// https://syzkaller.appspot.com/bug?id=beda27a527671ca5eba4f494098de01226c419c5 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); if (pthread_create(&th, &attr, fn, arg)) exit(1); pthread_attr_destroy(&attr); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define __syscall syscall struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; int collide = 0; again: for (call = 0; call < 5; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter; for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { long res; switch (call) { case 0: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup, r[0]); if (res != -1) r[1] = res; break; case 2: *(uint16_t*)0x20000000 = 0x282; memcpy((void*)0x20000002, "./file0\x00", 8); syscall(SYS_connect, r[0], 0x20000000, 0x10); break; case 3: *(uint64_t*)0x20000040 = 0; *(uint64_t*)0x20000048 = 0; *(uint64_t*)0x20000050 = 0x20000280; memcpy( (void*)0x20000280, "\xcc\x91\xc6\x55\x6c\x67\x98\x2d\x39\x0f\x85\xc8\xcf\x90\xd4\xb3\x9b" "\xf1\x82\x18\x8b\x3c\xbd\xf9\x00\x3a\x30\x23\x92\x1e\xf9\x27\x4c\x76" "\x5e\x6e\x5a\x83\x79\x14\xb0\x0d\xf5\xfc\x60\x8f\xe5\x11\x38\x62\xfd" "\x88\x79\xe0\xe9\xc3\x04\x54\xbe\x66\xd5\x3e\x82\xf9\x30\xf2\x46\xb3" "\x55\x59\xbf\x11\xd3\xab\x92\x7b\x34\xd8\xb6\xc8\x79\x1d\x71\x64\x43" "\x0f\x92\x3d\x30\x8e\x35\xc2\x43\x39\xa7\x7c\x9a\xe9\x30\x11\x65\x07" "\x1f\x4a\x71\x3f\x2b\xbf\x16\xcd\x60\xfc\x3c\xb3\x11\x68\x48\x2a\xc8" "\x60\xc0\x86\x50\x37\xf3\x46\x5f\x16\xa9\x90\x06\x1b\x0a\xe6\x53\xd6" "\x22\xe9\x84\x61\x7a\xea\x18\x0a\xb4\x10\x37\xbf\x95\x4a\x5e\x29\x39" "\xeb\xf5\x06\x26\x56\x1d\x59\x96\x42\x1e\x90\x50\xcc\xa4\xac\x0b\xa1" "\x3d\x99\xfd\xf3\x69\xc0\xcf\xdd\xfe\x85\x27\x7d\x9a\x58\x83\x42\x77" "\x9b\xa8\x06\x61\x53\xee\xad\x55\x9d\x8d\xf8\x18\xc8\x23\xd1\x2f\xdf" "\xfa\xe4\xff\x7a\xce\xe2\x78\xcd\x12\x7b\xf7\x88\xa9\x16\xbd\x3a\x54" "\xf7\x24\x8d\xc8\x7d\x1a\xba\x5e\x6e\xf7\x7d\xd5\x35\x66\x64\x01\x18" "\xca\x86\x01\xc3\xba\x5e\xab\xf1\x90\x90\xa5\xf7\xfa\x08\xb8\xca\x0a" "\xb6\x46\x02\xeb\x6d\xc0\x7e\x39\xca\x2b\x2f\x71\xde\x02\xf4\xc3\x08" "\x89\x07\xfd\xf3\xb1\x55\xc8\x33\xcb\xe2\x2c\xee\xaf\xea\xd8\xd0\x05" "\x17\xfd\x83\xe9\xa0\xb9\x83\xa4\x07\x06\x6a\x0d\x4c\xa1\xec\x43\xf0" "\x79\x49\xa1\xe5\x7b\xf8\x1d\x7f\x1c\x4b\xbb\x65\xc0\xac\x00\xda\x63" "\xa3\x4e\x60\xfb\xed\x24\x2c\xef\x56\xdf\x8f\x31\xb2\x3c\x7b\x8e\xf1" "\xe7\x00\x24\x12\xab\x2b\xa0\xec\x06\x78\x57\xf0\x1a\x25\x77\xba\x30" "\x2e\xdb\x8c\x30\xd2\xa8\xe7\x94\xae\x69\xfb\x0d\xd4\x5c\x0c\x69\x35" "\x57\x56\x1a\xb1\x51\xc9\x24\xf0\x45\x7b\xd9\x43\x07\x38\xfa\x3f\x1d" "\x11\x56\x2f\x01\xfc\x2d\x73\xc6\xc2\x43\xa0\x57\x01\xd8\xc3\x54\x3a" "\xde\x9b\xa5\xe2\xb5\x3e\x2a\x05\xeb\xbf\x03\x92\xfb\xf7\xb8\x7d\xf5" "\xea\xd5\x13\x20\xaa\x40\x0b\xbd\xff\x26\xa4\x0d\x57\x1b\xb5\x3b\x43" "\x33\x64\xa0\x8c\xb9\x91\xd2\xdd\x06\x60\xef\x5b\xa7\xed\x46\x04\x7d" "\x84\xb4\x2a\x94\x0b\x8c\x5d\xf5\x6c\x95\x81\x48\xfa\xe0\x20\x62\xd7" "\x54\x86\x04\xc8\x79\x82\x60\x8f\x08\x55\x60\x81\x1c\xf5\x9f\x0f\xa0" "\xba\x8e\x37\x0c\xaa\x49\xdb\xa5\x48\xf4\x14\x7b\x7a\x97\x42\x95\x54" "\xd0\x73\x25\x97\x29\x3d\xad\xa1\x39\xf9\x20\x82\xcd\xd9\xfe\x6e\x82" "\x14\x8d\xa7\x6b\x8d\x49\x03\x2d\xef\xe4\xb3\xd6\xe9\x48\xb7\x0d\x41" "\x2c\xa7\x54\x0d\x63\xb2\x82\x4c\xd4\x48\x5f\x8e\x59\x6c\x60\x62\x87" "\xa5\xb0\xa0\xd6\x02\xbb\x73\x3a\xfc\xfa\x8c\xd0\xc6\x34\xda\x93\x98" "\x65\xd1\xb7\xea\x4e\x42\x76\x5a\xc6\x10\x89\xc0\x0b\xbc\xd3\x42\x24" "\x1d\x43\x98\xec\x65\xd2\xfd\x77\x8b\x82\xad\x17\xfe\x43\x03\xd1\xfa" "\x58\x80\x2d\x5e\x21\x31\xf3\x6f\x7d\xda\x2b\xf2\xe2\x9c\x3e\x03\xf6" "\xee\x28\xdb\xc7\x61\xf5\x3a\x05\x8e\xd6\xb6\x72\x6b\x43\xb7\x8f\xe2" "\x49\x07\x64\x0f\xae\xb1\x58\x0a\x02\x7d\xdd\xd6\xcc\x81\x19\xe3\x02" "\x22\x65\x14\x96\xd6\x3a\xb0\x6c\xf7\xb4\x8a\x53\xac\x5a\x98\xd4\x28" "\xe6\x70\x17\xda\xbb\x6c\x07\xa3\x23\x5d\x23\x46\xa1\x8e\x35\xe9\x0c" "\x2a\xac\x18\x4d\xc7\x27\xdb\xf5\xee\x10\x8b\xac\x2c\xa1\x8d\xf5\x67" "\x02\x4a\x31\x00\x88\xf6\x44\xe4\x46\x4f\x8a\xb7\xbc\x68\x73\x96\x3c" "\x71\xcb\x14\x40\x3d\x9b\x93\x78\x00\x53\xe9\x57\x6a\xe3\x65\x82\xdc" "\xc1\x6c\x90\xb9\xd9\xb1\x41\xf6\xda\x66\x7e\x99\x6c\x11\xfc\xc5\x65" "\xbe\x14\x24\x79\x2b\x3a\x9a\xa7\x4a\xf5\x00\xb5\xb9\x14\x95\x36\xfe" "\x14\x9f\x51\x23\x1c\x51\xbb\x47\xf9\xbd\x3b\x97\x1d\x76\xe0\x60\xc2" "\x71\xc2\xe2\x44\xf9\x85\x61\xcb\x50\xc0\x14\x92\xd0\xcd\x47\x31\xdb" "\x24\xa5\x75\x66\x89\x5a\x3b\x2c\x62\x92\x83\xb3\x85\x7e\xfa\x28\xe0" "\xa2\x5f\x0e\x0f\xcd\x80\x90\xa8\xa1\x61\xfb\xa4\x9a\x4c\x35\x9e\x4e" "\xf6\x10\xc2\x47\x7b\xf3\x3a\x70\x62\x7e\xdb\x93\x76\x51\xbe\xbe\xb0" "\xe5\x9b\x7d\x62\x17\x95\x43\xdc\x7a\x80\x46\xb5\xa0\x05\x41\xf7\x82" "\x50\x20\xb3\xf9\x40\x4e\x1f\xa3\x59\x56\xab\x30\x0a\xdf\x20\x28\xa3" "\xaf\x71\xcd\xe3\xcd\xcb\x02\x86\xa7\x7a\x19\xa6\xeb\xb4\xe4\x9d\x0b" "\xdb\x67\x86\x81\x5b\x6a\x16\x19\xb6\x02\x58\x41\x79\x1b\xe1\x15\xd1" "\x27\x4e\x54\x6b\x76\x66\x6b\x63\xa9\x73\x43\x7b\x3b\xad\x7f\xaa\x80" "\x53\x86\x5d\x1e\x52\x12\x5d\x21\xc9\x9a\x17\x54\x75\x7c\x1a\x66\xbb" "\xb4\x11\x40\xc7\xb6\xc3\x34\xb0\x51\xfb\x79\xc1\x03\x83\xbb\x3f\x46" "\x30\x27\x3b\x77\x7b\x61\x3a\x4c\x1d\x40\x8e\xa7\xc8\x12\x98\x74\x93" "\x6a\xe5\x92\xd6\x84\xde\xf2\x95\x51\xc3\xa8\x24\x35\x06\x89\x48\x38" "\x1b\xec\x72\x7c\x78\xdc\x44\x3c\xee\x93\xe4\x73\x84\x42\x25\x1d\x70" "\xa6\xca\xd2\x24\xa0\xcf\x47\xf1\xc3\x00\x30\x43\xe9\x1d\xb4\x21\xf0" "\x90\xe7\x7d\x57\x84\x0b\xad\x63\x35\x40\xc2\xb9\x1c\xd2\xa0\x75\x6c" "\x4f\xce\xb8\x4f\xda\x7b\xce\x5c\xac\x71\x22\xeb\xe7\x56\xd2\x10\xab" "\x5e\x85\x34\x7d\xbc\xe9\xdb\x57\x22\x01\xa1\x23\x6e\x14\xb5\x07\xd3" "\x29\x7d\x04\x57\x03\xe2\xfc\x0b\x40\xe4\xf6\x50\x75\x0e\x71\xcd\xc8" "\x8c\xa4\xb1\xfc\x40\x9b\x75\x07\x4a\x61\xed\x5d\xa8\x04\xf8\x2a\x4b" "\xf9\xe9\xc9\x6c\x47\xca\x6b\x2d\x25\x31\x8d\x87\xe2\x48\x59\x4e\x5a" "\x35\xd3\x6c\x88\x42\x9f\xdd\x79\x0f\xba\xb9\x33\xd5\xba\x80\xf6\x2b" "\x5e\x22\xac\xca\xde\x5a\x9c\xc8\xba\x82\x0e\xb1\x0c\xbc\x6b\xce\xeb" "\x4d\x51\xc1\x4d\x91\xe4\x2a\x22\xd6\x89\x45\x7d\x5e\xbd\xb3\xcd\x7a" "\xa3\x25\xc6\xe0\xed\x23\x7d\x6a\xa7\xad\x45\x3e\xd3\xbb\xdb\xdd\xcc" "\xb1\x47\xf6\xda\xf9\x7d\x05\x3f\xbe\x08\x9d\x0d\x42\x9d\x58\xe2\xc7" "\xb1\xee\x17\xce\x9d\x6c\x35\x9f\xf3\x09\x8b\x5c\x0b\x0b\xe7\xcb\xed" "\xf7\x89\x31\x3d\xf4\x59\x37\x07\xcd\x36\x24\x91\xca\x2d\x27\x2f\x4b" "\xcd\x1b\x52\x89\x8a\x0e\x32\x9f\xf0\xe9\x98\xd0\x0b\xa6\x1e\x64\x03" "\xa4\x22\x90\x96\xd9\x9c\x23\xe5\xcb\x23\x7c\xf0\x9e\x30\x5a\x73\xe4" "\x98\x81\xbf\xc0\x34\x2b\x7c\x73\x92\x50\xf5\x97\x45\x33\x4f\xb4\xa9" "\xe7\xd5\xcb\xc4\xa6\x0e\xc3\x69\xcb\xa8\xd7\xfe\x2b\xe7\xe6\xe0\xb2" "\x07\xe2\x47\xb9\xa3\xc3\xd3\x38\x40\x11\xf3\xff\xad\x54\xe7\x8b\xe9" "\x5c\x9f\x7b\x0e\xe4\x3a\x83\x48\x69\x1f\xc7\x06\xe2\x82\x38\x2f\x32" "\x0d\xc4\x25\x4f\x4c\x03\x97\xb6\x1f\xd5\x1b\xf5\x65\x15\x5f\x95\xe9" "\x19\x48\xec\xab\xb9\x7c\x32\x93\x7d\x2a\xc1\xaf\xcf\x6b\xe6\x3d\x24" "\xd1\x5b\xb4\x1a\x2c\x5b\x5d\x3c\xfb\x6c\x62\x69\xab\x87\xbd\xc0\xd8" "\xb5\x70\x00\xcf\x1a\xc5\x53\x63\xf7\x0a\xe3\x99\xd6\x34\xc9\x8f\xc4" "\xac\xef\xcb\x4e\x2b\xda\xff\x37\x14\xf0\x21\x5d\xa8\x1c\x7f\xb3\x49" "\xde\x87\xc2\x24\xcb\x6d\x78\xa1\x73\x95\x48\xf5\x62\xfa\x3a\x15\xe5" "\x0f\xe7\x02\x40\x61\x34\xd9\x1d\x70\xe8\xa5\xc7\x8e\xf3\x6f\xd4\x1e" "\x1a\xd0\xea\x4f\x31\xa4\xae\x10\x1f\xdf\x30\x41\xbc\xb4\x6b\x3c\xb0" "\x93\xb3\x75\xbf\x49\xb7\x13\x21\x54\xd7\xa6\x96\x37\x72\x92\x68\x27" "\x58\x0e\xa2\xe7\x40\x4d\x9a\xb1\x22\xaf\x4b\xf5\xb9\x18\x82\x93\xa5" "\xb1\x39\x7e\xfc\xfd\xcd\x89\x6d\x4c\x6f\x94\x18\x24\x91\x03\x3c\xb6" "\x16\x01\x44\x59\x31\xf1\xf0\x98\x62\xe5\x89\x38\xa4\xaf\x70\x21\x2a" "\xa8\xcc\x31\x11\xbc\xad\xed\x7f\xf6\x4e\x90\x3b\xc7\x6c\x6e\xc6\x30" "\x0b\x21\x21\xe8\x04\x35\xb6\x8c\x7c\x64\x1d\x6a\x69\x10\x79\xbc\x65" "\x91\xfa\x77\x98\x7d\x4b\xe7\x09\x3f\xca\x5a\x2c\x1a\x9a\xc7\x63\x04" "\xc5\xa0\xdc\x6a\xa1\xc8\xae\x07\x8a\x8f\x3c\x38\xac\xac\x54\x5d\xcf" "\x02\x55\xb5\xe8\x4f\x7d\x46\x80\xd3\xd4\xf6\x0b\x86\x4d\x92\xb6\x19" "\xf5\xc7\xab\x21\xeb\x7b\x35\x4f\x66\x1d\x9f\x2d\xfe\x9d\x24\x36\x17" "\x9f\x9f\xb8\x61\x8c\x4e\x47\x44\x93\xcd\x7d\x0d\xc7\x31\xbc\x3a\x7c" "\xc1\x90\xc7\x22\xd1\xbc\xe9\xc1\x77\xad\x11\xb6\xc3\x53\x39\x20\x93" "\xa6\xa8\xfa\x0b\x32\x22\x2b\x74\x45\x86\xbd\xe9\xea\x4d\xcd\x7b\xf4" "\xe4\x54\x8f\x0c\x85\xb9\xcb\x21\xa5\x6c\xc0\x94\xef\x4b\xc4\xa6\x5c" "\xb0\x7b\x14\x27\x72\xee\xbb\xbb\x65\xca\x37\x00\xfc\x62\x60\xf8\x17" "\xbe\xf7\x4a\xfa\x0a\xea\xd8\x83\xcb\x9f\xd6\x5b\x9f\xdf\x61\x35\x1b" "\x0a\x2f\x7b\x30\x41\x58\x69\x20\xdd\xc0\xa5\x91\xe4\x89\x33\xdf\xfa" "\x0c\x82\x30\x79\x70\x85\xca\xf9\x6e\xd5\x7d\xc6\x99\xde\xdf\x63\x81" "\xc9\x2f\xa3\x25\xaa\x42\x0b\x5d\x29\x28\x4d\x60\xca\x6c\x87\xdd\x35" "\x33\x1b\x41\x03\x62\xcf\xff\x33\x36\xbb\xc8\x51\xe9\x93\xc6\x3f\xbf" "\x97\xdd\x6c\x24\x1a\x47\x0a\xf8\x8b\xde\x1a\x7e\x33\x51\x9e\xac\xbb" "\x89\x43\x28\xef\x1f\x29\xc6\x80\xba\xa4\x93\x69\x38\x84\x62\x03\x47" "\x74\xc3\x9a\x67\x81\x15\x1b\xf2\xaf\x5e\x2e\x5e\xd0\x3c\x2a\x5d\x3d" "\xa0\xe8\x86\xa7\x8d\x1e\xb8\x4c\x37\xe5\x02\x21\xd0\x2e\x6b\x15\x91" "\xfb\x7e\xc8\x48\x39\x44\x14\x8c\xb4\x23\x89\x9f\xf3\x5b\x18\x56\x5d" "\x28\xb9\x30\x76\xca\xc3\x7a\x60\x37\x4c\xfe\x52\x35\xe1\xe4\xdd\xd9" "\xdb\x73\xd8\xf8\x73\x80\x4d\xf4\x98\x7a\x59\x66\x6a\x66\xad\xcb\x1f" "\xb7\x45\xd9\x30\x42\x98\xc2\xcb\x44\xb0\xdd\x43\xc3\x87\x78\x88\x6d" "\x96\x3e\x5e\x1a\xe0\x4e\x18\x90\x89\xa4\x1b\xa7\x03\x32\x39\x79\x34" "\x70\x17\xe8\x0c\x37\x47\x68\x9a\x8d\x8c\xaa\xe4\x65\x4a\x00\xdf\xd2" "\xb7\x0d\xb8\x0f\x93\xd5\x57\x67\x43\x23\x8a\x0f\xb5\x6c\x62\x2f\x13" "\xdc\x12\x5a\x42\x05\xed\x83\xae\xb8\x94\x2f\x9a\x07\x8e\xaa\xaf\x61" "\xf5\x09\x66\x90\x20\x62\xb6\x12\x3c\x5d\x73\xef\x70\x6c\x4b\x57\xab" "\x67\x84\x23\xa4\x0e\xb8\x7a\x2d\xf3\xa8\xea\x62\xd6\x80\xe0\x20\xc4" "\xb5\xa2\x4c\x14\x0d\x4f\x0a\x9a\x51\x99\xfc\x6c\x7b\x9b\x56\xd7\x0f" "\xda\xe1\x2b\x60\xe2\x92\x10\xbc\xe8\xa2\xf7\x78\xe4\x9c\x09\x85\x88" "\x77\xaa\xff\xc0\xfc\xc1\xdd\x42\x6a\x1d\x47\x41\xd6\x41\xf4\x85\xec" "\x08\x24\xf4\x4b\x9f\x6a\x1f\x7f\x99\x3c\x37\x39\x1b\x71\x03\x5f\x01" "\x14\xfe\x31\xe7\xd7\x16\x2e\x40\x84\xb2\x9a\xe4\x74\xd2\x81\x84\x8e" "\x2f\x91\x81\xe9\x8d\x17\x57\x5d\xfb\xa8\x06\x2c\xc9\x9d\x5f\x7c\xd2" "\x3f\xe8\xfe\xbf\x97\xca\x7f\xdc\xf9\x22\xe9\xb9\xaa\x14\x7d\x01\x5b" "\x92\xde\x45\xac\xda\xe8\x2d\xe3\x71\xb0\x09\x64\xe3\x30\x58\x7d\x5a" "\x25\xc2\x7c\x18\xc3\xcd\xac\x68\x8e\x5f\xde\x5e\x2c\x0a\x42\x17\x6d" "\xe7\x65\x4d\x64\xbf\x7e\xd1\x6f\x77\x99\x0d\xad\x45\x18\x3d\x61\xd8" "\xea\xdd\xbf\x32\xee\xd6\x59\x9e\xdd\x1b\x5b\x35\x9d\xca\xde\x5b\x64" "\xb0\xa6\x67\x4e\x2a\xd7\x74\x67\x38\xb1\xc3\xc1\x84\x04\x03\x61\x6b" "\x21\xfe\x51\x4b\xdd\x11\xe2\x1f\x98\x00\x5e\x07\xd1\x46\x33\x85\x01" "\xcf\xc6\xd3\xd1\xf0\x16\xa3\x47\x02\xf2\xb4\xc3\x41\xb0\x89\xb6\xe2" "\x83\x20\x7d\xab\x16\xde\x4c\xa0\x5f\x0a\xd8\x68\xd4\xc5\xfb\x58\xdd" "\x64\x32\xa6\xc9\x11\xcf\x4c\x6a\x79\xb8\x4e\x47\x12\x52\x95\x07\x92" "\xb3\x70\x5e\xb2\xde\x44\x4f\x06\xfd\xb1\x91\x13\x2a\x72\xe5\x51\xe2" "\xf9\xb3\x65\xf6\x00\xb9\xee\xb0\x9b\x49\xd7\x12\x83\x13\x18\x39\xc7" "\xe1\xe1\xcb\xdd\x81\xa2\x53\xc2\xcc\x9e\xfd\x42\x4e\x58\x71\x6d\xf6" "\x72\xd3\x1d\x62\x20\x1c\x31\xb8\x5e\x78\xa0\xb8\x02\x4a\x15\x28\x09" "\x44\x20\x5b\x5b\x0f\x25\x76\xf9\xac\x0c\x90\xd0\x18\x90\x14\x84\xe6" "\x5e\x2e\xc5\xb8\xa4\x55\x68\x40\xf1\xc2\xe8\xc6\xc3\xa6\x09\x84\x97" "\x19\x49\xe0\x89\x9e\xb1\x48\xb2\x2d\x97\xcf\xa5\x43\xed\x3d\x6c\x20" "\x85\x58\x5e\xff\x50\x6e\x51\x65\x68\xd4\xb4\x50\xd8\xa7\xca\xc0\xff" "\x70\x41\xb5\x2c\x76\xf1\x2b\x7d\xa5\xb9\xbd\x1c\xfe\x15\x91\xe9\xa5" "\x8b\xa0\xb1\x84\x49\xc2\x9f\xa1\x9d\xe3\xae\x9e\xa9\xc4\xe1\x85\x9b" "\x1c\xfe\x69\x73\x56\x77\x76\x4d\xf9\xf6\x72\xb8\x5d\x56\xfb\x55\x25" "\x28\x2a\x07\x9e\x9a\x29\x29\xaa\x48\x1d\x8e\x9c\x9c\xf7\xdd\xfc\xd4" "\xeb\x6f\xf3\xea\xc6\x36\x78\x4d\x85\x45\xcb\x7d\xbe\x16\x1f\x64\xc8" "\x99\x92\x92\x18\x82\xcd\x5a\x67\xce\x7b\x7a\x21\x59\x7f\x0f\xa3\x97" "\x30\x9c\xb1\x06\x50\x31\x85\x50\xd3\x99\x83\x0d\xd9\xeb\xad\x08\x8f" "\x24\xcd\xcd\x33\x55\xbb\xb3\xb2\xb5\x79\x97\x21\xfe\x20\x0a\xa4\x9b" "\x67\x0a\xd8\xa1\xd5\x69\x54\x04\x73\x60\xe1\xa4\xf0\x3c\xcd\x27\x56" "\xcf\x7d\x61\x1d\x8b\x30\x54\xf6\x3e\x46\xf9\x38\x08\x8c\x7a\xa8\x5a" "\x2a\x97\xf3\x07\x3a\xf4\x91\xc4\x2e\x17\xf6\xa8\xa9\xd2\x7c\x15\x7c" "\xaf\xed\x00\x11\x0b\x0b\x7f\x07\x38\x3e\x98\x65\x6d\xa5\x97\x29\x36" "\x58\x4e\xba\xac\xf4\x0c\x91\xf2\x94\x03\xe4\x9f\xab\xfa\xbc\x74\x66" "\x79\x6e\xea\xae\x5a\x9c\xce\x4d\xdd\xfa\x48\x71\x3d\x6e\xa5\xca\x80" "\x59\xf7\x8b\x4b\xa7\xe5\xf3\x1e\xf4\x21\x1d\xbc\xae\x67\xe2\x88\x0b" "\x8b\xa4\xd8\xf8\x3c\x88\xa7\x6c\xd7\x6c\x33\xb6\x65\xd6\xd9\xb2\x98" "\x15\x9f\x81\x3a\xde\x10\xd6\x9f\x4f\x26\x3d\x4c\x4b\x90\x97\x7a\x76" "\xbc\xe3\xfd\xad\x2d\x50\xee\x68\x3e\xfd\x60\x81\xde\x92\xc2\xa1\x1d" "\x65\x9c\xdb\x62\x96\x40\x31\x21\x61\x76\xf7\xce\x4b\x3b\x9b\xa8\x2f" "\x0e\x55\x0e\x78\x4f\xa4\x8e\x0d\xdb\xa1\x9a\xe9\xc1\x5f\x74\xf5\xbf" "\xa2\x98\xd7\x82\x4a\xa5\x95\xa4\x57\xc8\x5d\x38\x64\x24\x63\x84\x24" "\x46\x6a\x01\x0a\xb1\x8f\x7b\xa0\x80\x0b\xdc\x53\x0c\x37\x3e\x42\x92" "\x6d\x8a\x3a\x8f\x22\xab\x67\x22\x1a\xb1\xf4\xe8\xbd\x80\x52\xfc\x33" "\x66\x99\x35\x05\xe4\x18\x7d\x37\xb7\xb8\xdb\x02\x43\xfd\x72\x56\x82" "\xad\x4a\x29\x70\xa1\x33\x71\x25\x4a\xa7\xe5\xe2\x74\xb7\x10\x9f\x17" "\x6d\x73\xc4\x63\x10\x40\xf3\x95\xa7\xc8\xfd\xdb\xbc\x29\x09\x25\xbe" "\x38\x77\x38\x53\x12\x12\x5d\x65\x89\x29\x70\xd3\x0d\xdc\x78\x45\x26" "\x4b\xfc\x57\x7a\xca\x5a\x52\x91\x59\xcd\x46\x2b\x19\xdd\x03\x49\x08" "\x7b\xa7\x55\xb8\x5e\x86\x1f\xbc\x64\x79\x55\xc6\x99\x5e\x60\xb2\x75" "\x20\x68\x1e\x86\xf7\x32\xaf\x51\x60\xf6\x34\x10\x52\x1f\x39\x82\x4b" "\x22\xac\xb9\x57\xe9\xa4\x27\x42\x77\x65\x8f\x13\x2e\x81\x85\x45\xa9" "\x28\xbc\x5c\x36\x70\xdd\x40\xaa\xb7\xec\x95\x3c\xfa\x85\x32\x34\xc1" "\xbd\x8c\x98\x2d\x47\x6f\xe1\xef\x2f\x63\xaa\x24\xaa\x7a\x56\x4f\x1e" "\xcc\x25\x24\xef\x70\x16\x16\xb1\x0f\x48\x82\xf7\x9a\x27\x72\x4c\x40" "\xcf\xad\x4f\x09\xfa\x65\xe5\x74\x0f\x9f\xe3\x18\x53\xa4\x9a\x9a\xf9" "\x9e\x5f\xbb\x77\x4c\x03\xf4\x66\xb4\xa5\x62\x99\x5a\x02\x15\xa0\x6b" "\xb1\xcd\x15\x7d\x3b\x07\xc1\x93\xba\xe8\xb2\x02\xc4\x04\xd6\xe8\xcd" "\xe6\xe6\x0c\x9f\xed\x60\x2e\x24\x64\x62\x91\x77\x6f\x0b\xa0\xb2\x98" "\x0a\xe4\xd7\x34\x86\x95\x64\xc4\x79\x16\x06\x1a\x10\xe7\x87\xf0\x97" "\x5c\x90\x44\x7d\x22\x73\xb5\x1a\x2f\x94\xb4\xb0\xee\xb2\xf1\x5c\x1c" "\xb8\x25\x97\xaf\xb6\x6d\xb0\x30\x3c\x6a\x0c\xae\x7c\x06\x49\x28\x21" "\xe5\xc7\xda\x93\xde\x8a\x62\x4d\x15\xb6\x6c\x94\x0c\x58\xda\x10\x76" "\xf0\xbe\xc7\x0c\xec\x95\x1f\x36\x51\x37\x32\xff\xf8\xdb\xa9\xab\x9b" "\xe1\xff\xae\x0c\xf3\x61\x7b\x51\xb2\x64\x72\xe2\x93\x23\xb5\xa5\x1f" "\x71\xcf\xac\xc8\x18\x3f\x2b\x10\xf8\x32\xa1\xab\x96\x16\xbf\x7e\x3e" "\xa5\x74\x5e\x5d\xcd\xf0\x6b\xb7\xdd\xdb\x9e\x8e\x3a\xea\x13\x40\xbd" "\x40\xb4\x70\xe7\x6f\xdf\x4d\xd1\x14\xf4\x7a\x0c\xc3\x1c\x82\x97\x51" "\xb4\xa7\xc4\x95\x75\x09\x42\xad\x4f\x4e\x16\xcb\x94\x49\x40\xde\x28" "\xcd\x4e\x7e\x2c\x30\x2c\x0e\x8c\xea\xeb\xd8\x11\x9d\x18\x65\x04\xaa" "\xbb\x9a\x72\x01\xe9\xb8\x87\x54\x1f\xb5\x13\x02\x51\x92\xb3\xbe\xf3" "\x26\xc3\xcc\x43\x2b\x17\x22\x93\xdc\xf1\x28\xef\xa3\xf8\x7c\x92\xd7" "\x81\x45\xcc\x92\xe3\x80\xb9\x5a\x3d\x8e\x57\xfa\xaf\xf9\x84\x50\x7e" "\x7c\x88\x6d\x65\xa3\x79\x53\x0d\x24\x51\x63\x29\xbf\xa7\x02\x83\x16" "\x1e\xd5\x4f\x4b\x9d\x4d\xe1\x0c\xb6\x27\x04\xae\xdd\x0c\xe6\x03\x48" "\xd8\x3c\x05\x39\xab\x7d\x63\xaf\x00\x15\xbe\x36\x29\x66\xf6\x00\x40" "\x3b\xea\x9d\x1f\x1f\xbc\x5d\x77\x7a\xa3\x89\x74\x52\x86\x8a\x73\xa7" "\xc1\x4d\xca\xef\x78\x13\xa5\x15\x54\x9f\xee\x30\xf5\xe7\x08\x53\xd9" "\xb1\x60\x67\x5b\x9f\xbb\xde\x6e\x84\x54\xf9\xff\x02\x96\x93\x6a\x33" "\x21\x58\xe1\xe2\xbe\xe1\x7e\xdc\xb6\xa4\x34\x65\x66\x91\x10\xae\x90" "\xb4\x5f\x37\x65\xc5\xcf\x64\xbe\x4f\x24\xba\xf4\x8f\xde\x4d\x26\x47" "\x53\xe3\xf5\xf7\x6f\xfe\x22\x9f\xc7\x09\xd1\xb9\x19\x09\xdb\x23\x8e" "\x7e\x98\x09\x05\x25\xca\xcc\x28\xe1\xe7\x01\x5d\xc7\xb1\x23\x66\x53" "\xcf\x9d\x1a\xfa\x11\xe0\xb3\x5a\xae\x8d\x3a\xa1\x57\xbf\x73\xfc\x61" "\xab\x07\x39\x1e\x63\xbb\x35\x5b\x8b\x53\x98\x1f\x47\x3c\x9e\xf8\x3c" "\xaf\xed\x0a\xe3\xa6\x86\xf2\xa8\xeb\x4a\x9e\x4e\x31\x05\x37\xeb\xfc" "\xdc\x6a\xeb\xd3\xf8\x1e\xc8\xda\x74\x59\x38\x5e\x25\xfd\x4b\x0b\xa7" "\x97\x4e\x05\x44\xa9\xba\x2b\x50\x14\x62\x37\xd2\x17\x60\x55\xb3\x03" "\xb4\xc1\xf0\x84\x7f\x78\xbc\xb4\xdf\x6f\xc2\x19\xb7\x3b\x92\xb1\x98" "\xee\x5e\x77\x9d\xc9\x4d\x9d\xfe\x88\x7b\xa1\x81\xf5\xe4\xcb\xf1\xf4" "\x2c\x35\x86\x5f\x94\x1f\x45\x7b\x34\x29\x73\x44\x7d\x8a\x5c\xf0\xfd" "\xad\xbe\xb0\x14\xd9\x8e\x96\xb7\x53\x9b\xaf\xb7\xd5\x88\x21\x6d\x4d" "\x43\x30\x51\x52\xc4\x81\x56\xb7\x7a\x8f\x43\xf5\x25\x20\x9b\x07\xaf" "\xae\x83\xe1\x84\xd8\x2a\x15\x6a\x1a\x2b\x88\xbc\x17\xdb\xf4\xa7\x40" "\x3a\xdf\x85\xcc\xbd\x31\x33\x4e\x79\x25\x06\x91\x09\xe6\x6e\xc7\xf0" "\xc8\x85\x1c\x5a\xf8\xc5\xfc\x8e\xc4\x3e\x94\xcb\xc2\xf6\xd5\x8e\xd0" "\x03\x6a\x79\x66\xfa\x79\x7f\x53\x71\x40\x81\xd6\xad\xb4\x75\xfd\xdd" "\xb5\x03\x13\x31\x62\x7b\xac\x9f\xa6\x11\x32\xf3\x9e\xe0\xe3\x6e\x02" "\x19\xe0\xe5\x1f\xbc\x91\x5e\xd8\x80\xbc\xf8\x77\x4e\x85\x78\x2f\x53" "\xe8\xef\xd4\x6b\x32\x43\xdf\xab\x35\x57\x39\xd5\x83\x57\x6e\x80\xf0" "\xc3\x27\x59\xeb\x82\xd6\x9e\xc8\x7f\x41\xf9\xb7\x91\x17\xe9\x67\x10" "\x7c\xda\xfe\x03\x15\x47\x31\x89\xbe\xab\xc8\xdd\xf3\xa5\x63\x95\xb8" "\xed\x47\x22\xc9\xae\x96\xac\x03\xc4\x87\x9a\xf5\x9f\xda\x6e\x33\x7b" "\x87\xe4\x1f\x19\x38\x24\xc7\xee\x6d\x97\xf9\x88\x87\xbf\x25\xea\x28" "\x0d\xf6\x6f\x3f\xd2\x96\x44\x50\xfd\x20\x4e\xeb\xe6\x05\xba\xbf\xe2" "\xc4\xfd\xea\x61\x89\xa1\x5f\x3b\x16\xed\x80\x4b\x3c\x8f\x57\xcd\xdb" "\xad\xb4\x8a\xa6\x14\xa7\x22\x96\x0e\xe8\xe7\x67\x6a\x40\x57\xa0\x1b" "\x15\xd0\x51\x8c\x06\x01\x7d\x39\xb0\xcf\x2e\x87\x38\x1a\x55\xb4\x50" "\xcd\xfd\x8a\x8f\xe0\x1c\x7b\x05\xb1\xfe\xe0\xc2\x72\xad\x8d\x01\xaa" "\x29\x02\x91\x06\xd6\x3b\x53\xd4\x11\x1c\xaf\x9e\xda\xed\x2b\x3f\x44" "\x8e\x1b\xec\x3c\xf3\xc1\xdf\x10\x5a\x60\x28\x4e\x6a\x45\xec\xa7\x72" "\x6e\x2c\x34\x1d\x6f\xb6\xfc\x25\xf4\xba\x3e\xd4\x06\xad\x94\xf4\xad" "\x8d\x60\xe1\xf3\x0a\x84\xee\xd2\xd9\xfc\xb4\x28\x98\xfb\x7e\x65\x76" "\xf0\x5a\x19\x68\xd1\x51\xac\xa1\x86\xae\x65\x0c\xa5\xff\x48\x3f\x0d" "\xbe\xf7\x4e\x6a\x73\xb5\x91\x60\x6f\x14\x26\x2b\x98\xa6\x66\x5a", 4096); *(uint64_t*)0x20000058 = 0x1000; *(uint64_t*)0x20000060 = 0; *(uint64_t*)0x20000068 = 0; syscall(SYS_writev, r[1], 0x20000040, 3); break; case 4: memcpy((void*)0x20000080, "\x29\x02\x09\x5c\xb9\x06\x00\x85\x90\x00\x00\x00", 12); syscall(SYS_setsockopt, r[1], 0, 0x20000000000001, 0x20000080, 0xc); break; } } int main(void) { syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0); loop(); return 0; }