// autogenerated by syzkaller (http://github.com/google/syzkaller) #ifndef __NR_mmap #define __NR_mmap 9 #endif #ifndef __NR_socket #define __NR_socket 41 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 54 #endif #ifndef __NR_sendmmsg #define __NR_sendmmsg 307 #endif #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include const int kFailStatus = 67; const int kErrorStatus = 68; const int kRetryStatus = 69; __attribute__((noreturn)) void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } __attribute__((noreturn)) void fail(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(e == ENOMEM ? kRetryStatus : kFailStatus); } __attribute__((noreturn)) void exitf(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(kRetryStatus); } static int flag_debug; void debug(const char* msg, ...) { if (!flag_debug) return; va_list args; va_start(args, msg); vfprintf(stdout, msg, args); va_end(args); fflush(stdout); } __thread int skip_segv; __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* uctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { debug("SIGSEGV on %p, skipping\n", addr); _longjmp(segv_env, 1); } debug("SIGSEGV on %p, exiting\n", addr); doexit(sig); for (;;) { } } static void install_segv_handler() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } #define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1) #define BITMASK_LEN_OFF(type, bf_off, bf_len) \ (type)(BITMASK_LEN(type, (bf_len)) << (bf_off)) #define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \ if ((bf_off) == 0 && (bf_len) == 0) { \ *(type*)(addr) = (type)(val); \ } else { \ type new_val = *(type*)(addr); \ new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \ new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \ *(type*)(addr) = new_val; \ } static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8) { switch (nr) { default: return syscall(nr, a0, a1, a2, a3, a4, a5); } } static void setup_main_process() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); install_segv_handler(); char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); unshare(CLONE_NEWNS); unshare(CLONE_NEWIPC); unshare(CLONE_IO); } static int do_sandbox_none(int executor_pid, bool enable_tun) { int pid = fork(); if (pid) return pid; sandbox_common(); loop(); doexit(1); } long r[32]; void loop() { memset(r, -1, sizeof(r)); r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0xfcd000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul, 0, 0, 0); r[1] = execute_syscall(__NR_socket, 0x11ul, 0x3ul, 0x0ul, 0, 0, 0, 0, 0, 0); NONFAILING(memcpy((void*)0x20f9a000, "\x07\x00\xb5\x36", 4)); r[3] = execute_syscall(__NR_setsockopt, r[1], 0x30000000107ul, 0xful, 0x20f9a000ul, 0x4ul, 0, 0, 0, 0); NONFAILING(*(uint64_t*)0x20bc7fc8 = (uint64_t)0x20fbafe0); NONFAILING(*(uint32_t*)0x20bc7fd0 = (uint32_t)0x20); NONFAILING(*(uint64_t*)0x20bc7fd8 = (uint64_t)0x2007afe0); NONFAILING(*(uint64_t*)0x20bc7fe0 = (uint64_t)0x6); NONFAILING(*(uint64_t*)0x20bc7fe8 = (uint64_t)0x20fba000); NONFAILING(*(uint64_t*)0x20bc7ff0 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x20bc7ff8 = (uint32_t)0x0); NONFAILING(*(uint16_t*)0x20fbafe0 = (uint16_t)0xa); NONFAILING(*(uint16_t*)0x20fbafe2 = (uint16_t)0x204e); NONFAILING(*(uint32_t*)0x20fbafe4 = (uint32_t)0x4000000001); NONFAILING(*(uint64_t*)0x20fbafe8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20fbaff0 = (uint64_t)0x0); NONFAILING(*(uint32_t*)0x20fbaff8 = (uint32_t)0xfffffffffffffffe); NONFAILING(*(uint64_t*)0x2007afe0 = (uint64_t)0x20975000); NONFAILING(*(uint64_t*)0x2007afe8 = (uint64_t)0xb); NONFAILING(*(uint64_t*)0x2007aff0 = (uint64_t)0x20e36000); NONFAILING(*(uint64_t*)0x2007aff8 = (uint64_t)0x1000); NONFAILING(*(uint64_t*)0x2007b000 = (uint64_t)0x20fc8000); NONFAILING(*(uint64_t*)0x2007b008 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2007b010 = (uint64_t)0x20fccfb8); NONFAILING(*(uint64_t*)0x2007b018 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2007b020 = (uint64_t)0x20fc7000); NONFAILING(*(uint64_t*)0x2007b028 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x2007b030 = (uint64_t)0x203dd000); NONFAILING(*(uint64_t*)0x2007b038 = (uint64_t)0x0); NONFAILING(memcpy((void*)0x20975000, "\x6b\x03\x00\x00\x00\x03\x02\x00\x00\x00\x00", 11)); NONFAILING(memcpy( (void*)0x20e36000, "\xf4\x62\x83\x5a\x4e\x53\xf0\x26\x95\xae\x64\x02\x12\x92\x48\x48" "\x8d\x7f\x0a\xd6\xa9\xa2\xf9\x4c\x4e\x1c\x77\x5c\xfd\xfd\xe6\x4c" "\x7e\x4a\xff\x18\x42\x62\xb2\x86\x72\xe9\xbe\x9e\xf6\xbb\x6f\xa5" "\x68\xb4\xe3\x0c\xae\xbe\x7e\xc8\xa1\xb5\xf5\x5c\x3c\x57\x9a\xf6" "\x36\x95\x9c\x0c\xdb\x85\xfa\x04\x56\xd3\xc7\x7a\x2e\x5c\xbd\xe6" "\x67\x64\x78\xc2\x33\x29\xc6\xc3\x22\x27\xba\xe5\xc9\xff\x21\xc0" "\xa4\x25\xa2\xf0\xca\xde\x3e\x3e\x08\x64\xaa\x5d\x78\x78\x2b\x39" "\xd7\xba\x9c\xbd\x50\xe6\x40\xe8\xa1\x9f\x13\x0a\x14\x7e\xf5\xea" "\x4f\x31\x2f\xf9\x0c\x3e\x5a\x27\x15\xf8\x02\xd9\x01\x0f\x4c\x9d" "\x22\x1d\xd9\xb0\xd0\x6f\xf4\x37\x96\x56\x86\xcf\xec\xfd\x41\x44" "\xcf\x8a\x42\x9f\x38\x36\x8d\x7e\xcb\x3b\xf4\xe6\x77\x75\xa3\xb6" "\x6e\x75\xbc\xf9\x12\x1c\xcd\xe2\xaa\x44\xe7\x37\xa3\x8f\x7b\x86" "\xc2\x28\xb0\xed\xea\xcc\xa9\x55\x63\x11\x4b\x97\x9e\xdd\xf3\xe4" "\xe8\x02\xb5\x87\x90\x4d\xfe\x40\xcc\xc8\xca\x22\x9a\xd2\x8f\x08" "\xe7\x2b\x5b\x5a\x36\xc3\xf5\xae\x9a\x36\xec\x02\x2e\xd9\xd3\x5a" "\xbd\xf5\x61\x91\x8d\x6e\xe4\xf5\x63\x7f\x82\xf5\xbd\xaa\x3a\x26" "\x4e\xd2\x9e\xee\x63\xfb\x84\x64\xed\xbf\x79\xae\x60\xa9\xc1\xa2" "\x7b\xd0\x6b\x48\x6e\x11\xf3\xd9\xbe\xa7\x98\x2f\xdb\x5b\xa4\x43" "\xd5\x04\xb5\x93\x43\x29\x52\xc5\x59\xb7\x4e\x1e\x72\xe1\x6d\x1c" "\x5c\x70\xdf\xc8\xab\x2f\xd6\x20\x7f\xa9\x5c\x7a\xd5\x1f\xb9\x9a" "\xd7\x5a\x85\xf4\x44\x74\x76\xf6\x69\x5d\x3e\x7c\x35\x70\xd0\x47" "\xb0\x72\xad\xe5\x4e\x35\xee\x73\x03\x7c\x9e\xa6\x8b\x8b\x9c\x81" "\x24\x82\xc8\xb4\x62\x1b\x98\x1e\x4c\x50\x3c\x8f\x35\xdb\x0e\x0c" "\xc7\x99\xf8\x7b\x5b\xaf\x6c\x07\x0e\x99\xa5\xb8\x6b\xac\x9f\x63" "\xda\xa9\x0b\x30\x68\x6f\xc7\x70\x1e\xef\x53\xcb\x6b\xdd\x62\x05" "\x6f\xa0\x4a\xdb\x87\xc3\xb1\x4b\x49\x6c\x54\x95\x19\x8a\x83\xc0" "\xf3\x23\x5e\xa9\xe9\x4e\x25\xb2\x2f\x1c\xac\xda\x83\x68\x35\xf0" "\x93\xe0\x9d\x35\x87\x99\xe1\x64\x7a\xfe\x72\x25\x70\x1b\x03\x55" "\x2b\x64\x16\xaa\x04\x9d\x39\x5b\x34\xcc\x7d\xaa\x26\xa9\x9b\x6e" "\xb3\xba\xef\x6c\xbe\x47\x8f\xd5\x64\xaa\x99\x8d\xac\xc5\x56\x77" "\x3f\x11\xfb\x13\x96\xc0\xdb\x80\xec\x4a\x7c\x0e\x43\xd7\xab\x47" "\x20\xde\x8b\xae\x69\xa8\xcc\x7a\x32\x9a\x5e\x45\x7e\x85\xdd\x0c" "\x32\xce\x1e\xd9\x2d\x97\x10\xf2\x4b\xfd\x22\xd0\x0e\xb6\xb1\x89" "\xfc\xc0\x71\x49\x6d\xa8\x2f\xdd\x6e\x80\xac\xf3\x68\x7b\xe7\xf7" "\x5e\x0f\x1f\xbc\xa9\xa4\xe8\x79\x82\x86\x3c\xc8\xbc\xa0\xda\x62" "\x57\xf4\xb6\x6a\x91\xe4\xc5\xf1\x45\x8c\x9b\x89\x92\xda\x49\x16" "\x56\x7a\x33\x4b\x5f\xdd\xca\x54\x98\xcc\xd9\x69\xba\x44\xe2\x5a" "\x5a\x4e\x6a\x45\x67\xfe\xd9\xdc\x4b\xd8\xa0\xe7\x9a\x0b\xc2\xc5" "\xa9\x33\xcc\xfb\x39\x3f\x5c\x83\x21\x67\x7e\xb1\x38\xd4\xd3\x29" "\x00\x2f\x59\x72\x56\x5c\x68\xe7\x3a\xc4\xad\x39\x8d\x1b\x27\x8c" "\x57\xc6\xb1\x3b\xdd\x0d\x35\xde\xf1\xcd\x38\x9b\x73\xda\x52\x08" "\x17\xbe\xb6\xb9\xef\xe6\x37\x69\x25\x14\x4b\x90\x23\x05\xd3\x99" "\x9a\x0b\xac\x26\x60\x81\xc8\x08\x1e\x11\xe6\x83\xf2\xd6\x71\xeb" "\x24\x6b\xe5\x92\xd3\xaf\x11\x48\xda\xea\x02\x75\xd9\xa5\x29\xda" "\x16\x36\xd0\x68\x14\xc6\xd8\xea\xc8\x25\x5c\xeb\x9d\x9c\x54\xdb" "\x0f\xc7\x21\x67\x91\x44\x86\xdb\xfa\x48\xd7\x92\x29\x1b\x94\xea" "\x9f\xe3\xb3\xfb\xaa\x18\x6e\xa4\xcd\x67\x84\x9b\x9c\xf9\x63\x78" "\x95\x18\xc2\xcc\x83\x8a\xf8\x71\xd7\x72\x19\x68\x0b\x85\x1b\x7b" "\xd2\x62\x7e\xc4\xe5\xf7\x26\x97\xb5\x27\x80\xd5\xbb\x21\x3b\x4c" "\x81\xef\xc8\x30\xf5\xfb\x7a\xbb\x37\x33\x35\xc5\x5f\x8a\x3d\x74" "\xb1\xad\xad\x5b\x15\x16\xfd\x92\xef\xba\x18\x4b\xd1\x5c\x60\xd0" "\xf9\x14\x97\xaf\x09\xa7\xe5\xb5\x42\x4c\xa8\xd7\x9a\x4b\xa9\xc1" "\x8d\xb3\x4e\xed\x2d\x86\x93\x60\x27\x31\x8e\xc9\x62\x66\x35\x06" "\x0c\xb7\x0b\xc0\xb9\x44\xd2\x2e\xd4\x1b\xc2\x97\x14\xf5\x6b\x30" "\x2d\xf9\x3c\xce\x41\xec\x62\xc7\x9b\xc5\x86\x00\x90\x5c\xae\x3e" "\x96\x15\x7c\x3a\x0c\x2d\x18\x1b\x2a\xba\x97\x5a\x0c\xdd\x18\xa9" "\x2e\xb5\xc3\x9d\x9b\xa9\x22\xc1\x9e\x89\xe2\x20\x1a\xfa\x38\x84" "\xfd\x37\x8e\x5d\x6a\xb3\x2e\xb4\x88\x4e\x47\x0e\xbb\x2d\x74\x29" "\x63\x9d\xb2\xfa\x2e\x65\xdd\xa0\xc7\x64\x91\x80\x01\xf3\x4d\x83" "\x0b\x48\xf1\xfb\x5b\x4f\xf4\xcb\x85\xbd\xb7\x72\x0e\x8e\x57\x95" "\x6e\xed\x1f\x48\xad\x6b\xce\x5e\x98\x16\x7a\x37\x51\xe8\xb2\xf1" "\x73\x0f\xb1\x2b\x18\x80\xcd\xe6\x84\x6d\xdd\xc7\x98\x3d\xff\x2f" "\x84\x1a\xf7\x8a\xd6\x58\xb5\xa4\xca\x4e\x13\x42\x6f\x8c\x20\x03" "\x8b\xe9\xbe\x3a\xbf\x5c\x64\xb8\x11\x22\xfd\x9d\x25\x20\xb9\x56" "\x9c\xf3\xc2\xab\x1a\xa8\x3d\x28\x8e\x83\x4d\x9d\xd1\x41\x76\xaf" "\x5b\x6f\x98\x06\x5d\xc7\x5b\xa0\x96\x28\x4c\xf1\xf1\xbf\x76\x66" "\xb0\x98\x99\xcd\xce\x2f\x56\xae\x87\xb5\xde\x5b\x6f\xfb\xf8\xf0" "\x2e\xa0\x19\x6c\xa3\xa4\xec\x62\x3d\x88\x48\xc5\x10\x27\xd3\xa0" "\xe1\xf5\x27\x2e\x70\xe4\x28\xd1\xff\xbe\x5b\xec\xae\x45\x92\xc9" "\xa0\x18\x62\xb8\x95\xfa\x00\xc5\xfa\x85\x77\x0c\x4e\x40\x72\x67" "\xd5\x2a\x90\x39\x58\xca\x37\x1e\x2b\xf6\xeb\xd0\x4d\xc6\x7e\x67" "\xf0\x9f\x42\xaa\x76\x70\xc9\xd1\x47\x47\xb8\xef\x7c\x78\x53\x0c" "\x4e\xb5\xd1\x25\xdf\xf5\xa6\x9a\xa1\x67\x82\x53\xfa\xe7\x3f\x6f" "\x9d\xe5\x1f\x54\x81\x61\x9a\x67\x4d\x39\x12\x75\xfa\x64\x11\x8e" "\xff\x30\x82\xee\x3a\x35\x08\xc6\x81\x62\xb8\x02\x53\x9d\x87\xcf" "\x78\xcd\xe2\x19\xf8\x07\x41\x28\x78\x67\x4b\x2c\x8c\xc4\xb9\xf7" "\xb7\xd7\x43\x2b\x3a\xb8\xd2\x16\x33\x03\x6e\xf0\x46\xe1\xb7\x58" "\xc5\xc7\x5f\x76\xa5\x15\x52\x08\x22\x45\x4f\x07\x53\x78\x75\x09" "\xb7\x24\x4a\x8f\x39\x4d\x5f\xbe\xb3\xbd\x09\x51\xa1\xea\x46\x17" "\xed\x3b\xd4\xe6\x71\x0e\xc2\xda\xb8\x16\xdf\x37\x48\x42\x25\xbb" "\x0f\x37\x0f\x1f\xbc\x87\x65\x83\xc9\xf7\xa5\xef\x74\x96\x0c\xde" "\xc2\x82\x85\x96\x5a\x2c\xf1\x17\x13\x91\xf9\x26\x42\xfa\x1b\x8d" "\xe5\x2b\xd8\xad\xcc\x36\xb1\x23\xc5\xf2\x13\xea\x8d\x46\x9a\x85" "\x2d\xd2\x00\x2a\x11\x54\x0a\x51\xf6\x5e\x47\x07\x77\x03\xe6\x97" "\xd4\xe1\x9c\xc4\x84\x11\x49\xba\xca\xc2\x23\xe4\xbe\x74\xa0\x68" "\xb8\xa3\xc1\xaa\xb8\x69\x56\x00\x44\x19\x26\x67\x72\xca\xc1\x64" "\x2c\x1f\xdd\x47\xaf\xbb\x92\xb6\xed\x7b\x5b\x32\x2d\x8a\x8c\xf4" "\x57\x9d\x5b\x86\x34\xd2\x85\x6e\x52\x60\xbc\x4b\x5a\x8a\x3a\x30" "\x15\x9e\xfa\x57\xc1\x74\x03\xb8\x8b\x60\x93\x89\x4b\xdc\x48\x4d" "\x20\xe5\x64\xdb\xcd\xc5\xaa\xe8\xe7\x49\x3f\x1d\x9f\xa3\xa9\xcc" "\x22\xec\xd2\x4d\xdb\x14\xc1\xc1\x99\xdc\x02\x74\xdb\x30\x6a\x1d" "\x46\x0a\xf1\x3c\x33\x0d\x63\xdc\xe2\x43\xf9\xcc\xf7\xbe\xcd\xb5" "\xc8\xb5\x9c\x23\x05\x5b\xce\xdd\xee\xff\x68\xdc\x88\x3a\x02\x4f" "\x0c\x34\x12\x50\x58\x52\xd3\xfd\xd0\xca\x5e\x7b\xce\x5e\x8a\xe6" "\x0d\x89\x64\xfb\x20\xc7\xd7\xf1\x91\x05\x65\x6a\x02\x8c\xfd\x73" "\x41\x46\x81\xb4\x43\x68\x02\xe8\x0c\xfb\xcb\xc5\x7e\x16\x13\xaa" "\xb4\xa0\x35\x02\x4c\x4e\xaf\x89\x3f\x4a\x96\xe0\x2a\x95\xc6\x30" "\x03\x01\x33\x6b\x6e\xb0\x53\xea\x41\x81\x69\xb3\x7e\xcc\x2c\x7a" "\xcb\xe2\xcb\x32\x01\x29\x8a\x89\x2e\x8d\xc8\x4a\x0f\xf5\xec\x8e" "\x9c\x97\x57\xf0\x2e\x99\x1d\x36\x91\xa2\xba\xab\x27\x8d\x75\x1f" "\xa0\x25\x5d\xd7\x83\xc6\xf9\xd5\xa0\x0a\xa1\xb6\x93\x98\x06\x71" "\x80\x92\x1c\x5b\x20\xe9\xca\x5a\xdc\xc7\x60\x49\x04\x78\xcb\x3d" "\x5b\x7b\x4f\xdb\x53\xf5\x91\xe5\x83\x91\xb6\xf7\xa8\xe8\x79\x1c" "\xd4\xc5\x25\x3b\x0e\x0a\x5c\x29\xdf\x39\x6d\x4d\xf1\xa4\xf1\x3d" "\x8d\xf0\x6a\x2a\xb5\x8b\x81\x0c\x23\x30\xbb\x2b\x47\x52\x7b\x69" "\xd1\x2e\x0a\x9e\xfc\xad\xd7\x41\x41\xd3\x25\xa4\xb0\x1f\x7c\x29" "\x42\x48\x14\xd5\xc0\xf6\x97\xaa\xa7\x42\x36\xed\x63\x31\x6d\x49" "\xe5\x84\xa4\x68\x48\xdc\xda\xbc\x47\x10\xe9\x51\xb5\x4e\x98\x40" "\x48\xd7\x44\x4a\x06\x6a\x2c\x8e\xd3\xcd\x13\x47\x93\x76\x26\xbe" "\x54\x0a\x60\x12\x94\xcf\x2c\x16\x25\xa6\xef\xe4\x54\xdc\x46\x50" "\x05\xde\x5a\xf2\x45\xff\xed\x74\x65\x53\x1e\x59\x62\x0d\xcd\x28" "\xcb\x2d\xdd\xe6\x5c\xba\x2e\x25\x2a\xa4\x7a\x60\xcf\x13\x1a\xfc" "\xa4\xc3\x35\xbc\xea\x4c\x2f\x84\x4a\xc4\xfe\x1e\x63\x06\xe5\x8c" "\x77\x97\xb9\x2e\x0a\x8e\x77\x27\xf1\x8a\x76\x22\xa4\xe4\x8c\x7d" "\x08\x47\x2c\x6d\x23\x41\xc7\x86\xee\xb0\x72\xb0\x95\x36\x24\xf2" "\x41\x2b\x58\x70\x48\x54\x31\xad\xcf\x7d\x95\x1c\xc3\x85\xff\xa4" "\xb3\xe6\x27\x91\x3e\x8e\x58\xd1\xf3\x9b\xf3\x5b\x95\x6e\xa4\x62" "\x5a\x74\x0c\xce\xe5\x45\xa1\xb2\xeb\x7f\x41\xe9\xf9\xb9\x53\x16" "\xa9\x90\xb1\xd8\xe3\x86\x6d\x93\x52\x82\xb7\xd5\xe0\x10\x57\x8d" "\xc0\xe0\x11\xaa\x08\x44\x0d\xa5\x76\x7d\xb8\xf9\xf2\xc4\x76\x5f" "\x48\xad\x73\xf1\x71\xc0\x2e\x22\x1c\xf2\x23\xfb\x93\x8c\x29\x1f" "\x10\x8e\x1b\x7c\x7f\xc0\xdc\x77\x6b\x6b\x38\x33\x2e\x2d\xe9\x4f" "\x4b\x6d\xf2\x8e\xaf\x45\x68\xa2\x03\x64\xb8\xe4\x18\x50\x87\x35" "\xcd\x04\xf2\xcc\x3e\x17\xf6\xdb\xc3\xcd\xaa\xa8\xb8\x24\x96\x9a" "\x68\xc2\xcc\x53\x24\xdb\x92\xc7\x37\xa3\x43\x16\xdc\x42\x43\xef" "\xde\xa3\x5d\x79\x1d\x8c\xd9\x7e\xee\x8f\x19\x6e\xd2\xce\xa6\x3c" "\x5c\x4f\x62\x21\x87\x98\x87\xb8\x77\xb8\x2f\x3a\xc1\x9c\x29\x67" "\x36\x6a\xba\x27\xb7\xef\xe8\xd4\xbe\xa4\x71\xbd\xfd\x0c\xda\xf0" "\x14\x9e\x7b\xb9\xfb\x1d\x7c\xc8\x01\x2d\x18\x56\x90\x3a\x31\x61" "\x07\x96\x00\x68\xc9\x4d\x28\x11\xc7\x44\x91\xf5\xdd\x31\xbb\xae" "\x42\x14\xbb\xbf\x89\xd9\x6b\x65\x27\x59\x67\xfe\x5d\xa6\x34\x99" "\xb1\x1b\x97\x85\xc0\xf7\x3f\x98\x51\x4c\x2b\x40\x0e\x20\x1c\x31" "\x7b\xa6\x26\x79\x37\x20\x45\xc3\xb2\x35\xe8\x97\xa8\xc1\xf8\x40" "\xea\x35\x9b\x6a\xf9\x41\x76\x65\xcc\xbe\x61\x72\x71\xa9\x18\x59" "\x02\x8f\x77\x58\x1c\x95\xce\xe1\xfc\x82\x5f\x6c\x7f\xbf\xea\x57" "\x17\xdc\xfb\x20\x89\x36\x70\xae\x15\xbb\x35\x35\xa1\x0c\x8b\x23" "\x6f\x8b\x13\x13\xd3\x92\xce\x3b\x32\x3f\xc8\xc7\xef\xde\x53\x12" "\xf6\xa0\x9e\xa1\x8b\x8e\xf7\xbf\xc5\xd6\x9e\x4b\x88\x09\xab\xca" "\x44\x6d\x65\x9e\x43\x78\x95\x7c\x81\x0c\x22\xcc\xcb\x35\x9f\x6a" "\xe2\x67\xc9\x13\x78\x79\xa0\x44\x6a\x64\xae\xbd\x5d\xe3\x8e\xe3" "\xb0\x1c\xdf\x46\xc2\xd0\xfc\x7a\x6d\x7a\xc5\x53\x91\x31\x40\x6b" "\x5f\x8e\xfd\xdb\x5e\x80\x04\x71\x01\xa5\xf0\x35\xbb\xcd\x7f\xd0" "\xe0\x49\xce\x12\x04\x9e\x98\xfd\xaf\xaa\xba\x60\xc1\x4e\x37\x78" "\x6a\x66\xed\x5f\xcf\x5f\xd9\xc8\x8c\x9d\x5c\xe0\x5a\x3d\xc6\x6c" "\xaf\x4a\x3f\x7b\x1e\x4e\x99\x8f\x17\xf5\x92\xd4\xef\x6a\x55\xbf" "\x75\xb9\x06\xc3\x95\xd6\xd9\xc4\xd9\xea\x7f\xce\xa4\x29\x7a\x79" "\x38\x4c\xe0\x07\xd3\xf6\xdb\xfb\xdf\xdb\x8c\x25\x6c\x03\xef\x0f" "\xb8\xa2\x26\x4f\x8e\xb6\xf0\x90\x0b\x16\x3e\xbb\xdb\xa4\xf7\x39" "\x78\x0c\x0d\xdd\x84\xae\x6c\xa4\xec\x70\xa5\x8e\x4e\xdc\x48\xe7" "\x5f\x58\x8c\x82\x33\x66\x45\x70\x67\x2c\x95\xb8\xaa\xc3\xbd\x9c" "\x04\x20\xf1\x85\xb6\x29\xc5\xc1\x2a\xca\xdc\xc4\x78\x57\x36\x90" "\xf0\xbc\xbe\x82\xe6\x94\xbd\xbf\x6c\x72\xa5\x04\x50\x0c\x3d\xf2" "\x9e\x44\x4a\x1f\x62\x51\xbd\x5e\x5e\x88\x6b\xcb\x6b\xc5\xff\xcc" "\x4e\xc8\xfc\x5c\x68\x05\x3f\x9e\xb9\xc7\x5b\x8b\x4d\xee\x83\x07" "\xf9\x1d\x31\xdc\x2f\xe4\x5f\xea\x5b\xb8\x32\x34\xba\x2d\x6b\x05" "\x3e\x50\x3c\x4b\xe3\xe5\x2a\x80\xfc\xc3\xf6\x1b\x85\x1f\x4c\x48" "\xfa\x94\x40\xac\x99\xe5\x0d\xf2\xc7\x21\x39\x8e\xce\xb5\x71\x4e" "\xc4\xc2\xc6\xe7\x8b\xcf\x75\x72\xf7\x25\x74\xb8\x17\x07\x90\x89" "\x19\xd3\x7f\x6f\x9b\x8c\xa2\x21\x64\x25\xa0\x84\xc2\xe4\xed\x90" "\x5e\xfb\xc5\x4d\xd3\xe1\x16\x04\x68\xe8\xde\xe9\x8e\xab\x9e\x83" "\xe6\x5d\xf5\x9d\xa4\x37\x01\xdd\x2d\x44\x81\x75\x31\xe2\x73\x94" "\x70\xa2\x17\x7e\x92\x14\x2a\x5d\x5c\xc1\x9d\x4a\xf9\x86\x05\xbe" "\x82\x42\x0c\x2a\x9e\x28\x9e\x11\x68\x1d\x01\x5b\x10\xe8\x18\x59" "\x1d\x95\xc5\xfe\x93\xad\x74\xca\x8a\xf9\x4a\x5e\xf3\x12\x3f\x4c" "\x5f\x1b\xc3\xae\xe8\x16\x6e\x67\x49\x3b\x51\xff\x58\x05\x0b\x2d" "\xa3\x32\x34\xc5\xcc\x6c\x83\x2b\x49\x5d\x2d\xa2\x9a\x29\xcd\x5d" "\x85\xda\x11\x88\x9f\xb0\x2f\x47\x9d\x80\x83\x26\xf2\xdc\x24\xc5" "\x32\x04\x89\xbb\xd2\xdf\x3a\x8c\x05\xbc\xc0\xba\xf6\x33\x05\x78" "\xa4\xab\x7c\x48\x5b\x52\xf9\xe4\x19\xd3\x71\x02\xaa\x84\xa5\xef" "\x0e\x36\xc9\x0b\x16\xa1\xe9\x0e\xaa\x8a\xc9\x7a\xeb\x87\xf7\x7a" "\x73\x74\x41\x34\x7c\xae\xc8\xf2\xd3\xa2\x5f\x03\x4c\x45\x2f\x6d" "\x3d\x94\x88\x2b\x1d\xa6\x49\x2c\xa9\xbc\x2b\xa3\xde\xd2\x86\x6e" "\x95\xb6\xa9\x59\xe0\xb2\xc6\x26\x02\x5b\x2f\x75\xda\x6f\x76\x63" "\x25\xf6\xb5\xca\xe3\x09\x94\x23\xad\xfc\x57\xda\x9b\x59\xd8\xe1" "\xda\xd8\xd6\x99\x7a\x59\x0b\xa8\xb1\xbf\xed\x63\x97\x6b\x1a\x87" "\x29\xb7\x74\x0b\xfd\x93\x4c\x67\xf8\x03\x71\x29\x8d\x6d\xae\x31" "\xfe\xc4\x9a\x09\xc5\x68\x5e\x98\x11\x8a\xb4\xa9\x1f\x2d\x15\x80" "\xea\xaf\x71\x6e\x17\x44\x7c\x6b\x42\xdc\x01\xdf\x59\xbf\xc5\x24" "\xb0\x50\xe9\xd9\x4e\x8e\x8f\x97\xd7\x22\x14\x2e\x7c\x3a\xf1\x65" "\x4c\x80\x1d\x6a\xaa\xa3\x9a\x9f\xb6\x59\x52\xbc\x29\x90\xb9\xf8" "\xa2\xeb\xa8\xca\x9c\x2b\xaa\x24\x75\x45\x59\x0b\xad\x2b\x8b\xaa" "\xb3\x4d\x7a\x92\x0d\xc1\xdf\xfa\x04\xa5\x1b\xab\x3d\x1f\x71\xbb" "\x77\xe3\xad\x52\x14\x66\xfb\x9a\x20\xdb\x32\x1d\x0d\xf0\xe8\x42" "\x16\x8c\x9d\xa7\x5e\x79\x75\x08\x32\x1c\x4e\x28\x4f\x6d\x55\x5d" "\x11\x13\x0c\x5d\xb2\xae\xda\x1a\x68\x92\xe1\x2c\xbd\xe5\x43\xbe" "\x1a\xcb\xfb\x0b\xfe\x4c\xe3\x05\xfb\x57\x8f\x4c\xa6\xa1\xbd\x1d" "\xfb\x1c\x13\x4d\xb9\x83\x46\xd6\x7e\x50\x19\x17\x56\x33\x6f\x56" "\xd3\x00\xf7\x75\x9b\xc2\x1e\x30\x1f\x69\x5a\x09\xc6\x0a\xe2\x33" "\x8e\x2e\x1a\x3f\x55\xe2\x67\x74\xf7\x86\x81\xa3\xfb\x14\x62\x77" "\x2b\x54\x39\x90\xed\x9d\x71\x33\x99\xa7\x5f\x7f\x81\x18\x62\x15" "\xa7\x6f\x15\x17\x1b\xa0\x68\xf3\xab\x19\xc7\xc2\xa0\x9a\x26\x26" "\xaa\xd6\x34\x3e\x9e\xba\xf7\xc4\x70\x0d\x4b\x3a\x52\x1a\x73\x13" "\xa5\x5a\x94\xa4\xef\x5d\x7d\xa7\x20\x2a\x37\x2b\x56\xf9\x73\xed" "\x82\x3a\x0f\x7d\xef\xf0\xe8\x5a\x5b\x07\xa6\x3a\xc9\x6b\x76\x10" "\x15\x2b\x5c\x0b\x54\x25\x36\x43\x8c\x7b\x6a\xcf\x94\xca\x0d\x8a" "\xe7\x77\x38\x74\xa9\xc4\x01\x87\xbc\x4c\xdb\x2c\x35\x0d\xc3\x0a" "\x38\xcc\xef\xb9\xf7\x4d\xc5\xfe\xc5\x57\xdd\x15\xa1\x16\x20\x17" "\xf4\x67\x38\x7c\xab\xb3\x30\x13\x0c\x53\x2f\xe8\xb6\x4b\xae\x71" "\x08\xa8\xea\x1f\xca\x0e\x9f\x0d\x3e\x86\x1a\x4d\x8d\xb0\xb3\xe2" "\x5e\x8e\x61\x3f\x67\x3e\xc3\x58\x5c\xbd\x26\x2b\xa3\x12\xae\x6b" "\x84\x23\xb6\x3c\xcf\xfc\x8b\xdd\x25\x34\x78\x5e\x10\x68\xc6\x72" "\xf3\xd7\x11\x9f\x0a\x26\x78\x65\x13\xb2\xf1\xd5\x3f\xfd\x32\xa3" "\xd9\xdd\x79\xe3\x21\x6c\xb4\x2c\x41\x4c\x56\xe7\x51\xb2\xcf\x61" "\x4f\x2f\xe2\xe0\xba\x3c\xae\x8f\x34\xac\xf3\xb3\x40\x23\x90\xf5" "\x31\xe5\x88\x97\x26\xca\x0a\xbc\xb1\xa2\x90\x4c\xe6\xeb\xd0\x15" "\x38\x18\xea\xed\x1e\x8f\x6f\x6c\x30\xb8\x40\x77\xd6\x00\x8c\x06" "\x22\xa7\x9c\x94\xe2\xe6\x82\x8a\x06\x0a\xaa\x0a\x04\x27\x07\x71" "\x4c\x71\x7b\x2c\xb8\x05\xaf\x12\x7d\x74\x93\xb3\x4a\x98\x14\x99" "\x9b\xeb\x0b\xb1\xed\x67\xac\xcb\x66\xcf\x10\x98\x7f\x81\x88\xb0" "\xa8\x2d\x86\xb1\x4a\x39\x89\x26\x64\x4b\xce\x15\xfd\xdd\x67\x09" "\xa4\x2c\x93\xf0\x2f\xb6\x16\xeb\xb6\x8b\x7d\x81\xa9\x40\xcf\x9b" "\x07\xca\xf6\x3f\x14\xe8\x48\xe4\x40\xe3\x56\x06\x28\x6c\xac\xe7" "\x62\xbd\x11\xb3\xcd\xb4\x6c\xb3\x47\xa9\xaf\x72\x98\x4f\x94\xec" "\xc2\xac\xd7\xec\x4c\x43\xb5\xbd\x02\x36\x80\x6b\x82\x50\x48\x1f" "\xdc\x8e\x71\xfe\xe4\x0a\x4b\x41\x9d\xc1\xfc\x4e\x15\xcc\xcc\x99" "\x20\x79\x17\x02\x64\x46\x79\xe2\xe9\x40\x66\x73\x0c\x53\xd4\x64" "\x32\x47\x68\xaf\xce\xf6\xd6\x9b\x7b\x71\xec\xa2\x65\x95\x78\xfb" "\xeb\xa1\x8e\x61\xe0\x69\x9c\x42\x36\x78\xf1\xa2\xee\xc9\x60\x68" "\x5e\x9c\xa1\xae\xcb\xb4\x4b\xee\xab\x6d\xbd\x9e\x00\xcb\xa8\xe5" "\xf0\x54\x70\x86\xa5\x01\x67\xb9\xd2\x5c\xf8\x94\x07\xc3\x6d\x46" "\x44\xfd\x81\xf6\x47\xb6\xd6\xce\x6b\x66\xc9\x01\xa4\x29\x66\xa7" "\x82\xce\x8c\xe6\x10\x9b\xd2\x3d\xd9\x00\xca\xe0\xba\x3b\x48\xe2" "\x29\x44\x75\x9c\x9b\xf8\xaa\xd7\xfe\x12\xe5\xfe\x5d\x1a\xbe\xa7" "\xd1\x1d\xb2\x9a\xe1\xc5\xec\x7d\xe1\x95\x57\x50\xac\xc2\x44\x03" "\x8d\x5f\xbe\x34\xaf\xfe\xdb\x2e\x63\x96\x8c\xea\xe6\xba\xef\xe8" "\x99\x93\x61\xa6\x74\x0b\x98\xcb\x34\xc0\xd9\xd7\xa3\x62\xb5\x16" "\xdf\xc2\x6c\xdb\x94\xb1\xad\x80\xad\xe5\xef\xc9\x2a\x60\x54\x92" "\x5d\xdd\xbc\x81\x8e\xa1\xe9\xb0\x93\x15\x0b\xfe\x99\x0c\x55\x77" "\x0b\x1c\xe1\x12\xe0\x7d\xdc\xf4\xfe\x08\xa6\xf7\xa0\x4e\x93\x56" "\xbe\x97\xfc\xb0\x6d\xc5\x78\xdd\xc0\x92\xe4\x01\x8c\x0b\x63\x39" "\x47\x56\x51\xc6\x4a\xc9\xea\xd6\xe8\x39\x61\xd6\x64\xf6\x3e\xcb" "\x5a\xec\x0b\x60\xee\xcd\x64\xa7\x49\x43\xfb\xc6\xb9\x8c\xdc\xe2" "\xc5\x7d\x84\x6b\x27\x9b\x89\x06\x5d\x54\x0f\xfa\x3e\x19\xdd\xbc" "\xdc\x6b\xbb\x11\x73\xd0\x7d\x92\xe7\x56\x9d\x22\xb0\x29\xa0\xb0" "\xc7\xda\x5a\x85\xaf\xa6\x68\x61\x99\x14\x8d\x92\xb9\x0f\xe1\x54" "\xd0\x97\x18\x4c\x62\xfb\xc7\x58\x41\xda\x55\x74\xea\xaf\x3c\xb0" "\x8e\xdb\x73\x3a\x95\x45\x0e\xa5\x3f\xed\xa9\x86\x44\xba\xa5\xcb" "\xd5\xa5\x3d\xe9\x35\x0a\x0e\x33\x8c\x92\x92\x6d\x14\x52\x95\xea" "\xca\x38\x0b\x5c\xe3\x9c\x78\xf7\x71\x51\x5e\xda\x48\x80\xae\x3b" "\xb9\x3a\xe3\x7f\xc3\x14\x5e\xbe\x8a\xef\xe7\x24\xfb\x8f\xbd\x98" "\x85\x4b\x00\xd3\x07\x95\xf2\x2d\xc9\x38\x7d\xa8\x02\x7b\x24\x94" "\x32\x6f\x40\x79\x70\x5e\x8e\x0f\xda\x56\x4a\xcd\x0d\x77\xb0\x20" "\xcd\x21\x2a\x87\x71\x7f\xc8\x49\x6e\xc5\x0d\xbf\xc3\x73\x77\xed" "\x2e\xc9\xaf\x8b\x6b\x04\x1e\xde\x39\xed\x5d\xc5\xc9\xb7\x66\x76" "\x3a\xfa\x72\x9e\x68\x10\x2c\xef\xba\x3d\x20\x0f\x26\xa1\x7d\xa1" "\xe8\x86\x49\x9a\x18\x8f\x8f\x5a\x69\x92\xbb\xf0\x90\xb5\xe8\x2f" "\x42\xc9\x48\xe9\x18\x1a\x90\xdf\xac\xd1\x2b\x63\x83\x15\xbb\x0b" "\x67\xcd\x08\x9b\xff\xd3\xf0\x4f\x22\xb6\x4f\x5f\xb4\xcc\x00\xe3" "\xf7\xee\xdc\x3b\x17\x05\xb8\x1a\x32\xc6\xc4\xa5\x06\x88\x28\xe4" "\xac\xbb\xbd\x99\x54\x70\x7f\xc9\xea\xb4\x5a\x38\x67\xeb\x01\x40" "\x79\xed\x1e\x88\xc6\xe0\x84\xc4\x3c\x97\xc8\x35\x72\x44\x15\x62" "\x5d\x9e\xc7\xa6\xc8\x64\x63\x6b\x97\x19\x7f\x0f\xe3\x01\x2f\xbd" "\xe3\x41\x95\xfc\x56\xad\x3d\x65\x1a\x3e\x28\x6b\x40\xb7\x48\x5d" "\x29\xa5\xdd\xd8\x80\x0f\x27\xf7\xe6\xa5\x61\xb6\xd9\x19\x1f\xd8" "\x12\x3e\x55\x0b\xdf\x0b\xa6\x8a\xa4\x78\x35\xf8\x02\x8c\x4e\x80" "\x8c\x58\x9a\xec\xc6\x7f\xde\xae\x70\x62\xf3\x4d\xa4\xa9\xe8" "\x0c", 4096)); r[31] = execute_syscall(__NR_sendmmsg, r[1], 0x20bc7fc8ul, 0x1ul, 0x0ul, 0, 0, 0, 0, 0); } int main() { setup_main_process(); int pid = do_sandbox_none(0, false); int status = 0; while (waitpid(pid, &status, __WALL) != pid) { } return 0; }