// https://syzkaller.appspot.com/bug?id=edc4bdcf9437492a8287e70f7c3c4231511fe690 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mknod #define SYS_mknod 450 #endif #ifndef SYS_mmap #define SYS_mmap 197 #endif #ifndef SYS_open #define SYS_open 5 #endif #ifndef SYS_writev #define SYS_writev 121 #endif static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; memcpy((void*)0x20001200, "./file0\000", 8); syscall(SYS_mknod, /*file=*/0x20001200ul, /*mode=S_IFCHR*/ 0x2000ul, /*dev=*/0x400ul); memcpy((void*)0x20000000, "./file0\000", 8); res = syscall(SYS_open, /*file=*/0x20000000ul, /*flags=O_RDWR*/ 2ul, /*mode=*/0ul); if (res != -1) r[0] = res; *(uint64_t*)0x20000900 = 0x20002240; memcpy( (void*)0x20002240, "\x4e\x4d\xb8\x75\x7b\x49\xe3\xc8\x99\xd6\xa1\x47\x5d\xff\x25\x23\x95\x0c" "\x09\xa5\x7d\x6a\x52\x0d\xc3\x8c\x8e\xa2\xae\x00\x96\x51\xf4\xe9\xc7\x66" "\x31\xab\x35\xeb\x6e\xcd\xd5\x3b\xe5\xc8\xf8\xcb\x09\x45\x92\xfa\xbe\xa2" "\x6d\xfd\x99\x73\x47\x69\x01\x29\x31\xc4\x6e\xd6\x92\x18\x11\x89\x9d\x8b" "\xe9\x25\x04\x1c\x56\x48\xaf\xf0\x0d\xea\xc5\x5b\x44\x74\x98\xb8\x72\x18" "\xbc\x7e\xe2\xf1\xb1\x08\x2b\xbe\xec\x31\xd0\x2c\x19\xba\xfd\x89\x99\x80" "\xc7\x7b\x03\x26\xe4\x73\xc5\x40\x80\x34\x5f\x48\xcb\x5e\x49\x34\xe9\x74" "\xc5\x2d\x79\x0b\x76\xbe\xb1\xb1\x71\x68\xf4\x45\x23\x01\xd2\x52\x3f\x9e" "\xb2\xee\xf9\x21\x02\x4a\xc8\xd4\x04\xc0\xe9\x5e\x18\xfb\xaa\x1d\xfd\x75" "\xb3\x3f\xf2\xb4\x1c\x1e\x50\xeb\xd5\x2b\xd3\x34\xe9\x5b\x70\x8c\x73\x08" "\x26\xd3\xd2\xcf\xc5\xee\xb4\x32\x09\xcd\x72\xd7\x68\x6f\xee\x04\x99\xe2" "\x97\x06\x20\x21\x51\xb6\x07\x76\x5a\xf5\x7e\xc0\xbb\x8c\x97\xc9\x97\xf5" "\x9c\x4f\x03\x2d\xae\xfb\x63\x51\xd4\xf8\xde\x2f\x08\x20\x5f\x55\xf2\x9b" "\xf2\x75\x43\x1e\xe6\xfc\x1f\x76\x11\xaf\x0a\x64\x5f\x24\x88\x3c\xa1\xec" "\xb7\xe1\xe2\xc1\x33\xf6\x2d\x4d\xc9\x7f\xf2\xae\xe8\x39\x88\xf9\xb2\x0c" "\x9c\x3b\xa3\x80\x01\x9e\x09\xbd\x2d\x6e\x8a\xc1\x89\x27\xe1\xed\x1e\xef" "\xa1\xf5\xb0\x4e\xa0\xe9\x13\xe6\x2e\xe8\x5c\x33\x9b\xa5\xaa\xcb\x21\x9c" "\xd0\xf3\x65\x89\xa4\xdb\x07\x5d\xef\x4b\x78\xc8\xfa\x85\x59\x67\x4e\x74" "\xb3\x25\x5a\xab\x8e\x7e\xaa\x95\xa2\x6d\x21\x35\x61\x98\x7c\x58\xda\x15" "\x3d\x09\x1b\x54\xcd\x44\x83\xb3\x97\xce\xc2\x77\x0d\x99\xf5\x1d\xe9\x01" "\x00\x09\x05\x2e\xcb\x78\xcd\x1c\x85\xfb\x42\xf9\x06\x05\x56\xab\xdf\x8f" "\x07\xea\xe1\x92\xc1\x82\x01\xd8\xec\x9d\x58\x7d\xa9\x4b\xb9\x32\x32\x3c" "\x2a\x39\x02\x93\x21\xf9\x01\x77\xa4\xcd\xcb\x73\xdb\x8f\x32\xc4\x6f\x02" "\x72\xc8\xeb\xc9\x87\x0a\x57\xb7\xdd\x6a\x3b\x2a\x56\x45\x76\x94\x9c\xd8" "\x42\x2c\x16\xf8\xd0\x0d\x17\x18\x47\x64\x6d\xba\x54\xd9\x63\x49\x05\xf2" "\xd6\xe8\x73\xf8\x28\x77\x1f\xfe\x12\xa2\xad\xac\xb1\x90\x27\xba\x55\x92" "\xbe\xd2\x32\x3c\xcd\x7c\x94\x28\x6a\x3b\xb1\x3f\xa2\xc4\x75\xd8\x07\xa9" "\x34\x03\x03\x78\x71\x31\x6c\xc6\xa0\xa9\x70\xd7\xbe\x33\x2a\x96\x85\x9d" "\xd3\x8e\x18\xe7\xfd\x8d\xc1\xf6\xd1\x50\xdc\xb5\x4d\x50\xa7\xb6\x47\x65" "\x73\x39\xf6\x90\x6c\xc4\x2d\xfa\x63\x7c\xc3\x02\x7f\x3e\x17\xa8\x4b\xb5" "\x0d\x78\x79\x00\x03\xe2\x3f\x9e\x3e\xcc\xa4\x81\x82\x4f\x61\x80\xd5\xe2" "\x9e\x4d\x49\x48\x8d\x46\x29\x4c\xcb\xca\x9a\x90\x8b\x69\x79\x2a\xc0\xfb" "\x9c\xeb\x01\x00\xf5\xf4\xc7\xa3\xd0\xa3\x1a\x0f\xc9\x34\x20\xdb\xd0\xe3" "\x8f\x87\x62\xb4\xbb\xa9\xe8\x67\x3a\xc7\x82\x35\xa2\x70\x83\x1a\x0d\xf8" "\xa2\xbe\xde\xd6\xe0\xbc\x9b\x2b\x44\xa8\xd7\x2d\xdb\xcc\x1d\x8b\x03\x47" "\x2a\xac\x8e\x8f\xab\xb4\x2f\x61\xca\xc2\x06\x4d\x61\x74\xa4\x3b\xf0\xc5" "\x78\xb4\xcb\xec\xb2\xd9\x5e\xcb\xc7\x93\xd2\xaa\x40\xc6\x7b\x42\xbf\x00" "\x9c\x34\x66\x5c\xfe\x70\x69\xb4\x12\x12\x01\x41\x59\xb4\x98\xe0\xab\x89" "\x0c\x1e\xf2\x7f\xb2\xb0\x25\xcb\x7f\xf0\x70\x4f\x83\xf8\xa9\x39\x37\x28" "\x9c\xc7\x97\x2e\x5e\xe7\x25\xea\xc7\x15\xa1\xe0\xe4\x35\x35\x57\x00\x48" "\xbd\xcb\x32\x56\x1c\xd2\x41\xf4\xd6\x68\x32\xfc\x16\x72\xda\x2a\x9c\x9e" "\x78\x07\x44\x2f\x3b\x26\x81\xf1\x7d\x67\x7b\xa9\xda\x63\x2e\x9c\xe6\x77" "\x22\xd0\x7e\x38\xc3\xed\xd6\x8a\x2c\x17\xe3\x9e\x1f\x24\x16\xb1\xe7\x46" "\xb4\xd6\x88\xa8\xba\xeb\x1b\xe7\xe9\x31\x83\x44\x59\x03\x89\x20\x20\x6c" "\xa4\xfb\x98\x7c\x06\x69\x68\xd5\x34\x1b\xfe\xfd\x5f\x5a\x08\xa0\x60\x68" "\x5e\x52\x2c\x67\x6d\xf7\xc0\xbe\x6e\xd7\x67\xd5\xc1\x40\xd1\x85\x7c\x0f" "\x7b\x39\x34\x73\x46\x28\x77\x96\x67\x88\xa2\xbd\x66\x8c\x06\xcf\x88\x60" "\x27\xdf\x71\xad\x9b\x0b\x64\x55\x19\x4f\xdf\x72\x8f\xd1\xf0\xab\xf6\x54" "\xd2\xfe\x31\x59\x06\x54\x62\xa4\xe3\x71\x60\xec\xd3\x1f\x71\x45\xf0\x84" "\xb9\x17\xb5\xd0\x2d\x68\x98\x6a\xe3\x7c\x18\x62\x98\x78\x22\x8b\x1a\xbd" "\x75\x16\x2e\x59\x95\xeb\xc2\x47\x59\xd9\x2d\xeb\x5e\xd6\x40\xc6\xfe\x49" "\x17\xf8\x22\x68\xff\x43\xb5\xad\x5f\xb7\x32\x16\x08\x85\xd0\x9a\x71\x09" "\xc1\x69\x96\x3e\xa1\x87\x91\x5f\x09\xe6\x0d\xed\x28\x3e\x4a\x74\x08\x66" "\x24\x2e\x3d\xa4\xed\xb4\xf6\xc0\x4a\x1a\xe8\x68\xf2\x70\x59\x89\x27\x74" "\xb1\x04\x45\x22\xc3\xda\x28\x65\xec\x7c\x95\xa7\xa4\xa9\xcb\xc5\xc7\xf7" "\xda\x01\x20\xaa\x68\x8b\xd4\xc5\x1e\xfa\x27\x09\xa5\x5d\x35\x18\x06\xfb" "\x24\x9d\x16\x1d\xd4\x0f\xa3\x16\xb6\xb4\xb6\xec\x69\xee\x72\xc5\x2d\xb5" "\xa6\x3e\x2f\xff\x3b\xba\x62\x1a\x33\x4d\x1e\xc8\xef\x25\xcb\x35\x1d\xe7" "\xbf\xff\x5e\xfb\x3a\xf6\x63\x0f\xc5\x7e\x31\xef\x24\x59\x2c\xcc\xfb\xb2" "\x97\x40\x6a\xb7\x9e\x45\x29\xb7\xfa\x8f\x8f\x89\xae\xbc\xcf\x91\x96\xd6" "\x1c\xf4\x91\xc9\x8e\xdd\xa7\x10\xbc\x36\x96\x76\x80\x9b\xd8\xc4\xb9\x43" "\xb6\xe9\xd6\x1c\xe3\xa5\x4a\x05\x5b\xa1\x2c\xec\x26\x75\x4c\x7e\x74\x03" "\x5d\x49\x56\xf8\x30\x4e\x63\xe8\x5c\x0c\x0b\x60\xb5\x52\xab\x86\x62\x5d" "\x70\x23\x4e\x35\x7b\xf4\x5c\x86\x93\x79\x4c\x2f\x26\x6e\x64\x4d\x1f\x74" "\x28\x30\x23\xf7\xe3\x5a\x51\xaf\xb8\xf9\xea\xb9\x5f\xb7\xb0\xe2\xc1\xaf" "\xd2\x44\x09\x40\xe1\xc8\xea\x21\x54\x3c\x72\x1a\xd5\xc9\xd6\x60\xd6\x36" "\xbb\xc5\xec\xe7\x9b\x3d\x77\xc9\x78\xd5\x89\x30\x9a\xc2\x9d\x6a\x3a\x8b" "\x44\x5a\x70\xfb\x31\x18\x74\x44\xf7\x14\x7a\x16\xde\xaf\xab\x06\x15\x2a" "\x31\xa4\x91\x68\xd7\x15\xd1\xc8\x81\x14\x4c\x4e\x62\x12\x15\x80\xff\x05" "\x3d\x56\xd5\x7b\xc7\x4b\x70\x24\x4e\xcc\xa0\xdd\x41\x0e\x5b\x70\x96\x7e" "\x9f\x26\xc3\xa1\x95\xf2\x55\xa9\x51\x50\x07\xde\xfb\xc3\x3d\x0b\xb9\x33" "\x89\x70\xb0\x36\xaf\x17\x5e\x2d\xc3\x3c\xf6\x61\x3d\xc2\x0b\x5b\x6d\x25" "\x76\x52\x81\x26\x2e\x9f\x4f\xbe\xb2\x0b\x53\x6a\x75\xbb\x90\x87\x54\x2a" "\x1c\x42\xd1\x86\x14\x00\xdc\x1e\x2b\x98\x67\xc5\xc6\xee\xba\x56\xb0\x48" "\x9f\x3c\xa6\x6e\xa8\x9d\xb3\xb4\xb8\x03\xe2\x96\x2e\x08\x90\xf2\xec\x0b" "\xb7\x18\xc8\x9a\x5c\x0d\x73\x69\x41\xd6\xac\xa3\xae\xb9\x46\xff\xd4\x9c" "\xb2\x8f\xcd\xe3\x01\xb9\xba\x02\xc9\x61\xb6\x43\xe8\xe1\xc2\xae\x1d\x07" "\x6a\x8f\xeb\x47\x7b\xda\x3d\x8a\x51\xec\x09\x7d\x78\xb0\x5c\x4d\xcf\xb2" "\xef\xca\x32\xa4\x3f\x4d\x32\xda\x4e\x64\x26\xf3\xe2\xab\x82\x52\xd5\xd1" "\x45\xdf\x33\x97\x07\x8a\xcd\xa4\x9b\x23\x35\x35\x09\x65\xf3\x93\x2a\xf6" "\x0a\x38\x46\x39\xcd\xab\xfd\x48\x55\xf0\xf0\xdc\x9c\x99\xfa\x46\x77\x71" "\x6b\x3b\x8c\xd4\x15\xcb\x5a\x2b\x0f\x68\x75\x6f\x29\x5b\x2e\xcb\x1b\xa4" "\xbf\x9d\x2f\x27\xcb\xd1\xe7\x05\x37\xe5\x8a\xe8\x99\x33\x2e\x94\x7f\xd8" "\x6f\xad\x94\x15\x21\xaa\xcb\x70\x8d\xf4\x54\x9b\xd1\xc1\x65\x90\x6c\xaa" "\x6c\xc2\x4c\x96\x2f\x02\x67\x25\x22\xb0\xeb\x4d\x16\xb7\xd6\x64\x77\x5b" "\xb4\x4b\x2b\xff\xdd\xf5\xb8\x9d\x78\x25\x43\xc3\x59\xc9\x48\x91\x02\xdf" "\x93\x4b\x93\x92\x56\xbd\x23\xd7\x56\xa8\xa1\xcc\xa3\x1b\x90\x7b\x67\xf9" "\x10\x64\xe5\xc0\x6d\x69\x8e\x21\x10\xa9\x47\xd9\x7f\x05\x6f\xba\xde\x53" "\x61\x7c\x8f\x09\xbe\x67\x2e\xb9\xaa\xa7\xe4\xf2\x90\x41\xc7\xe7\x98\x23" "\xe1\x84\x0e\xbe\x37\xce\x77\x4e\xfb\xe8\xcc\xbe\xff\x06\x33\x44\x25\x64" "\x01\x8f\x21\x6e\xcc\x7e\x86\xc5\xfb\xe5\x2e\x6e\x8b\x53\xe1\xdd\xb9\x81" "\xb9\x36\xb6\xe6\xdc\xec\xab\xf0\xdf\x86\x38\xe6\x48\x75\x42\x47\xdd\xfc" "\xa5\x81\x17\x30\x0e\x1c\x36\x9f\x33\x69\x57\x4d\x9e\xa0\xbd\xe3\x67\xfa" "\x93\xf9\x6a\xea\x5a\xc2\x2d\xed\x0a\x02\x6b\xe5\x3b\x43\xe8\x74\x74\x10" "\x2f\x7d\xe1\x02\x15\xca\x0d\x88\x26\xa6\x69\x54\x66\xec\x1e\xdf\x81\xd7" "\x38\x74\xfb\x66\xda\x72\x25\xf3\x21\x4a\xc7\xc9\xf4\x4e\x25\xf3\x92\x2b" "\x95\xda\x5a\xc8\x47\x98\x35\xca\x1e\x06\xb1\x71\xc5\xe5\x93\x78\x90\xaa" "\xc0\x77\x2b\x52\x17\x7c\x56\xf1\x3f\x4b\x52\x56\x59\xb2\x19\xbc\x2b\x12" "\xee\xd0\x88\x27\xa7\x7e\xce\x80\x61\x7b\x53\x4f\xa4\x26\xdf\xdb\x01\x46" "\x59\x56\xcb\xc0\xfe\xbe\xb1\x04\xcb\x3e\x85\xf8\xe7\xa6\x13\x02\x9f\x72" "\xa2\xee\x24\x2c\x21\xb5\x2f\x78\xb8\x55\x08\xb2\xb1\x88\x1d\xca\xc4\x79" "\xaa\x76\x23\x8b\x60\x0d\xa9\x35\x6c\xcf\xde\x6c\xd3\xd3\x71\x34\x83\x68" "\x90\x39\xc1\x91\x78\x31\x0f\xcf\x7c\xa3\xa2\x0f\xae\x84\x2f\x54\x80\x36" "\x06\x4e\x78\xb0\x49\x30\xe6\x00\x75\x89\x29\x41\x25\x84\x19\x53\xe3\x5d" "\xd9\xed\xcc\x33\xd5\x15\x9c\x32\x91\xb5\x5a\xb5\x1c\x55\x2e\xb0\x3d\xe3" "\x5c\x83\x92\xc5\xcc\x18\xcf\x0a\x40\x92\x21\x69\x0a\xa5\xc1\x0c\x79\x10" "\x7d\x09\x40\x6c\x42\x0a\x50\x52\xa8\x3b\x77\x33\xb0\x54\x28\x1a\xfc\x57" "\x48\xb9\x1b\xd0\x19\x7e\xf6\xd5\x0a\xf1\xf5\xe3\xb2\xf6\x8a\x45\x0f\x66" "\x81\x1b\xaf\x4b\xfc\x4d\x80\x88\xcb\xbd\xe0\xf6\x0d\x23\xfd\x03\xdd\x44" "\x81\xe7\x79\x71\x53\x8d\xa5\xc4\x83\x54\x87\xfa\x43\x1c\xe3\x34\xcf\x1f" "\x98\x3c\xda\x02\xd5\xb2\xaa\xc3\x54\xe8\xa2\x3f\x52\x31\x59\xdf\x95\xa0" "\xcd\xcf\xb5\xe7\xc7\x63\x46\xbf\x48\x92\x18\xee\xb8\xa1\x3c\xf8\x89\xd2" "\xc5\xc3\x84\x0e\xdc\x52\x45\xf9\x27\xd8\x44\x15\x1d\x97\x36\x8c\x49\x21" "\x47\xf9\xb6\x89\xf3\xbd\x5c\xb0\xe4\xc2\x14\x8c\x71\x5d\x87\xea\x60\xad" "\x87\xff\x8e\xaf\x47\xbc\x9d\x9b\x58\xab\x4b\x43\xb0\xf1\x34\x73\x7b\x28" "\xce\xfa\x9d\xb1\x57\x99\x9c\x4b\x10\x5e\x44\xd3\xfa\xc7\x4f\xe1\xb0\xe9" "\x9c\xac\x7e\xe2\x5b\xae\x74\xf9\x40\xd7\xc9\xeb\xa8\x4d\x19\x68\xe8\x92" "\xdf\x4e\xd8\x1e\x2d\x16\x2d\x4a\xf2\x74\x5f\xe8\x4d\x0e\xd2\xfb\x1b\x5f" "\x57\xe7\x5c\x28\xff\x63\xfd\x60\xe7\xbc\x65\xec\xe4\xdd\x8c\x51\x83\xf7" "\x49\x9b\xfa\x51\x12\x10\xf6\x2f\xdf\xe4\xc4\x94\x94\xed\x00\xaf\xe7\x85" "\x6d\x60\xbb\xb2\x2c\x34\x92\x6f\x33\x5f\x86\xa8\x8b\x32\xce\xf0\x66\x2e" "\x76\x07\x31\x8d\xb2\x87\x45\xc2\x0f\xc0\x0c\x86\x8f\xd9\xb0\x40\x5d\xe7" "\x81\x2a\x10\xf2\x61\x00\xc3\xaa\xbf\xbe\xbc\xa2\x15\xd6\x68\xc0\xb5\xc1" "\x13\x87\xb5\x7c\x04\x7b\x0a\xfc\x54\xb4\xcc\xf0\x22\xe2\x86\x2f\x91\xca" "\x81\x64\x0a\x7d\xcd\xa8\xe0\xde\xe0\x86\xa1\x3d\xd5\x41\x31\xf9\x02\xc0" "\x20\x7a\x10\x78\xc2\x12\xe8\x1e\x28\xec\x0a\x31\xe5\x47\xc0\x69\x62\x68" "\xfb\xcc\x3f\x00\x39\x0d\x34\x65\x04\x03\xa2\xb0\x8d\xab\xe7\x22\x8b\x96" "\xbb\xb7\xc0\xcf\xc6\xef\xf3\x17\x95\x2e\x6d\x9c\xe9\x74\x92\xfe\x9a\x4c" "\x57\x56\xa9\x6e\x9f\x20\xdd\x5a\xa9\x7b\x90\x65\x99\x4c\x00\x6d\xc4\x62" "\x5d\x85\xa0\xa8\x49\x55\x79\x3b\x0a\xc3\x8e\xea\xd6\xe1\x1e\x0a\xba\x7b" "\x0c\xb0\xf3\xed\x00\x4e\x23\x1d\x7f\x2f\xc3\xa1\x08\x04\x4a\x26\x19\x66" "\x5d\x07\xdb\xdb\xf8\xd1\x39\xb5\x60\x8d\xb6\x6c\xe9\xb8\xbc\x30\x75\xc1" "\xe7\xb7\x12\x41\xca\x2b\x6d\xd2\x3d\x0d\x26\xf4\xbb\xb9\x3f\x19\xcf\xd1" "\xba\xcc\x64\x23\x26\xe2\x21\xe7\x0a\x10\x62\x87\x2e\x07\xdb\x09\x0a\xae" "\x06\xb2\x6f\x01\xf1\x02\x04\xc3\x99\x14\xf9\xa3\x5e\x6e\x0a\xb8\x78\x60" "\xbc\x90\xbb\xda\x30\x99\x1e\x00\x07\x03\xa4\xb7\xc8\x16\xe1\x4d\xc4\x47" "\x22\x75\xfe\xf2\xab\xd3\x9d\x61\x0c\x75\x17\x8f\xf7\x13\xd4\x08\x89\xfa" "\x70\x44\xe7\xf6\xb4\x39\x33\x87\x84\xdc\xfd\xa2\x1b\x96\x8f\xe2\x0a\x3d" "\xd6\x52\xf4\xa5\x3c\x0f\x31\x20\xd1\x38\xac\x91\x98\x29\x74\xb4\xa8\x52" "\x47\x60\xd5\xc2\xf6\x2b\xe7\xd7\x4d\xa1\xeb\x5a\x96\x1f\x47\x15\xad\x73" "\x04\x53\x12\xc8\xb6\x88\xac\x73\x67\x11\x38\x25\x43\x52\xeb\x01\x17\xda" "\xe7\x58\x3d\x05\xbe\x35\xe4\xeb\x03\xbf\xab\x14\x6a\x23\xcc\x3c\xf7\xe4" "\x70\x0c\x1f\x86\x75\xa1\xc6\xd4\x13\xf1\x1b\x72\x73\xef\x83\x63\xe5\xe5" "\x8c\x3f\x10\xda\xaa\x31\x69\xe2\x3d\xc0\x8e\x79\x9b\x29\xa1\x73\x4f\xd6" "\x20\x6e\x25\xb2\x6e\x42\xe8\x9c\x87\xd2\x1a\xa0\x64\x5b\xba\x8c\xc8\xe5" "\x6e\x00\x3b\x54\x43\x0c\xdb\xb8\xf0\x5f\x15\x08\x01\x89\x64\x8c\x13\x27" "\x78\x5f\x60\x85\xe0\x1f\xf0\x15\x69\x6f\x42\xaa\xae\xfe\x65\xa0\x41\xb0" "\xee\xd2\x71\xcc\x79\x26\xcd\x3c\x89\xf5\xbc\x9d\xba\xad\xf3\x4a\x68\x86" "\xd5\x6c\x6c\x12\x78\xb0\x66\xd6\xd3\x55\x5b\x85\x39\x31\x81\xcb\xb8\x32" "\xa3\xa6\xf9\x17\x11\xb4\xd4\xec\xc9\x54\xa4\x49\xfe\x95\x50\xdd\x51\x65" "\x66\xec\x5a\xfd\x68\x85\xc6\xd8\xe7\x38\x69\xef\x96\x83\x06\xa1\x35\x0f" "\x64\xf1\x92\x15\xe9\x5e\xdb\xf8\xe2\x6f\x5c\x27\xd5\x6e\x77\x54\x3b\xd4" "\x6c\x86\x5a\x58\x00\x4d\xe3\x99\x17\xc0\xd8\x07\xd3\x47\x3e\x15\xe8\xa2" "\xf2\x00\x6c\xb5\x37\xb9\x39\xd0\xfd\x31\xd0\xb9\xbe\x1a\xf2\x53\xdc\xa1" "\xe9\x3a\xc2\x7b\xc0\x5b\x6b\x82\x5e\xb6\xc8\xb3\xd0\x62\x61\xc8\xac\xf9" "\x9d\xf3\x35\x13\x14\x1f\x4f\x46\x61\x5c\xb3\xc5\xf9\xb9\x50\x54\x45\x4c" "\x01\xda\x84\xa7\x16\xfa\xa8\xd3\x0c\x4c\xac\xb9\x81\xbf\x9b\x1f\xa0\xd0" "\xb7\x01\xe0\xc4\xc0\xeb\x77\x97\x83\x4d\x03\xa4\xbb\x9d\xd6\x7d\x6d\x51" "\x0c\xc5\xc4\x6d\xc6\xb2\x18\x80\x73\x9a\xdc\x3f\x81\xae\xf3\xac\xa1\x64" "\x86\x37\xf4\x48\x5b\x30\xe3\x53\x89\xa8\x05\xe9\x3a\x16\x6d\xa4\x5c\xf3" "\x99\xfd\x4b\x73\x03\xdd\x05\xd0\xb8\xc2\xdb\x7b\xf5\xd1\xbf\xc2\x59\x2b" "\x7c\x06\x3f\x0d\x8d\xce\x21\xca\x93\x82\x14\x03\xbb\x99\x01\x58\x6c\x04" "\xc1\x1e\x0a\x98\x4d\x02\x31\x13\x73\xce\xa9\x4e\x57\x1a\x23\x5a\x56\x3d" "\xa0\xe1\xc1\xe0\x30\xfa\xfd\x4f\x91\x84\xe1\x8d\xd0\x67\x36\x2d\x1e\x81" "\x1a\xdb\x50\x22\xd6\xbd\xb8\x19\xb9\x1f\x12\xe3\xbb\x02\x50\xd9\x71\x48" "\xaf\x8a\x1b\xc6\x7a\x10\x69\x52\x3d\x83\x09\x5c\xf9\x51\xa7\xa9\xc4\xd0" "\xcc\xa2\xe1\xa1\xff\xb8\x09\xa5\x17\x1a\x12\xb1\x41\x16\xf4\x39\x91\x9d" "\x36\x5c\xbb\x76\x97\xbd\xdf\x2f\x54\xbe\xa2\x21\x6f\xdf\xba\x43\x49\x2f" "\x18\xec\x66\x8c\x15\x66\x59\x95\x28\x43\x88\x75\x92\x8c\x4a\x79\xf5\x22" "\xec\xfb\xa2\xf0\x3e\x66\x32\x88\x71\x4d\xcf\x22\xfd\xea\x29\xce\x55\x0c" "\x9c\x4a\x5b\xa9\x69\x4c\xa3\x0b\x32\x24\x4e\xeb\x57\x23\x09\xe1\xaf\x04" "\x8d\x79\xd3\x85\xb6\x82\x4a\x31\x90\x38\xb5\x16\x8a\x83\x0b\x75\x65\xd7" "\x2f\xd2\xf1\x88\x3a\x8d\x55\x58\x15\xeb\x4c\x2b\x9f\x4b\x05\x90\x60\xcc" "\xa9\x54\x28\x59\x67\xb0\xc7\x5d\xd1\x5f\x96\x21\x0e\xe0\x92\x93\x77\xaa" "\x34\x4d\xd7\xed\x49\x2c\x6e\x9f\x82\xcf\x54\xa1\x82\xed\x42\x78\x1c\x2b" "\xd9\x40\xde\x9d\xbc\xf6\x88\x6e\x01\xd1\x0c\xaf\xa7\x4b\x87\x14\x57\x35" "\x63\x1f\xff\x8f\xf7\x5a\x7f\x01\xbe\xa5\x2d\x79\x68\xa1\x42\xcc\x74\xac" "\x89\xd5\xe7\xfe\xdf\x99\x11\xe9\x2b\xd3\x87\xc2\xa4\xca\xbd\x7d\xcc\x91" "\x9d\x3e\xd9\x27\xb4\xdc\x81\x94\x56\xb7\xdb\x5a\x6a\x50\x8d\x0b\xbc\x7a" "\x39\xfa\x3a\x0a\x3b\x65\x2b\xd8\x46\x1d\xa6\xcc\x47\x8a\x42\x1b\x87\x30" "\xf9\x62\x5d\x18\xf9\x5d\x70\x28\x0f\xce\xf3\x7e\x34\xf8\x2e\x6b\x1d\x21" "\xcf\x92\x0c\x56\x98\x9e\x3f\xba\x66\xfc\xef\x7f\xa1\xe8\x1d\xad\x29\x6c" "\xea\xf7\x73\x09\xb1\x16\xfc\xd1\xef\x61\xfb\x0c\xf1\x46\xc8\x68\xf6\xcb" "\xf7\x1d\x1b\xe1\x40\x0a\xd5\x14\xfc\xa9\x73\x79\xa9\xee\x62\xec\x8a\xb2" "\xfe\xbb\xfb\xd3\x33\x0b\xe0\xd5\xea\x38\x29\xa6\x5c\x34\x14\x8f\xff\x12" "\x2d\x30\x05\x7e\xb9\xb7\xd1\x3f\xba\x1b\x5f\x6e\xf8\xba\x72\xb2\x7b\x0a" "\x2e\x92\x9d\xa5\x39\xac\x8d\x8a\xca\x88\x47\x78\xda\xa8\x17\xf7\x38\x42" "\x2f\x9e\xa8\x2c\x03\xc1\x41\xf9\xa8\x48\xab\xf1\x8d\x36\x66\x62\xc6\xc6" "\xeb\xcb\x4f\x07\x0a\xf1\x0d\x37\x12\x29\x25\x7e\x59\x33\x15\x43\xf4\xa6" "\xb2\xc7\xf0\x96\xaa\x8a\xb2\x42\xe5\xbe\xf3\xc8\x1c\x56\x7b\x07\x95\x58" "\x72\xc4\xfe\xe5\x8d\x8b\x56\x3d\xb6\x23\x8d\xa2\xa2\xc4\xb1\x88\x0f\x48" "\x00\xce\xcd\xe6\x6c\x03\x34\xb3\xf8\x56\x7e\x2b\xf6\x39\x3e\x2c\x0e\x09" "\x7e\x8c\x2c\xfc\x70\xc4\x3e\x60\x48\x05\x95\xcc\x37\x0d\xfa\x98\x12\x18" "\xad\xb0\xe5\x27\xe7\xdf\x11\xee\xf3\xee\x39\xb2\xab\x75\x58\xb5\xc3\x91" "\xe9\xc1\x4a\xf1\xbd\x16\x86\x31\x37\xea\x9a\x9f\x48\x23\xd3\x86\x98\xd0" "\xea\xa9\xfa\x8d\xe5\x71\x1c\xb5\xf6\x72\x80\x7b\xd3\xb4\x9d\x3f\x90\x7c" "\x6d\x4e\x34\x43\x60\xb6\xa5\xf0\xb8\x62\x15\xbc\x39\x8f\x61\x63\xc8\x4e" "\xa8\x27\xbc\x7b\x7c\x55\x97\x82\x7d\x33\xfe\x0e\xe2\x15\xe8\x41\x68\x9e" "\x25\xae\xe5\xb1\x3d\x2d\xc5\xfb\x0d\x26\xed\x6d\xf1\x22\x03\xc4\xb5\xdd" "\xfc\xf3\x04\x3c\x3f\x04\x30\x2d\x5c\x88\x7e\xaf\x09\xf6\x49\x3e\xd5\x13" "\x48\x08\xb7\x44\x4b\x18\x2f\xfb\xce\xc6\x79\x4c\xb9\x95\xca\xb4\x30\x09" "\x70\x5b\x39\x82\x51\x40\xc6\xa8\x8c\x47\xcd\x13\xb7\x5f\x64\x40\x34\x2d" "\x5d\x92\xd8\x57\xe2\x31\xa2\x95\x4e\x8b\x73\x9d\x6a\x98\xec\x2f\x26\xa5" "\xc8\xf9\x4f\x5d\x18\x1e\x29\x08\xdb\x36\x06\x67\x36\xc1\xc8\xb4\xdd\x7f" "\x90\x97\xb2\xe5\xeb\x3f\x81\x01\xad\xbc\x24\x95\xc2\x81\x41\xf0\xdb\x32" "\x89\xdf\x8a\x03\xfd\xb4\xfc\x18\x0e\x62\xb3\x1b\xfb\xbc\x74\x93\x4c\xec" "\x15\x65\xa0\x16\xba\x19\x12\x0c\x4e\x39\x43\x58\x23\x28\x80\x1f\x93\xa5" "\xdc\xd6\x66\x4f\xec\xc3\x1e\x7e\xa5\xd0\xf4\xbf\xaf\xc9\x19\x0e\xfa\x44" "\xc5\x81\xb7\x30\x7f\x39\xc8\x69\xcd\x53\x67\x0f\x1a\x12\xf3\x89\x12\x14" "\xac\x4c\xff\xeb\x93\x56\xa1\x64\x61\x0e\x45\x8e\x20\xfd\xbf\x48\xb2\xcb" "\xe0\x18\xd1\xa9\x4f\x28\x06\x4d\x12\x5f\x81\x6b\x1e\x0a\x51\xbb\xb3\x7d" "\xd8\xa2\x65\x98\x22\xbb\x06\x05\x80\x62\x6d\x85\xf4\xb2\xfb\x12\xb6\x15" "\x40\x4a\xe2\xfe\xdf\x97\xd6\xe7\xa5\x25\x8d\x39\xad\x37\x08\x1d\x20\x23" "\xa7\x93\x76\x6c\xcb\x8b\x7e\x84\xb8\x07\x17\x95\x57\xe7\xcf\x4e\x3b\xfd" "\x22\x26\x05\x0c\xc2\xf8\xba\x73\xfc\x5e\x98\x7a\xa9\x4d\x41\x15\x4d\xe2" "\xdc\x15\xcd\xae\x05\xa6\xc4\xed\x00\x4d\xa8\xf8\x33\x63\x44\x2d\x9f\x7c" "\xca\x2d\xda\x5f\xbc\x34\x8f\x43\x86\x8f\x11\x82\x13\xc5\x31\xd3\x41\xa5" "\x4b\x0a\x41\x59\x3c\x4b\xd1\x8c\x1f\x05\x82\xd8\x3e\x72\x59\x65\x6b\x20" "\x3b\x07\x7a\xb2\x32\x79\x04\x74\x52\x3d\x98\xdb\x49\x33\x98\x3b\x3f\x82" "\x6c\xae\xbe\x4b\xb2\x12\x53\xe4\xf9\xf3\xb4\x29\xc7\x52\x28\x60\x26\x7b" "\x9c\x69\xbc\x53\x68\xd1\x7b\xd7\x5c\x13\x0f\x47\xa4\xe2\xba\xa4\xe8\x78" "\x55\x8e\xe6\xbd\xad\x4c\x07\x47\x50\x79\x6e\x15\x00\x2f\x23\x72\x2f\x8b" "\x11\xa1\xdd\xef\xff\x8b\xcd\x45\xf7\x33\xc2\x99\x77\xa6\x87\xa0\x5f\xc4" "\x98\xad\x87\xaa\x3f\xaa\xf9\x9b\x8f\x43\x71\x62\xac\xda\xd4\x18\xf8\x80" "\x15\x69\x52\x62\x70\x8d\x8d\x35\x1b\x52\xec\x71\x56\x46\x5c\xed\xe4\x2c" "\x4b\xe7\x7f\xd8\x6e\x50\xd4\x45\x62\x45\x7a\x21\x68\x00\xf8\x4b\x07\xc2" "\x7f\xf1\xde\x20\xa8\xfa\x65\x59\xc9\x00\x9d\x93\x7a\x1b\x35\xd9\xd9\xe2" "\xf2\xc8\x04\x33\x38\x1b\xb1\x8a\x0c\x2e", 4096); *(uint64_t*)0x20000908 = 0x1000; *(uint64_t*)0x20000910 = 0x200003c0; memcpy((void*)0x200003c0, "\x77\xfb\xf7\x28\xc6\x33\xa6\x54\xde\x7e\x11\x0c\x14\xae\x51\x0a\x50" "\xd8\x02\x3e\x52\x74\xb5\xc0\x57\xb3\x19\x98\x86\x88\x95\xac\x58\xb2" "\x8d\xdb\x06\xc9\xde\x91\xa2\xcb\xf2\xd2\x95\x78\xe2\x6a\x3e\x36\x25" "\x50\xc9\x9b\x51\x20\xef\xdf\xc0\x82\x37\xfe\x48\x60\xd9\x6e\x9f\x4a" "\x78\x84\xef\x2e\x37\x31\xf8\x76\x6e\x00\x06\xa1\x58\x30\x2f\xc7\x2d" "\x6d\xd4\x51\xd5\xe2\x7e\xcc\x43\xae\x98\x6a\x9c\x4d\x98\x8f\xf8\x61" "\x3b\x70\x4d\xb3\x28\x51\xe0\xe4\x01\x78\xe4\x54\x6e\x7d\x3b\x75\x37" "\x97\x6b\xa8\x1d\x98\x2a\xfd\x24\x84\x01\xd5\x79\xa1\xed\x24\x28\xb0" "\x89\x66\x20\x30\xe0\x18\x91\x40\x6d\xd9\x7c\x3a\x9d\xd5\x8b\x0e\xa3" "\x1a\x59\x5a\x18\xe4\xf3\x77\x76\x1e\x37\x0f\x4f\x8c\x3b\x91\x59\x93" "\xec\xd7\xe4\x57\x35\x4d\x96\xfa\xd4\xb2\x53\x31\x2a", 183); *(uint64_t*)0x20000918 = 0xb7; *(uint64_t*)0x20000920 = 0; *(uint64_t*)0x20000928 = 0; *(uint64_t*)0x20000930 = 0; *(uint64_t*)0x20000938 = 0; *(uint64_t*)0x20000940 = 0; *(uint64_t*)0x20000948 = 0; *(uint64_t*)0x20000950 = 0; *(uint64_t*)0x20000958 = 0; *(uint64_t*)0x20000960 = 0; *(uint64_t*)0x20000968 = 0; *(uint64_t*)0x20000970 = 0; *(uint64_t*)0x20000978 = 0; *(uint64_t*)0x20000980 = 0; *(uint64_t*)0x20000988 = 0; *(uint64_t*)0x20000990 = 0; *(uint64_t*)0x20000998 = 0; syscall(SYS_writev, /*fd=*/r[0], /*vec=*/0x20000900ul, /*vlen=*/0xaul); } int main(void) { syscall(SYS_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ*/ 3ul, /*flags=MAP_PRIVATE|MAP_FIXED|MAP_ANON*/ 0x1012ul, /*fd=*/-1, /*pad=*/0ul, /*offset=*/0ul); for (procid = 0; procid < 6; procid++) { if (fork() == 0) { loop(); } } sleep(1000000); return 0; }