// https://syzkaller.appspot.com/bug?id=a2eca15e6e0be4be3ed1b0b2bab3332edc317b1c // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i; for (i = 0; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define __syscall syscall struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; int collide = 0; again: for (call = 0; call < 5; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res; switch (call) { case 0: memcpy((void*)0x20000180, "./file0\000", 8); syscall(SYS_mknod, 0x20000180, 0x2000000006002, 0x401); /* major = 4, minor = 1 */ break; case 1: memcpy((void*)0x20001240, "./file0\000", 8); res = syscall(SYS_open, 0x20001240, 0x40000400000002c2, 0); if (res != -1) r[0] = res; break; case 2: *(uint64_t*)0x20000500 = 0x20000580; memcpy((void*)0x20000580, "\xee\xe8\xc0\x41\x57\x48\xea\x4a\xe0\x97\x63\xab\xbb\x20\x07\x12" "\xdb\xef\xe0\x87\x8a", 21); *(uint64_t*)0x20000508 = 0x15; *(uint64_t*)0x20000510 = 0x200001c0; memcpy((void*)0x200001c0, "\x74\xa3\xc8\x7c\x4a\x2f\xe0\x74\xb6\x2b\x30\xbc\xe3\x9a\x96\x9a" "\x94\x1b\x9b\xd5\x78", 21); *(uint64_t*)0x20000518 = 0x15; *(uint64_t*)0x20000520 = 0x20000200; memcpy( (void*)0x20000200, "\x1a\xc1\x6d\x81\xfe\x17\x19\xa8\xb7\x3e\xc4\x85\x29\xe0\x7c\xe0\x10" "\x6c\x34\x26\xf1\x90\x8c\x9f\x26\x5d\x4f\xb8\x22\x94\xfd\xf6\x40\x92" "\xe4\xcf\xa0\x49\x7a\x97\x9b\xd5\x3c\xf2\x50\x47\x0d\xe9\x0b\xf3\x88" "\xb6\x9a\x7b\x60\xa8\xef\x11\xd1\xad\x43\xa0\x4d\xcb\xd0\xfe\x94\xbd" "\x78\x81\x9a\x1e\xb2\xca\xaf\xd7\x36\xf0\x85\x9a\x5f\x14\x07\x41\x9f" "\x6a\xf9\x01\x55\x07\x4a\xfb\xcb\x5c\xe8\x7e\xba\xa2\x03\x4f\x52\x5b" "\xa5\x92\xb0\x5c\xf6\x4c\xeb\xbd\xc1\xb3\x0c\xe3\xc2\xf3\xe9\x22\x67" "\xa0\x57\xff\x2e\xc8\xa6\xd9\xe6\x9e\x95\x32\x4b\x31\x7d\xde\x18\xcb" "\xf4\xea\x0f\xd2\x64\xe2\x50\x2a\x62", 145); *(uint64_t*)0x20000528 = 0x91; *(uint64_t*)0x20000530 = 0x200002c0; memcpy( (void*)0x200002c0, "\x6c\x9c\xe6\x78\x7e\xc6\xe4\x43\x18\xfa\x5e\x43\xfa\xf2\xb1\x00\xb8" "\x3b\x6f\xe1\x13\x85\x63\x5c\x54\x8a\xd3\xae\xbf\x01\xe3\x2f\xb0\xce" "\x60\x97\x92\xa6\x99\x23\xb1\x29\xda\xd5\x89\x7b\x4e\x62\x09\x50\x4f" "\x34\x89\xda\x7f\xfe\xb2\x00\xb5\x5e\xfb\x84\xff\x34\xde\xd0\xcf\x84" "\x91\x60\x78\x2e\xee\xbf\x65\x00\x85\x98\xa8\xa4\xad\xb7\x72\x6e\x86" "\x73\xbe\x46\xe6\xa6\xd6\xa6\x01\x08\xbf\x8b\x8f\x36\xd3\x63\x80\x72" "\x70\x20\xc3\x01\x96\xeb\x3c\x5a\xe2\x6f\x57\x14\x33\x84\x80\x09\xf0" "\x03\x8b\xf4\x8a\x8f\x36\x9e\x0e\xe4\xca\x96\x20\xdd\xe0\xf2\x3f\x07" "\xed\xb6\xa7\xcc\x8b\xec\x2f\xd9\xfe\xad\x22\xbb\x4a\xc8\x38\xa5\xad" "\xa1\xba\xe9\xfb\x4e\xad\x0e\x40\xed\x66\x30\xd0\xe3\x79\x86\x61\x4d" "\x49\xd8\x81\x94\x01\x00\x28\x2d\x35\x7e\x60\xb5\x38\x6f\x29\x02\xd4" "\x82\xa4\x77\xfd\x45\xef\xf5\xe5\x7c\xea\xb9\xdf\x8f\xef\x3f\x31\x3b" "\x00\x89\x8c\x5c\x23\x27\x08\x59\xa1\x57\x24\x4c\xb6\x36\x10\x43\xdf" "\x45\x2f\xd0\x71\x0e\x0e\x99\x9a\x16\x5d\x5f\x9c\x2b\x9c\x85\xe3\xbe" "\xcb\x24\x33\xe3\x09\x49\x26", 245); *(uint64_t*)0x20000538 = 0xf5; *(uint64_t*)0x20000540 = 0x200005c0; memcpy( (void*)0x200005c0, "\xd5\xcf\xa7\x3a\xd8\x9c\x91\x24\x4d\x1e\x43\xf8\xaf\xbf\x42\xae\x44" "\xf6\x1d\x85\x16\x3e\x8f\xa2\xa4\x12\x3b\x18\x4f\x42\xae\x27\x0a\xaa" "\xfc\x97\xa0\xb1\xb3\x64\xea\x88\x82\x50\xf1\x7b\xea\xc0\x5a\xb8\x6c" "\x13\x21\x50\xaa\x6a\x80\x9f\xdf\xf0\xe5\xbb\xd7\xaa\x5a\xf1\x75\x21" "\xca\xe6\xa9\xc3\x6c\x21\xd2\xec\x93\xc3\xcb\xd2\xa3\x68\x2b\xdf\xa3" "\x78\x78\x0d\x1f\x00\x00\x00\xfc\x17\x7e\xca\x41\x6e\xba\x68\x59\x2c" "\xd3\x5e\x6e\x31\xad\x15\x84\x62\x3e\x26\xc8\x0f\x49\xcb\xb6\xe1\xf7" "\x92\x1b\x78\x20\xe5\xbd\x1e\x17\x6e\xc9\xfb\x8d\xa4\x93\xc2\x69\x3a" "\x11\xc4\x83\x91\xc8\x72\xfe\xe1\x14\xe1\x87\x30\x56\x49\x5b\xa1\x6e" "\xd4\x4d\xb5\xb0\x7b\x49\x78\xea\x3e\xe5\xc9\x12\xaa\x1a\x39\x8e\x33" "\x31\xd9\xca\xf2\x26\x1b\xc2\x91\x95\xd5\xf2\x52\xc7\x2d\xa8\x58\x24" "\x63\xbb\xa9\xb4\x3b\x9d\x83\xaa\x69\x3d\x36\x4c\xde", 200); *(uint64_t*)0x20000548 = 0x5a; *(uint64_t*)0x20000550 = 0x20000440; memcpy((void*)0x20000440, "\xa0\x4e\x6b\xa8\xe2\xfb\x07\x98\x5a\xe8\x90\xbf\x88\xb5\xec\x12" "\x6b\x9d\x25\x22\xd6\x1c\x67\xdc\xa3\x36\x5d\xf7\xbe\x78\x47\xb5" "\xde\xfa\x80\xa1\x8e\x91\x81\xae\xf5\xe1\x0f\xa6\x39\x68\xd8\x91" "\x58\x90\xcd\x07\xf3\xbf\x81\x87\xc7", 57); *(uint64_t*)0x20000558 = 0x39; *(uint64_t*)0x20000560 = 0x20000480; memcpy( (void*)0x20000480, "\xe3\x29\xdc\x4f\xb1\x01\xfe\x2e\xa8\xcc\x96\xb5\x4c\x2e\x86\x21\xe9" "\xf8\x03\x52\xad\x73\xf3\xc6\xb4\xb4\x96\xd9\xdc\xd6\x38\x4c\xde\x03" "\xdb\xd3\x98\x5f\xc3\xb6\x41\xc1\xff\x03\xb1\x50\xe5\x9b\xbf\xc8\xc9" "\x9a\xfc\x8b\xb0\xd7\x31\x94\xef\x44\x12\xf9\xfc\x5c\x08\x9e\x9c\xba" "\xaf\x3f\x09\x70\x6c\x20\x41\xa8\x35\xaf\x7d\xed\xaf\xc6\x2e\xb6\xf1" "\x0f\x47\xe0\xb4\x2d\x51\xd6\xc4\x15\xd0\x1a\xec\xa6\xaa\x6e\xd6\x08" "\xad\xa7\xa9\x15\xa7\x79\x6c\x74\x66\x9f\x93\x8b\xf8\x5a\xf8\x6c", 118); *(uint64_t*)0x20000568 = 0x68; *(uint64_t*)0x20000570 = 0x20001280; memcpy( (void*)0x20001280, "\x9a\x78\x39\x6c\x59\x0a\xa6\xe8\x3c\xf6\xc2\x5f\x97\x79\x9e\xc9\x90" "\x7c\x99\x1d\x80\x2f\x0d\x9e\x14\x90\x20\x99\x3d\x7a\x83\xf3\x28\xb6" "\x39\xa3\x01\x06\xbf\x8f\x1b\x33\xac\xe8\xc7\xd5\x7e\x1b\x6c\x79\xf6" "\xe4\x44\x94\x8c\xe7\x40\x37\xef\x14\x84\x7d\x83\x40\x8f\x0b\x54\x15" "\x17\x26\xa1\x84\xec\xc6\xd6\xa3\x95\x30\xb4\xf3\x93\x8e\xcf\x48\x6d" "\xe4\xaa\x9c\x67\x32\x9e\x1e\xe3\x66\x66\x07\x26\xf5\xfa\x49\x5b\xa1" "\xcc\x2f\x6a\xc9\x72\x75\xc8\xf1\xaf\xf6\x84\xdb\x68\xc0\xd3\xe7\x2b" "\x58\x55\x0b\xee\x4f\x02\xab\xaa\x7c\x64\x1a\xfd\xfc\x57\xeb\x60\xf6" "\x6d\xf2\xb2\x10\x56\x43\xce\xbc\x51\xba\x05\x86\xfb\xc9\xb0\x46\x68" "\xbb\x3c\xc8\xe0\xef\xbe\x93\xa8\x51\x2e\x5e\xf0\xdb\x3e\x93\x58\x7f" "\x77\x10\xf4\x5a\x99\x9c\x5b\xb5\x9f\x98\x67\x65\x6f\x20\x42\x84\x4d" "\x43\xb9\x22\xc5\x4c\x2c\xfe\x5a\xe6\x21\xa8\xf9\xce\x44\x49\xd3\x8a" "\xff\x16\xa4\x62\xc1\xcb\x8e\x53\xf6\xc3\x93\x7d\xe6\x7e\x8f\xfa\xb7" "\x2c\xc0\x17\x39\xab\x2e\xd7\x0e\xae\x2a\x0f\x6b\x10\xf7\xef\x97\xbd" "\xe8\x9b\x9e\x29\x9f\x84\xd2\x55\xbe\x81\x1c\x76\x8d\xe7\x5d\x69\xfa" "\xf1\x81\x96\x3c\x7b\x6d\x9d\x94\xd4\x11\xec\xad\x93\x67\x96\x6e\xcf" "\xa5\x3f\xf0\x37\xb2\x48\xff\x8c\x65\x27\xaf\xa2\xee\x87\xb9\xd0\x05" "\x91\x06\x26\x7a\xa4\x56\x15\xf8\xb6\xe7\x45\xe5\xf4\xb1\x94\x37\x08" "\xfc\x68\x74\x73\x15\xcd\x29\xb5\x49\x0a\x48\x63\x01\x1a\xa1\x50\x37" "\xc2\x08\x77\x77\x95\x31\x66\xf6\x17\x6f\x59\x4d\x2b\x7b\x67\xa7\xe6" "\x3a\x65\x45\xe5\x7c\x9c\x86\x19\x51\xda\x27\xd1\x78\xa9\xcc\x5f\xeb" "\x12\xf7\xe5\xb5\xb6\x75\x4d\x45\xee\x11\x62\x9e\xc6\xa6\xae\xad\x45" "\x2a\x4e\x7f\x5b\x44\x5c\x36\x22\xaa\x1c\x0a\xa6\x2c\x13\x2b\x53\x87" "\x0b\x48\x3b\xc7\xc5\xf9\x5c\x9c\x20\x9e\x2e\x00\xa6\xbf\xc4\x0d\x33" "\xe2\x01\xb5\x7e\xe2\xfa\xab\xf9\x9b\xf5\x33\x7d\x93\xb1\xb7\x65\x1e" "\xa1\x5b\x8a\x33\x89\xd2\xb9\x9b\x40\xac\x17\xee\xb0\x64\xf3\x80\x6a" "\xeb\x14\x35\x16\x31\xb6\x03\x38\x59\xd6\xf6\x5f\x24\xe8\x68\xf8\x62" "\x47\xc4\x5a\xb1\x56\xce\xdb\xf3\x3c\xf5\xc7\xe1\x62\xa6\xd5\xa1\x64" "\x58\x06\x09\x64\xe3\x48\x92\x78\x32\x6d\xa7\xbc\x5a\x35\x30\x91\xf9" "\xe5\xd4\x8c\xae\xef\xf8\x5c\x5e\x30\x97\x23\x13\xbd\xbe\x6b\xe2\x5d" "\x72\x9d\x32\x78\x05\x75\xbc\x1f\x33\xc1\x5c\xf0\x0f\xed\xab\x13\xaa" "\xbc\xf1\x85\x48\x8d\x60\x08\x5c\x5c\x9d\xab\xe8\x38\x43\x3e\xc7\x02" "\xbe\xe9\x51\xe9\x33\x0f\x51\x9d\x29\x1f\xd6\xee\xab\x5f\xf3\xd9\x12" "\xad\xc6\xb6\xa3\x68\x54\x1d\x44\xaf\xa7\xf7\x8c\xc6\xa9\xde\xe6\x0d" "\xcd\x11\x39\x8e\x5f\xbb\x78\x98\x8c\x51\xb7\xf0\x0c\x16\xc2\x1a\xbc" "\xac\x28\xa7\x0a\x03\x8e\x8b\x5e\x63\x83\x6a\x7c\xe7\xa3\xb4\xd4\x01" "\xf0\xe1\x4e\x81\xdb\x3f\xfb\x1d\x92\xf0\xa3\xb8\x4e\x12\xc7\x4d\x8e" "\xf8\xb1\x0b\x76\xd5\x4f\xb2\xc7\xc9\xe1\x3a\x19\xd8\x6a\xa8\xb5\x6c" "\xd5\x45\x81\x2c\x44\x0b\x32\xb4\x3e\x16\x95\x01\x8a\x70\xa8\xb7\x3b" "\xc7\x43\x38\x4f\x4b\x43\x7c\x9c\x2b\x2c\xf2\x44\x18\xcd\x61\x48\xf9" "\xfa\xb8\xa4\x4b\xaf\x97\xed\x3e\x87\x6b\x3d\xa1\x62\x3e\x4e\x1e\x98" "\xbc\xc0\x3e\xf1\x9a\x90\xf9\xae\x96\x89\x07\xb8\xbb\xdf\xce\xbc\xf2" "\xe0\xb3\x06\xe5\x0d\xb5\x92\x6c\xf9\x2d\xbd\x22\xb7\x7a\xf3\x56\x47" "\x65\xf3\x6e\xd6\x16\x71\xcb\xd7\x4b\x27\x56\xbe\x4f\x55\x59\xe5\xf8" "\xa7\x26\xc3\x5b\x1f\xe9\xcf\x8d\x41\xe3\xb3\x0f\x77\x96\xfe\x10\x80" "\xb7\x79\x7c\xde\xdc\x4d\xe8\x38\x9c\xc4\xef\xa2\x8a\xce\xb2\xc6\x7c" "\xfa\xcd\x53\xd1\x11\x6d\xdb\x2c\x40\x76\x46\xaa\x34\xc8\x10\x71\x5f" "\xd7\xbb\x4b\x6b\x6a\x35\x5a\xd6\xa0\xa5\x71\x36\xe8\x4f\xe8\xa0\x89" "\xcd\x4c\x3c\x48\xad\xc6\x8c\x37\x1b\xb9\x1a\x8e\x1b\x6b\x76\x2d\x85" "\x41\x85\xd5\x64\xce\x78\xbf\x2d\x3c\x9e\x3e\xb4\x75\x62\x47\x07\x85" "\x91\xa0\x66\xf7\x0f\x7c\x32\x05\x80\xe9\xbb\xb2\xe1\x8e\xad\xff\x95" "\x29\x49\xbc\x7b\x1b\xef\x3c\x1f\xc5\xf9\xf1\x3a\x21\x27\x94\xec\x86" "\x49\xef\x6d\xb3\xa8\x8a\xe1\xea\xa4\x4b\xc1\xa9\x49\x55\x38\x42\xf2" "\xe5\x0e\xa9\xc2\x5d\x1a\x35\xa7\x78\x5d\x19\x43\x15\x40\xde\x1b\xca" "\x3a\xff\xfb\xca\x36\x8d\x6f\x33\xcf\xdf\x67\xcd\xc3\x92\xe7\x20\x4d" "\x6c\x2d\x39\x50\xbf\xa4\x90\xa8\x18\x93\xd3\xd9\x7e\x7e\x12\x46\xc5" "\x96\x80\xd2\xf6\x25\xd7\x69\x66\xe8\x54\xca\x29\xb3\x59\x23\x03\xd4" "\x0d\x09\x05\x2c\x03\xfc\x2f\xc0\x55\x45\x37\x4d\xe3\x09\x5f\x2a\x01" "\x4f\x16\xd6\xb1\x02\x17\x5b\xbe\x80\x24\x80\x44\x2e\x00\xb6\xba\x1c" "\x40\xc1\x90\x8e\x74\x44\x71\x72\x97\x0f\x35\x89\xa0\x50\x0a\xd7\xc8" "\xf2\x53\x20\x5f\x50\x52\x67\x63\x3f\xf8\x48\xd1\xb1\xd2\x21\x31\x99" "\x53\x70\x15\xbd\x8a\xf4\x3c\x99\x9d\x90\x45\x5a\x8d\x9e\x03\xc9\xf7" "\x33\xfe\x06\xac\xa7\x07\xcd\x00\x14\xa8\x6e\xa9\xf2\xf8\x23\xc2\xc8" "\x2d\xb3\xae\x87\x61\x32\x17\xbc\x7d\x76\x46\xd5\x8f\xef\x59\x4c\x84" "\xd1\x60\xc5\x6f\xb6\x54\x83\xe6\x6d\x4b\x4a\x13\x73\xef\xf7\x24\x1c" "\x7d\x9d\xe3\x06\xfc\xf1\x8b\x7d\xec\xa7\x81\x9b\x27\x12\x94\xc0\x0d" "\xfb\x4e\xbf\x99\xb9\x6c\x6d\x42\xf3\x2c\xfd\x66\x6f\xd2\x13\xf6\x8c" "\xf6\x32\xa6\x18\x19\xc7\xd8\x74\x62\x04\xc1\xf4\xf9\x0b\x79\x7d\x1f" "\x95\x9a\x8c\x97\xd3\x7f\x79\x8c\x49\x98\x25\xd3\x57\x10\x0b\xdc\xaa" "\x46\x03\x53\x58\x69\x55\xa6\xfb\x50\x57\x43\x26\x10\x27\x7a\x6c\x7b" "\x86\xb2\x98\x87\x1c\xee\x7d\x7c\x4a\x91\xfa\x23\x79\xeb\x39\xf1\x23" "\xdc\xf8\x8c\x9c\xd3\x29\x21\x78\x4c\xcc\x67\xd4\xc9\x5f\xcc\x94\x21" "\x04\x92\x9d\x64\xe6\xc9\x8f\xb7\x79\xaf\xa1\x59\x21\x64\x65\x99\xd9" "\x24\xc0\xd1\xce\x0e\x3e\x16\x07\x2a\xfd\xfa\xa3\x23\x29\x8b\x8c\x6f" "\x0d\x81\xca\x14\xc7\x97\x18\xe6\x2e\x28\xdc\xbc\x0c\x71\x39\x06\x06" "\x60\xbd\x5e\xbb\xba\x66\x89\x8a\x3f\xf9\x57\x2e\x83\x59\xf4\x56\x87" "\x5f\xdf\x92\xa7\xca\x8e\xf3\xc9\xa1\x8e\x17\xe0\x8e\x71\x11\x13\xcb" "\x2a\x4d\x1f\xab\x47\x92\xad\xf7\x78\x6c\x4d\x37\x3a\x40\xa5\xe9\xd7" "\xad\xc5\x6a\xff\xd9\x65\x2a\x85\x7b\x08\xff\xb5\x0e\xe5\x66\xf9\xd8" "\x39\xf9\x8a\xf9\xaf\xb7\xf0\x67\x11\xd6\x5b\x3e\x7d\xb5\xb2\xb4\x6b" "\x6e\xa0\xed\x07\x52\x6a\x63\xfa\x7d\x6b\x5c\xcb\xcb\xed\x6c\xd5\x01" "\x6a\x66\xd6\x7f\xcb\xec\x93\x15\x4b\x9f\x6d\xfe\x95\xf5\x65\x66\xd1" "\x7b\xd7\x7a\x00\x10\xff\x16\xa1\x0b\x03\x9d\x5c\x3d\x2a\x1d\x7f\x60" "\xc1\x50\x08\x47\xbe\x8b\xfe\xc0\xc4\x4a\xa5\x4a\xc1\x46\x48\xc2\x2a" "\xe6\x22\xd1\xa8\x51\xed\x0d\x94\xf8\xc0\xc5\xaa\x15\xdc\xe5\x70\xaa" "\x22\x06\x31\x8f\xf7\xa8\x0a\x1b\x5d\x98\x5f\xc9\xb8\xb0\x8d\x71\x7c" "\xf8\xb9\xb8\x18\x70\xd8\xa1\x5e\x0a\xf7\x90\x90\x4d\xc3\xa8\xb5\x0d" "\x13\x18\x17\x52\x96\xc5\x63\x42\xa0\xe0\xb8\xee\x1e\xb9\xcd\x7f\x3c" "\xac\xe6\x7d\x42\xb0\xa8\x72\xd9\x0d\xb1\xf1\x94\x3e\x30\x0e\x27\xf7" "\xf3\x59\x67\x4a\x2c\x27\x81\x2c\x48\x08\x19\xc4\xde\x22\x24\x56\xc3" "\xfd\x7c\xb4\x99\xf4\x2e\x65\xdc\x78\x16\x48\x29\x28\x3a\xab\x89\xc5" "\xaa\xf1\x65\x76\x4f\x8e\x3f\x07\x08\x52\x3f\x1d\xc5\x03\x2b\xeb\x7b" "\x5e\xc8\x46\x7a\xfc\x94\xb7\xa7\x23\xc4\x92\xeb\xed\x98\x77\x3d\x17" "\xc8\x59\x0d\x74\xf0\x7e\xdf\x90\x00\xd8\x97\x4e\x87\x50\x17\x56\xeb" "\xef\x08\x83\xea\x23\x5a\xaa\x58\x86\x31\xc2\x1b\xf6\xcf\x75\xf5\x6d" "\x1d\xab\x6b\x22\x08\xe4\x41\x90\xb7\x1c\xae\x23\x31\xd0\xd5\x11\x05" "\xbe\xd5\x03\x2d\x00\x9b\x3c\x14\xcd\x9f\x9c\xf6\x1f\x3b\x02\x29\x60" "\xf6\xa6\xff\x73\x10\x10\x46\x20\xb4\x4f\x69\x65\x31\x93\xfb\x12\x0e" "\xd9\x49\xd7\x8e\xa8\x7e\xa8\x08\x9a\x2e\xc6\x65\x8a\xf1\xd8\xa5\xe0" "\x92\xd9\x0d\x86\xbd\x04\x61\x8d\xaf\x1d\x97\x2a\x1b\x21\x0b\xb7\x78" "\x7f\x69\x09\x3e\xf4\x9c\x01\x81\x83\xf0\xe5\xe2\x27\xb2\xc0\xec\x6c" "\x9b\xad\x83\x1d\x37\x78\x44\x31\x2d\xf2\x58\x6d\xc5\x07\x70\x27\x2a" "\xe8\x65\xfb\xac\x44\x6d\x3e\x10\x31\x1d\xee\x1c\x86\x7f\x69\xc0\xcf" "\xd5\xeb\x8d\x7a\x57\x57\xb9\x5c\x4e\x19\x5e\xd8\x84\xb8\x46\x65\x52" "\xbb\x26\x72\xc7\xda\xd5\x7c\xca\xe9\x18\x8e\x9b\xda\x41\x83\x66\x90" "\x4c\x99\x55\xb8\xa2\x70\x4e\x92\x53\xc2\x75\x95\x4b\x91\xbb\xab\x72" "\xb2\x7a\xf9\xfe\x2b\xee\x52\xde\xc7\xb2\x08\x6c\x06\x21\xc6\x48\x5c" "\xee\xcb\x6a\xb2\x43\xb7\x63\x09\x67\xd5\xe6\x61\x22\x57\xa1\x90\xd1" "\x44\xed\x80\xbf\x29\x9e\xed\xd9\x0c\x88\x5d\x6b\x0f\xae\x6a\x46\x4c" "\x55\xde\x61\x37\x72\xeb\x22\x03\xb9\x8b\x65\x07\x5b\x08\x1b\x2c\x1e" "\x83\x07\xef\xb2\x13\x00\x16\xb6\xca\xbf\x37\xc8\x7c\xb3\x2e\x31\xb0" "\xd4\xa6\x36\xaa\x1b\x60\x13\xc4\xea\xac\x72\x36\x83\x10\x62\x7d\xdc" "\x93\xb2\x9f\xa4\xbc\x17\x7b\xca\x86\xde\xb2\x68\x20\x6c\x5b\xae\x71" "\xf2\xa3\x9d\x78\xe0\x5d\x48\x81\x61\x59\x39\x40\x12\xf6\xfe\xfb\xeb" "\x73\x03\xce\x52\x96\xa7\x33\xb7\xee\x01\x27\x9e\x9f\x83\x7b\xd2\x55" "\x98\x82\x40\x1f\x5d\x18\x43\xde\x43\x62\xd2\x02\x98\xbc\x0f\x12\x0a" "\xe2\xe2\x64\x86\xa9\x51\x67\xcc\x6e\xf0\xc6\xe7\x4d\x8d\x89\x40\xb7" "\x58\x2e\xc3\xcf\xbd\xa5\x76\xda\x26\x93\x58\x29\xe9\x9c\x81\x70\x37" "\x2a\xff\x06\x07\xaf\xe2\xca\x7c\x3b\x4f\x9d\x4e\xde\xd7\x88\xb1\x7e" "\x5a\xd3\xac\x51\xc4\xfc\xa1\x7b\xa3\x96\xdb\x88\xbe\xa6\x8a\xee\xb6" "\x40\xc9\xba\x6b\x87\xa0\x80\x91\xa7\xcf\x88\x38\xbd\xe1\x72\x13\x5e" "\x39\x57\xb5\xb3\x50\x01\x3a\x07\x43\xe0\x34\xf2\x8d\x04\x49\xd3\x1c" "\x4a\x53\xd9\x03\xf6\xbc\x7e\x9f\xa2\x6f\x67\x15\x80\x1e\x38\x19\xde" "\x22\x52\x0e\x0a\x92\xfc\xa6\x81\xc2\x34\x55\x23\x0e\x08\xd5\xe4\x41" "\x79\xb7\xc6\x8d\x71\x1b\x32\x2c\x0a\x1a\xaf\x54\x5f\x69\x15\xb4\x72" "\x73\xd7\x0b\xaa\x40\x8c\xb0\x00\x26\xde\xe1\x29\x04\xd8\xbc\xb5\x20" "\x4d\xe8\xe4\x67\xc9\x5c\x2a\x3f\xf0\x75\x48\xfc\x73\x6d\x19\xa4\x81" "\x3f\x14\xad\x3e\xfd\x5b\x7d\xd9\xc8\x15\x97\xee\x94\x4b\x57\xdd\x79" "\x71\x4a\x59\xc2\x68\x4e\x03\x69\x63\xfd\x1c\xc9\x31\x7a\x7a\xd0\x9f" "\xef\xd2\x33\x9e\x51\x77\xab\xcf\xd2\x79\xb0\x24\x30\x1b\x7a\xe9\x1f" "\x46\x1d\x5c\x54\x84\x59\xc3\x2a\x87\x63\xf6\x95\xbc\x4a\xee\x9e\xda" "\x3a\xd9\x13\xf7\x3b\x0b\x3c\x74\xaf\x18\x74\xd7\xc0\x6e\xc0\x3d\x12" "\xa5\x1f\xf7\x31\x25\x46\x47\x87\x08\x71\x1a\x26\xdd\xf3\x8d\xfd\x50" "\xc7\x9f\x4f\x77\x1f\x26\x0a\xa8\x6d\x22\xa5\x66\x02\x32\x73\x10\x19" "\xb5\xd3\x07\xa1\x36\x76\x47\x54\x6d\x14\xf5\x7d\xe1\xb7\xe4\x0e\x6e" "\x83\xbb\x60\x5b\x6f\x5b\x27\xbd\x9c\xae\x4d\x54\x07\x28\xaf\xc9\xe3" "\x52\x41\x4a\x3e\x5b\x6d\x83\xa7\x44\x67\xbb\xf5\xd4\x6b\x65\x90\x4b" "\xd6\x7d\x88\xe3\xa5\xa8\x6f\xff\x0e\xb4\x07\x5e\xda\xf2\x00\xf5\x18" "\x8a\x88\x64\x0a\x21\xe5\xd9\x05\x1f\x0b\x30\x37\xeb\x6b\xab\xb2\x70" "\x35\xdb\xaf\x5c\x24\xf0\xd4\x2a\x3a\x08\x99\xa8\xdf\x34\x7b\x9c\xbe" "\x17\xf6\x82\xb0\xa6\xff\xb6\x0d\x6e\x8e\x81\x40\xa1\xf9\xbe\xce\x56" "\xe3\xc2\x6a\x5e\x6c\xb5\x21\xfb\x91\xe1\x89\x54\xdb\x7e\xd1\xbb\xe0" "\x0f\xa0\xc7\xab\x1a\xd1\xc9\x30\x60\xb7\xbd\xa5\xeb\x3f\xd7\xcb\xe8" "\x38\xa2\x1d\x14\x14\xe4\xbd\x9f\x30\x6a\xa6\x69\x33\x82\xcb\x16\x06" "\x18\x5f\x24\x65\x4b\xc6\xba\x13\x17\xcd\x43\x68\x1f\x0f\xdb\xb1\x43" "\x8a\x12\xd5\xed\x2a\xb6\x7e\x07\xd7\xed\xa5\xcf\xa8\x38\x0a\x2c\xfd" "\x1f\x5d\xd4\x26\x13\xbc\x22\x3f\xde\xb5\x95\xa7\x69\x62\x80\x99\xba" "\x3b\x4d\x9e\xfd\xa4\xae\x41\xbf\x85\x12\x96\x50\x6a\x73\x0d\x64\xf9" "\x2a\x20\xea\x7d\x10\xd8\xaf\x67\xf3\x63\x20\x8b\x19\x80\x91\x05\xdd" "\xad\x10\x21\xb1\xd1\x58\x67\x1c\x9e\x6c\x1d\x91\xda\x06\x00\xc6\xa7" "\xc1\xe9\x8a\xf5\xa2\x5d\x14\xe7\xd8\xe9\xe6\x4a\x16\x64\xf7\x04\x6b" "\x87\xc7\x9a\xa3\xbe\x41\x5e\xbf\x79\xac\xc1\x58\x37\xea\x8c\x36\x73" "\x34\xba\x0e\xb9\x2f\x21\x54\xd0\x35\xcd\xa7\x73\x4e\x03\x2e\x34\x4d" "\xf0\x4d\x57\xaf\x76\xfe\xd2\x58\x9c\x90\x24\x3f\x89\xda\xf9\x08\xa5" "\xfa\x55\x05\xa0\x59\xbe\x33\xb7\xdd\xa7\xbd\xaf\x91\xbe\x18\xfc\x77" "\x6d\xd7\x56\x52\xf2\xff\x79\x93\xd1\xc5\xf7\x50\xe8\xa8\xef\xe6\x23" "\x5f\x97\x87\x29\x7f\x2f\x38\x74\xee\xe1\xa1\xdf\x7a\xf8\xae\x71\x1e" "\x58\x1e\xc9\xad\x3e\xa0\xa7\xae\x00\xdb\xb4\xa6\x9f\x2f\x57\xd5\xb2" "\x9d\x8e\x3f\x69\x1b\x81\xe7\x49\x4e\x99\xd0\x9c\xc7\x3d\x4d\xe2\x5e" "\xe4\xde\x24\xe0\x49\x69\x07\xcc\xa7\x05\x4e\xe7\xe3\xeb\x49\x59\x87" "\x21\x4a\x8c\x2e\x80\xfb\x1b\x19\x7c\x2d\x82\xb6\xdc\xf7\x1b\x85\xf1" "\xcf\x3a\x12\xfc\xcb\x0c\xe0\x83\xdf\x94\xa3\xc5\x1c\x91\x1c\x72\xf5" "\x59\x49\x9c\xc5\x9c\x5c\xb9\x95\xad\xf7\x5a\x16\xe6\x7e\x10\xbf\x97" "\x16\xb8\x26\x67\x13\x3c\x9c\xd6\x0b\xdc\xef\x10\xc1\xb5\xcc\xd0\xcd" "\x48\x2d\x8a\x4d\x7b\x2d\xa2\xe0\xe1\x6d\x34\xbf\x7b\xec\xb4\x30\x56" "\x55\x59\xdf\xf3\x2a\x81\x7d\x97\x38\x18\x55\x3c\xd7\xf7\x62\x55\x4b" "\x01\x84\x13\x12\x59\x98\xf3\xd1\x32\xc6\x87\xc0\x84\xef\x78\xef\x3f" "\x77\xc4\x3b\x49\xbc\x32\x18\x1f\x2e\x39\xe9\xd4\xfd\x56\xe2\xbe\x5c" "\xba\x7b\x41\x16\x2b\x49\x47\x32\xc4\xc2\xcb\xf8\x3a\xed\x52\xa5\x53" "\x74\xfa\xf5\xc5\xd1\x1b\x64\xd5\x8a\x0f\xa0\x3e\xf4\x5c\xe1\x9a\x3e" "\x1b\x42\xa9\x72\xb4\x4e\x3c\x15\x6f\xc2\xb5\x2b\x33\x4d\x1f\x73\x6c" "\xd3\x94\x94\xf3\x01\x40\x53\x81\xbc\x80\x8e\xda\xa3\x2a\xf3\x2e\x41" "\x91\xe2\x3e\xcb\x90\x3a\x24\x0c\xe0\x53\x72\xec\xb6\xf7\x81\x91\x17" "\xc7\xc7\x1d\xd8\x61\x46\xff\x82\xa1\x00\xd1\xcd\x30\x28\x94\x62\xf7" "\x97\x76\x93\x5f\x75\x4c\xb8\xd2\xb5\xf9\x4b\x41\xd2\xa3\xed\xaa\x06" "\x4f\xb9\x09\x5f\xe9\xe3\x11\xe6\x01\x22\xa2\x0d\xfe\xd9\x6d\xf9\xff" "\x87\xd8\x57\xfa\xbc\x01\x3c\xbc\x12\x3a\xfb\xd8\x99\x9f\x61\x79\xf2" "\xa7\xf0\x36\xa4\xdd\x55\x61\xbb\x01\xb1\x50\x84\xd4\xbc\x58\xc7\x8c" "\xc7\x22\x79\xfd\x7c\x59\x01\xa4\xd5\x84\xc3\x43\x4f\x88\x9b\x25\xd4" "\x7b\xd4\x58\x57\xd1\xb9\xa5\xd0\x58\xd7\xf3\xf6\x28\x20\xda\x32\x1b" "\x94\x02\x40\xa2\x1b\xbe\x96\xc2\xf0\xbd\x1f\x77\x49\x8d\xc1\xa2\x5b" "\x0d\xd4\x60\xb6\xe1\xcf\x50\x25\xcf\x42\x45\x53\x5b\x35\xcc\x89\x68" "\x07\x23\xc4\xf1\xc7\xee\x3f\x5c\x33\xb3\x60\x42\xfc\xd2\x8e\x75\x94" "\xee\xb9\x84\xc1\x5c\x53\x83\x83\x92\x3b\x9e\xe3\xfe\x1e\x40\x60\xce" "\x35\x69\xe2\x35\x7a\x4b\xd5\x61\xb3\x56\xc8\xa8\xa5\x4a\x0f\x04\x77" "\xac\xdb\x17\x94\x31\xee\xac\x3e\xdb\x8a\xd6\x48\xff\xde\xe7\xd7\x3c" "\x9b\x30\x29\x82\x5b\x9a\x99\x52\x79\x66\xc6\x21\xb3\xfa\xe7\xc2\x32" "\xad\x31\x54\x0e\x9f\xc3\x98\x8a\x6c\x48\xb7\x02\x0f\x5d\x38\xad\x5d" "\x62\xe6\xb3\x74\x99\x38\xae\x72\x0f\x0e\x88\xc0\xdd\x03\x4f\x30\x07" "\x15\x99\x1f\xb9\x68\x86\x86\x88\x5c\x9a\x08\x77\xc7\x86\x2d\x34\xbc" "\xb5\xcb\x2e\x71\x07\x32\xfc\x4a\x91\xcd\xf6\xc3\xae\xa9\xf9\x3f\x9c" "\x05\xc9\x4d\xda\x24\xe0\x34\xfa\x8f\xf0\x09\xc5\x6c\x95\x60\x96\x78" "\x2e\xbf\x4c\x46\xdc\x5e\xe0\xb6\xb5\xc0\xac\x1a\x31\xb8\x69\x0f\xb8" "\x93\x4f\x9f\x36\x7f\x92\xfb\x00\xeb\x59\x87\x03\x21\x62\xfc\xc1\xe3" "\x0e\xaf\x6b\xc7\x96\x4d\xf6\xc9\xe2\x22\x66\x22\x27\x2e\xad\x7c\x6f" "\x3d\x82\xa0\x00\x5d\x20\xa1\x89\xbb\xa2\x30\x7b\x17\x73\xac\x08\xb2" "\x16\xaf\x1c\xbc\xcf\x9d\x75\x72\xb9\x0b\x43\x11\x46\x84\xa0\xbe\x6d" "\x67\xed\x57\x40\x4b\x84\x95\x6d\xb6\xeb\xb4\x3b\xac\xa4\xd2\x91\x25" "\xc4\xc0\xb9\x71\xe9\x22\x05\x26\xdb\x44\x72\xf7\x58\xb5\xf8\xf5\x89" "\xd0\x8a\x8f\x8f\x9e\x4b\x63\x44\x39\x5f\x0c\x6c\x2b\x2b\xa8\x8d\xdb" "\xfb\xd8\x49\xc4\xa3\xae\x0a\x50\x4d\x67\x86\x1f\xfe\xfe\x2a\x02\x2e" "\xf9\x29\x72\x4f\xac\x87\x2b\x84\x36\x3e\xdf\x21\x49\x83\xf2\xf9\x30" "\xd5\x8f\x01\x5b\x48\xe3\x5b\x1d\x42\xf1\x56\x05\x98\x77\x36\x31\x7f" "\x64\xc6\x51\x82\x48\x89\x97\x96\xe1\x4e\x07\x14\xbc\x8a\x9f\x4e\xd8" "\xa6\xaa\x18\x77\x37\x64\x30\xe8\x60\x62\xb4\xdc\x34\xd8\xf9\x14\x02" "\x23\x7a\x6e\xa9\xc9\x09\xc4\x7b\xe5\x3e\x35\x47\x93\x09\x2f\x9f\xe8" "\x0b\xf2\xe0\x9d\x33\xbd\x5e\x2f\x97\xb0\x41\x62\x96\x43\x3e\xec\x41" "\xdd\x59\x4a\x09\x5b\xb3\xbb\xd7\x24\x83\x1e\x4a\x57\x4f\xd4\x2c\x27" "\xb3\x53\xcb\x2d\x99\x4f\x4b\x97\xad\x36\x52\xc3\xe1\xf8\xd5\x41\x70" "\xff\x92\xd2\x40\x37\x50\x5f\x2c\x29\x7f\xbb\x7e\x9a\x97\xf6\x5c\x36" "\x30\xc6\x81\x21\xc1\xe2\x8f\xc8\x6c\xcf\xcc\x6c\x71\xe1\x37\x0c\x65" "\x52\x4f\x69\xa1\x23\xff\x2d\xa0\x62\x28\x9b\x30\x02\xf0\xcb\xa7\xc5" "\xb3\x53\x6b\x2e\xf7\xcb\x76\x0f\x12\x1a\x84\x35\xb9\x37\xba\x44\x9b" "\xc3\xc8\xa9\x59\xf2\x9b\x09\x6a\x2a\x0e\xb3\x40\x02\xcf\x1d\xcf\x0d" "\x7f\xc6\x64\x8e\xf6\xad\x65\x54\xae\x77\x6a\x47\x72\x2c\x0d\x50\xc7" "\x42\x76\x5a\xe8\x66\x91\x41\x8c\x65\x13\x91\x28\x00\x2e\x6c\x4a\xa9" "\x9a\x91\x9a\x39\x82\xc2\x25\x54\xde\x0f\x09\xe1\x2d\xd2\x5f\xe1\xe4" "\xfe\x49\x4e\x42\x92\xf2\xda\x86\xb9\x02\xc8\x48\x28\x6d\x48\xe4\xc1" "\x1e\x15\xec\x35\x0f\xa8\x25\x57\xef\xd0\x67\xea\xf4\x51\xfb\xf7\x8d" "\xd2\xe7\x49\xe4\xbe\xe6\x6d\x96\xb4\x21\xae\xd5\x49\x26\x6d\xd5\xc9" "\x24\x7b\x0c\xcb\xce\xff\x0d\xd5\x33\x6f\x66\x2b\x88\x0f\xef\x8d\x46" "\xf1\xd0\xb9\x4a\x34\xa0\x51\xc3\x59\xcc\x15\x71\xe3\xc3\x33\xb1\xfb" "\x83\xa4\x44\x59\x04\xf9\xde\x11\x29\x7f\x73\x73\x10\xc8\x97\x4d\x8c" "\x04\x75\xe4\xb6\x52\x12\xb6\xca\x35\x5d\x30\x7b\xad\x3d\x03\x49\xc5" "\x5f\x61\xc5\xdb\x3c\x22\x0f\x28\x9b\xfc\x67\x5a\xd9\x7b\x18\x8f\xa9" "\xf7\x85\x1b\x2f\xdb\x40\xc8\x26\xb2\x56\xb4\x78\x34\x66\xc6\x67\x63" "\x69\x2c\x11\x12\xee\xb8\xa5\x3d\x72\x65\x0f\x69\x72\x3a\x2e\x11\x31" "\x46\x87\x49\xf9\x91\x2c\xc5\x9a\x36\xc3\xbf\x14\x5f\xc2\x3d\x11\x84" "\x23\x94\x09\x21\xef\xa3\xe5\xa7\xc7\x7b\x29\x3d\xc9\x08\xd6\xf1\xc3" "\x2d\xbe\xc9\x95\xb2\x79\x9e\x2a\xcd\x26\xd0\x97\x4e\xb1\x3b\xe5\x66" "\x5b\x76\x8f\x47\xb1\x5d\xcf\x8d\x82\x5c\xf3\xd9\x84\xf5\xcc\x0e\xae" "\xe8\xe4\xff\x16\x8a\x97\x0c\x59\xff\x12\x1b\x44\x3f\xaf\x4a\x28\x1a" "\x46\x0f\x04\x53\x45\xc5\xd4\x6c\xd8\x7e\xcd\x77\x49\x1a\x2a\x9f\x2c" "\x69\x94\xb7\x05\x2e\x46\x2d\x87\x2b\x8c\x93\xee\x0d\xe9\x27\xba\xce" "\xe3\x23\x3b\xc7\x7a\x82\x9f\x7d\x0c\xe8\xc6\xf0\xba\x7e\xe1\x8b\x95" "\xd9\x36\x2c\x82\x43\xca\x52\x99\xc1\x5d\xaf\x8a\xd1\x21\x70\x32\x78" "\x77\x2e\xcc\x59\x33\x54\x1f\x0b\xd4\x5e\x72\x95\x25\xb1\x82\x3f\x3a" "\xce\x1c\x54\xf0\x89\x13\xc1\x9b\x47\x4c\xc5\x45\x47\x72\xc5\x8f\xfa" "\xde\xdf\xc1\x87\x4b\x5b\xff\x77\x89\x5f\xb1\xf2\xd7\xd6\x1a\x19\x95" "\x16\x9c\x0c\xc5\x05\x59\x26\x72\x55\xd5\xac\x09\x22\x58\x56\x7a\x80" "\x2a\x8f\x4a\x26\x3d\xf0\xfe\x43\x00\x94\x11\x69\x7d\x53\xe9\xc1", 4096); *(uint64_t*)0x20000578 = 0xffffff92; syscall(SYS_writev, r[0], 0x20000500, 8); break; case 3: memcpy((void*)0x20000000, "/dev/diskmap\000", 13); res = syscall(SYS_openat, 0xffffffffffffff9c, 0x20000000, 2, 0); if (res != -1) r[1] = res; break; case 4: *(uint64_t*)0x20000080 = 0x20000040; memcpy((void*)0x20000040, "./file0\000", 8); *(uint32_t*)0x20000088 = r[0]; *(uint32_t*)0x2000008c = 1; syscall(SYS_ioctl, r[1], 0xc0106477, 0x20000080); break; } } int main(void) { syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0); loop(); return 0; }