// autogenerated by syzkaller (http://github.com/google/syzkaller) #ifndef __NR_sendmsg #define __NR_sendmsg 46 #endif #ifndef __NR_socket #define __NR_socket 41 #endif #ifndef __NR_bind #define __NR_bind 49 #endif #ifndef __NR_getsockname #define __NR_getsockname 51 #endif #ifndef __NR_connect #define __NR_connect 42 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 54 #endif #ifndef __NR_mmap #define __NR_mmap 9 #endif #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include const int kFailStatus = 67; const int kErrorStatus = 68; const int kRetryStatus = 69; __attribute__((noreturn)) void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } __attribute__((noreturn)) void fail(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(e == ENOMEM ? kRetryStatus : kFailStatus); } __attribute__((noreturn)) void exitf(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(kRetryStatus); } static int flag_debug; void debug(const char* msg, ...) { if (!flag_debug) return; va_list args; va_start(args, msg); vfprintf(stdout, msg, args); va_end(args); fflush(stdout); } __thread int skip_segv; __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* uctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { debug("SIGSEGV on %p, skipping\n", addr); _longjmp(segv_env, 1); } debug("SIGSEGV on %p, exiting\n", addr); doexit(sig); for (;;) { } } static void install_segv_handler() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } #define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1) #define BITMASK_LEN_OFF(type, bf_off, bf_len) \ (type)(BITMASK_LEN(type, (bf_len)) << (bf_off)) #define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \ if ((bf_off) == 0 && (bf_len) == 0) { \ *(type*)(addr) = (type)(val); \ } else { \ type new_val = *(type*)(addr); \ new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \ new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \ *(type*)(addr) = new_val; \ } static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8) { switch (nr) { default: return syscall(nr, a0, a1, a2, a3, a4, a5); } } static void setup_main_process() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); install_segv_handler(); char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); unshare(CLONE_NEWNS); unshare(CLONE_NEWIPC); unshare(CLONE_IO); } static int do_sandbox_none(int executor_pid, bool enable_tun) { int pid = fork(); if (pid) return pid; sandbox_common(); loop(); doexit(1); } static void remove_dir(const char* dir) { DIR* dp; struct dirent* ep; int iter = 0; retry: dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exitf("opendir(%s) failed due to NOFILE, exiting"); } exitf("opendir(%s) failed", dir); } while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exitf("lstat(%s) failed", filename); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { debug("unlink(%s)\n", filename); if (unlink(filename) == 0) break; if (errno == EROFS) { debug("ignoring EROFS\n"); break; } if (errno != EBUSY || i > 100) exitf("unlink(%s) failed", filename); debug("umount(%s)\n", filename); if (umount2(filename, MNT_DETACH)) exitf("umount(%s) failed", filename); } } closedir(dp); int i; for (i = 0;; i++) { debug("rmdir(%s)\n", dir); if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EROFS) { debug("ignoring EROFS\n"); break; } if (errno == EBUSY) { debug("umount(%s)\n", dir); if (umount2(dir, MNT_DETACH)) exitf("umount(%s) failed", dir); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exitf("rmdir(%s) failed", dir); } } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void test(); void loop() { int iter; for (iter = 0;; iter++) { char cwdbuf[256]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) fail("failed to mkdir"); int pid = fork(); if (pid < 0) fail("clone failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); if (chdir(cwdbuf)) fail("failed to chdir"); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } remove_dir(cwdbuf); } } long r[137]; void test() { memset(r, -1, sizeof(r)); r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0x9000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul, 0, 0, 0); NONFAILING(*(uint64_t*)0x20005fc8 = (uint64_t)0x20003000); NONFAILING(*(uint32_t*)0x20005fd0 = (uint32_t)0x10); NONFAILING(*(uint64_t*)0x20005fd8 = (uint64_t)0x20001fa0); NONFAILING(*(uint64_t*)0x20005fe0 = (uint64_t)0x6); NONFAILING(*(uint64_t*)0x20005fe8 = (uint64_t)0x20005000); NONFAILING(*(uint64_t*)0x20005ff0 = (uint64_t)0x9); NONFAILING(*(uint32_t*)0x20005ff8 = (uint32_t)0x48000); NONFAILING(*(uint16_t*)0x20003000 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x20003002 = (uint16_t)0x214e); NONFAILING(*(uint32_t*)0x20003004 = (uint32_t)0x100007f); NONFAILING(*(uint8_t*)0x20003008 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20003009 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2000300f = (uint8_t)0x0); NONFAILING(*(uint64_t*)0x20001fa0 = (uint64_t)0x20002000); NONFAILING(*(uint64_t*)0x20001fa8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001fb0 = (uint64_t)0x20004000); NONFAILING(*(uint64_t*)0x20001fb8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001fc0 = (uint64_t)0x20002f68); NONFAILING(*(uint64_t*)0x20001fc8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001fd0 = (uint64_t)0x20005fe7); NONFAILING(*(uint64_t*)0x20001fd8 = (uint64_t)0x0); NONFAILING(*(uint64_t*)0x20001fe0 = (uint64_t)0x20000000); NONFAILING(*(uint64_t*)0x20001fe8 = (uint64_t)0x1000); NONFAILING(*(uint64_t*)0x20001ff0 = (uint64_t)0x20005000); NONFAILING(*(uint64_t*)0x20001ff8 = (uint64_t)0x0); NONFAILING(memcpy( (void*)0x20000000, "\x69\x96\x5a\x93\x57\x21\x84\x0d\x93\x9c\x48\x46\xc2\xa6\xc7\xee" "\xf7\x9d\xec\xf3\x2f\x89\x9b\xbc\x23\x25\x6e\x91\x9c\x9c\x83\xc4" "\x80\x33\xd9\xe6\x6e\xdd\xd0\x9e\x35\xd3\xd7\x1f\xd3\x27\xd1\x79" "\x36\x63\xd8\xd4\x45\x59\x31\x28\xc6\xdb\x64\xb7\x96\xd4\x58\xb6" "\xf1\x08\xf0\xea\x1d\x26\x93\x0a\x3a\x53\x2a\xc4\x71\xda\x69\xb9" "\x4a\x29\x03\x05\x01\x7a\x5c\x44\x3a\x81\xaa\x12\x9b\x29\x3f\xf6" "\xf0\x62\xd7\xb0\xb3\xd5\x46\x9e\xd0\xfd\x5c\xf6\x25\x5d\x2f\xfc" "\x0b\x6e\x04\xd4\x88\x6a\x4e\x4f\xdf\x1a\x00\x12\x6b\x3b\xf4\x73" "\x50\xa4\x53\x5e\x37\x17\xb3\x9e\xc8\xba\xd9\x3b\x7f\xf7\x43\x75" "\xe4\x6a\x44\x66\xcd\x2e\x12\x8e\x96\x76\xb9\xc9\x57\x7f\xa7\xe7" "\x42\xeb\x52\xc2\xee\x3e\xbc\x28\x51\xf4\xff\x71\xb3\x05\x90\xbd" "\xa0\x07\x98\x92\x78\xb6\x88\x41\xe5\x2b\xf2\x53\x53\xc3\xb5\x62" "\x0d\x1c\x36\x78\xbe\x12\x04\x3b\xac\xea\x52\xb6\xe3\xd0\x11\x1d" "\x99\x11\x19\x2a\x16\x4f\x04\xe3\x17\x07\xef\xaa\x3a\xf4\x8a\x62" "\xd4\x95\x06\x9c\x0c\xe9\xa7\x0a\xf1\xff\xdb\xba\xcb\xf3\x22\xb6" "\xc5\x2f\xa6\x36\x82\x00\x9e\x37\xd5\x6d\xc1\x52\x42\x7d\x34\x9a" "\x22\x29\x31\x75\xcf\xbe\x9f\x1f\x66\x35\x3b\x82\x01\xcb\x46\x27" "\x8c\x5b\x62\xc1\xd6\xdd\x03\x5d\x0e\x5f\xcc\xae\xca\x66\x01\x37" "\x5d\xd9\x53\x78\xcb\xa4\x36\x11\x6c\xc3\xae\xbf\x7d\xed\x4d\x01" "\xb7\x72\x58\xff\x1f\x57\xbd\x0e\xd3\x2e\x12\x65\xc2\xea\x7f\xaf" "\x45\xa0\x1c\xb1\x23\x82\x72\x5b\x80\x2d\xce\xcb\xb1\x3c\x3f\x05" "\x0f\x67\x98\xfa\xf1\xb1\xf6\x9c\x64\xe6\x2d\x8e\x26\x5c\x95\x61" "\xaa\x62\x4b\x10\x20\x96\xf9\xa7\xd2\xaf\xb0\x68\x9d\x28\xb8\x07" "\xd2\xc7\x9c\x6f\xfd\x68\x28\xd8\x87\x4a\xdc\x0e\xef\x9a\x0a\x50" "\x9e\xee\x2d\xe1\xf2\xfc\xb6\x59\xba\x1a\xc6\x62\x4b\x37\xf8\x4d" "\x64\x16\x29\x30\x97\xf5\xb2\x72\xd1\xe0\x8a\xc9\x2e\x29\xb1\x18" "\x1f\xa0\x02\x28\xa1\x7b\x7e\xc6\x9e\xfd\xa9\x99\xdf\x82\x29\x5f" "\xbb\x64\x0e\x19\xaf\x81\x6e\x5d\x02\xd0\xe1\xa2\xc5\x14\x93\xf5" "\xe4\xcc\x5f\x0b\xab\x49\xd4\xe8\xfc\x49\xbe\x72\xac\x56\xb1\xfc" "\xe2\xd6\x38\xbe\x66\x82\x72\x76\xfd\xb2\x85\x9c\x6b\x58\xf0\xd6" "\x7e\xaa\x4b\x8d\xbe\x07\xf1\xbf\xb7\xcf\x92\xde\xb2\xe3\x90\x51" "\x23\x34\x5c\xaf\x6f\x57\x47\x67\xde\xa8\x6a\xda\xd9\x11\x54\xe8" "\xd0\x80\xa0\xf6\x41\xa1\x6e\x43\x5a\x8d\x33\x08\x56\x9e\x91\xd2" "\x34\x69\x0f\x27\xcf\xe6\x8c\x8b\x37\xa3\xc9\x5b\xdf\x41\xa7\xd8" "\xc8\xfc\xea\x20\xd6\xc8\xa8\x57\xb2\xe0\x1a\xe4\x56\xcd\xf1\xec" "\xb1\x25\x3b\xbc\x96\x5c\xbb\xb5\x9c\xd0\xc2\xec\xda\x4b\xcc\xbf" "\xdb\x84\x5b\xfe\x78\x14\xde\x11\x6d\x80\x9e\x31\xc7\xbf\xdc\x86" "\x45\x46\xef\x92\x8b\x31\xd3\x8e\x42\x30\xc0\x43\x67\x90\x05\xa9" "\x9b\x6a\xfa\xf0\x1c\x76\xbf\x8a\x39\xac\x2c\xf0\x34\xee\x4a\x8c" "\xfe\x97\x55\x7b\x9a\xbc\x52\x1c\xcc\x41\x41\x4c\x04\x21\xed\x38" "\x3b\xab\xae\x0a\x4d\xce\x07\x5d\xab\x5e\x69\xaf\x35\xc0\x13\x41" "\xb3\x77\xc3\x72\x3b\x23\x25\x7d\x35\x1f\xd2\x5d\x36\xa3\xed\xea" "\x55\x55\x00\x47\x56\x2b\x00\xec\xc6\xfc\xa5\xfc\xa4\x98\xe2\xfb" "\x41\x23\xa6\x03\xa2\xfd\xbf\xb9\x48\x49\x10\x45\xc2\x1e\x79\x1a" "\xc1\x92\x15\xc2\xee\xf6\x20\x3e\x5a\x5e\xc6\x07\xff\xf4\x11\x9f" "\x63\xe8\xa1\xe7\x75\xfa\x98\xb4\x03\xfc\x5c\x2a\xad\xa1\xca\x01" "\xa0\x36\x34\x70\xd5\x19\x21\x3b\x31\xd6\xed\x04\x94\xae\xce\xd5" "\x40\xc2\x10\x19\xbb\xd0\x96\x88\x35\x70\x99\xea\x5e\x5a\xcb\xd2" "\x3c\x75\xf7\x4b\xee\x2b\x80\x99\x5b\xde\x1a\x1e\xdf\x69\xcf\xf5" "\xef\x68\x12\x18\xad\xc9\xe3\x54\x6e\x4c\xe1\x86\xcc\x0c\x01\x9f" "\xee\x6a\xe2\xcd\x39\xd3\x21\x38\x76\x8a\x59\xac\x2c\xf1\x5e\x41" "\xe9\xe2\x26\x01\x70\xda\xac\xc0\x5e\xa1\x8a\x54\xd9\xe0\x2f\xc6" "\x81\xb8\xc2\x48\xa6\x3e\x66\xac\xb4\x77\x8b\x8d\xdf\xfd\x01\x91" "\xef\x81\xbb\xdd\xfe\x16\x4b\xb4\x7f\x2e\xd3\xe0\xae\xfc\x5a\xff" "\xaf\x76\xbc\xbf\x51\x2b\x50\x3a\xc4\x7e\xb2\xc2\x0f\xae\xb7\x92" "\x04\xfe\x2b\xd1\xce\x1f\xd3\xcd\xea\x06\x5a\xf7\x56\x35\x25\xa8" "\x65\x52\x0f\x20\x20\xd0\xcd\xbf\xdf\x7b\x00\xbe\x3a\x52\x22\xa5" "\xab\x94\xaa\xcd\x62\x0a\xdc\xda\x8c\xbe\xc4\x2b\x99\xb5\x70\x59" "\xe1\xcf\x28\xe7\xf5\xad\x7f\xa5\xaa\x03\xeb\x84\x9a\x76\xa9\xfc" "\x52\xee\x4f\xf2\xf9\x4d\xc8\x64\xd3\xf3\x8a\xcb\x58\x39\xf9\x8c" "\x5d\x8d\x33\xc6\x9a\x9c\xa5\x92\x68\xf8\xb2\xae\x6e\x7a\x26\x4b" "\xe1\x5e\x01\x12\x2a\x16\xce\xa7\x89\x36\x6d\xb6\xa2\x0a\x44\xb0" "\x8e\x90\xc9\x94\xe4\x2b\x54\x53\xcf\xca\x5e\xa8\x61\xa6\xee\x2e" "\x18\xca\x66\xcc\x66\x88\x8b\xf3\x1c\xbb\xa0\x1c\x2e\x45\xc6\xee" "\x75\x43\xeb\xb2\x94\x39\x97\x35\x86\xdf\x09\x78\x6c\x87\xba\x86" "\x37\x4b\x8e\xa6\xcc\x5c\x88\x82\x69\x3d\x80\xdf\x33\x73\x5f\xb3" "\xc1\x4e\x73\xbe\x62\x82\xb2\xdf\x9d\x2d\xbf\x8e\xdd\x7e\x08\xe3" "\x75\x27\x29\x48\x50\xac\x4a\x1f\xeb\xfb\x27\xc4\x05\x1c\xc7\xdd" "\xec\x35\x6f\xe5\x08\x62\x9a\x64\x8f\xf1\x80\x3d\x38\x69\x32\x53" "\xfb\xde\x68\x31\xa0\xed\xa5\x44\x55\x1f\x52\x64\x9f\x34\xe5\xd1" "\x12\x8f\x78\xfc\x7f\x6d\x5a\xa6\x41\xb3\x37\x2a\x7e\x40\xce\x8e" "\x69\xbf\x9d\x8b\xa5\xdd\xb7\x88\xdd\x8d\xd9\x92\x03\xb7\x86\x80" "\x8e\xef\x1f\x02\x9a\x76\x76\x85\xad\x04\xea\xb0\xc4\x48\x21\xd7" "\xce\xa1\x0e\xa6\x7c\xdb\x86\x6a\x8f\xa1\x67\xdb\x0a\x06\x12\xfd" "\x2a\x06\x92\x22\xe1\x40\x1c\x49\x5b\x2a\xef\x8b\xeb\x76\x3c\xb5" "\x9f\xd0\x61\xb4\x18\xc9\x3c\xc1\xd5\x6a\x47\x52\x14\x9f\x1f\x45" "\x66\x4d\xde\x6b\x69\xb8\xd7\x01\x10\xff\xe3\xbe\xba\xa2\xc5\xf7" "\x23\xb3\x08\xcd\x82\xed\xb8\x72\xd3\xa9\x44\xb7\xcf\x5c\xb3\x61" "\xf6\x8f\x68\x4e\xe0\x31\x74\x7a\x06\xf2\xe5\xa3\x77\xb5\x4b\xf8" "\x27\x52\x03\x04\xb8\x09\xa9\x89\x73\xa2\x27\x95\x4c\x4e\x91\x44" "\x83\x19\x12\xbd\xf8\x66\x75\x51\xef\xc1\xb8\x44\xb4\x10\x41\x08" "\x11\x1b\x47\x8e\xb0\x54\xf2\xdf\x7f\x97\x25\xcc\x97\xe6\xa1\x7c" "\x18\x4c\x0d\x7d\x9d\xed\x9b\xe2\xe0\x30\x44\x7f\xd3\x44\x13\xc2" "\x9b\x62\x36\xe8\xb8\xfb\x36\xb6\xdb\xfa\x57\x6d\x2f\xa7\x80\xa8" "\x1a\xaa\x97\xff\x62\x71\xe7\x7b\xf5\xd9\x00\xbb\x72\xd4\xf2\x08" "\xa0\xfc\x4e\x2b\xb5\x9f\xea\xcf\xd5\x28\xdb\xdf\x98\x03\x3c\x6e" "\xc9\xf2\x29\x56\x5c\x20\x87\x00\x23\x6f\x3d\x32\xce\x6e\x29\xd4" "\x3a\x25\xa8\x26\xc5\x62\xc1\xc9\xf3\x22\x39\x03\x36\x80\xdf\xbd" "\xf9\x4b\x8c\xd7\x5f\xc6\x16\x2d\x12\x36\x3a\x05\x83\x61\xf8\x6f" "\x63\xb5\xf0\x8f\xdc\x47\x36\xd5\x27\x38\x58\xc4\x91\xf4\x0e\xa3" "\x8f\x90\xea\xb4\xe4\xe2\x88\x3b\xe2\x1a\x2f\x47\xd8\x0c\x98\x01" "\x7f\xe5\xe3\x91\x39\x2d\xf4\x9c\x78\x2e\x0a\x9d\x88\x45\x76\xec" "\x2c\x5b\x8f\xb2\xe0\x69\x03\x00\x3f\x88\x2c\x56\x00\xcc\x32\x24" "\x43\x92\x1f\xac\x8b\x3c\x86\xc1\x07\x6b\xf7\x3a\xf4\xdf\x4b\x2b" "\x4a\x33\xd3\x28\x9e\x50\xac\x98\xed\xd3\x68\x7f\x09\xf2\x01\x5e" "\xf6\xa1\x5d\xca\x59\xbd\x0c\x00\x38\xca\x1e\x7f\x58\xe7\x0f\x2c" "\xc7\x50\x3a\xf8\xb2\x37\xae\x53\x8d\x5e\x27\xc1\x0b\xf5\x4b\xe3" "\x32\xd3\x0c\x0b\x0a\xc0\xca\x48\x45\x7a\x8d\x10\x7d\xad\x9c\x9e" "\x95\x45\xe2\xe1\x2a\x55\xe6\x5b\xd7\x31\x45\x93\x46\xbd\x31\x83" "\xda\x1a\x5f\x38\x94\x6b\x95\x24\x19\x4e\xe7\xe6\x89\x17\xf4\xa2" "\x53\x65\xf7\x1a\x14\x0c\x4e\x06\x80\x3a\xa2\xb8\x13\x1d\xd5\x98" "\x73\x81\x76\xfd\x87\xee\x64\x03\x37\x95\xf5\x2e\x00\x39\xc3\x68" "\x4b\x8b\xaf\xe3\x65\x4d\xd4\x70\xae\xdf\xa1\x48\x67\x53\x89\x74" "\xba\x58\x99\xf6\xb3\xe5\xa2\xf1\x3d\xa3\x4f\x70\xa5\x2d\x21\xeb" "\x23\xad\xe3\x0a\xa8\x78\x41\x5f\xf6\xb3\xb1\x17\x81\x3e\x64\x54" "\xe4\x23\x94\xdd\x84\xa9\xe5\x01\x28\x39\xfb\x40\x22\x4b\x3e\xe4" "\xa4\xd3\x9a\xf9\xf1\x77\xac\xc6\xc6\xa7\x76\x91\x2e\xc3\x48\x09" "\x81\xf7\xc1\x8a\xa2\x89\x27\xde\x5a\x34\x7f\xce\x7b\xbd\xde\xaa" "\x91\xf8\xe1\x62\xfe\x94\xd3\x36\x4f\xaf\x58\x89\xde\x57\xd4\xdf" "\xab\xca\xe7\x34\x90\x97\xf1\xe1\x8e\x19\x1b\x30\x0d\x86\x4d\xc0" "\x14\x62\x94\xb9\x23\x01\xc2\x33\xc5\xf2\x1c\xbc\x82\x16\xb6\x19" "\xcd\x58\xda\x50\x04\x25\xbb\x3c\x3a\x54\xaf\x73\x85\x1c\xf0\x2b" "\x64\x88\xc4\x3e\x0b\x76\x07\x68\x2a\x27\x56\x09\xf6\x95\x9d\xae" "\xfd\x29\x04\x53\xc1\xee\xf8\x84\xbe\xd4\xb1\x3c\x61\x2b\x3a\xb2" "\x30\x11\x3f\x75\xc4\xe1\xc1\xda\x48\x28\x38\x47\xb3\x43\xa5\xc0" "\x51\x9e\x13\x65\xcf\xe2\xc7\xb9\x05\x1c\xe8\x15\xef\xf9\x1f\x28" "\x13\x43\x68\x3f\x6a\x08\xe5\x9b\x17\xff\xf1\x5e\x9c\xd5\x10\x1c" "\xf4\x56\x6a\xaf\x23\xbd\x96\xc2\xa8\xa8\xd0\xef\x07\xa4\x61\x59" "\xb2\x85\x3e\x6e\x64\xfc\x3f\x54\xc5\xef\xda\xa9\x3e\x41\x41\xd4" "\x83\x93\x19\x60\x37\x58\x2c\x53\x08\xd4\xab\x38\x2e\x09\xcf\xa2" "\xc0\xc8\xd5\x37\xe3\x4e\xc8\x83\x22\x81\x23\x22\xb5\xb9\xef\xbd" "\x4e\x59\x96\x9c\x05\xde\x2e\x1d\x59\x4e\x20\xe0\xbe\x02\xe7\x7e" "\xfe\x7c\x22\xf6\x4f\x6b\x25\xdb\xda\x29\xf4\x6e\x15\x14\x53\xde" "\xe1\xf3\xfe\x50\x98\xdc\x46\x81\xef\xa2\x87\x0f\x94\x6b\x32\x11" "\xfc\xab\x4e\x1e\xaa\x29\x8a\x4b\x4e\x98\x66\x4d\x3d\xa5\x92\x18" "\xcf\x39\x1e\xa7\xc5\xc0\x5d\xc7\x59\x89\xb3\x8f\x09\xbd\x14\xce" "\x2b\x38\xa1\x47\xfb\xa7\xc4\x04\x18\xc9\x1f\x9e\x91\x05\xf6\xb0" "\x76\x04\xf2\x71\x01\x59\xd7\xea\x6c\x1e\xb7\xad\xb0\x91\xb9\x46" "\xa9\xb7\x0c\xbe\x33\x8c\x60\x9d\x57\x69\x9b\x87\x7f\x1e\x1d\x70" "\x10\x48\x19\xfe\x6b\x00\x12\x7f\x97\x34\xc5\xde\x4f\x6d\x82\xc9" "\x0a\x8d\xdc\xe5\xbc\xc5\xef\x38\x0d\xeb\x2b\xb2\x08\x93\x4f\x7e" "\x44\x4f\xbe\xca\xb2\x4a\xa3\xc9\x46\x3f\x63\x2d\x27\xfe\x6f\xf0" "\xf3\x25\xc6\xb2\xb6\x7b\x7b\xb5\x8d\x6e\x9c\xf2\x08\xf1\x58\x16" "\xc9\x70\x0e\xc2\xfd\x76\x08\x1e\x66\x36\x7f\x4a\x45\xab\x02\xd7" "\x6c\x2e\x4e\x1c\xe6\xd2\x11\x23\x21\xcf\x6a\xdb\xe4\x53\x87\x94" "\x2c\xbe\x90\x49\x2f\x2e\x45\x85\xce\x52\x00\x57\x57\xdb\xe0\xd7" "\x1a\x66\x75\x43\xb5\x1d\xb4\x04\x84\x4d\x67\xf2\xf6\x60\x8c\xaa" "\xbc\x1f\x00\x69\xa2\x78\x73\xe1\xd2\x09\x68\xac\x3a\xa9\x5b\x42" "\x23\x45\x74\xab\xa9\x54\xe4\xae\x58\xfc\x07\x34\xfe\x94\x9a\x5a" "\xff\x75\x79\xa9\xe4\xb3\x6f\x5d\x71\xd0\x57\xf5\xa7\xd8\x7c\x9f" "\x6a\x90\xd6\x64\x9d\x6c\x4d\xf5\x61\x90\xeb\xee\x62\x1e\xdf\xec" "\x69\x96\xa1\x01\x04\x4d\x1b\xc7\xee\x9d\x09\x0c\x7a\x5f\x90\xb5" "\xc6\xb3\x44\xc6\x1f\x07\x1f\x53\x7a\x0a\xa0\x35\xcd\x6d\x11\xf9" "\xf1\xbf\x16\x25\xf0\xe1\xa9\xed\x3e\x13\x0a\x42\xea\xd0\xea\x9b" "\x84\x10\xfe\xe4\xe8\xae\x20\x9e\x92\xe3\xb0\xe5\x70\xf8\x9b\x3b" "\x3d\x6b\x42\xae\x48\x5b\x6a\xbb\xd1\xd6\x38\x17\x45\x5e\xc9\xae" "\x68\xf2\xab\x18\x92\x3f\x36\x62\x2f\xf0\xbe\xa3\x35\x23\x4d\x2e" "\x93\xf2\xc2\x6d\x7c\xae\xa6\x7d\x52\x28\x1b\x39\x39\x56\x54\x63" "\xe0\xd9\x09\xe1\xcc\x74\x7e\x69\xbc\x62\xfb\xe6\x43\xdd\x17\x3c" "\x48\xce\x75\xcb\xd7\x71\xb7\xb5\x09\x3c\xe1\x21\x0e\xf9\x1d\xbc" "\x9e\x8e\xae\x19\x38\x04\xdf\x33\x45\xbc\x40\x75\xdf\xe3\x5a\xff" "\x01\x71\x81\x10\x0b\xdf\x57\xcf\xf8\xd2\x0b\xcb\x07\x1f\x05\xb8" "\xa6\x6b\x33\x55\x2b\xf0\x09\x8d\xae\x07\x99\xb3\x9b\xfd\x9c\x32" "\x75\x2d\xcb\x44\x26\x7d\xd6\xb9\x21\x6c\x63\x57\xec\x16\x88\x9f" "\xed\x25\x5f\x6a\x71\x88\x14\x8a\xe1\xc3\x68\x05\x82\x4a\xc6\x50" "\x99\x8d\xf4\x98\x69\x3f\x16\x8d\x57\x28\xeb\x0e\xd9\x60\xee\x4c" "\xdf\x3d\xe4\xde\xa6\x24\x07\x34\x4d\x4b\x79\x96\x36\xe9\xad\x00" "\x32\x83\xf0\x0d\xbc\xc9\xc0\x55\xc9\x0c\xc8\x1a\xf7\x32\xc0\x9f" "\xb4\x3f\xcd\x85\x4f\xcc\xd1\x3d\x49\x11\xbf\xbe\xc5\x6a\x1d\xde" "\x0f\x5d\x4f\x4a\xa5\x4d\x25\x78\xa2\x9a\xea\x5f\x37\xb4\xeb\x10" "\x75\x13\xb6\x65\x91\x16\xbd\x84\x16\x33\x81\x1f\x57\x3d\xaf\xcb" "\x8e\x82\x60\x96\xc0\x2f\x2f\x0f\x40\x19\xf2\x44\x50\xa3\x0a\x98" "\xe6\x8b\x8a\xec\xd8\xd3\xa6\xb8\x53\x37\x23\x76\xbc\xd7\x76\x99" "\xe8\x86\x99\x70\xd8\xef\x07\x8f\xec\xe3\x7f\xc7\x60\x4a\xf1\x78" "\x66\x35\x39\xbe\x14\x40\xb2\xbf\x47\x72\xc7\xad\x3f\x2f\x07\xca" "\x68\xd2\x4a\x0b\x3b\xa3\x5e\xea\x88\x73\x0f\xac\x77\xfd\x23\xc1" "\xf4\x55\x8d\xa9\x57\x37\x0e\x0e\x1f\xa5\xc4\x60\x40\x2b\x69\x2e" "\x05\xb8\x8c\x1a\x19\x4b\x84\x76\x67\x0b\x9b\x8f\xe2\x61\xac\x64" "\x8d\xdd\x56\x3e\xd5\xfa\x18\x64\xba\x23\x84\x14\x5f\x56\x9d\x4a" "\x07\x64\x36\xe5\x9f\xce\xba\x4f\xcd\x11\x34\xc0\xb1\x0a\xed\x90" "\x58\x3c\xdf\x82\xbf\xa1\x32\x64\x27\xbd\x5f\x6b\x49\x44\x2c\x52" "\x0f\xfb\xe7\x5c\xe1\x7a\xa6\x7a\xc1\x60\x0d\xae\xb0\x84\x22\x33" "\x7f\xe8\xaa\xda\x6a\x7a\x63\x37\x5d\xc1\x04\xd0\x62\x60\xf5\x1a" "\x0b\x70\x87\x13\x0c\xec\xa9\xd6\x86\x4d\xa3\xd1\x72\x17\xc1\xc7" "\x67\xa8\xc6\xa6\x2a\x70\xce\x45\xa3\x31\xff\xbe\x7a\x83\xdc\x7c" "\xbf\xb5\xa9\x70\xfe\xc3\xae\xa3\x47\xb2\xbe\xfa\x68\x20\xac\x40" "\x23\x84\x08\xf9\x9f\x8a\xfc\x7d\x75\xa9\xcf\xe9\xf4\xd2\x0e\xea" "\x85\xef\xbd\x9a\x19\x00\x74\x2f\x54\x6e\x28\x29\xf7\xd4\xdc\x19" "\x5b\x65\xe7\xfd\x03\x0d\x24\x91\x9f\x2c\x07\x55\x62\x2f\x90\x73" "\x2e\x88\x8d\x8e\x3a\xf4\x9a\x94\x55\x5d\x43\x9e\xd5\x4d\x8d\x3d" "\x4c\x2d\x4d\xb9\x78\xf7\x43\x81\x99\x8d\x18\x4c\x35\x72\x43\xe3" "\x38\x7d\x5a\x2a\x9f\xbe\x2e\xf1\xd2\x51\xb4\xb1\x7d\x29\xcb\x8b" "\xdb\x66\xb7\x33\xb9\x5b\x41\xf1\xce\x38\x59\x80\xa5\x13\x39\x61" "\x2d\x36\x03\xd5\x04\xc2\xf3\xe0\xe4\x58\xbd\x09\xbf\x09\xda\xd2" "\x20\xb0\xd0\x1e\x5a\x4f\xad\xb3\x66\x26\xaf\xd1\xb3\x2f\x8f\x3f" "\x56\x4f\x4a\xd3\xec\x7c\x78\x6a\x8c\xd5\x5d\xbe\x6a\xb3\xba\x7e" "\x24\x10\x45\x02\x5a\x1d\x37\x76\xb2\xc8\xf7\x78\x9e\xc9\x46\x36" "\x5e\xce\x07\xb6\xf3\x77\x57\x3c\xa1\x08\xdf\x6d\x64\x66\x01\xca" "\xe0\xbe\x14\x1f\x60\xc0\xad\xec\x37\x01\xd5\xec\x91\x0b\x84\x23" "\xa4\x01\xf8\xb5\xb9\xc1\x4a\x5b\x0a\x68\x8c\x0b\xef\x68\x19\x9b" "\x86\x3e\xc5\xb2\x03\x16\x79\x58\xdd\x20\x00\x3f\xcf\x0e\x49\x36" "\xf4\x33\xec\xed\x24\x01\x2a\xf0\xb2\x06\x89\xeb\xd4\x03\x22\xc9" "\xa1\x1e\x1f\x1a\xf9\x13\x4e\x90\x67\xaf\xb7\x40\x44\x2f\x71\x46" "\xce\x17\x1c\x72\x38\xb6\x17\x53\xa6\x61\xb8\xa8\x49\xe2\x1f\xee" "\x28\x69\xcd\x64\xbf\x20\x35\xc1\x7b\xce\x05\x5f\x13\xa4\xd5\x0f" "\x9c\x4c\x73\xa3\xc7\xc4\x63\xee\x9e\x68\x47\xfe\x87\x23\xcf\x45" "\xb3\xfc\x0e\xdc\x5b\x0c\x31\xe4\xa6\x15\x1c\x09\x08\xf2\x2b\x9c" "\x9a\x9c\x77\xf2\x07\x9d\x70\xe5\x1c\x84\xed\x50\x01\x21\x83\xb8" "\xf6\xee\xe2\xec\x40\x5d\x42\x45\x24\x54\x70\x0c\xee\x2d\xf4\x5a" "\x0e\x3c\xfd\x77\x62\xe9\x6b\x82\x0a\xc1\x7c\xa9\x23\xaf\xab\x20" "\xed\xb7\x23\xdc\xa8\xaa\x7b\x47\x17\x08\xce\x7a\xe0\x35\xa2\xc3" "\x59\xba\x21\xa8\x0e\x61\xdf\x9a\x96\xe5\xed\x10\x1b\xa5\xa8\xf6" "\x75\x8f\x0e\x5f\x14\x9f\x3b\xbf\xdd\x53\x82\x9c\xed\x71\x7e\x23" "\x51\x6f\x1b\x81\xa5\xb9\x08\xbf\xea\xc1\x75\x6f\x76\xc2\x8a\x3a" "\x8b\xeb\x77\x5f\xee\x02\x85\x76\xe2\x65\x69\x1f\x99\xce\x94\x07" "\x82\x6c\xd8\x2e\x6b\xe4\x37\x15\xf7\xd2\x90\xb8\x4e\x3d\x6f\x11" "\x01\xfb\x3f\xce\xb0\xd2\x26\x05\x7f\x8f\x7d\xeb\x62\x8d\xb2\x20" "\xff\xbc\x24\x64\x80\xbe\x66\x46\x69\x12\xe0\xb2\x49\xbd\x9e\xa2" "\x72\xd4\xb5\xac\x8e\x57\x65\x51\xad\x11\x71\xd2\x30\x00\x55\x32" "\xc5\x89\x7b\x01\x95\xa0\x8d\x0f\xf0\x74\x5d\x68\xc4\x67\x62\xf0" "\x2e\x78\xf2\x87\xed\x9c\xee\x74\x14\xab\x31\x1a\x09\x3e\xfd\x2a" "\x5e\xaf\x7c\xda\x50\x69\xf6\xbc\x0e\x1e\xa0\x78\x77\xd4\x6c\x3c" "\xb7\x63\xf3\x9e\x14\x96\x09\x06\x1f\x9d\x27\xc1\x82\x64\x9f\x8e" "\xfa\x5c\x6d\x0c\xa0\x0a\xb0\x79\x96\x64\x0f\x85\x2a\xb5\x33\x4e" "\x21\xa3\x95\x17\x7c\x03\x1b\xe6\x8e\xeb\x6d\xe1\x22\x10\x0c\x08" "\xa7\xb4\x89\xfb\xed\xb4\x8c\x96\xb4\x4d\x7e\x68\xe0\xcb\x46\x50" "\xbf\xf5\x3a\x01\x85\x87\x7a\x0a\xaf\x11\x16\xdf\xd9\xb3\x23\xda" "\xa9\x7a\x46\x5d\xd0\x43\x3f\xd1\xa4\x5b\xa7\xa4\xc7\x6d\x73\xef" "\xf0\xa6\x74\x99\xa0\x51\xe3\x78\x27\xaf\x32\x23\x82\x5f\x88\xe0" "\x73\xd0\xb9\xae\x1d\x42\x90\x0e\x10\x92\x05\x00\xc5\xb9\xfc\x5a" "\x8a\x08\xa2\xd5\xdd\xe7\xaa\xd6\xf7\x43\x41\x1a\x82\xaf\x23\xb8" "\x71\x8f\xc1\x7b\x21\xe1\xe2\x6a\xcf\x9f\x6e\x28\x28\x73\xa0\xb5" "\xb7\x53\x8b\x33\x7e\x19\x98\x9d\x3b\xa7\xa3\x43\xe8\xde\x7d\xc6" "\x61\x4c\xcf\x2c\x4b\x28\x3c\xb2\xda\xdd\x4d\xe7\x9f\x1d\x0b\xd6" "\x31\x45\xbf\x7f\x82\xb7\x35\x18\x0f\x61\x8a\x7f\x7b\x90\xf3\xfc" "\x70\x7a\x8b\xa8\x23\xe5\x94\x06\x5a\x8d\x7e\xd6\x38\x32\xcb\x36" "\xf0\xda\xa9\xdb\xc2\x42\x8c\xc4\x10\xc6\x61\xef\x73\x49\x8a\x07" "\xf1\x27\x2e\xac\x49\x37\xf8\xf8\xdd\xa1\xb7\x20\x82\x22\xd9\x83" "\x69\x24\x61\x80\xf0\xca\xc1\xd4\xdc\x0f\x5d\x6f\x86\xc1\x0b\x60" "\x6f\xa4\x51\x17\x9f\x3f\x86\xbb\x0d\xa8\x89\xfc\xc5\xa5\x2e\x41" "\xad\x1a\x77\x66\x1f\xee\x9a\x17\x29\x4d\xa4\x54\xb4\x9b\xfb\x01" "\x66\x3e\x16\xce\xcd\x94\x57\xc2\x47\x46\x93\xb6\xc3\x42\xfe\x34" "\x72\x75\x18\x48\x1c\x22\x76\x07\x64\xb9\xac\x92\x0d\xb5\xda\xe3" "\x9d\x32\x99\x02\xc5\xe9\x75\x18\x73\xf6\x10\x9e\x03\xa8\xf8\xd6" "\xd7\xb7\x57\xa1\x6a\x02\x27\xe5\xe6\xc0\x64\xaf\x97\xf2\x0a\x0e" "\x8b\x68\x99\x7b\x37\x11\x37\xff\xfc\x14\xff\x33\x44\x05\x17\x7e" "\xcf\x56\xbc\xfa\x0b\x5f\x88\xb5\x63\x81\x9e\xf4\x2d\xba\x13\x0b" "\x96\x87\x7f\x05\xbe\x48\x6a\xb5\x98\x74\xed\x65\xc9\x2d\xd0\x11" "\x6f\x94\x6b\x69\x26\x9c\x28\xfa\x73\x9d\x1a\x4e\x5e\xcb\x36\xf9" "\x70\xd9\xfc\x9a\x94\x5d\xb3\x2e\x83\x29\xb7\xbe\xe8\x90\xd5\xf2" "\x56\x70\xab\xe3\xcb\x87\xe7\x1a\x06\x5d\x79\x3b\x59\x1e\x40\x5c" "\x45\x4d\xc6\x65\x39\x8a\x77\x1f\xda\x84\xd0\x01\x41\x06\xcb\x7e" "\xe8\xe7\xd9\x79\xab\xa9\x5c\x76\x6c\xc4\xac\x17\xa4\xcd\x39\x4e" "\xa2\xc9\x08\x14\xc0\xf9\x58\x84\x97\xa1\x7f\xaf\x2c\xe3\x5a\x8b" "\x02\x31\xf5\xde\x7e\x6f\x3d\x78\x88\x5a\x8d\x1a\xae\x35\x43\xd9" "\x40\x8e\x89\xe2\x3e\x57\x11\x2a\xe6\xbd\xc1\xa7\x2c\x25\x63\x7e" "\x35\x24\x50\xdf\x6f\x05\x91\x34\xcc\x7f\x7b\xb9\xfc\x1a\xd7\xf3" "\xcb\x28\x1b\x0c\x06\xad\xfe\x8b\x8b\x86\xb5\x69\xbc\x16\x8b\x2a" "\x79\x58\xc5\x03\x6b\xbb\x08\x6c\x6d\x78\x61\x9c\xf5\xc1\x6c\x5d" "\xe4\xef\x4f\x69\xb1\x13\xdf\x85\x26\x04\x32\x23\x67\x79\xf2\x92" "\x47\x90\xd0\xad\x98\xce\xef\x95\xb5\x9a\xb8\x93\x02\xa3\x37\xf3" "\x32\x44\xc4\xf8\xac\x1b\x7c\xbd\x4a\xf6\x45\x8e\x65\xca\x41\x2c" "\xb2\x21\x7f\x15\x7f\x53\xf7\xc5\xeb\x6a\xf6\x22\x44\x50\x0e\xbf" "\x33\x58\x52\xa9\xaf\x98\xf6\x3c\x02\xe1\xea\x7f\xbf\x74\x0b\xd2" "\x00\xd0\x88\x05\x8c\x38\x53\x19\xc7\xae\x54\xc6\x19\xec\x08\x79" "\x8c\xb6\xf2\x3c\xad\x65\x6d\xcd\x55\x1a\x42\xe1\xbc\xd2\xba" "\x27", 4096)); NONFAILING(*(uint64_t*)0x20005000 = (uint64_t)0x20); NONFAILING(*(uint32_t*)0x20005008 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x2000500c = (uint32_t)0x2); NONFAILING(*(uint16_t*)0x20005010 = (uint16_t)0x91dc); NONFAILING(*(uint16_t*)0x20005012 = (uint16_t)0x1); NONFAILING(*(uint32_t*)0x20005014 = (uint32_t)0x0); NONFAILING(*(uint32_t*)0x20005018 = (uint32_t)0x1475); NONFAILING(*(uint32_t*)0x2000501c = (uint32_t)0x3); NONFAILING(*(uint64_t*)0x20005030 = (uint64_t)0x30); NONFAILING(*(uint32_t*)0x20005038 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x2000503c = (uint32_t)0x1); NONFAILING(*(uint16_t*)0x20005040 = (uint16_t)0x4); NONFAILING(*(uint16_t*)0x20005042 = (uint16_t)0x101); NONFAILING(*(uint16_t*)0x20005044 = (uint16_t)0x206); NONFAILING(*(uint32_t*)0x20005048 = (uint32_t)0x8); NONFAILING(*(uint32_t*)0x2000504c = (uint32_t)0x3b); NONFAILING(*(uint32_t*)0x20005050 = (uint32_t)0x6); NONFAILING(*(uint32_t*)0x20005054 = (uint32_t)0xffff); NONFAILING(*(uint32_t*)0x20005058 = (uint32_t)0x8); NONFAILING(*(uint32_t*)0x2000505c = (uint32_t)0x8); NONFAILING(*(uint64_t*)0x20005060 = (uint64_t)0x20); NONFAILING(*(uint32_t*)0x20005068 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x2000506c = (uint32_t)0x2); NONFAILING(*(uint16_t*)0x20005070 = (uint16_t)0x9); NONFAILING(*(uint16_t*)0x20005072 = (uint16_t)0x2); NONFAILING(*(uint32_t*)0x20005074 = (uint32_t)0x80); NONFAILING(*(uint32_t*)0x20005078 = (uint32_t)0x94); NONFAILING(*(uint32_t*)0x2000507c = (uint32_t)0x4); NONFAILING(*(uint64_t*)0x20005090 = (uint64_t)0x20); NONFAILING(*(uint32_t*)0x20005098 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x2000509c = (uint32_t)0x2); NONFAILING(*(uint16_t*)0x200050a0 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x200050a2 = (uint16_t)0x3); NONFAILING(*(uint32_t*)0x200050a4 = (uint32_t)0x9); NONFAILING(*(uint32_t*)0x200050a8 = (uint32_t)0x100); NONFAILING(*(uint32_t*)0x200050ac = (uint32_t)0x6); NONFAILING(*(uint64_t*)0x200050c0 = (uint64_t)0x20); NONFAILING(*(uint32_t*)0x200050c8 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x200050cc = (uint32_t)0x2); NONFAILING(*(uint16_t*)0x200050d0 = (uint16_t)0x1); NONFAILING(*(uint16_t*)0x200050d2 = (uint16_t)0x4); NONFAILING(*(uint32_t*)0x200050d4 = (uint32_t)0xffff); NONFAILING(*(uint32_t*)0x200050d8 = (uint32_t)0x4); NONFAILING(*(uint32_t*)0x200050dc = (uint32_t)0x0); NONFAILING(*(uint64_t*)0x200050f0 = (uint64_t)0x20); NONFAILING(*(uint32_t*)0x200050f8 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x200050fc = (uint32_t)0x2); NONFAILING(*(uint16_t*)0x20005100 = (uint16_t)0x54); NONFAILING(*(uint16_t*)0x20005102 = (uint16_t)0x203); NONFAILING(*(uint32_t*)0x20005104 = (uint32_t)0x1ff); NONFAILING(*(uint32_t*)0x20005108 = (uint32_t)0x7); NONFAILING(*(uint32_t*)0x2000510c = (uint32_t)0x9); NONFAILING(*(uint64_t*)0x20005120 = (uint64_t)0x18); NONFAILING(*(uint32_t*)0x20005128 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x2000512c = (uint32_t)0x0); NONFAILING(*(uint16_t*)0x20005130 = (uint16_t)0x7f); NONFAILING(*(uint16_t*)0x20005132 = (uint16_t)0x4); NONFAILING(*(uint16_t*)0x20005134 = (uint16_t)0x1ff); NONFAILING(*(uint16_t*)0x20005136 = (uint16_t)0x6); NONFAILING(*(uint64_t*)0x20005150 = (uint64_t)0x30); NONFAILING(*(uint32_t*)0x20005158 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x2000515c = (uint32_t)0x1); NONFAILING(*(uint16_t*)0x20005160 = (uint16_t)0x101); NONFAILING(*(uint16_t*)0x20005162 = (uint16_t)0x100000000); NONFAILING(*(uint16_t*)0x20005164 = (uint16_t)0x1); NONFAILING(*(uint32_t*)0x20005168 = (uint32_t)0x8); NONFAILING(*(uint32_t*)0x2000516c = (uint32_t)0x20); NONFAILING(*(uint32_t*)0x20005170 = (uint32_t)0x0); NONFAILING(*(uint32_t*)0x20005174 = (uint32_t)0x1); NONFAILING(*(uint32_t*)0x20005178 = (uint32_t)0x1000); NONFAILING(*(uint32_t*)0x2000517c = (uint32_t)0x7fffffff); NONFAILING(*(uint64_t*)0x20005180 = (uint64_t)0x18); NONFAILING(*(uint32_t*)0x20005188 = (uint32_t)0x84); NONFAILING(*(uint32_t*)0x2000518c = (uint32_t)0x0); NONFAILING(*(uint16_t*)0x20005190 = (uint16_t)0x1); NONFAILING(*(uint16_t*)0x20005192 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x20005194 = (uint16_t)0xff); NONFAILING(*(uint16_t*)0x20005196 = (uint16_t)0x4); r[110] = execute_syscall(__NR_sendmsg, 0xfffffffffffffffful, 0x20005fc8ul, 0x20008800ul, 0, 0, 0, 0, 0, 0); r[111] = execute_syscall(__NR_socket, 0x18ul, 0x0ul, 0x2ul, 0, 0, 0, 0, 0, 0); NONFAILING(*(uint16_t*)0x20000fb8 = (uint16_t)0x6); NONFAILING( memcpy((void*)0x20000fba, "\x3b\x77\xfc\xed\x57\x2e\xde", 7)); NONFAILING(*(uint32_t*)0x20000fc4 = (uint32_t)0x400); NONFAILING( memcpy((void*)0x20000fc8, "\x28\x47\x5c\xbc\xef\xca\xfc", 7)); NONFAILING( memcpy((void*)0x20000fcf, "\xd5\x06\xd3\x5b\xa5\xda\x78", 7)); NONFAILING( memcpy((void*)0x20000fd6, "\x5f\xdd\x7f\x8d\xd3\x10\x1f", 7)); NONFAILING( memcpy((void*)0x20000fdd, "\x70\xa3\x5f\x43\xfd\x2e\xed", 7)); NONFAILING( memcpy((void*)0x20000fe4, "\x72\x00\x02\x04\x00\x00\x00", 7)); NONFAILING( memcpy((void*)0x20000feb, "\x71\xb5\xe5\xc6\xdb\x7b\x03", 7)); NONFAILING( memcpy((void*)0x20000ff2, "\xf6\x6d\x1f\x7c\x42\x2c\x22", 7)); NONFAILING( memcpy((void*)0x20000ff9, "\x99\x5b\x7b\xe8\x1f\xb7\x3f", 7)); r[123] = execute_syscall(__NR_bind, r[111], 0x20000fb8ul, 0x48ul, 0, 0, 0, 0, 0, 0); NONFAILING(*(uint32_t*)0x20001ffc = (uint32_t)0xc); r[125] = execute_syscall(__NR_getsockname, r[111], 0x20000000ul, 0x20001ffcul, 0, 0, 0, 0, 0, 0); NONFAILING(*(uint16_t*)0x20000000 = (uint16_t)0x27); NONFAILING(*(uint32_t*)0x20000004 = (uint32_t)0x0); NONFAILING(*(uint32_t*)0x20000008 = (uint32_t)0xfffffffffffffffc); NONFAILING(*(uint32_t*)0x2000000c = (uint32_t)0x2); NONFAILING(*(uint8_t*)0x20000010 = (uint8_t)0x800); NONFAILING(*(uint8_t*)0x20000011 = (uint8_t)0xffff); NONFAILING(memcpy( (void*)0x20000012, "\x12\x1f\x38\x58\x65\xd7\x24\x5d\x58\xf1\x56\xcd\xa1\x4f\xd7\xae" "\xc1\x6c\xa2\x31\x4c\x9c\xde\x1d\x86\xa6\x0f\x8c\x16\xab\xfe\x19" "\x6a\x1f\xca\xfa\x5c\x69\x1f\xfe\x0a\x4b\xc1\xab\x91\x3d\x94\xc8" "\x5c\x07\x19\x17\x2a\x65\x6f\xe8\x97\xa4\x92\xd5\xd3\x9b\x47", 63)); NONFAILING(*(uint64_t*)0x20000058 = (uint64_t)0x4); r[134] = execute_syscall(__NR_connect, r[111], 0x20000000ul, 0x60ul, 0, 0, 0, 0, 0, 0); NONFAILING(memcpy((void*)0x20007000, "\x00", 1)); r[136] = execute_syscall(__NR_setsockopt, r[111], 0x1ul, 0x19ul, 0x20007000ul, 0x1ul, 0, 0, 0, 0); } int main() { int i; for (i = 0; i < 8; i++) { if (fork() == 0) { setup_main_process(); int pid = do_sandbox_none(i, false); int status = 0; while (waitpid(pid, &status, __WALL) != pid) { } return 0; } } sleep(1000000); return 0; }