// https://syzkaller.appspot.com/bug?id=c7ac769bd7ee15549b8a2be188bcee07d98a5357 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #define __syscall syscall uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul); intptr_t res = 0; *(uint64_t*)0x20001380 = 0; *(uint32_t*)0x20001388 = 0; *(uint64_t*)0x20001390 = 0x200010c0; *(uint64_t*)0x200010c0 = 0x20000040; memcpy( (void*)0x20000040, "\x4f\xf1\xf0\x32\xc2\x67\x70\xb1\xa4\x11\xc2\x9f\x48\x9c\x89\x89\x5f\x80" "\xd1\xe2\x51\xe2\x1d\x52\x7b\x45\x63\x01\x5c\x6e\x88\x28\x19\x58\xca\xf6" "\xd3\xa0\x33\x21\x69\xce\x54\x09\xd7\x98\x67\x8e\x1b\x60\x9c\x7a\x40\xf6" "\xa6\x27\x0e\x5a\x42\x3b\x01\x78\x26\xa7\xbe\x6e\xd8\x2e\x0f\x0f\xc3\xe8" "\x15\x8f\xe4\xbb\xf8\xf6\x03\x0d\x91\x6b\x3f\xfa\x3e\x1f\x7e\xb8\x65\x6a" "\x15\x64\x9c\xe9\x16\x22\xb3\xd0\x3b\x80\x53\x64\x61\x33\x1c\x66\xae\x1b" "\x54\x95\x8a\x43\xd2\x5c\xef\x2e\xb9\x68\xdc\xc9\xaa\x8d\xb9\x39\xbf\x52" "\xdb\x8a\xac\xa2\x4b\x36\x3a\xd4\x4d\x6d\x0f\xdd\xcd\x55\xa0\xa1\x61\x61" "\xb0\x9e\x39\x65\x95\x7b\x5d\x9b\x60\x68\x4b\x55\x30\x3f\x18\xef\x66\x9f" "\xff\xa6\x70\x12\xba\xf0\x79\x63\x13\x2e\xda\x31\xf2\x9e\x77\xfb\x0f\x36" "\xcd\x67\x26\xda\x86\xdd\x19\x95\x4e\xa9\x23\xae\x3a\xdb\xd1\xb1\x48\x7b" "\x3d\x94\x2d\x9e\x20\x35\xbc\x11\xba\x51\x88\xba\x88\x27\x77\x0d\x31\x1d" "\xe8\xcc\x00\xbd\x88\x4c\x96\x4f\x9b\xc0\xa3\x6c\xc8\x28\x2f\x37\x1a\xc0" "\xa4\x58\x39\x3a\x1a\x1a\xf5\x07\x75\x00\xb3\x2d\xcd\xdb\x58\xac\x2d\x87" "\x7d\x24\x84\xe9\x43\x91\x74\xc3\xf7\x4a\xfb\x34\xee\x00\xac\xf2\x76\x75" "\xf4\x9b\xfb\xd3\x21\x0d\xdf\x26\xc0\x0b\xd9\x72\x8e\xac\x41\xbb\x47\x0d" "\xec\xf9\x06\xa9\x70\x47\x85\x74\x08\xd4\xbb\x81\x1b\x87\x83\x95\xbc\xab" "\x8c\xa4\xa2\x66\x93\xe7\x8f\x56\x2f\x75\xf0\xcf\x68\x0d\x06\x72\xbb\x1a" "\x63\x35\x05\xf5\x43\x93\x8b\x7b\x12\x36\x40\xb6\x94\xd2\xcd\x26\x84\xd4" "\x94\x5b\x0b\x1b\xd1\xc6\x77\x3b\x62\x41\x95\x05\x8b\x17\x5e\x42\xd3\x96" "\x84\x0b\x03\x70\xab\x65\x48\x44\x38\x71\x81\xf9\x75\xd4\x4d\x46\x7c\x24" "\x2d\x1e\x48\x96\x83\x6a\x36\xde\x12\xe3\xb1\x39\x68\x6c\xc0\x97\xee\x83" "\xbf\x7b\x02\xe3\xd1\x5a\x8e\xcc\x00\x4b\x34\x95\x5d\xe4\x39\x37\xb4\x5f" "\x37\x93\x8d\x9b\x2a\x98\x27\x34\x3f\x94\x89\xbb\xfc\xed\xa5\x0e\x91\xfe" "\x46\xca\x42\x13\xd8\x68\xd6\xb2\xab\x76\xaa\x95\xdd\xee\xd4\x7a\xdd\xe4" "\xee\x40\xad\x32\x73\x68\xf3\xe6\x64\xe5\xdd\x36\x1c\x26\x92\x84\xc5\xad" "\xc9\xa4\x20\xfc\x4e\x34\x65\x96\xb8\x7b\x45\x76\xc1\x0a\xe4\xcf\x64\x7b" "\xb4\xec\xf5\xd5\xd7\x3f\x8a\x4e\x02\xbb\x61\x79\xb9\xd6\x52\x79\x2d\x50" "\xd3\x37\x7e\xe9\x08\x54\x1c\x1a\x19\x27\x63\x43\xa1\xb1\xe7\x18\x0e\xce" "\xf9\x84\xec\xa8\x2c\x46\xd2\x1d\x5f\x53\x87\xfa\xe8\x23\x14\xae\x0b\xe1" "\xb4\xc9\x21\xda\xc1\x19\xbd\x66\xca\x96\x28\x45\x1f\xb6\xbe\xd8\x43\x90" "\x16\x46\x43\x63\x4b\x1b\x98\x0d\xbb\x6b\xed\x54\x38\xfd\xf1\xfc\x95\x3f" "\x93\xd1\x22\xee\x29\xe5\x8c\xac\xfd\xc5\x5b\x96\xec\x81\xe3\xd1\xb7\x1a" "\x2b\x22\xba\xaa\x39\x3e\x35\x09\x3d\x54\x95\x80\x22\x8f\xa7\x85\x04\x90" "\x8d\xf5\x85\x39\x6d\xce\xba\x19\x62\x00\xc5\xc1\xc1\x66\xe8\xdc\xfa\x7b" "\x94\x4f\xdb\xe7\x0c\x5f\xde\x34\x8e\x62\x9d\x03\x67\x55\x9a\xa9\xf5\xb6" "\x15\xd1\x2d\x04\xb6\xaf\x24\x9e\xca\xd2\x58\x53\xda\x57\x60\x76\xc7\x03" "\xd2\xef\xfb\xe5\x23\xc0\x52\xaa\x88\x9e\xdc\xc3\x34\x49\x24\x41\x9f\x32" "\x2d\xb7\x6d\xc8\xff\xcd\x96\x68\xb8\xa5\xec\xa4\xfe\x9f\x20\x99\xd7\xbb" "\x31\x44\xce\x81\x4b\x96\x77\x3a\x9b\xf2\x18\x59\x92\xff\x2a\x67\x31\xa7" "\xd6\xcc\x12\xa7\xa9\x8a\xfb\x1e\xf5\xad\x1f\x24\x38\xb9\xc1\xc9\xc9\xde" "\xbb\xff\x82\x16\x11\x30\xd9\x1b\x89\x06\x38\x1a\xdc\xf5\x15\xfa\x70\x79" "\x4a\xc2\x17\x14\x55\x40\x2a\x08\x7f\xa3\x3e\x69\x5b\x61\x1f\x29\xe9\x0d" "\x69\xa6\xb4\xe7\x66\x58\x1b\xfb\xf3\x94\x15\x28\x5e\x31\xaa\xc7\x8c\x6d" "\xf5\x27\x64\x48\x2d\x10\x56\x67\x22\xa3\xcf\xa8\xce\xc5\x8f\x15\xc2\x35" "\xe3\xc8\xf3\x6e\x1a\xaa\x95\x4a\x40\x34\x73\xfb\xb3\x10\x11\x1f\x73\x46" "\x25\xda\xe0\xb2\x07\xe7\xd0\x14\x44\xc7\x45\xd5\x2b\x91\xac\x71\x38\x0b" "\x17\x8b\x47\x09\xd2\xd6\x1b\xf6\xc0\xe5\x59\x2b\x4d\xd9\xbb\x71\x6b\x26" "\x62\x2c\xdd\x23\x6c\xb6\xdf\x28\x3e\xe2\xfc\xb3\xca\x89\x1b\x1e\x63\xc9" "\x92\xe4\xb6\x4d\x00\x5e\xab\xfb\x7a\xfb\xd4\xa9\x0e\xb1\xba\xc8\x10\x59" "\x24\x7f\xf0\x9d\x23\x97\x68\x27\xe6\x61\xca\x4a\x0e\x29\xa7\x0a\xbc\x2d" "\x90\x84\x0c\x45\x47\x1d\xd3\x1e\xbd\x2b\x11\x86\xed\xbb\x88\xdf\x4d\xa3" "\x09\x52\x7e\xe5\x26\x3c\x9c\xb8\x92\x1f\xd1\x0d\x72\x70\x1f\x3f\x64\xf5" "\x07\x17\x6e\x8f\xf8\x02\xce\x8a\xe5\xf4\xaa\x8b\x3c\x70\xaf\x02\x0f\xcb" "\xff\x20\x00\x69\xb6\x4f\x7b\xc1\x6b\xc5\x80\x18\x16\x45\x78\xdb\x95\xae" "\xd2\x67\x85\xe9\xb0\xc3\xe1\x11\xf6\xbc\xb6\xe3\x30\xdf\xa0\x3a\x9c\x93" "\x23\x58\xab\xbb\x4b\xb6\xab\x6e\x14\x13\x53\x3e\x66\x6f\xae\x6a\x91\x40" "\x93\x97\xad\x89\x57\xa0\xd0\x51\x2e\xcf\x17\x11\xa1\x84\x34\x9d\x74\xf8" "\x92\xbf\xbf\x14\x1d\x5f\x7c\x43\x47\xef\x75\xd0\x78\x04\x68\x0c\x63\x1e" "\x2f\x7f\x54\x5a\x0d\x41\x7e\x4a\x36\xe9\xeb\xe7\x50\x98\x4c\xef\xc1\xdd" "\x49\x27\xcb\x9c\x43\x38\xe5\xdc\xb4\x79\x1a\xa5\xb0\x27\xe8\xa8\xe5\xe9" "\x5e\xfe\x95\x27\x96\x42\x2b\xc0\xbd\x22\x8d\x71\x18\x18\x0d\xa9\x7b\xb5" "\xc6\x55\x26\x30\xb3\xaa\x4c\x73\x88\x03\x0f\xcf\xb4\x52\xaf\x3a\x81\xe8" "\xb7\x3d\x43\xc2\x7f\x65\x1d\x54\xd9\xf3\xd6\x4a\xc3\xb0\x7c\xeb\x64\xdd" "\x37\x20\x30\x5d\x7a\xde\x93\x20\x15\x6a\xd4\xbd\x8c\xea\xf0\x51\x15\x06" "\xe3\xa8\x66\xdf\xea\xde\xf1\x5b\x95\x59\x24\x7b\xa1\x5d\x1c\x31\x18\xd1" "\xef\x48\xda\x8e\x4a\x68\xdc\x33\x9f\xb7\xf0\x75\x45\x3c\xa8\xa8\x66\xc2" "\x1e\x83\xad\x46\xa7\x13\x65\x49\xcb\x43\x3d\x97\xb0\x5e\x03\xf8\xa9\x8c" "\x0d\x1f\x0f\x69\x17\x33\x51\xba\x69\xb7\x67\xdf\x70\x3e\xdb\x17\x58\xbc" "\x61\xed\x00\x8d\x82\x9e\x6c\x1e\xa4\x16\x6b\x60\x7b\x95\xea\x44\x4a\x2f" "\x8a\xba\x4d\x9c\x3a\xdd\x3d\x8a\x1b\x42\x88\xbe\xbf\x89\xd3\x2c\xc5\xc3" "\xfb\xef\x3d\xac\xf6\x87\x7e\x7f\x00\xd0\xaf\xb4\x46\x81\xf6\xd3\x38\xad" "\x38\x28\xa8\x4b\x3d\x9a\x2e\x55\x40\xf0\xea\x05\x8a\x48\x55\x6f\x06\x7f" "\x34\xec\x32\x2d\xb2\xd7\x6e\xb0\x5e\xa7\xab\x78\x96\x4c\x9c\x8b\xac\x12" "\x96\x5f\x3d\x25\x2d\x73\x7e\x46\xfa\x3f\x13\xff\xc7\xa6\xe6\xd2\xae\x5e" "\x1f\x9b\xf9\xd3\x2e\x03\xb7\x20\x2e\xfb\xd6\x24\xf3\x65\x67\xc8\x3c\x3d" "\xe9\x10\xf2\xde\xa1\xd3\x90\xf1\xa3\x4b\xea\xa7\x2f\xf7\x18\xcc\x00\x73" "\x02\x96\xb1\xb9\xe9\x3c\x58\x11\xdb\xf7\x3b\x14\x71\x04\xf6\x18\x9a\xdc" "\x4a\xd7\x4f\xd9\xe1\x12\x6a\x4e\x2a\xac\x6a\x9b\x29\xba\x13\xb6\x1f\x97" "\x95\xf9\x28\x77\x55\xa4\x58\x2e\xef\xa4\x3f\x89\xb0\xf9\x98\x6c\x9d\xf7" "\x38\xe5\x1a\x28\x6f\xac\xb5\x16\x6f\x9e\xcd\xcd\x65\x3b\x07\xe8\x67\xef" "\x07\x33\xc8\xb0\x2e\x34\xb9\x97\x41\x97\xa4\x0b\xdd\x53\xa1\x22\x5f\x15" "\x5e\x46\xea\x5c\x65\xaa\xfa\x71\x9d\x81\x67\x2f\x0d\xd0\x7c\x66\xac\x03" "\x57\x55\x88\x88\x1a\xe3\x13\x25\xe4\x0b\x82\x79\x10\x8c\x5f\x61\xdc\xfe" "\xae\xc1\xe4\x48\x4e\xca\xd8\x91\xc7\x14\x29\x60\x44\xfc\xe5\x88\xda\x31" "\x62\x1d\x4e\x48\xe6\x5e\x23\x27\x99\xc6\x6a\x69\xe6\x91\x10\x3d\x6e\xf9" "\x68\x61\x7c\x8e\x0f\x0e\xb9\x69\xf8\x9e\xbf\x64\xc5\xb7\xcb\xb4\x11\xef" "\xd6\x07\x37\x1e\x1d\x53\xd7\x79\x0b\xde\x58\x4f\xbc\xe9\x26\x8b\xb2\x0c" "\xbf\x82\x41\x9f\xb1\xb2\x46\xc9\x1d\xe7\x8b\xf4\x55\x7d\xdf\x1b\x35\x4d" "\x4e\x8d\x24\x8d\x1b\xf4\x08\x5d\x53\x1f\x80\x97\xd2\x36\x57\x72\x62\x31" "\x89\x59\xcc\x34\xaf\x4c\x12\x95\x73\x65\x8b\xbf\x3b\x6a\xbc\xa1\xef\xbe" "\x69\x0d\x8f\x18\xdf\x09\xef\x42\x58\xc4\x8f\x17\x43\x7c\x66\xee\x0c\x35" "\x2b\x7c\xb6\x49\x85\x26\x89\x61\x40\xc1\x1d\x3f\x16\x6b\x94\xc5\x5f\x04" "\x59\x19\x27\x80\xc1\x3b\xc0\x32\xab\xb7\x3e\xec\x89\xb4\xc3\xf5\x56\x56" "\xee\x05\x73\x49\x72\x42\x1c\x06\xcc\x41\xd6\xd5\x8e\x9e\x87\x46\x21\x2e" "\xae\xc9\xb8\xf6\x07\xa7\x99\x87\xc4\xc3\xbf\xea\x54\x93\x23\x8b\x6c\xba" "\x93\xb4\x62\x8f\x37\xd7\x80\xe2\x87\x69\xd1\xc2\x7f\x5b\x49\x21\x15\x21" "\x87\x7c\x6a\x38\x39\xc0\xa7\x29\x5b\x77\x5c\x01\x5f\x9f\x4f\x3d\x2d\xf6" "\x45\x40\x24\x6d\xbf\x5d\x46\xa7\xce\x04\x77\xfa\x11\x66\x21\x77\x6b\x49" "\x3f\xcd\x5a\x43\x1a\x08\xc4\xf0\x28\xf5\xc2\xdf\xe5\x19\xa9\x1f\x8a\x2f" "\xf1\xb6\x64\x01\xd5\x3f\xbd\x2c\x9a\xcc\xcf\x00\x89\x88\xec\x93\xd8\xb7" "\x51\xd4\x42\x34\xa5\xb9\x26\xbf\x6d\xbc\x61\xa1\x2a\xcd\x84\xd4\x21\xe3" "\xe7\x62\xa9\x3f\xbe\x9f\xfd\x8e\x91\xb2\x90\x63\x9a\xb9\x3c\xbc\x77\xa8" "\x29\x1e\x2a\x64\x98\xac\x00\x2d\x48\x30\x0d\x67\x17\x16\xaf\xa2\x1a\x1a" "\xf9\x73\xd7\x6a\xd0\xac\x4b\xdb\x7d\xdb\x89\x18\xe3\x7c\x86\x10\xe3\x4e" "\xfa\xe1\xb1\x89\x29\x7c\xe8\xf5\xcd\x08\x68\xac\x12\xc3\xe8\xe3\xb5\xf9" "\x3b\x1d\x14\xa9\xfd\x7a\x1d\x6a\x52\x45\xb2\x5e\x44\xc3\x04\x76\xaa\x19" "\xc6\x7a\xe6\x8a\x24\x62\xc2\x1b\x73\x26\xed\xec\xd4\xb4\x9f\x53\x90\xc1" "\x39\xde\x4a\x54\x58\x3a\x80\x88\xe2\xa7\x05\x59\x15\x5e\x88\x83\x88\xf2" "\xf9\x0e\x77\x1c\x00\x4a\x6e\x66\xa7\x84\xce\x08\x7f\xc0\xe5\x80\x7c\x28" "\x19\xb1\x1f\x52\x14\xa2\x9d\x37\x9e\xb1\x54\xc5\x36\xc2\x80\x05\x4d\x0c" "\xc8\xc4\xcb\x6f\xab\x9e\xa4\xa9\xdc\x76\xfa\x22\x45\x1b\x9a\xcf\x35\x2a" "\x34\x80\x70\xb2\x29\xd4\xd3\x63\x7a\xba\xdf\x7a\x0e\xf2\xfb\x87\x16\xa4" "\xe1\x86\x25\x34\xe5\x63\xf6\x70\x56\xde\x13\x6b\xfc\xb0\xdf\x2c\x8e\x91" "\x23\x21\x5f\xae\x6c\x27\x11\x80\x44\xcb\xd8\x8f\xe4\xca\x13\xad\xca\xd8" "\x53\x44\xc7\x33\x4d\x09\x0d\xb2\x92\x5f\x4f\xfa\xe1\x2e\x46\x73\xe4\x52" "\x3e\xd3\x28\xee\x56\xaa\x63\xb2\x89\xa2\x25\x1a\xc0\xb9\xf7\xb3\x55\x9f" "\xb8\x35\x08\xcc\x6e\x2b\xb8\xcf\x2b\x5c\xef\x6d\xb1\x3f\x25\x7f\x01\x8b" "\x87\x4f\x3a\xf1\x32\x53\xc5\xdc\xa8\xe6\xb5\x23\x61\x6f\x85\x66\x5e\x95" "\x01\x3d\x41\x93\x3a\x41\xd4\xb6\x3e\x5b\x19\xec\xd5\xf1\x79\x5f\x0a\x95" "\x1e\x9c\xb7\xf2\x7f\x70\xee\xef\x34\xb4\xaa\xde\xf8\x3e\xb3\x4a\xe1\x05" "\x36\x8d\x72\x47\xfc\x6c\xf8\xba\x64\x43\xf6\x04\x51\x71\xe0\x85\x63\xb5" "\x29\xf0\xe2\xe3\x62\x71\x7e\x7a\xdf\xa2\x37\xa9\x73\x3b\x7a\xf8\x41\xbb" "\x47\x99\x1e\x8c\xfd\xcb\xec\x2b\x71\xd8\xfb\x44\xd9\x8e\xb3\xe2\x92\x38" "\xcf\x9a\x87\x6c\x73\x02\xdc\x3b\xb4\x2a\x07\x96\x42\x37\x16\x0f\xd8\xc5" "\x8a\x6c\x6b\x71\x76\xae\x6a\x58\x1f\x04\x25\xaa\xe7\x80\x41\xed\x0c\x06" "\x2c\xd7\x6e\x08\x86\xe9\xaf\xc1\x09\x38\x6f\x3b\x7b\x54\x3b\x6d\x9c\x5b" "\x0a\xf5\x5c\xdf\x38\xae\x9f\xb3\x89\x97\x58\xd1\x11\xce\x80\x81\x3b\x6e" "\xca\x33\xab\xad\xc7\xfc\x09\x73\x01\x7d\xb6\x77\x0c\xc2\x34\xb4\xa6\xe7" "\xd3\x27\x18\xe8\xe4\x1f\x99\xc0\xbb\x34\x0c\xb0\x85\x6c\x43\x47\x5a\x4b" "\x84\x4a\xba\xda\xad\x98\xf5\xcd\x64\x56\xd4\xa8\x81\xd7\x77\x4b\x66\x80" "\x34\x8b\x7b\x99\x4a\x85\xf0\xb5\x49\xb2\xef\xb6\x99\x6a\x5a\xe4\x26\xb6" "\x10\x9b\x46\x86\x39\x80\xc6\x80\x91\xda\x46\x97\xa6\x2e\x3b\x0b\x83\x3f" "\x87\xc5\x7c\xaf\x44\xfc\xd0\x18\x6d\x6f\xfb\x33\x16\xa7\xd9\xc6\x71\x5a" "\xa5\x1c\xc2\x9c\x09\x11\x94\xc3\xc9\xc0\x4a\x17\x13\x6a\xc1\x18\x25\x1e" "\x18\x31\x54\x8c\x59\x18\x94\xaa\x3d\x72\xc4\x55\x97\x92\x40\xa1\x7e\x72" "\xe9\xdf\x93\xc8\x40\x03\xab\x97\x25\x35\x77\xdb\xec\x1f\x22\x7c\xd6\x79" "\x32\x63\xe2\x71\x21\xef\x4b\x79\x87\x2d\x1d\xfa\xbc\x31\x1c\x4b\xa6\x4a" "\xa5\x8c\x96\xc5\x75\xa8\xa4\xe0\x48\x72\x3b\x54\x26\xf5\x25\x8a\x17\xdc" "\x5f\x7b\x2e\x9d\xa3\xef\x19\x86\xc6\xc4\x1f\x6a\x23\x43\xb4\x56\xe1\x14" "\x89\xf6\x2f\xdc\xb1\x1d\xd0\xba\x72\x6e\xce\xc9\x1d\xeb\x25\xcd\x0a\x66" "\x4f\xce\x22\x9f\xfd\x5b\xf5\x5a\x9d\x4e\x15\x99\xfa\xa8\x19\xc6\xa9\x94" "\xa8\x1d\xe4\xed\x9d\x61\x39\x4e\x0d\x27\x36\x11\x89\x51\xdf\x88\xeb\x80" "\xcc\xaa\xd4\x72\xb7\x79\xb6\x47\xbc\xee\xf4\x7e\xa6\xcf\x29\x2b\x14\x49" "\x57\x44\x1e\x72\xd9\x6c\xad\x1b\xe1\x1a\xc6\x08\x41\xd4\x75\x51\xdc\xef" "\xe5\xfe\xf5\x61\xc1\xb4\xfc\xf3\xb4\x90\x9c\x99\x80\x08\x29\xf2\x8a\xa0" "\x20\x39\xe3\xaf\x45\x5b\x13\x59\x77\xeb\x3d\x60\x57\xd1\x3c\xbe\x9f\x3f" "\x48\x1c\x27\x66\x79\x5a\xf2\x36\x30\xa6\xac\x1f\x6b\x6a\xb9\x06\xdd\xa8" "\x33\x95\xc0\xcc\x90\x55\x3f\x29\xc7\xe4\xc5\x37\x47\x4f\x77\xdd\xda\x27" "\xcf\x7e\x0d\x37\x7b\x11\x96\xeb\x3f\xda\x36\xae\x13\x88\xea\x3c\x58\x17" "\xc2\x88\xd0\xa1\xd3\x7a\xa6\x1a\xd2\x8b\x5d\x93\x11\x7c\x8a\xa0\x5f\xaf" "\xcd\x37\x41\x15\x3c\x83\x36\xf1\x43\xd0\x16\x27\xc1\xfe\x2b\x26\x10\x55" "\xcf\x9b\x56\xda\x49\x98\x94\x83\x5f\xd0\xdf\xe6\xc3\x1e\x37\xfd\xc4\x56" "\x8d\x7a\x01\xe3\xe8\xaf\xb1\x4a\x99\x1e\x40\x53\x08\x5a\xf1\xdd\xe7\xa4" "\xfb\x06\xcc\x93\x2f\xd8\x7b\x9b\x2e\xcd\xd0\xa8\xca\x56\xf7\x96\x8a\xb0" "\xc2\xda\xce\xee\x3a\x25\xe0\x03\x8f\xb0\x40\xd5\x24\xf8\xb9\x00\xcf\x88" "\x3f\x88\xe0\x2f\x70\x59\x48\x71\x97\x6f\x52\xdf\x09\x5c\x33\x19\x35\x17" "\x91\x95\xbf\x19\xf5\xdf\x31\x76\xf0\xec\x30\x9f\x5f\x06\xac\x10\xbd\x53" "\x8b\xc8\xbc\x80\xd4\xdb\x09\xf9\xb1\xcc\x56\x95\xb4\x7e\xea\x11\x41\x9f" "\xda\x7e\xa1\x76\x48\x43\x1c\xc1\xec\xef\x08\xee\x20\xf2\xe0\xb0\xdc\xfb" "\x3a\x8b\xb0\xef\x37\x64\x9c\x3c\x09\x37\x60\x50\xec\xa7\x8f\xdd\xe8\x61" "\xa1\x29\x54\xa9\xd1\x3b\x81\x57\x29\x94\xda\xb3\x59\x07\x93\x02\x7f\x04" "\xba\xa8\xb3\x49\x9a\xdd\xde\x85\x1c\x27\xea\xd6\x8d\x7f\x47\x84\x52\x9e" "\x25\x76\x68\xee\xca\xcc\x7d\x16\xc1\x83\x70\x21\x30\x4a\x81\x01\x29\x24" "\x75\xd0\xf5\x34\xd4\xe1\xe0\xfd\xe8\x0d\x36\xa5\x5b\x6b\x3a\x8e\x21\x35" "\xc2\x48\xcc\x0b\x3b\xc0\x58\x6c\xe4\x01\xfe\xf8\x42\x6e\x2f\x58\x03\xc4" "\x20\x26\x2f\x5e\x11\x88\xac\xe3\xb1\x72\xfd\xc7\x10\x9d\xec\x3d\xae\x6f" "\x23\xe1\x6e\x3c\x0a\x52\x0e\x5f\x40\x6e\x49\xd0\x2a\x85\x02\x85\xba\x41" "\x0e\x58\x19\x56\x3b\x4b\xfb\xfc\x19\x72\x63\xbf\x3c\x58\x84\x5c\xe6\x4b" "\xf6\x7c\x4f\x39\x78\x90\xe9\xc7\x6a\xbc\x3d\xac\x3f\xba\x87\x5e\x1f\x38" "\x9a\x36\x47\xe8\x0f\x45\xc9\x26\x45\x03\x7f\x65\x2a\x72\x39\x07\x69\xdb" "\xf0\x1a\x02\xc6\xb6\xfd\x29\x2c\x8a\x65\xbd\x3d\xba\xf7\x6b\x9f\x21\xa8" "\xc1\xda\xf7\xd9\x07\xfb\x6e\x1c\xd5\x57\x01\x08\xc9\x90\x1b\x8d\xa3\x50" "\x00\xd7\xd9\x52\x8d\xdc\xea\xf8\x1f\xbe\x50\x92\xe1\xdf\x8b\xe3\x5a\x9c" "\x2f\x11\x5a\x4c\xec\x70\x40\x66\x2f\x42\x8e\xf7\x55\x58\xbc\x42\x91\xde" "\x0b\xd2\x55\xd8\xd9\xc5\x89\x31\x0d\xb6\x02\xb2\xcc\x08\x6d\xd1\x94\x2c" "\x3e\x21\xaf\xae\x51\x8a\xbb\x5a\x8c\x61\xdf\x15\x14\xa7\x5d\x2e\x7a\x4b" "\x7c\x35\x4b\x77\x97\xa7\xc8\x40\xad\x07\xb1\x30\x71\x42\x1b\xac\xf1\x21" "\xf1\x00\xb9\x07\x91\x2f\xf7\x0b\xa0\xf3\x67\x9d\x72\x56\x20\x25\xab\x42" "\xb6\x26\x17\x2a\x61\x91\xce\x55\xea\x09\xef\x72\xae\x56\xdf\x3e\x1b\x80" "\xe9\x35\x8e\x39\x34\x09\x6b\x93\x91\x95\x2a\x83\x40\x47\x15\x69\xd4\xa8" "\xb2\xf5\xfa\x51\xcc\xdb\x7e\x7d\xf2\x66\xe9\x8e\x1a\x30\x5c\xd0\x6a\x7d" "\x92\xed\x98\xeb\xc6\x33\x74\x51\xa1\x85\x3d\x1a\x95\x19\x4f\x37\xbd\x7e" "\x97\x50\x2c\x4e\x33\x50\x05\x4e\xd3\xe6\x38\x72\x89\x25\x48\x0c\xfa\x57" "\xd6\x8d\x65\xc9\x07\xac\xcd\x8a\x0d\x74\x67\xc9\x6c\x0a\xe4\x81\xcf\xc4" "\xe1\x55\x29\xde\x06\x5d\x0f\xd1\x44\xf5\x4d\x55\x58\x4f\x01\x80\x4d\x83" "\xa0\xfe\x5e\x4f\xeb\xe2\xad\x79\x1c\x61\x2a\x4f\xbb\x4a\xb8\xbb\xdb\x54" "\x4f\xd3\xf3\x5b\xf8\x38\x2c\x0f\x56\x5f\xf9\xbd\xfc\xfd\x0e\x95\x24\x4b" "\x66\x1f\xec\x2f\xa4\xa9\xfa\x58\x32\xe2\x8f\xaa\x6e\x12\x6d\xaf\xcd\xc5" "\x09\x3b\x9f\xbe\xc2\x9a\x21\x11\x68\xfa\x66\xff\xca\xcd\x7f\x36\x87\x2c" "\x9c\xda\x50\xa3\x42\xa8\xb7\xe2\x22\xbc\x4b\x43\xcd\x94\x47\x8b\x22\x63" "\xb1\xc6\xa3\x2f\x0e\xe0\x4e\xb1\x91\x67\x6b\x4a\xb4\x6b\xde\xd1\x27\x32" "\x0a\x83\x45\x2d\x02\xa1\x0c\x4b\x26\xb3\x51\xef\xa7\x8b\xae\x13\xb9\x63" "\xef\x0e\xe2\xde\xf0\xc2\xf5\xb2\x21\xd7\xbc\x7d\xee\xa2\x28\x23\x45\x57" "\x89\x48\x7f\xbf\x5e\x78\x7a\x4d\x39\x5d\x32\xd3\x6a\x90\x9c\x02\x00\xb0" "\x79\x9c\xd7\x13\xc9\x69\xed\x8e\x11\xff\x96\x10\x99\xe5\x2c\xf4\x90\xaf" "\x46\xb3\x2e\xce\x1d\xe5\x27\x5a\x5b\xc6\x02\x45\x04\x0e\x05\x83\x1e\x26" "\x9d\xe8\x94\x54\x70\x09\x0c\xf6\x7e\xf5\x52\xcb\xa9\xb3\xea\x8a\x4e\x24" "\x19\x9d\x7c\x7f\x5e\x63\xf4\x8e\xbc\x3f\xdc\xf5\x1b\xfa\xbb\x56\x31\x84" "\xcd\x53\xc3\xbb\x8e\x64\xc1\x49\x1a\xfc\xe3\x10\x38\x87\xf0\x9b\x69\xf6" "\x09\x7c\xa7\x92\xc8\x27\xa5\x17\xfb\xfc\x0e\xf3\x64\x71\x37\xc6\x8c\x0b" "\xd2\x5b\xe3\xe0\x6d\xa8\x20\x15\x67\xb0\xff\xd6\xa2\x39\xa7\xd5\xa1\xf4" "\x07\xd6\x50\x69\x46\x56\x1a\x35\x90\xb0\x6c\x3d\xaa\xf0\x39\x4b\x37\x87" "\x26\x0d\x12\xd1\xdc\x29\xdc\xe3\x63\x82\xb6\x51\x1b\x2a\xe0\xb6\xfb\x7c" "\xf5\x97\xec\x4f\x3e\x1e\x24\xec\x0d\x5b\x18\xd2\xd5\x56\x1a\xcc\x94\x36" "\x33\xb0\x59\x26\x3f\x0d\xe1\xfc\xa0\x23\x82\x44\x64\x0c\x1d\xc4\x6e\x4e" "\x87\x90\x7f\x86\x1d\xa5\x37\xd7\x70\x69\x3f\x35\xb8\x6c\x21\x8e\xbd\x6b" "\xad\x12\x2b\x29\x41\x95\xc0\xe3\x81\x97\x2f\x81\x4f\x81\x00\x01\xd7\x9b" "\x83\xf9\xc9\x1f\x50\x70\xd5\x45\x1a\xb2\xf5\xb3\xb5\xc7\x4f\x44\x7b\x02" "\xe9\xce\x89\x97\xfe\x81\x71\x2a\x80\xe8\x1f\xcd\x8a\x71\xf4\x1a\x3e\xed" "\x8d\xbb\x0b\x06\xfe\xb6\x29\xde\x10\x4b\xbc\x8b\x4a\x12\x46\xe5\x5c\xc4" "\x9c\x59\xef\xf4\xbb\xdf\xff\x8e\x28\x42\x06\x4c\xe7\xf3\x46\xbe\x16\x96" "\xb2\x16\x32\x3e\xdb\xfb\xf1\xe3\x5f\x2c\x1b\x2a\x38\x09\xf2\xc1\xdd\x4b" "\x1c\x1c\x7a\x03\xa6\x6b\xf2\x0c\xba\xd4\xcc\xd7\xbf\xc6\x2a\xaa\x34\xef" "\x60\x9d\x17\x5f\xe8\xed\x3f\xcf\xab\xd6\xb2\xef\xa4\x95\x06\x32\xd9\xbc" "\x77\xe8\x73\xfc\xe2\x90\x21\xe2\x57\x01\xe8\x66\x7a\xa1\xe0\xfd\x5d\xfd" "\xfa\x00\x5d\x74\xe1\x20\xfa\x02\xc1\x70\x4d\x24\x2e\x96\x27\xcf\x87\xdb" "\x26\xa6\x42\xda\xbc\x89\xdb\xd0\x7b\x62\x42\x8b\x08\x43\xca\x10\xb9\x40" "\xf8\x04\x12\x33\x81\x79\x9b\x48\x34\xc0\x64\x33\x46\x97\xa7\x44\x08\xe7" "\x14\x0a\x4e\x3a\x8d\x3a\xa5\x97\x6d\x25\x6d\x5b\xde\xb8\xd1\x33\xa5\x05" "\xae\x41\xaf\x50\x11\x83\x76\xfb\x57\x99\xb8\x7b\x78\xd1\x17\x57\x67\x16" "\xfc\x9b\x5e\xdd\xf0\x79\x44\x19\xa2\x45\x6c\x94\xb4\xa5\x55\xa4\x9b\xc5" "\x38\xb7\xc3\xdf\xf5\xbb\xd3\xb0\xa8\x2d\x93\x4f\x5c\x39\xbc\xef\x40\xc3" "\x9c\xf9\xac\xec\xf3\x30\x1f\x1b\x3e\x55\x7b\xa1\xdf\x91\x8d\x05\x6b\x92" "\xed\x33\xe5\x0b\x8b\xd4\xda\xcb\x16\xb8\xb6\xa3\x4b\xd0\x93\x2e\xa0\x03" "\xfa\x8d\x9e\x1e\x23\x76\x50\xb3\x21\x07\xaf\x38\x7e\xc6\x0f\x90\x40\x48" "\x87\x68\x0f\xc2\x0c\x41\xe3\x63\x6b\xad\xa1\xe1\xa6\xf6\x5b\xc9\xd1\x36" "\x80\x0c\x48\xd4\xed\xee\xbb\xc9\x9e\x1a", 4096); *(uint64_t*)0x200010c8 = 0x1000; *(uint64_t*)0x200010d0 = 0; *(uint64_t*)0x200010d8 = 0; *(uint64_t*)0x200010e0 = 0; *(uint64_t*)0x200010e8 = 0; *(uint64_t*)0x200010f0 = 0; *(uint64_t*)0x200010f8 = 0; *(uint64_t*)0x20001398 = 4; *(uint64_t*)0x200013a0 = 0; *(uint64_t*)0x200013a8 = 0; *(uint32_t*)0x200013b0 = 5; syscall(SYS_sendmsg, -1, 0x20001380ul, 4ul); memcpy((void*)0x20000140, "./bus\000", 6); syscall(SYS_mknod, 0x20000140ul, 0x2000ul, 0x4086337); /* major = 99, minor = 264247 */ *(uint32_t*)0x200000c0 = 6; *(uint64_t*)0x200000c8 = 0x20000080; *(uint16_t*)0x20000080 = 0; *(uint8_t*)0x20000082 = 0; *(uint8_t*)0x20000083 = 0; *(uint32_t*)0x20000084 = 0; *(uint16_t*)0x20000088 = 0; *(uint8_t*)0x2000008a = 0; *(uint8_t*)0x2000008b = 0; *(uint32_t*)0x2000008c = 0; *(uint16_t*)0x20000090 = 0; *(uint8_t*)0x20000092 = 0; *(uint8_t*)0x20000093 = 0; *(uint32_t*)0x20000094 = 0; *(uint16_t*)0x20000098 = 0; *(uint8_t*)0x2000009a = 0; *(uint8_t*)0x2000009b = 0; *(uint32_t*)0x2000009c = 0; *(uint16_t*)0x200000a0 = 0; *(uint8_t*)0x200000a2 = 0; *(uint8_t*)0x200000a3 = 0; *(uint32_t*)0x200000a4 = 0; *(uint16_t*)0x200000a8 = 0x210; *(uint8_t*)0x200000aa = 0; *(uint8_t*)0x200000ab = 0; *(uint32_t*)0x200000ac = 0; syscall(SYS_ioctl, -1, 0x80104277ul, 0x200000c0ul); memcpy((void*)0x20000000, "./bus\000", 6); res = syscall(SYS_open, 0x20000000ul, 0ul, 0ul); if (res != -1) r[0] = res; *(uint64_t*)0x20000180 = 0; *(uint32_t*)0x20000188 = 0; *(uint64_t*)0x20000190 = 0; *(uint64_t*)0x20000198 = 0; *(uint64_t*)0x200001a0 = 0; *(uint64_t*)0x200001a8 = 0x210; *(uint32_t*)0x200001b0 = 0; syscall(SYS_sendmsg, -1, 0x20000180ul, 0ul); *(uint32_t*)0x20000040 = 1; syscall(SYS_ioctl, r[0], 0x82907003ul, 0x20000040ul); return 0; }