21\xfe\x9f\x1b\xb6\xd0\x79\x38\x4c\x0a\x7d\x58\xbc" "\x0e\x37\x76\x25\x34\xfc\xed\xd6\xc5\x01\x1a\x5c\xd0\x65\x9e\x5b\xc1\x54" "\xe1\x25\xbb\x78\xa0\xca\xfd\x86\x98\x38\x7f\x71\xa6\x24\x12\xbc\x32\x18" "\xf4\x87\x28\xd2\x20\x09\xfe\xd5\x2f\xd0\x22\xe7\x8b\x2d\x2e\x3a\x48\x5d" "\x51\x6e\x00\xb8\xf4\x51\xa5\x11\xb7\x60\x4c\x87\x5d\xdc\xc9\x57\xb9\x53" "\x85\x8b\xbf\x96\x22\x92\x64\x03\x67\xbf\xc1\x78\x93\x30\x3f\xdb\xa8\xfb" "\xd1\x21\xf5\xa7\xb8\x54\xe0\x18\x4b\x40\x92\xcf\xb7\xd2\x60\xb8\x1b\x8d" "\x7a\xa3\xb9\x75\xf3\xf5\x95\xb4\x8c\x41\x0b\xb6\x51\x95\x4b\x3c\x33\x69" "\xa1\xf3\x31\x63\xf9\x4f\x58\x1e\x3a\x3b\x76\xf9\x24\xf0\xfe\xe7\x18\x8e" "\xc0\xd0\xf9\xcb\xd3\xb4\x0a\x02\x2b\x92\x2d\x5d\xed\x81\xb0\xe6\x87\x22" "\x85\xc0\x35\x05\x5b\x57\x3f\xc0\xd1\x40\xab\x8b\x2c\x3e\xac\xc6\x88\xb2" "\xe7\x16\x90\xec\x06\x33\xdf\xab\xdc\x27\x3a\xe3\xc4\x34\x26\xf3\x8d\x79" "\xec\x5e\x4f\xc2\x08\xe4\x48\x46\x30\x1d\xa7\x0f\x38\x71\x23\x57\x9b\xc2" "\x8d\xa0\x78\x49\x32\x73\xc5\x3d\x13\x54\x7f\xfe\x55\x98\x40\x27\x8d\x42" "\xb0\x99\x2a\x54\x4c\x12\xf7\x56\x3e\x89\xf6\xe2\xef\x19\xfb\x7f\x0e\x4a" "\xb3\xca\x74\xc0\xa7\x90\xd1\x34\xbf\x87\x4d\xaa\x50\x7c\x21\x7e\x55\xdb" "\x1f\x9c\x69\xfa\xcc\x68\x70\xe8\x7b\xf2\x5b\x53\xfa\xfe\xa0\x96\x01\xf0" "\xe7\xb1\x85\xf6\x67\x57\xc3\xef\x14\x00\x03\x98\x30\x1c\x63\x3d\x57\xf6" "\xed\x9f\xf8\x11\xf2\xe6\x4e\x6e\x4b\x47\x7c\xe1\x22\xd7\xd7\xef\x4e\xa1" "\xd6\x53\x96\x83\x6a\x6a\x7a\x8c\x65\xa9\x2d\x9a\x20\xbb\xc4\x3b\x73\x1a" "\x0f\x56\x83\xb7\xdc\x73\x4a\x57\x6a\x03\x29\xaf\x4b\xb9\xb1\x8f\xb9\x57" "\xa4\x0e\xfd\x1f\x57\x5e\x77\xc1\x5f\xa9\xb4\xb0\x86\x9e\x7a\xd9\x06\xc8" "\x7d\x6a\x33\x2e\x1d\x75\x84\x92\xab\x5c\x30\x82\xe0\xc7\x61\x3b\xef\xa2" "\xdf\x88\x4b\x80\xdb\xbb\x17\x6f\x94\xfe\xd6\x69\x7a\x16\x45\x98\xc1\xe7" "\x3e\x44\x1b\xf8\x43\x38\x02\xfc\xd2\xd0\x2b\xb6\xe9\xcf\x3f\x8c\xda\x99" "\x50\x75\x0f\xfe\x9c\x7a\x89\x8e\x44\x40\xda\x13\xd6\x36\x95\xd3\x3e\x57" "\xc3\x12\x0f\xa5\x3b\x2a\x03\x16\x73\xcb\xb1\x67\x8f\x9f\xb4\x51\xd3\xb3" "\x8e\x44\xe2\xe4\x0f\x6f\x62\x6f\x8d\xe9\xb8\x4d\xee\xa9\x53\x58\x71\xa5" "\xa3\xbb\x64\x6e\x48\x6c\xa7\x0c\x15\x14\x8d\x73\x76\x37\x59\x1e\xa5\xb9" "\xb1\x0f\x9d\x83\xcd\x2e\xb3\xe6\xa1\x99\xb6\x1b\xc0\x14\x48\x7e\x2b\xba" "\x9f\x7e\x0a\x56\x55\xc5\x7b\x8b\x61\x00\xed\x3f\x5d\x02\x57\x9f\x6b\x5f" "\x7c\xa4\x0e\x36\x98\x18\xfa\x07\xf7\x2d\x50\xc6\xd3\x98\x80\x09\x75\x49" "\xc8\xe2\x0e\xe3\x4f\x4f\xa6\x31\x5b\x5d\xe2\x2b\x2d\x35\xdd\x3e\xcc\xee" "\x16\xe1\xfe\x5b\xd1\x01\x84\x35\xa5\x37\x6c\xee\x5e\x2a\xd3\x68\xa2\xcf" "\x10\x4d\x41\xf2\x0a\x67\xfc\xa2\xb7\x84\x0a\xbd\x65\x3b\xd1\x97\xe0\xf9" "\x37\x60\xf0\xd5\x58\x9e\x13\xac\xd8\xe9\xb3\x2c\x58\x0b\xd4\x06\x31\x52" "\x5a\xb6\xde\x3c\x46\x7c\x90\xfe\x83\x8a\x7e\x92\xc2\xa8\x38\xaf\x70\x9b" "\xe3\x04\x9d\xac\x3b\x55\x16\xa9\xa3\xb3\xcd\xf4\xb9\x81\xf0\xe0\x80\x55" "\x8d\x94\xb4\x96\xe9\x98\x07\x38\x97\xe0\xc7\x4d\x51\x5b\xf4\x3a\xac\x68" "\x2a\x25\xea\xa6\x03\xdc\x71\xd6\x68\x41\xd7\x7a\xcb\xfc\xd7\xde\x77\xf7" "\xe0\xba\xb1\x9b\xb6\xa2\xcd\x53\x4c\xe9\x47\x60\xcd\x54\xb7\x90\xab\x88" "\xc8\xd4\x0b\x4f\x54\x1a\x5b\x8c\xc0\x4f\x53\xa6\x34\x53\x5b\xc1\x02\xae" "\xa1\x2b\xd1\xc9\x80\x58\xdd\x33\x60\x61\x56\xa6\x78\x79\x1e\xe8\x74\x27" "\x0d\x7c\xa7\xce\x4e\x92\xcb\x36\xed\x58\xf2\x9c\x37\x12\x34\xac\x3c\xb4" "\x76\xe4\x79\x82\x4f\x49\x0f\xfa\x6d\x5f\xac\x2a\x4b\x9e\x32\x51\x00\x4e" "\xb2\x0b\x65\x7b\xa5\x44\x3a\x19\xfa\xa2\x7f\xee\x7a\xda\x9d\xad\xc5\x60" "\x84\xb3\xa6\xac\xc1\xb5\x46\xd1\x89\x1e\x5f\x93\xf0\xde\x66\x4b\xe2\xb3" "\x7c\x3a\x87\xdb\x36\x8e\xe2\xa5\xe8\xe7\x58\xe9\xa0\x92\xc5\x57\x8a\x2a" "\x51\xc3\x44\x54\x6a\xf4\x3d\xc0\x1b\x80\xb5\xb4\x81\x1f\xb8\xd2\xeb\x7b" "\xf8\x74\x04\xd0\xd4\x8e\x9c\x5a\xe4\x1d\x21\x0d\x60\x29\x59\xcf\x36\x9e" "\x00\x50\xe1\xb3\x53\x4c\x29\x53\x9c\xb4\x43\xda\xd9\x9b\xdd\xde\x01\x3c" "\x5d\xf5\x41\x6e\xb7\xe1\xd4\x77\x99\xf4\x3b\xda\x80\x6c\x32\xbb\xba\x2a" "\x95\xbf\x09\x2e\x4c\x1a\x8e\x5d\x2d\xed\x98\xf1\x54\xa3\x47\x50\x04\x5b" "\x4b\xfa\xe2\xf2\x3d\xe1\x31\x0a\x53\xcc\x74\x0b\xfb\xd7\xa4\xd5\x12\xd0" "\xad\xf7\xbf\x95\x29\x13\x55\x4e\x95\x23\x66\x22\x99\x7b\x88\xc9\x1c\x2f" "\x3d\xee\xb9\x40\x64\x66\x4c\x3c\x40\x48\x2c\x53\xb1\xc4\xcb\x01\x83\xd4" "\x06\x30\x1b\x74\x30\x3b\xd2\x34\xe1\xbc\xc8\xaf\xf2\x32\x2f\x80\xd3\x37" "\x7c\x1a\x1e\x35\x29\xa8\x32\xfb\x6e\x22\xcb\x21\x48\x95\xea\x93\x71\x61" "\x21\x76\x23\xdf\x4c\xd2\x85\x37\x62\x0a\xc3\xc7\xf2\x43\x11\x46\x11\xd0" "\x26\xc6\x43\xba\x25\x53\x96\x26\x80\xa4\xce\xac\xb7\x6f\x3c\x5a\x43\x6e" "\x7b\x04\x64\x25\xd7\x17\xe3\x35\xe4\xef\x6a\xcd\x56\x0e\x33\x5d\xbf\xac" "\x1d\x27\xd0\x11\x9d\x5e\xfa\xb0\x5f\x9a\x2a\xfb\xc3\x02\x4e\x55\x4c\xae" "\xb8\x89\xbf\x92\x4f\x14\x4e\xad\xc5\x3b\xc4\x8d\xa0\x0a\xf8\x3d\x16\x93" "\x85\x3e\x10\xf2\x5d\xfb\x70\x2b\x09\x85\x3f\x46\x3a\x54\x32\x8c\x76\x0d" "\x98\x66\x07\x5a\x75\xf2\x0f\x32\x91\xf4\xfa\x4f\x7d\x9d\xb1\x6f\x60\xf2" "\xe7\x31\xa6\xf7\x7e\x32\x79\x27\xe5\xa9\x5d\x11\xfd\x0c\xbd\xe8\x7f\x2c" "\x2d\xa8\x6e\xb9\x52\x23\x9a\xe5\x17\xb2\xb6\x66\xe2\x52\xbb\x7f\xc8\x03" "\xbd\x3f\x5f\x3b\xf6\x76\x1d\xab\x45\x62\xc5\xcf\xbd\xa9\x3e\x96\x96\x52" "\xb7\x01\xfe\x03\x7f\xec\xb0\xa3\x1c\x02\xa2\x34\xc5\xac\x6c\xeb\xac\xfd" "\x73\x26\x7d\x86\xe1\x73\xc2\x82\x1f\x2a\x54\xc7\x75\xc0\xd9\x77\xb8\xcf" "\x46\xac\x2d\xc0\x79\x38\xd2\x27\x0f\x84\xeb\xb1\xe3", 3343); *(uint64_t*)0x20002518 = 0xd0f; *(uint64_t*)0x20002520 = 0; *(uint64_t*)0x20002528 = 0; *(uint64_t*)0x20002530 = 0x20002400; memset((void*)0x20002400, 129, 1); *(uint64_t*)0x20002538 = 1; *(uint64_t*)0x20002718 = 8; *(uint64_t*)0x20002720 = 0x200026c0; *(uint64_t*)0x200026c0 = 0; *(uint32_t*)0x200026c8 = 0xffff; *(uint32_t*)0x200026cc = 2; *(uint32_t*)0x200026d0 = 0; *(uint32_t*)0x200026d4 = 0; *(uint32_t*)0x200026d8 = 0; *(uint64_t*)0x20002728 = 0x20; *(uint32_t*)0x20002730 = 0; syscall(SYS_sendmsg, /*fd=*/r[1], /*msg=*/0x20002700ul, /*f=*/0ul); syscall(SYS_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0ul, /*flags=*/0x20ul, /*mode=*/0ul); } int main(void) { syscall(SYS_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/3ul, /*flags=*/0x1012ul, /*fd=*/-1, /*pad=*/0ul, /*offset=*/0ul); for (procid = 0; procid < 6; procid++) { if (fork() == 0) { loop(); } } sleep(1000000); return 0; }