// https://syzkaller.appspot.com/bug?id=9f27e880d757d8e1b7bebd36a4c391fccb92f134 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); if (pthread_create(&th, &attr, fn, arg)) exit(1); pthread_attr_destroy(&attr); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv; rv = vsnprintf(str, size, format, args); if (rv < 0) exit(1); if ((size_t)rv >= size) exit(1); } #define COMMAND_MAX_LEN 128 #define PATH_PREFIX \ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin " #define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1) static void execute_command(bool panic, const char* format, ...) { va_list args; char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN]; int rv; va_start(args, format); memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN); vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args); va_end(args); rv = system(command); if (rv) { if (panic) exit(1); } } #define DEV_IPV4 "172.20.20.%d" #define DEV_IPV6 "fe80::%02hx" #define DEV_MAC "aa:aa:aa:aa:aa:%02hx" static void snprintf_check(char* str, size_t size, const char* format, ...) { va_list args; va_start(args, format); vsnprintf_check(str, size, format, args); va_end(args); } static void initialize_netdevices(void) { unsigned i; const char* devtypes[] = {"ip6gretap", "bridge", "vcan", "bond", "team"}; const char* devnames[] = {"lo", "sit0", "bridge0", "vcan0", "tunl0", "gre0", "gretap0", "ip_vti0", "ip6_vti0", "ip6tnl0", "ip6gre0", "ip6gretap0", "erspan0", "bond0", "veth0", "veth1", "team0", "veth0_to_bridge", "veth1_to_bridge", "veth0_to_bond", "veth1_to_bond", "veth0_to_team", "veth1_to_team"}; const char* devmasters[] = {"bridge", "bond", "team"}; for (i = 0; i < sizeof(devtypes) / (sizeof(devtypes[0])); i++) execute_command(0, "ip link add dev %s0 type %s", devtypes[i], devtypes[i]); execute_command(0, "ip link add type veth"); for (i = 0; i < sizeof(devmasters) / (sizeof(devmasters[0])); i++) { execute_command( 0, "ip link add name %s_slave_0 type veth peer name veth0_to_%s", devmasters[i], devmasters[i]); execute_command( 0, "ip link add name %s_slave_1 type veth peer name veth1_to_%s", devmasters[i], devmasters[i]); execute_command(0, "ip link set %s_slave_0 master %s0", devmasters[i], devmasters[i]); execute_command(0, "ip link set %s_slave_1 master %s0", devmasters[i], devmasters[i]); execute_command(0, "ip link set veth0_to_%s up", devmasters[i]); execute_command(0, "ip link set veth1_to_%s up", devmasters[i]); } execute_command(0, "ip link set bridge_slave_0 up"); execute_command(0, "ip link set bridge_slave_1 up"); for (i = 0; i < sizeof(devnames) / (sizeof(devnames[0])); i++) { char addr[32]; snprintf_check(addr, sizeof(addr), DEV_IPV4, i + 10); execute_command(0, "ip -4 addr add %s/24 dev %s", addr, devnames[i]); snprintf_check(addr, sizeof(addr), DEV_IPV6, i + 10); execute_command(0, "ip -6 addr add %s/120 dev %s", addr, devnames[i]); snprintf_check(addr, sizeof(addr), DEV_MAC, i + 10); execute_command(0, "ip link set dev %s address %s", devnames[i], addr); execute_command(0, "ip link set dev %s up", devnames[i]); } } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 160 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } } int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); sandbox_common(); if (unshare(CLONE_NEWNET)) { } initialize_netdevices(); loop(); exit(1); } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop() { int i, call, thread; int collide = 0; again: for (call = 0; call < 10; call++) { for (thread = 0; thread < sizeof(threads) / sizeof(threads[0]); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { long res; switch (call) { case 0: res = syscall(__NR_socket, 0xa, 6, 0); if (res != -1) r[0] = res; break; case 1: *(uint16_t*)0x20000000 = 0xa; *(uint16_t*)0x20000002 = htobe16(0x4e20); *(uint32_t*)0x20000004 = 0; *(uint8_t*)0x20000008 = 0; *(uint8_t*)0x20000009 = 0; *(uint8_t*)0x2000000a = 0; *(uint8_t*)0x2000000b = 0; *(uint8_t*)0x2000000c = 0; *(uint8_t*)0x2000000d = 0; *(uint8_t*)0x2000000e = 0; *(uint8_t*)0x2000000f = 0; *(uint8_t*)0x20000010 = 0; *(uint8_t*)0x20000011 = 0; *(uint8_t*)0x20000012 = 0; *(uint8_t*)0x20000013 = 0; *(uint8_t*)0x20000014 = 0; *(uint8_t*)0x20000015 = 0; *(uint8_t*)0x20000016 = 0; *(uint8_t*)0x20000017 = 0; *(uint32_t*)0x20000018 = 0; syscall(__NR_bind, r[0], 0x20000000, 0x1c); break; case 2: res = syscall(__NR_socket, 2, 6, 0); if (res != -1) r[1] = res; break; case 3: syscall(__NR_listen, r[0], 6); break; case 4: memcpy((void*)0x201c9fff, "\x03", 1); syscall(__NR_setsockopt, r[1], 0x10d, 0xd, 0x201c9fff, 1); break; case 5: *(uint16_t*)0x20e5c000 = 2; *(uint16_t*)0x20e5c002 = htobe16(0x4e20); *(uint8_t*)0x20e5c004 = 0xac; *(uint8_t*)0x20e5c005 = 0x14; *(uint8_t*)0x20e5c006 = 0x14; *(uint8_t*)0x20e5c007 = 0x20; *(uint8_t*)0x20e5c008 = 0; *(uint8_t*)0x20e5c009 = 0; *(uint8_t*)0x20e5c00a = 0; *(uint8_t*)0x20e5c00b = 0; *(uint8_t*)0x20e5c00c = 0; *(uint8_t*)0x20e5c00d = 0; *(uint8_t*)0x20e5c00e = 0; *(uint8_t*)0x20e5c00f = 0; syscall(__NR_connect, r[1], 0x20e5c000, 0x10); break; case 6: *(uint32_t*)0x20000080 = 0; res = syscall(__NR_accept, r[0], 0, 0x20000080); if (res != -1) r[2] = res; break; case 7: *(uint64_t*)0x200030c0 = 0x20000d40; *(uint16_t*)0x20000d40 = 0x2c; *(uint16_t*)0x20000d42 = 2; *(uint32_t*)0x20000d44 = 0; *(uint32_t*)0x20000d48 = 0x3d; *(uint32_t*)0x20000d4c = 0; *(uint32_t*)0x200030c8 = 0x10; *(uint64_t*)0x200030d0 = 0x20003040; *(uint64_t*)0x20003040 = 0x20003980; memcpy( (void*)0x20003980, "\x59\xfa\xa9\x22\x81\x74\xe5\x6d\x8d\xd4\x4d\xdd\xaa\x0c\x0a\x28\x51" "\xd4\x7c\xa8\xbc\x08\xc6\x98\x82\xe2\x34\xc7\x7e\xba\xed\x71\x5d\x4d" "\x8f\x1f\xfe\x38\x67\xf7\x2b\x86\x8a\x18\x25\xf7\xc7\xc9\x4e\x4c\xee" "\x21\xda\xac\x86\x1f\x95\x21\xb3\x88\x22\x65\x07\xe7\x17\x1b\xd3\x68" "\x08\xd8\x27\x35\x20\x57\x49\x43\xd5\x79\xc4\x3c\x03\x21\x91\xd6\xaa" "\x2d\x0d\xfd\x7d\xee\xed\x92\x2b\x21\x65\x47\xfa\x9c\xc1\xf0\x6c\x3d" "\x08\x23\x26\xcd\x9e\x09\x96\x19\xf8\xab\x1b\xe7\x46\x4d\xfb\x58\x88" "\x81\xa7\x43\x80\x69\x41\x86\xa4\x4c\xd3\xb7\x79\xd2\xb2\xed\x83\x2a" "\xb7\x95\x7c\x05\xd1\x02\xc7\xfd\x79\x5c\xc7\x0f\x8f\x5c\xa8\xc0\xec" "\x22\x72\xbc\x74\xf3\xa0\x19\xc8\x27\x9e\xa7\x0c\x50\x36\x7b\xd1\x59" "\xb3\x4a\x0e\x04\x84\x88\xad\xcc\x9e\x90\x4c\x39\x1f\xdb\x23\x09\x0f" "\x81\xd6\xca\xce\x40\x4d\xbf\x92\xb5\x0e\xab\x75\x33\xb9\xe2\xf7\x39" "\x48\x16\x82\x58\xa7\x18\x64\x6c\x20\x9c\x0b\x58\xeb\x84\xec\x60\xbc" "\x7a\xf8\x7b\xe0\x4f\xc9\x8a\x24\x4a\x67\xe6\x9e\xc5\x19\xb0\x59\x99" "\xb0\x48\xad\xfc\x46\x9f\xbb\xab\x75\x66\x73\x20\x9e\x54\x8b\x1a\x42" "\x9a\x8a\x06\xb6\x53\x77\x55\x18\x65\x94\x2c\x98\xb7\xf7\x61\xb9\x28" "\x6d\xcd\x18\x29\xe0\x95\x64\xc8\x55\x09\x39\xc3\xf4\xc1\x8c\x95\xdd" "\x6a\x1d\xd5\x2a\x31\xde\x1d\xd9\xed\x0d\x41\x03\x67\x28\x24\x16\x42" "\x73\x8c\x3f\xfe\xc5\x63\x90\x06\x32\x4e\x15\x09\x94\xf7\xcc\xfc\x31" "\x62\x02\x6d\x59\x25\xdb\x63\x7e\xd0\x6c\x48\xd9\x39\x8f\xd7\xc8\x28" "\xa7\xe5\x86\x58\x7a\x42\x35\x30\xab\x1c\x6e\x00\x08\x47\x0e\x9f\x76" "\x52\x67\x88\x47\xbe\x4a\xe9\xa8\x2d\x9e\x1e\x26\x13\xe7\xa7\x80\x54" "\x2f\x74\xff\xe3\x3f\x30\x6d\x68\x35\x86\x54\xc1\xb8\x88\x13\x01\x7d" "\x70\x38\x7d\x19\x1f\xea\x47\x6b\x56\x29\x13\x87\x66\x2a\xc5\xa2\x23" "\xce\x3d\x3b\xe5\x23\xc2\xb0\xa7\x01\x0c\x71\xfa\x4a\x4e\xe7\xd5\x1a" "\x1c\xa3\x1c\x9c\xe1\xed\xbf\x46\x51\x19\x67\xd6\x57\x6d\x01\xee\xa5" "\xf4\x72\x92\x68\x71\x67\xa5\xc3\x00\xef\xbb\xc4\xbc\xef\x9f\x78\x2c" "\xdc\xce\x24\xf0\x4b\x66\x22\x28\x6d\x05\xc6\xe9\xf8\xba\x57\x9a\x28" "\x73\xa2\x43\x33\x46\x8a\x0b\x2d\x3f\xc2\xb8\xaf\x25\xce\xbd\x44\x41" "\x47\x6e\x37\x31\x5d\x71\x76\x32\x9e\x9f\xfa\x7e\x31\x14\xb4\x57\x09" "\x4c\x38\x47\x5e\x14\x1c\x57\x16\xe3\x75\x58\x07\x69\x50\xcc\xdb\x3a" "\x10\x4c\xe7\xb1\xb6\xc9\xfc\xe9\x33\x24\x6f\x30\xec\x78\x72\xb9\x29" "\x94\x02\xc7\x66\x43\x07\xa2\x32\xf1\x01\xf2\x11\x80\x74\x35\xd8\x18" "\xad\x81\x2c\xdc\x7a\x73\xd3\x7e\xfa\x77\xce\xfa\x22\x4d\xef\xb3\x60" "\x18\xd4\x44\x5b\xfc\xf2\x69\x14\x81\x78\xf5\x78\x71\x0a\x46\x9d\xfd" "\x02\x78\x6c\x75\x6e\xae\x7f\x80\x6d\x80\x82\xf3\x32\x34\x39\xf9\x49" "\x9c\x8d\x52\x14\x2c\xc8\x20\xdf\x3c\xb5\x45\xc0\xd5\x85\xf0\xcb\xa7" "\x3c\xeb\xe9\x6a\x7c\x85\xc9\xa4\x96\x9e\xfb\x6b\xb5\x33\xe6\xe0\xe8" "\x4c\x5b\xfb\x89\xfb\x64\x28\x34\x32\x83\xd2\x42\xe3\x92\x34\x9a\x20" "\x13\x91\xeb\x05\x3b\x84\xf2\x2f\x83\x71\xfc\x7c\x90\x3f\x51\xfb\xc3" "\x7a\x17\x80\x10\x5e\xe8\xff\xb3\xc8\x92\xe2\x1b\x28\x57\x4c\x64\xc4" "\x08\xaf\xce\x3e\x01\x28\xe7\x5b\x07\x41\x86\xa5\xde\x7a\x93\xce\x8d" "\xae\x8a\x8b\x8a\x13\x8d\x4f\xeb\x10\xfb\x48\x44\x45\x63\x33\x1f\xe1" "\x6d\x63\x73\x71\xc3\x03\xdf\xf5\xdb\x5a\x88\xf0\xa1\x8d\x37\x5d\x6b" "\x2a\x3a\x9f\xbc\x8f\x0d\x9a\x9a\x8a\xe7\x83\xa5\xd2\x97\x8a\x31\x37" "\xe2\x60\x37\x5f\xcf\x04\x7e\xc6\x69\x19\x71\x54\x32\x7c\x23\xb9\xdb" "\x91\xf9\x05\xe5\xef\x60\x55\x76\xf2\x07\x7e\x68\x88\x3f\x1b\x9b\x1c" "\x87\xcf\xdf\x9c\xc0\x61\x3e\x30\xa3\x15\x1b\xa9\x78\x02\xfa\xcb\x61" "\x42\xf8\x6f\xe7\x03\x4e\x60\x8d\xb7\xde\x61\xaf\x8c\x79\xef\x16\x28" "\xe1\x37\xa6\x77\x43\x61\x12\x99\x98\xab\xd0\x68\xaa\x6b\xfa\xec\xf9" "\x00\xd4\x80\xba\xc1\x70\x12\x08\x68\x0d\x92\x38\x13\xfc\x11\xfd\xf0" "\x74\x58\x91\xd2\x09\x9a\x47\x37\x77\xce\x39\xaa\x61\x00\x4c\x63\xda" "\xdf\x01\x56\xa8\x1d\x66\x8b\x15\xa0\xc9\x4b\x22\x2a\xf2\x5a\x1a\xfc" "\x86\x5a\xc4\xd6\x78\xbd\x89\x30\xcc\xba\xb5\x3d\xdf\x42\x73\xe4\xa6" "\x4c\xdc\x61\x2d\xd8\x11\x6e\xbc\x2c\xff\x80\x03\xa5\xe6\x00\x8e\xc0" "\xfc\x76\x0f\xbb\x71\x84\x5d\x2b\xbe\x5a\x3a\x25\x24\x75\xc6\xaa\x75" "\x05\xb0\x47\x2c\x2d\xcd\xe8\x08\xfb\xd7\x32\x59\x6e\x8f\xdf\x93\x23" "\x0f\xf2\x58\xfb\xdc\x20\x4e\xfb\x43\xaf\xc2\xda\xd4\x53\x7a\x76\x0d" "\xbe\x1c\xf3\xc1\x10\x68\x4e\x08\x74\x24\xfd\xc5\xb4\x7d\xe0\x4c\x3f" "\xcc\xb5\xce\xca\x9b\xd6\x8a\x46\x1f\xa1\xfd\xac\xbf\xde\xc9\x1d\x80" "\x2e\xdb\xe1\xa0\xc9\x01\x08\xe4\xe8\x71\xbd\x9e\xc1\x76\xb4\x27\x12" "\x25\xa1\xa6\x88\x78\x36\xdb\xd5\x33\x6b\x08\x16\x49\xa4\x0e\x8b\x2b" "\x43\x37\xbc\x05\xd5\xab\x25\x11\x66\x91\x7f\xaa\x45\x57\x64\x0b\xe6" "\x83\xaa\xf8\x4c\xa1\x86\x4b\x36\xea\xfb\xb0\x44\x1c\x1a\x45\x2d\x11" "\xeb\x4d\x26\xae\xa9\xbb\xfe\x85\x5c\x74\x22\xa3\xf6\xfb\xb1\x21\x73" "\x99\x57\x6a\x44\x17\x3e\xe0\x43\xad\x4d\x02\xd9\xb4\xe3\xb2\x59\x00" "\x16\x57\xeb\x63\x2f\x19\x77\x7b\x59\x35\xe9\xcd\x48\x5f\xe3\xc2\xb3" "\xb9\x71\x42\xc4\xf6\x79\xca\x33\xaf\xea\x88\x63\x3f\x63\xc7\xb3\xa7" "\xe2\x81\x33\x47\xaa\x10\x78\x0b\x8a\xd6\xa2\x63\xcf\xac\x1f\x36\x95" "\x6f\x5a\xd9\xbf\x4e\x47\xb8\xab\x7e\xbc\x6d\x15\x56\xb3\x87\xce\xe1" "\x98\xb6\xf1\xe3\xa5\xce\x89\xdf\xc7\x73\x9d\x7d\x06\x1d\x52\x75\xfd" "\x6e\x7c\xf7\x7d\x3b\xf4\x77\x90\x5f\xf8\x53\x83\xc1\xb1\xc8\xda\xd7" "\x3d\x26\x8f\x84\xe2\x72\x8d\xbe\x8d\xec\xa2\xda\x95\x59\x79\x4a\x10" "\xa8\xd8\x96\xee\x9a\xd8\x8b\x04\x2e\x2a\x90\xaa\x27\x2f\x4e\x04\x72" "\x72\xe6\x51\x26\x44\xe2\xab\x32\x9a\xa9\xbe\x1d\xd9\x45\x69\xe5\x88" "\xc3\xbe\xe4\x51\x3b\x98\x52\x1b\x86\x71\x9c\xc0\x26\xd6\x5f\xda\x7b" "\x69\x2e\x8e\xaa\x33\xab\x1c\x30\x3b\x34\xd6\x81\xa6\x71\x45\xf2\x29" "\x3b\x0d\xfd\xae\xc9\xff\xdb\xb9\x50\xc7\x3a\x95\xc5\xd3\x30\x98\x9f" "\xb8\x93\x22\xcd\x01\x1d\xef\x6a\x75\x99\xb1\x61\x18\xa8\xcb\xd6\xce" "\xea\x63\x9f\xd3\xa7\x29\x77\xec\xc4\x22\x59\x1b\x6f\x57\xb9\x02\xbd" "\x1f\x85\xe8\xb0\x95\x2c\x61\xd1\x1d\xe6\xa6\x5a\x85\x57\x32\x10\xf0" "\x78\x18\x1d\xd4\x5d\x88\x92\x12\xbf\xd1\x07\xdd\x6b\xae\xe8\x98\x49" "\x61\x6b\xce\xdd\x6a\xad\x82\x00\xbb\x74\xd0\x05\x55\x18\x3e\x80\x82" "\x14\xf8\xa1\xe5\xda\x12\x22\x43\x36\xaa\xb6\xe9\xa5\x38\xd2\xaf\xb7" "\xf6\x42\x0e\xeb\x25\x0c\xc0\x04\x85\x79\xec\xca\x44\x07\x53\x97\x7a" "\xf7\x81\xf3\x72\x6a\x1f\xb0\x62\x17\x79\xa8\x67\x16\x2b\x33\x41\x8f" "\x51\xab\xbe\x59\xf0\x38\x06\x9c\xdb\xd8\x70\x8e\xf2\x5e\xae\x24\x7f" "\x97\xb6\xb3\x6f\x4b\x75\x9f\xd8\x91\xac\x5b\x2e\x63\xc2\x07\x70\xf8" "\x3d\xc9\x3b\x2f\x4d\x2d\x95\xb8\xb1\xe8\x06\x9f\x60\xf0\x1d\x50\xc3" "\xcd\x32\x09\x63\xa9\x4f\x16\x6a\x47\xa1\x0f\x36\xf6\x04\x91\x7b\xdc" "\x83\xe0\xa3\x7d\x26\xc5\xe6\x50\x18\x9a\x38\x7e\x1a\x50\x54\x24\x57" "\x0c\x21\xea\xa3\xab\x75\xbd\x77\x90\x4c\x1b\x12\xc6\xd7\x1e\x8b\x08" "\x49\x51\x37\x8a\x82\x65\x04\x8a\xc0\x1b\xc8\xf9\x91\x98\xc9\x41\xcf" "\x49\x8a\x08\x40\x5d\x8b\xda\xb0\x0d\xcb\x3e\x48\x54\xe1\xc7\xf1\xa9" "\x07\x07\x9b\x97\xf1\xfe\xe3\xa4\xe8\x55\xe6\xf0\x2d\xcd\x76\x95\x71" "\xa5\x75\xaa\xbf\x74\xa4\xd5\x37\xcb\x8d\x3f\xda\x4a\x4a\x39\x5a\xcb" "\xbe\x27\x69\xd0\x21\x52\xcb\x22\x48\xd1\x0d\xb8\x80\x26\xfe\xba\x89" "\x27\x54\xee\x51\x3f\x66\x9f\xdb\xb6\xce\x5c\x32\x21\xa3\x6a\xed\x6d" "\xf5\x86\x7d\x35\x6e\xe9\x58\xc7\x58\x1f\x7f\xb7\x89\xff\x10\x8b\x21" "\x09\x5f\x2e\x8c\xe1\x8a\x56\x3f\x5d\x7c\xd8\xc7\xd4\xf3\x5e\x81\x59" "\x72\xf4\xc8\x6a\x5f\x48\xaf\xb6\x00\x36\x9b\x60\x64\x9c\x71\x98\xae" "\xb8\xd7\xc5\xa1\xbf\x6c\xf8\x64\x46\xc9\xd3\xa9\x7d\x6e\x16\x97\x71" "\xa9\xc9\x27\x17\x8f\xd9\x05\x4e\xfc\xbf\x9a\x23\x48\x63\xa0\x72\x1a" "\xf9\x62\xe9\x63\x5a\xd3\xd9\xde\x3c\x58\x60\x02\x10\xe4\xf6\x4f\x1b" "\x09\xb5\xd5\xc5\x06\xf0\x90\x65\x65\xd0\x1f\x9c\x0f\xbb\xc9\xdd\x9e" "\x0b\x85\xde\x87\x1f\x17\x65\x6c\x1e\xce\x70\xf0\xcf\xac\xf5\x75\x21" "\xaa\x0c\xc0\x6a\xf1\xc3\x42\xec\x6d\x6a\x10\x35\xed\x96\x47\xd1\x60" "\x4c\x84\xb2\x49\x9c\xff\xf9\x7e\x28\x58\x27\xf3\x4f\xec\x66\xa2\x6e" "\x7b\xd7\x10\xc4\x76\x25\x40\x9a\xe4\x39\x66\xd8\xa2\x69\x2f\xb8\xdb" "\xa7\xd4\x8e\x37\x6b\xee\x36\x01\xe0\x5b\xcf\xb0\xba\x3b\x32\xee\x36" "\x8c\xb3\x39\x35\x40\xb0\x1c\xbc\xe9\x51\x3b\x6f\xb4\xec\xb2\xc7\xd1" "\x09\xf8\x90\x30\x30\x11\x65\xfc\x0d\x2b\x68\xbb\x43\x79\xd8\xe4\x8d" "\x77\xdb\x58\xa5\x05\xf8\xd4\x71\x94\x8d\xc4\x37\xf4\x8d\x23\xac\x84" "\x88\x02\x0e\x3f\x19\x79\xfc\x64\xaf\xe6\x66\xfb\xea\xb4\xc6\x37\xef" "\x8b\xe4\xf0\xf2\xcf\x20\x4b\x70\x6f\x23\xf5\x4e\xa1\xec\x9f\xe4\x32" "\x4b\x80\x4c\xf2\xae\x3a\xa6\xc5\x97\x17\x7e\x95\xe7\x5a\xdb\x0f\x16" "\x86\xd4\xc6\xe5\x51\x05\xa2\x34\x0e\x32\x47\x8b\xd8\x7c\xba\x46\xf6" "\x36\x4b\xea\x85\x72\xc7\x4a\x64\x13\x2f\x62\x1c\x0a\xe9\x3c\xf3\x02" "\x1f\x2c\xca\xe2\x8b\x5f\xdf\x5b\x66\x3a\x3f\x1d\x38\x40\x04\x86\x4d" "\x2d\x1c\xa5\x20\x0d\x10\xbd\x7e\x17\x0f\x07\x17\xf8\x53\xf3\xe1\x75" "\x27\xc9\xba\x5a\x3f\xf2\xba\xd5\x6c\xb9\x68\x99\x93\x91\xae\x3b\x47" "\xbd\xbb\xe8\xf5\x00\xc8\x7e\x7b\x97\x52\x10\xff\x42\x7a\x6b\x4f\x65" "\x5a\xb0\xa9\x9b\x43\x61\x51\x34\x4b\x1b\x8f\x90\xcd\xa3\x4a\xb7\x1d" "\xd6\xeb\x5c\x43\xf6\xf7\x2d\x5c\x41\x30\xc9\x1f\x30\x19\x28\x96\xf0" "\x9b\x10\x8f\xc1\xad\x7d\xc4\xa0\x8a\x02\x89\x29\xa6\xd4\x72\x92\x62" "\x2a\xbe\x3f\xd5\xd9\x7a\x24\x2d\x05\x72\xd7\xab\x34\x9b\xde\xb0\x14" "\xfb\x72\x03\x52\xd0\x78\x2f\x36\x0d\x3e\x76\x93\x7b\xd6\xd6\x56\x72" "\x47\xc7\x6f\x20\x7d\x4b\x23\x2b\xd3\x2c\xb7\x70\x04\x94\xb0\x62\x66" "\xf3\x7b\x65\x18\xc1\xcd\xf1\x65\x0a\x5e\xce\x94\x80\x7e\x96\x64\x0a" "\x0f\x62\xb3\x1b\x0a\x57\xc2\x50\x46\x77\xd8\x10\x03\xf2\x4f\x5d\x29" "\xed\x6e\x89\xd9\x48\xb5\x10\x78\x3e\xe6\xb9\x67\xf4\x16\x97\x5e\x58" "\xd7\x21\xb7\x18\x80\xee\x14\xf1\x10\xd0\x71\x4a\x54\x0f\xc4\xab\x31" "\x69\x51\xf6\x0e\xb7\x5f\xbe\x22\x5a\x0c\xed\xd1\xb2\x2d\x6b\x0b\x85" "\x5c\xd5\x27\xa0\x53\xcf\xf9\x6c\x07\x7d\x1d\xcf\x11\x91\x66\x72\x62" "\xeb\x77\xf3\x22\x02\x0b\x17\x69\x5a\x77\xc5\x61\x26\x98\x6e\x90\x67" "\xd7\x84\x5b\x03\x9c\xe5\xd8\x91\x71\x75\x90\x60\x8a\xed\x1b\x5d\x40" "\xbd\xd6\x80\xba\x90\xda\x52\x1f\x71\xde\x51\x16\x52\x6b\x56\x50\xfb" "\xb4\xb6\x20\x2f\xbf\xd3\x71\xfc\xe9\xae\xe9\x81\xa9\x0c\xa1\x82\xde" "\x3f\x60\xff\xa5\x5b\xde\x85\x99\x98\xec\x8e\xaa\x89\x2f\x8d\xae\x11" "\xf1\xaf\xca\x98\x9c\x56\xfa\x3e\x41\x37\x80\xe4\x29\xe6\xee\xed\x9c" "\xe0\x2c\x75\xf5\x92\xcc\x19\xd3\x5b\x54\xdf\x28\x34\x2c\xb2\xfa\xb1" "\x79\x90\x2b\x5d\xa4\x49\x6b\xf3\xd9\xfa\xe7\xf9\x56\x41\x5b\x49\xa2" "\xd8\x3e\x5f\x71\xbd\xe1\xad\x1c\xcd\x55\x10\xd6\xdf\xff\x88\x20\xf2" "\x72\x40\x45\x98\x79\xa4\x3f\x73\x18\x3a\xcf\x25\xeb\xdb\xa5\x74\xd9" "\x8b\x33\x16\x4a\x52\x27\xa6\x93\xcf\x3a\x16\xaa\x3c\x55\x0c\xcd\xcf" "\xf8\x46\x64\x94\x77\xd9\x08\x7c\x8b\x79\x65\x0e\x9c\xb6\x2c\x85\x9d" "\xd9\x09\x2b\x72\x2a\x83\x24\xc4\x65\xf1\xad\x8a\x71\xec\xa7\xc8\x8f" "\x69\x3c\x1e\xc5\x43\xe8\xa9\x57\x6a\xe9\xb4\xff\xc1\x2f\x67\x69\xb1" "\x29\x3e\xc2\x8b\x9c\x7c\x96\xb2\xb0\x7e\xb9\x71\x5a\xb5\x3b\xaa\x25" "\xff\x58\x3a\xd7\x87\xba\xca\xe4\x20\xce\xb5\x0c\x5b\xf6\x82\x58\x41" "\x82\x36\xe8\x63\x46\xf8\x59\xb9\x56\xfa\x5b\xf8\xac\xa7\xe5\x61\x3f" "\xa2\x7e\x4a\xf2\x1a\x1a\x7b\xbf\xec\x4d\x85\xa6\xe7\x5e\xb4\x01\xaf" "\x45\x60\x0b\x8e\xed\xd8\x66\x2b\x9c\x2b\x24\x47\x4d\x9e\x55\xdc\xc3" "\xc2\xff\x1b\x33\x5e\x21\xf0\x7c\xe5\x26\xa1\xeb\xa1\xd5\xd7\x84\x0d" "\x3e\x1f\xbb\x65\xdf\x9a\xfb\xbe\xda\x9c\x72\xdb\xd7\xa5\xd5\xad\xbc" "\x21\xae\x2e\xe1\xa8\xa4\x6d\xf3\x91\x34\x18\xf5\x0c\xf2\xa0\x48\x2d" "\x8e\x9b\x01\xe2\xae\xfa\x66\xad\x64\x0a\x90\x27\xe6\xf0\x15\xa7\xfa" "\x79\xf8\x0b\xc3\xb0\xb4\x49\xae\x6d\x45\x49\x4d\x53\x06\xea\xf7\x8d" "\x03\x2a\x72\xaa\x8d\x4c\x71\x7b\xc0\x18\x0c\x2e\xad\xcb\x5c\xcc\x17" "\xea\x9f\x9d\x86\xc9\x43\xc4\x6f\x8c\x40\xd0\xbf\xc0\xfc\x6b\x66\x21" "\x56\x50\xd4\xa1\x4c\xdc\x50\x4c\x67\x41\xcc\x78\xd4\xfa\x94\xe2\xa6" "\x4a\x1d\x73\x69\x06\x4e\x85\x3d\x17\x6a\x2a\x7a\x0a\x0f\xba\x7e\x55" "\x16\x09\x40\x38\xb1\xa0\x17\xa0\x9a\x3c\x47\x20\xd1\x38\x5c\xc8\x45" "\xdb\x8d\x68\xf2\xf2\xfa\x58\xae\xec\x1a\x4b\x1b\xf2\x3c\x95\x80\x2a" "\x7f\x1a\xa3\xcd\xe9\x6a\x10\x16\x30\x46\xe2\xc4\x81\xbc\x69\x56\xb5" "\x7d\xc1\xa9\x81\x4e\x60\xca\xce\xd6\x70\x2b\xdf\xf9\xc9\x7f\x5b\xa1" "\xf7\x92\xaf\x26\x4a\xff\x5f\x4d\xd0\xed\x59\xb4\xcf\xce\x5f\xfd\xe1" "\x2e\xb6\x6f\x5a\xc3\x8c\x65\xcf\xce\xb0\xf9\xb6\x10\x38\x55\xc3\xb8" "\x0e\x04\x83\x65\x9b\xda\xa9\x19\x58\x07\x37\xaa\xa3\x22\xc6\xf6\x2f" "\x92\xbc\x6c\x23\xb1\x7c\xf1\x02\x0d\x4b\x98\x03\xd7\x18\xc9\xf9\x87" "\x18\x55\x88\x16\xdd\xa5\xfc\x22\x57\x49\x2d\xda\xb3\x5b\x01\xd8\x4a" "\xa2\xfa\x40\xa0\x57\x38\x05\xf7\xe0\xad\x91\x59\xb3\xe2\x73\x5b\xd9" "\x08\xe1\xbb\x72\xc0\x00\x10\xb9\x18\xbb\x5b\x8b\xdb\x9d\x11\x44\x67" "\xce\xeb\xf4\xf5\x71\x9a\x36\xf2\xba\x0f\xc7\x28\x8d\xb3\x05\x8f\x52" "\x6b\x89\xc4\x0b\x96\x1b\xf6\xfb\xaa\x4e\xc6\x1e\x1f\x5d\x95\xf5\x68" "\x6d\xe4\xde\xde\xbe\x49\x28\xed\x55\x7a\x2e\x6d\xa0\xec\x72\x61\xf9" "\xee\x6f\x23\x30\xf5\x2b\x04\x85\x79\x1a\x3c\x7e\xf2\x65\x25\xf2\x87" "\xf0\xb5\x10\x4d\x63\xee\x48\xdb\x7e\x73\xb4\xcd\x52\x48\x6e\x2c\x3c" "\x37\xc3\x26\x0d\x8d\xc1\x77\xf7\xa0\x23\x5d\x3a\x93\x12\x7e\xf5\x41" "\xea\x1a\x00\x80\x2c\xc1\x1f\x44\x8a\x91\x8f\x25\xa7\x26\x53\xdf\xd2" "\x51\x25\xae\x72\x07\x00\x14\x4d\x6b\x3d\x14\xb2\xbc\xc7\x21\xfd\xcd" "\x8f\x85\x3e\x35\xfb\xb3\x6f\x66\x85\x03\xf5\xc9\xb9\x03\xf5\xf2\x85" "\x25\x1b\x57\x15\x17\xf8\x8a\xd1\x3a\x77\xb5\xe8\x1e\x0c\xec\x24\x41" "\xca\xd7\x0e\xda\x43\x77\x8b\x26\xff\x36\x1a\xaa\xdf\x4e\xfa\xe0\x5f" "\x35\xa4\xb6\x34\xe4\x55\x4c\x03\xce\x94\xb2\x5c\xa9\xfc\x5d\x9d\x7e" "\xea\x5d\xa0\x8c\xf1\x67\x89\x4c\xf8\x8f\xa4\xda\x86\x0e\x00\x2c\x40" "\x7f\x72\x0e\xde\x10\x38\x9e\xa9\xc9\x3c\xaa\x6d\x7c\x32\xa5\xf3\xf2" "\x65\x1d\xb9\x2c\xed\xdc\xde\xec\x55\x95\xae\x41\x9f\x14\xee\x02\x48" "\xb2\x6e\x0d\x57\x9e\xe4\x47\x5d\x57\x6e\x97\x1e\x4d\xdb\xb8\x45\xa3" "\x88\xbe\x67\xd9\x1b\x12\x86\xd7\xc8\x91\x94\xd5\x66\xac\x6e\x6b\x6f" "\xed\x67\x48\x9e\xa7\x09\xf7\xce\xa0\x80\xfc\x82\x40\xce\x8b\x77\x9d" "\x0d\xdb\xd7\x70\x13\xd6\x3f\x34\xe0\xf6\xc3\x5b\xfc\x3c\xee\x54\x10" "\xf3\x54\x1d\x88\x3b\x85\x52\xeb\x76\x8e\xc1\x36\xf8\xea\x70\xe8\xa3" "\x3b\x39\x63\x7e\x92\xad\x3b\x9c\xe2\x68\x6a\x41\xd1\x7c\xbb\x19\xb9" "\x88\xa8\x3f\xe6\x26\x9a\xef\x24\xc2\xfc\xef\x74\x24\x33\xb0\x04\xbe" "\x85\xaf\x89\x8c\xc0\xfd\x81\xe0\x40\xf6\xf8\xb1\x7b\xf7\xfb\xf4\x2c" "\xae\xa2\x72\x15\xb4\xd4\x79\xe9\x47\x00\x20\xbb\xfc\xda\x3a\x8a\x04" "\x1c\x14\xc2\x56\x9f\x26\x2d\x79\x76\x40\x82\x4b\xdf\xc2\x43\x2d\xa3" "\x26\x3c\xbc\xf2\x52\x5f\x18\x5b\x09\x97\x3f\xfb\xc3\xab\x75\xde\x16" "\x3b\x22\x86\xfa\xf4\x8f\x93\x7e\x63\x94\xb6\x44\x29\xf9\xf2\xc8\xc9" "\xca\x46\xbb\xe7\x7b\xc7\x19\xcd\xc0\x38\xea\x67\xd9\x6b\xa5\xdf\xeb" "\xde\xb4\x2b\x77\xfd\x1d\x46\x82\x16\x78\xea\x45\xd1\x19\xbe\x27\x76" "\x40\xdf\xc0\xde\xcb\x6a\xec\x6d\x77\x28\x3a\x8c\x9b\x33\xa1\x00\xb6" "\x7e\xca\xed\x88\xdd\xe6\x92\xef\x24\xaa\x58\x67\x4f\xa3\x97\x54\x9d" "\x23\x5b\x88\x66\x5f\xd5\x8e\xea\x80\x1e\x64\xc7\xb1\x0a\x47\xdb\xf6" "\x1f\x7a\xc0\x74\x24\xb4\x16\x5e\xf0\x91\x8b\x1b\xee\xbc\x35\x85\x48" "\x15\xe9\x89\x9f\xe7\xd5\xe4\xab\x2a\xa1\x58\x46\x24\x3a\x0f\x2c\xce" "\xd5\x12\xd2\xb8\x1d\xa5\x30\xf2\x17\x53\x51\x9d\x64\xdd\xf7\x61\x14" "\x10\x04\x0d\x35\x43\x96\x11\x2e\x88\x87\xd2\x28\x04\xe3\xde\x65\x59" "\x3d\x72\x2b\x1e\x8e\x59\xd5\xc8\x50\xe8\xf7\xbc\xac\x5a\x40\xc6\xb0" "\xd4\x7f\xa3\xe9\x34\xec\xb8\x0f\x82\x58\xf1\x58\xe2\x09\x11\x8f\xc3" "\x07\xad\x9c\xdf\x07\xee\x6a\x22\xcd\xb3\x57\xf1\x9f\xeb\x1a\x2b\xea" "\x57\xb3\x27\xeb\x30\xf0\x52\x6b\x4e\x6d\xf3\xa8\xab\xb2\xeb\x87\xed" "\xf2\x65\xf0\x40\xc9\x53\xf3\x80\xc1\xe4\x6c\xbe\x82\xa3\xe8\x51\xba" "\x65\x9d\x33\x5c\x15\xaf\x99\xac\x6e\x87\x8c\x81\xe5\xdd\xab\xf5\x0a" "\xd8\x5b\x66\x10\x8c\x84\xb4\x3a\xa4\xb6\x74\x89\x96\x4f\xa7\x65\xcf" "\xca\xdf\x93\x27\x25\x8f\x79\xd6\x95\xe1\x35\xb8\xf6\x5f\xaa\xda\xdb" "\x9f\x4d\x1b\xb1\x7a\xf3\xe6\xff\x86\x0b\x6b\x70\x6a\xed\x70\xd4\x3f" "\x6f\xca\xb0\xfa\x56\x81\x52\x0a\x7a\x63\x4d\x7b\x56\x73\x41\x7c\x43" "\x2e\x0a\xf0\xec\xbe\xf7\x91\x71\x3d\x1f\x8b\xb7\x9c\xf4\x5a\xcb\x38" "\xf2\x70\x5f\x56\xfa\x11\x31\x38\xe6\xde\xbb\xe2\xb1\x0e\xaa\xd4\xcd" "\x5d\xa9\xc7\xb9\x04\xc9\x8e\x9c\x6c\xf1\xbe\xcc\x9a\x60\xcb\x13\x95" "\x81\xb3\x92\x53\xdb\x92\x43\x60\xdd\xcf\x95\x4b\xab\x42\xf3\x3b\x19" "\xaa\xb4\xfe\x28\x4e\xcb\xe6\xcf\x06\x05\x56\x9a\x4f\xd3\xeb\x4f\xff" "\xf9\x57\x62\x65\xa4\xdb\xb5\x5f\x0a\x40\xcc\x76\xb1\xc3\x4a\xb7\x81" "\x6c\xc3\x49\xf4\xb0\x22\x2e\x3c\x75\xbf\x54\x67\xaa\x13\xa2\xdf\x6d" "\xba\xcc\x4e\x44\x6a\x30\x6e\xf8\xde\x0d\xcf\x8f\x65\xbd\xe1\x81\xa2" "\x9a\x46\xe2\x7d\xd6\xcb\x4a\x66\x5e\xbb\x07\x68\xe4\xf4\x08\xa2\x66" "\x70\xaa\x9f\x9e\x7a\xf1\x27\x4a\x55\xbf\x55\x96\xe3\xe5\x16\x6a\x19" "\x9b\x2d\x01\xd3\xa9\x34\x94\xc4\xfc\x7c\xfe\x25\x47\x2b\xe2\xcf\x77" "\x55\x54\xc2\xf5\x58\x05\x24\xbe\xdf\x1e\x8c\x4b\x06\x95\x67\x38\xb6" "\x07\x59\x3c\xa7\x07\x84\x35\x2f\x31\x9f\xab\xa0\x38\x38\xc1\xbd\x19" "\xa3\x43\xc8\xda\x27\x46\x4b\x76\xb0\xcf\x6b\x39\xd5\x0b\x22\x00\x7a" "\x01\xcc\xc7\x91\xf1\xfc\x3f\xc5\xc2\xca\x38\x0f\x96\xa6\xa9\x62\x26" "\x9e\x87\x26\xb9\x92\x95\x7c\x15\xb6\xef\x41\x64\xb7\x79\xf9\x3b\x70" "\xd2\xc2\x88\x53\x81\x75\x3b\xba\x6b\x2f\xe7\x55\x81\xe2\xaf\x41\x46" "\xff\x0b\x3d\x1f\x8f\xe5\x78\x0b\xa4\x8c\xbe\xa6\xc1\x66\x3a\x22\xd1" "\xea\xa4\x2c\xdd\x32\xef\x0f\x60\xb6\x2b\x18\x35\x0c\x7a\x20\xaa\xdf" "\xff\x6e\x21\x09\x7b\x15\x1f\xde\x94\x7f\xd0\x4c\xca\x76\x2f\x7c\x18" "\x00\x3d\xa3\x22\xd3\xa6\x32\x35\x72\x9e\x59\xf3\xbd\xab\x5b\x51\xae" "\xd4\x87\x42\xe3\x84\x08\xa2\x66", 4088); *(uint64_t*)0x20003048 = 0xff8; *(uint64_t*)0x200030d8 = 1; *(uint64_t*)0x200030e0 = 0; *(uint64_t*)0x200030e8 = 0; *(uint32_t*)0x200030f0 = 0x40000; syscall(__NR_sendmsg, r[2], 0x200030c0, 0x4000080); break; case 8: *(uint64_t*)0x20000140 = 0; *(uint32_t*)0x20000148 = 0; *(uint64_t*)0x20000150 = 0x200000c0; *(uint64_t*)0x200000c0 = 0x20000580; memcpy((void*)0x20000580, "\x00\xff\xff\xff\xff\xff\xff\xff\x1c\xdc\xf8\xdb\xd7\xa9\x99\x27" "\x51\x95\x94\xca\x46\x70\x11\x38\xd9\x09\x24\x6d\x95\x72\x65\x41" "\x09\x44\x9a\x1f\xf0\x5e\x28\xd9\x3f\xd8\xcc\xf9\x3c\x88\xee\x8a" "\xc6\x8d\x91\x0d\x94\xb6\xa9\xf8\x5b\x43\x99\xf0\x12\x8c\x1e\x04" "\xd0\xe6\x28\x51\xbb\xde\xc8\xc6\x3f\x9d\xa0\xa0\x0f\xee\x04\x2d" "\x34\xfc\x52\x72\x20\xbe\xcb\x42\x8d\x42\x4e\x27\x67\xee\x63\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00", 125); *(uint64_t*)0x200000c8 = 0x7d; *(uint64_t*)0x20000158 = 1; *(uint64_t*)0x20000160 = 0; *(uint64_t*)0x20000168 = 0; *(uint32_t*)0x20000170 = 0; syscall(__NR_sendmsg, r[2], 0x20000140, 0); break; case 9: *(uint64_t*)0x200001c0 = 0x20003900; *(uint16_t*)0x20003900 = 0x18; *(uint32_t*)0x20003902 = 2; *(uint16_t*)0x20003906 = htobe16(0); *(uint32_t*)0x2000390a = htobe32(0); *(uint32_t*)0x200001c8 = 0x80; *(uint64_t*)0x200001d0 = 0x20000240; *(uint64_t*)0x20000240 = 0x20001f80; memcpy( (void*)0x20001f80, "\xcb\x74\x76\x6d\x55\x7c\x16\x10\x8f\xb9\xf0\x2e\xde\x7e\x8d\xa5\xc3" "\x3d\x77\xf1\x61\x84\xcb\xc5\x00\x2c\x1b\x52\xe1\xb6\xe7\xd9\x32\xea" "\xc8\x74\x0d\x4e\x82\xd9\x99\xca\xd4\x3a\xdf\x91\x2a\x58\x70\x9e\xde" "\x96\xd6\x04\xec\x82\xa6\x89\x46\xfe\x5b\x91\x84\x61\x9f\x21\xa7\x3e" "\xe8\x30\x2e\xb8\xa2\x30\x5e\xcb\x23\x69\x94\x47\xe0\xc0\xd6\x45\x75" "\x6a\xe6\xa7\x6d\x23\x0c\xa4\x0f\xc1\xf3\x37\xd1\x22\xb5\x94\x7b\x05" "\x7f\xe8\x22\x03\x4a\x49\x0d\x3e\x79\x79\xa7\x9e\xe8\x65\xae\x2f\x27" "\x37\x93\xc8\xcc\xa9\x4d\xf6\x2c\x2e\x6e\xae\x87\x7b\xa1\x7c\x73\x4e" "\xc1\xc5\xdf\x10\x6d\xfc\xca\x47\x0f\x18\xce\x32\x7e\xc5\xc3\xe8\xae" "\x34\xa1\xbe\x87\xf1\xee\x40\x6f\x25\xce\xc9\xac\x4b\xba\xdd\xeb\x9f" "\x98\x58\x2d\xdf\xaa\x2e\x33\x30\xb6\x8e\x6b\x19\xe3\x8f\x59\x3d\x49" "\x03\x5c\x75\x44\xe0\x4c\xdb\xb2\xcd\x54\x1d\x7d\x50\xfd\x9f\x18\xc8" "\x9b\xf6\x6a\xc4\x58\x7a\xa2\xf1\x3a\x02\x40\x72\x41\x4f\x1f\xac\x77" "\x89\xc8\xff\x99\xe5\xb1\xc4\x14\x30\xb5\xe7\x6d\xea\x06\xf1\xe1\x88" "\xdf\x43\x4a\x52\xe0\x98\xb9\xc7\x60\xd6\xaf\x41\x40\xb6\xea\xfd\x52" "\xb1\xc9\x7c\x80\x70\x2a\x7d\xeb\xdf\xf6\xa7\xa0\x15\x73\x66\x0e\xea" "\x84\xa1\x16\x7b\x2e\x1e\x66\x35\xa2\x8a\x66\x68\x8f\x8e\xba\x48\xda" "\x0d\x0a\xd4\xa9\x15\x14\xb0\x97\x4a\x73\x6d\xe9\x4f\x2c\xf8\x9d\xcb" "\x9b\x50\xa7\x57\x1f\x83\x9a\xe0\x5f\x96\xa7\xe8\xcc\xce\xe6\xd3\x97" "\xfe\x18\x0f\x8f\x99\xdf\xa9\x8f\x07\x73\x2f\x52\x9f\x66\xde\x19\x34" "\xe6\xb2\x7c\x94\x0f\xd6\xb3\x9a\xcf\x3c\xc5\xb7\x0a\xd0\x28\x4e\x90" "\x90\x34\x37\x56\x5b\x18\xe3\x97\x7f\xde\xb6\x92\x78\x24\x94\x53\x81" "\x3a\x12\xa7\x5e\x63\xe2\x0b\xdc\x70\xb5\x55\x87\xff\xe9\x05\x4d\x9b" "\x7b\xb9\x7d\x10\xa4\xdf\xf5\x11\xb6\xe6\x7a\x4c\xab\x1f\xc3\xa1\x38" "\x25\x09\xa4\x45\xa5\x28\x64\x92\x01\x3d\x84\xe8\xa0\x1f\x29\x92\xc6" "\xf5\x24\xdf\x99\x3e\x06\x2f\x43\x90\x6d\x22\x4f\x96\x3a\xec\x1c\xc6" "\x5c\x13\xec\x95\xd4\x08\x3a\xda\x8a\x13\x2d\x4c\x23\x76\x5a\x4b\xd6" "\x56\x04\xb2\x61\x6f\xf5\x01\x54\xbc\x19\x9e\x9d\x14\x90\xbc\x9a\x8f" "\xb0\xe4\x56\x22\x3a\x93\x7f\x6e\xca\xd7\x23\x5a\xb4\xf0\xcf\x52\x0f" "\x0c\xe6\xb6\x99\x33\x61\x81\x2c\x26\x9f\x9e\x62\x9c\x91\x66\xce\x02" "\x68\x3e\xf9\xec\xf5\x15\x52\x85\x33\xef\xec\xbf\x05\xdb\x71\x14\x34" "\x29\xa1\x09\x80\x72\xf9\x43\xd4\xd4\x9f\xa9\xdb\x9a\x1c\x2b\x2b\x63" "\x19\x28\x29\x28\x5f\x90\x80\xfa\x06\xba\x53\x3e\x00\x09\xb6\x8a\xc5" "\x3d\x7c\xef\x6f\xc5\xea\x3e\xb1\xbb\xf1\x85\x87\x35\x6c\xbe\x83\x3d" "\x10\xc5\xa6\x94\x8d\x17\x49\x3d\x58\x30\x32\x4a\x6c\x29\xd1\xe1\xda" "\xd4\x64\xd7\xa7\xa3\xef\x80\xe4\xb6\xaf\xcf\xae\x1e\x13\xdd\x4b\x6f" "\xb1\xfc\xc2\x0b\x4e\x00\x04\x91\x19\x5c\xe2\x89\xf5\x82\xc2\x8a\xd2" "\x5b\x56\x34\x63\x72\xae\xfa\x99\x7f\x59\x10\xa0\x5b\xec\x32\xe3\xd5" "\x5b\xd4\xdd\x7b\x99\x43\x74\x35\x34\xe0\x53\x33\x1d\xd6\xed\xf1\xd0" "\x41\x05\xff\x7c\x6b\x36\x63\x57\xb1\xd8\x8e\xb8\x34\xdb\x4e\x7b\x44" "\x69\x84\xd5\xc8\xae\x39\x6f\x45\x52\xd7\x83\xf9\x52\x86\xc6\x97\xb5" "\xd2\x99\x34\xa0\x8c\x75\xd7\x52\xf8\x25\xe8\x28\xce\x7f\x5d\xf0\x66" "\x0f\x69\x52\x66\x0f\x7b\xa7\x23\x40\x39\x43\x55\x84\xb6\x3f\x27\xf5" "\x23\x4c\x31\xe1\xcf\x1e\x7d\x7d\xf5\x39\x8d\xec\x5e\xda\x70\xcc\x07" "\x8c\x7b\x2b\x65\x3b\x09\xc5\xfd\x33\x8d\xbf\xd1\x8f\x55\xae\x56\x44" "\xfd\x4c\x56\xdb\x67\xfd\x0d\xcc\xe7\x03\x8b\x3e\xfa\xf5\xbe\x46\x79" "\x31\x9b\x6f\xaf\x7b\x61\x2e\x36\x15\x8c\x2c\x36\xc2\x62\x50\xb5\xf4" "\x81\x04\x53\xd6\xd4\x90\x77\x94\xd1\x74\xb8\x72\x76\x91\x86\xf0\x84" "\xde\xbc\x1a\x64\x2a\xa0\x03\xc1\x4a\x25\x66\xcb\xc7\xc9\x08\x4f\x6f" "\x77\x02\x91\x1f\x25\xad\x57\x29\xb8\xac\xd3\x0e\x66\x79\xb6\x10\x63" "\xd5\xca\x8c\x06\x6a\x3d\x59\x89\xf4\x42\x2e\x84\xfb\x35\xa5\x52\x51" "\x04\x52\x4f\xb7\x9e\x4a\x90\x96\x57\x1c\xbd\xba\x32\xc0\x2a\x58\x7a" "\x8d\x18\x32\x65\x96\xb4\x69\x94\x1f\xd4\xa4\xbd\x96\xff\x56\x6b\x9f" "\xe7\x0b\xed\x7f\xd6\xe0\x98\x49\xc6\x77\xf6\xdc\x3c\xac\x94\x89\x02" "\x59\xf5\xb4\x3c\x12\x40\x2b\x41\x03\x1a\xb4\xeb\x31\x35\xe6\x7c\x8b" "\xaf\xea\x94\x06\xef\x9b\x89\x03\xbe\x8f\xf1\xc3\x9e\xe7\x58\xe3\x8a" "\x1b\x1d\x1f\xa4\x05\x74\xf0\x7a\x15\x7b\x26\x13\x8a\x87\xbe\x1d\xf2" "\xce\xb5\x30\xb3\x7e\x43\x08\x4f\x76\x8d\x78\x6a\x63\xe0\x26\xbb\x53" "\x49\x1b\x45\xc2\x1b\x64\x02\xa7\x0c\x45\x87\xde\xd1\x3d\x34\x4f\xcb" "\xd4\x19\x5e\xe7\xc8\x49\x6a\x28\x9c\xb8\xdb\xc6\x12\x68\x7f\xb5\x71" "\x2f\xf1\x0e\x2d\xa3\xbf\xf1\x66\x1c\x5d\x20\x85\xc6\xb3\x34\x48\x95" "\x4a\x2d\x90\xe6\x48\x8a\x4c\xa4\x07\xd3\x20\x51\x9a\x0d\xe2\x54\x1a" "\x82\x6c\x76\xfa\xc3\xa9\xad\x52\xad\x70\xd8\x03\x8c\xc7\x14\xb2\x25" "\xea\x82\x59\x0f\xf0\x73\x2d\x8b\x25\x8e\x0e\x47\x22\x5b\xe7\xa9\x2a" "\x17\x5d\x2a\xe4\x3b\x4d\xfb\xb7\xb2\x19\x78\x76\xd7\xad\x7f\xa2\x83" "\xd0\xf9\x2e\xb8\xbf\xc4\x10\xf4\xba\x1f\x7b\xd6\x76\xa5\x72\xa3\x06" "\x78\x28\x4f\xbf\xf5\x57\xfc\x5e\x64\x65\x57\x63\xae\x9c\x3e\x26\xc5" "\x4b\x48\x26\x23\x56\x47\x26\x2a\xb2\x83\x48\x21\xd4\x5a\xea\x52\xb8" "\x0a\x0e\x12\x39\x1f\xe9\xf3\x69\x9d\xd5\x5e\x6a\xfa\x13\xef\xc6\x31" "\x8a\x25\xbd\xa8\x70\x5c\x67\xcd\xb5\x84\xfa\x34\xec\x02\x52\x29\x16" "\x19\xa2\x33\x0c\x6c\x44\x8a\x97\x6a\xd5\xfc\x8e\xc0\x95\x0d\x8d\x20" "\x7b\x30\xcf\x4a\xb6\xbf\x49\xa7\x17\x9b\xdb\x60\x74\x9b\xa9\x64\x31" "\x8b\x1f\xae\x38\x00\xe7\xfd\xe6\xfd\xd7\x05\xf8\x6f\xe0\xbc\x21\x8f" "\xa1\xc9\x4f\xb0\x0c\x8f\xe3\x64\x3c\xa8\x70\x4e\xc5\x37\xbe\xa2\x55" "\x96\xbe\x51\x7a\xa3\x6f\x97\x20\x7d\xfa\x37\x57\x20\xd6\x3d\xb0\xbb" "\x02\x38\x71\x0f\xc0\x56\x02\x9f\x04\xeb\x34\x1f\x30\x96\x3d\x48\x64" "\xaa\x9f\x36\x61\x05\x26\xb9\x44\xed\xe2\xf4\xd5\x58\x60\xe7\xd5\xd5" "\x0b\x21\x7f\x88\x0b\x31\xb3\x1a\x23\x64\xc4\x87\x61\x04\x5f\x48\x63" "\x95\x29\x8f\xb6\x34\x06\xfe\x32\x08\xec\x97\xcd\x27\xd9\xf9\xf6\x81" "\x43\x68\xff\x4e\x49\x7d\x60\x8c\x66\x96\x5a\x15\xd3\x9e\x87\x4c\xe4" "\x33\xdd\x5b\x5e\x71\xfa\x1f\x8a\x0c\x61\x70\xbc\x74\x24\x04\x5b\x09" "\x80\xde\xc6\x15\xbc\x4a\x02\x0a\xe9\x78\x65\xf4\x07\x12\x15\x21\x1e" "\x67\xa7\x5e\x65\x4c\x22\x8e\xbf\xc0\xb5\x1b\x4c\xe4\xb3\xf0\x15\xfa" "\x55\xc2\xdd\xf7\x98\x0f\xb9\x9d\xbb\x39\x73\xcc\xff\x90\x74\x4e\x7d" "\x58\x0e\xd0\x5d\x5f\x86\xb5\xba\x33\xa6\x25\xce\xe1\xfc\xa5\x0f\xeb" "\xdf\xe1\x4e\x76\x55\x44\x6b\xce\x46\x6b\x95\x5d\x09\xb6\x8f\x58\x93" "\x54\x73\x2c\x27\x4f\x9b\xc9\x86\xcd\x10\x27\x4e\x93\x12\xe5\xc4\x2c" "\x6b\x0b\xc6\x27\x66\x73\x7a\x7b\x67\x41\xf4\x55\xee\x8c\xce\x0f\xfa" "\xe6\xf4\xb3\xce\x0d\xa4\xa5\x94\xe6\x53\x43\xa5\xe0\x7b\xce\x3b\xf8" "\x70\x3a\x12\x16\x27\x03\x6b\x20\x10\xd1\x31\x72\xa8\xbb\xec\xfa\xb4" "\x95\xc2\xff\x55\x95\x57\x5a\xc9\x56\x64\x77\xc3\x06\x0b\x6a\x44\xa0" "\x56\x8b\x3b\x2f\x9f\xb1\x19\xa0\x86\x5c\xce\xbf\x3a\x4d\xb5\xe1\x4d" "\xd8\x9b\x19\x4b\xdc\x2b\x3a\x43\xcb\xab\x00\xe7\xa4\x0e\x91\x9b\x54" "\x18\x14\x71\xf6\x15\x84\x9c\x16\xfb\x4a\x20\x17\xd0\x7d\x4a\x22\x64" "\xc7\x98\xd0\x9c\xfc\xbc\xe5\xcf\x70\x3d\x3c\x63\xa2\x41\x37\xe1\xbe" "\xcb\xad\x90\x9c\x07\x24\x43\x72\xf4\xe6\x4c\xcc\x45\xc4\xac\xb4\xef" "\xa4\x25\x43\x77\xbb\x92\x80\xe6\x3d\x41\xa9\x06\x06\xa1\xb4\xea\xa3" "\x94\xcc\x82\xcd\xe9\xdc\x9c\x9d\x18\xcc\xcc\x7f\x76\x73\x88\x10\xe4" "\xc8\x15\xf9\x0b\xd5\x25\x26\x1a\x87\xd5\x67\x41\x37\x66\x0c\x00\x05" "\x6d\x83\x4e\x02\x86\xa6\x56\xdc\xf9\xa2\xe2\x9e\xe3\x5d\xbb\x58\x89" "\xca\x54\xc5\x82\x76\xd7\xfd\x8c\x68\xb2\x48\xa8\x9f\xda\x2b\x5d\xcf" "\xaf\xef\xd6\x09\x95\xd1\x1a\xe1\x74\xb8\x0f\x9b\xd6\x31\x06\x4e\x4e" "\xeb\x50\xd1\x91\x8d\xa7\xfe\x77\x23\x0c\x37\xec\x99\xdc\x38\x09\x1a" "\x73\x91\x36\x78\xab\xaf\x94\x4e\xd6\x51\x94\xac\x60\xfd\x9f\x07\x2f" "\xe4\xd9\x5e\x51\xa4\x6b\x0f\xa0\xa7\xd5\x1a\x75\x2f\x05\x39\x77\xab" "\x55\xd8\x07\xc8\x9b\x21\x37\x58\x23\x62\xfa\x48\x8c\x4b\xee\xf9\x67" "\xf9\x20\x59\x6a\x2a\x91\xe6\x1b\x5f\x63\xf1\x97\x3e\x36\xdb\xb4\xfa" "\x5f\xa0\x33\x52\xcb\x7b\x12\x8e\x3b\x30\xc0\x00\x4a\x5a\xfb\xee\xe2" "\x35\xd6\x82\x16\x23\xe2\x23\xaa\x24\x87\xcd\x90\x88\x6d\x5d\x41\xa8" "\xe4\xfc\x78\xad\x9e\x85\xd3\x61\x4e\xba\xed\x75\xae\x8f\xce\xc4\xc5" "\xd3\x5f\xb9\x4e\x96\x34\x13\x05\xa5\xad\xee\xf8\x65\xdb\xb2\x47\xa1" "\x15\xcd\x4c\x94\x87\x3c\x43\x73\x09\x31\x2e\xb0\x77\xe4\xfb\x0d\xb9" "\x16\x5d\x6a\x31\x5a\xaf\x67\xd9\x46\x25\x17\x7e\x11\x28\x21\x3c\xf6" "\xd5\x47\xe7\xa5\x31\xad\x64\xfe\xa2\x77\x14\x2f\x15\xa0\x03\x3f\x44" "\xeb\xc6\x47\x02\xf8\x6c\xf2\x4e\xf4\x80\xcc\xe9\x84\x9f\x66\x5b\x49" "\x82\xcd\x0f\xb5\x98\xe0\xbc\x2a\x7a\x80\xef\xc6\xd2\xc1\xb8\x19\xca" "\x84\xea\xde\xd2\xe3\xe7\x94\x71\xb0\x6c\x0d\x52\x29\x7d\xa0\x41\x19" "\x1a\xb2\xfa\xc0\x81\xfb\xc5\x22\xf4\x89\xda\x2e\x03\x7e\x90\x6b\x9b" "\x71\x79\x10\x92\x46\xa9\xf4\xe2\x2a\x14\x21\x31\x42\x5c\xb9\x30\xa1" "\x2a\x2d\x2f\xf1\xb2\x1e\x7b\x94\xde\x4b\xa0\x11\x05\x6f\xcd\xfc\x66" "\xb6\x99\x94\x91\xf7\xc9\x39\xf0\x9c\x4c\xe5\x05\x55\x11\x54\xaf\xcc" "\xf0\xc0\xa6\x4e\x34\x30\x7f\x41\x0f\xb2\xbb\x8e\x9c\xff\x77\x16\x49" "\x02\xc3\xa6\x27\x7b\x52\xe0\x79\x2d\x44\x27\x1d\x03\x4a\xfd\x02\x1b" "\x6e\xda\x1b\x9b\x94\xbf\xd0\x01\x1b\x0a\x3f\xbb\xe6\x3f\x0e\xc9\xfb" "\x87\xda\x6a\x68\x6a\x67\x88\x04\x25\xf3\xc3\xc5\x00\xc2\x80\x74\x68" "\xab\x4f\x1c\x88\x7e\xd0\xf8\x7b\x1c\x3a\xb4\xa1\x0b\x70\x8e\x23\x5a" "\x1c\x2e\x28\x0f\xb2\x0d\xf7\x1a\x11\x10\xf2\x8e\x4e\xf1\x16\xe2\xe6" "\x53\x2f\x6e\xd2\xf1\x56\xfb\x7e\xc0\xbe\x13\x7b\x89\x13\xfd\x47\xea" "\xe4\x51\xa1\x35\xdc\x5a\x97\x0c\xe7\xd7\xc0\x6b\x96\x25\x99\x17\x52" "\x7b\x71\x5e\xe3\xf0\x52\xc5\x34\x7b\xec\x9a\x78\xf7\xae\x70\x9f\x3b" "\x00\xd0\x96\xb7\x40\x35\xcf\x95\x8f\x2c\x62\x8b\xb4\x32\x30\x02\x63" "\x6e\xc6\x40\x04\x9b\xe4\xad\x01\xef\x27\x34\xdf\x6a\xf7\x05\x30\xd4" "\x5c\x05\xd0\x1c\x13\x8c\xed\x9a\x13\x65\x57\xb1\xe7\xf5\xff\x6e\x2b" "\xf6\xb6\x50\x12\x8c\x4e\x7a\x3c\x95\x7c\x99\xbf\xf6\x18\x77\x9c\x40" "\xc0\x97\x94\x98\x68\xae\xea\x2b\x49\x37\x14\x27\x9f\xc6\xab\xbb\xb6" "\x47\x81\x0a\x28\x94\x94\xbd\x5f\xf1\x99\xa4\x2a\xdc\x59\x34\x4f\x73" "\x3e\xb3\x26\xfc\x44\x40\x72\xd9\xcb\xc8\xaa\xb4\xb5\x45\xe7\x5e\x45" "\x9e\x0b\xa1\x1b\x07\x43\xcc\x56\x72\x16\x00\x09\x79\xed\xd1\x08\xa4" "\xf0\x01\x3b\xca\x33\xb2\x3f\x79\x55\x65\x4d\x42\x91\x95\x80\x76\xae" "\xca\x03\x28\xf2\xed\x28\x6c\x31\xfe\xbb\x11\x6e\x9f\xbf\x9d\x5f\x6e" "\x67\x96\x7a\x12\x3e\x84\xdd\xb7\x09\x5f\x6a\x6e\x1a\xd8\xca\x49\x0f" "\x8a\xe3\xa8\x3f\xeb\x79\x19\x84\xc6\x0b\x34\x1c\x9b\x2b\xca\xf9\x4e" "\xec\x02\x49\x87\x72\xa4\xa5\x36\x51\xec\xc4\xed\xee\xee\x24\x69\xad" "\x61\x65\xbd\xa9\x02\xb1\x56\x45\xd8\xbc\xad\xf5\xb0\x5f\x95\x14\x6a" "\xcd\x08\xfb\xc6\xbd\xaa\xea\x1f\x7a\x45\x19\x68\x4f\x92\x9e\x47\xb6" "\xd8\x4e\xd3\xac\x9d\xdd\xc8\x73\xc4\x49\xb1\x5f\x4c\x56\x67\xbf\x35" "\x6f\x14\xd6\x3c\x65\x2e\x2d\x34\x70\x42\x73\x03\xa0\x82\x7e\xc5\x8a" "\x9f\xb1\x39\x49\x36\xc9\x95\x24\xe6\xea\x35\xee\xf6\xc8\x61\x36\x8a" "\x84\xc4\xde\x17\x42\x2a\x0b\xff\xc2\x34\xa2\x4d\x87\x2e\xdd\xa5\xa0" "\xd9\x5a\xb5\xf3\x8a\xa1\x7e\x90\xdc\x98\xbb\xde\xaa\xbd\x60\x7a\x94" "\xac\xb3\xe5\x89\x19\x34\x97\x6f\xcb\xb0\x92\x5e\xa9\x6d\xd5\x60\x54" "\x97\x03\xab\x85\xa8\x84\x5a\x8f\x20\xaa\xb3\x6f\xae\xc6\x38\x07\x32" "\x5b\xd2\x25\xd7\x69\x52\x92\x9b\x56\x6c\x09\xc4\xce\x68\x3f\xa7\xe0" "\x40\x63\x2d\x96\xa4\xe2\x71\xd0\xd4\x03\x81\x9c\x7a\xf3\xfe\x64\x4f" "\x4d\xe4\xe3\x66\xde\x55\xe4\x81\xd6\x0f\x96\xef\x6c\xbf\xc4\x72\x28" "\xcc\x46\x97\x07\x3e\x8d\x3a\x71\xa0\xcb\xb7\x78\x24\x39\x54\x2f\x57" "\x37\xa1\x87\x17\x5f\x23\x8a\x32\xc9\x5e\x0f\x37\x5f\xda\x7f\x19\x7d" "\x40\x09\x24\xb8\xf1\xa6\x07\xb6\x83\x3e\x21\x7d\x1f\x5e\xd2\xf1\x74" "\xa0\xcc\x7c\x77\xcc\x9a\xc2\xa9\x80\x4e\xee\xe0\x5b\xc8\x0a\xbf\xfd" "\x6d\x32\x66\xd9\xb4\x42\x6c\x3d\x85\xe6\x86\xa8\x7c\x8a\xca\xfe\x7f" "\xd2\x55\x0c\x21\xb9\x80\x6f\xeb\xe2\xfa\xb9\x81\x14\x9f\xaf\x26\xc6" "\x87\xd0\xca\xef\xe7\x52\x7f\xd3\xe4\x52\x6d\x0c\x7b\x7b\x7f\x77\x71" "\x43\x67\x2e\xe7\x4c\x57\xbc\x7b\x26\x87\x24\x5a\x57\xd0\xf0\x51\xb6" "\xe1\x9a\x30\xfa\x08\x4a\x45\x1e\x37\xe4\x31\x1f\xd3\x47\x69\x97\x13" "\xe5\x1b\xd1\xc5\xee\x02\x96\xa1\x24\x5c\x4c\xf4\xc9\xf8\x8d\xc0\x96" "\xf2\x9e\x8f\x30\xe0\x24\x19\x76\x3f\x4d\x38\xf7\xdf\x7a\x54\x18\xba" "\xc9\x7c\x48\x75\xb5\x7b\xbf\x4c\xa1\xfb\xb3\xf6\xcc\x6f\xad\xda\xfc" "\x39\x44\x05\x9b\xac\xdd\x63\xc5\x87\x26\xda\x87\xcc\xb4\x96\x54\x1b" "\xbf\x48\x6c\x38\x3c\xc0\x03\x79\x91\x56\xda\x35\xba\x85\xb9\x51\x33" "\x2e\xbb\xa0\xc3\x12\x3e\xa1\x68\xe8\x4b\x9f\xc2\x5c\x12\x88\x96\xcc" "\xfd\x38\x10\x2d\x9d\xf3\x7c\x83\x47\x82\xcb\x4c\x36\xee\xc9\xed\x07" "\xbc\x8a\xa6\x89\xa1\xe2\xb7\x16\xcb\xd5\x1a\x2b\xb6\xd8\x5f\x51\x73" "\x97\xaa\x7a\x53\xdf\x09\xd8\x40\x77\xb1\xbc\x54\xd5\x6a\x7c\x9a\x20" "\xc1\x0c\x5f\x97\xce\xf2\xb0\x81\xa3\x55\x47\xc5\x6e\x20\x99\x9c\x25" "\x27\xdf\x46\xd1\xdd\x1a\xdd\x54\x3e\x00\xc5\x9d\xab\x5f\xf1\xfd\xac" "\x26\xd9\x64\x65\x94\xc5\xb0\x0c\xfd\x22\x46\xf4\x0f\x13\x05\xdd\x3c" "\x03\xaf\x0d\x16\x80\x23\xef\x8a\xc3\xad\x43\xc9\x0b\xf8\x48\xef\x12" "\x3f\xa0\x54\x90\xfb\x1b\x6e\x1b\xfe\xae\x4c\xbb\xf8\x7e\xc5\x07\xea" "\x16\xe9\x9d\x80\xd3\x11\x44\xab\x6a\x4a\xf1\xd2\xbc\xbc\x8e\x9a\x54" "\x67\x37\xe0\x08\xb6\xb5\x3f\xf5\x7e\xcd\xf8\x9c\xec\xdc\x42\x2f\x55" "\xbd\xd0\x3b\x4b\x0b\x08\x6b\xe6\x34\xc3\xa3\x03\xcd\x17\xcb\x39\x5e" "\x74\xba\x12\x53\x7a\x91\x83\x66\xcd\xa6\x0d\x6e\x67\xf4\x51\x90\x7d" "\xe8\xf6\xb1\xb9\xb7\x28\x7f\x60\xce\x20\xc1\x3d\x95\x7e\xa9\xf7\x11" "\xc6\xce\x69\xeb\x86\xe1\xcb\x59\x8d\xe9\x5c\x65\x0c\x91\x92\xad\x96" "\x46\xca\x47\x2f\x6d\xde\x0e\x8b\xa8\x6f\xfc\x7a\x0e\x15\x3a\xac\xdb" "\xd4\xad\x4b\x7d\x5c\xce\x1d\x4b\x25\x49\xc5\x33\x6f\x0f\xf8\x12\xaf" "\x01\x95\xa7\xdc\xdd\x30\x51\x25\xf0\x1d\xe3\x1f\xe3\x3a\x9a\x4f\x95" "\x8b\x17\x19\xc7\x33\x54\x52\x66\xdd\x03\xdc\x4d\x87\x88\xfd\x37\xba" "\xc6\x2a\x45\xd1\xbf\xe9\xce\xa6\xa9\xb6\x58\x9c\x95\x39\x97\x12\x3f" "\x03\x32\xdc\x34\x9a\x50\x8f\x2b\x75\xa1\xb9\x96\x13\x52\x04\x00\x7b" "\x7a\x0b\x61\x1c\xe1\x73\x09\x4a\x13\x03\x73\xed\x69\xf2\xf6\xf8\x3b" "\x3a\x61\x4b\x05\x30\x4c\x3e\xd5\x45\x51\x52\x9d\x2c\xb1\x9a\x1c\x3c" "\x60\x8e\xe1\xd6\x75\x8f\x5a\x4f\x65\x43\xc6\xc1\x09\x15\x1d\x00\xe1" "\xb8\x46\x57\xd8\xcf\x1d\x98\x8e\x79\xd1\xa0\xc0\x5c\xc4\xfa\x3c\xd3" "\x84\xd8\x92\x1e\xce\xc2\xf2\xa0\x73\x75\x0a\xef\x3f\xef\x23\x67\x4e" "\x96\xd4\x74\x65\xef\x3d\x5e\xbc\x80\x49\xcb\x77\x6e\x42\xe8\x64\xe8" "\xd6\x2d\xbb\x1e\x45\xc4\x89\x80\x85\xe4\xea\x69\x8a\x9e\xe2\xbb\x20" "\xb0\xf3\x8e\xf6\xa6\xe8\x9e\xff\xe2\x4c\x1d\x7f\xb1\xcf\x22\x38\xdd" "\xd5\xa5\x72\xd7\x40\xdb\x83\xd6\x31\xbe\x72\x77\x1e\x30\xae\xa3\xff" "\x5b\x0b\xed\xa0\xcf\xb8\x01\x9e\xa1\xf7\x81\x70\x4a\x28\x62\x58\x9c" "\x99\xdc\x6c\x6c\x8c\xb9\xd3\xd8\x83\x35\x30\x93\x6d\xac\xa4\x6b\x8d" "\xff\xee\x23\x8b\xcb\x94\xc6\xfd\xc6\x79\x61\x80\xfd\xeb\x58\x6d\xc7" "\x2b\xc1\xe1\x48\xd8\x90\x26\x1e\x95\x9e\xf8\xdf\x58\x28\x40\x35\xfc" "\x73\xef\xdd\xa1\xed\x0d\xdc\x1e\x1a\x73\x58\xf7\x0c\xcf\xf5\x35\x73" "\x7b\xca\xa4\xd7\x27\x9a\x1e\x88\x2b\x63\x08\x8c\xcb\x50\xda\x5b\x25" "\x7e\xa4\x9b\xc5\x7f\x3a\x13\xeb\x3d\xfe\x38\x85\x94\x4b\x63\x32\x9d" "\x6e\xf6\x8f\xa9\x9e\xac\xbf\x40\x38\xdd\xf0\x7a\xaa\xf4\x98\x80\x99" "\x1d\xf1\x77\x16\xdb\x4b\x77\xf4\xad\xa5\xa2\xc6\x35\xd6\x2b\xed\xfb" "\x46\x38\xce\x59\x87\x32\xe4\x30\xb9\xe2\xde\xe7\x82\x15\x75\xb4\xcf" "\xd4\x68\xc8\xfa\x2d\x16\xe2\x06\xae\x13\x6e\xc5\xe7\x3b\x0a\xcc\x19" "\xed\x61\x2d\xd0\x1f\x94\x5f\x9d\xff\x65\x72\xb6\x15\x19", 3584); *(uint64_t*)0x20000248 = 0xe00; *(uint64_t*)0x200001d8 = 1; *(uint64_t*)0x200001e0 = 0x20006000; *(uint64_t*)0x200001e8 = 0; *(uint32_t*)0x200001f0 = 0; *(uint32_t*)0x200001f8 = -1; syscall(__NR_sendmmsg, r[1], 0x200001c0, 1, 0); break; } } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); do_sandbox_none(); return 0; }