// autogenerated by syzkaller (http://github.com/google/syzkaller) #ifndef __NR_socket #define __NR_socket 41 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 54 #endif #ifndef __NR_bind #define __NR_bind 49 #endif #ifndef __NR_connect #define __NR_connect 42 #endif #ifndef __NR_write #define __NR_write 1 #endif #ifndef __NR_sendto #define __NR_sendto 44 #endif #ifndef __NR_mmap #define __NR_mmap 9 #endif #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include const int kFailStatus = 67; const int kErrorStatus = 68; const int kRetryStatus = 69; __attribute__((noreturn)) void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } __attribute__((noreturn)) void fail(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } __attribute__((noreturn)) void exitf(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(kRetryStatus); } static int flag_debug; void debug(const char* msg, ...) { if (!flag_debug) return; va_list args; va_start(args, msg); vfprintf(stdout, msg, args); va_end(args); fflush(stdout); } __thread int skip_segv; __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* uctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { debug("SIGSEGV on %p, skipping\n", addr); _longjmp(segv_env, 1); } debug("SIGSEGV on %p, exiting\n", addr); doexit(sig); for (;;) { } } static void install_segv_handler() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } #define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1) #define BITMASK_LEN_OFF(type, bf_off, bf_len) \ (type)(BITMASK_LEN(type, (bf_len)) << (bf_off)) #define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \ if ((bf_off) == 0 && (bf_len) == 0) { \ *(type*)(addr) = (type)(val); \ } else { \ type new_val = *(type*)(addr); \ new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \ new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \ *(type*)(addr) = new_val; \ } static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7, uintptr_t a8) { switch (nr) { default: return syscall(nr, a0, a1, a2, a3, a4, a5); } } static void setup_main_process() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); install_segv_handler(); char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); unshare(CLONE_NEWNS); unshare(CLONE_NEWIPC); unshare(CLONE_IO); } static int do_sandbox_none(int executor_pid, bool enable_tun) { int pid = fork(); if (pid) return pid; sandbox_common(); loop(); doexit(1); } static void remove_dir(const char* dir) { DIR* dp; struct dirent* ep; int iter = 0; retry: dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exitf("opendir(%s) failed due to NOFILE, exiting"); } exitf("opendir(%s) failed", dir); } while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exitf("lstat(%s) failed", filename); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { debug("unlink(%s)\n", filename); if (unlink(filename) == 0) break; if (errno == EROFS) { debug("ignoring EROFS\n"); break; } if (errno != EBUSY || i > 100) exitf("unlink(%s) failed", filename); debug("umount(%s)\n", filename); if (umount2(filename, MNT_DETACH)) exitf("umount(%s) failed", filename); } } closedir(dp); int i; for (i = 0;; i++) { debug("rmdir(%s)\n", dir); if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EROFS) { debug("ignoring EROFS\n"); break; } if (errno == EBUSY) { debug("umount(%s)\n", dir); if (umount2(dir, MNT_DETACH)) exitf("umount(%s) failed", dir); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exitf("rmdir(%s) failed", dir); } } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void test(); void loop() { int iter; for (iter = 0;; iter++) { char cwdbuf[256]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) fail("failed to mkdir"); int pid = fork(); if (pid < 0) fail("clone failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); if (chdir(cwdbuf)) fail("failed to chdir"); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } remove_dir(cwdbuf); } } long r[39]; void test() { memset(r, -1, sizeof(r)); r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0xf0a000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul, 0, 0, 0); r[1] = execute_syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul, 0, 0, 0, 0, 0, 0); NONFAILING(*(uint32_t*)0x20000000 = (uint32_t)0x81); r[3] = execute_syscall(__NR_setsockopt, r[1], 0x6ul, 0x2ul, 0x20000000ul, 0x4ul, 0, 0, 0, 0); NONFAILING(*(uint16_t*)0x20f02000 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x20f02002 = (uint16_t)0x234e); NONFAILING(*(uint32_t*)0x20f02004 = (uint32_t)0x20000e0); NONFAILING(*(uint8_t*)0x20f02008 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20f02009 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20f0200a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20f0200b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20f0200c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20f0200d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20f0200e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20f0200f = (uint8_t)0x0); r[15] = execute_syscall(__NR_bind, r[1], 0x20f02000ul, 0x10ul, 0, 0, 0, 0, 0, 0); NONFAILING(*(uint16_t*)0x20846ff0 = (uint16_t)0x1); NONFAILING(*(uint64_t*)0x20846ff8 = (uint64_t)0x20ee6000); NONFAILING(*(uint16_t*)0x20ee6000 = (uint16_t)0x6); NONFAILING(*(uint8_t*)0x20ee6002 = (uint8_t)0x1f); NONFAILING(*(uint8_t*)0x20ee6003 = (uint8_t)0xfffffffffffffffd); NONFAILING(*(uint32_t*)0x20ee6004 = (uint32_t)0x153); r[22] = execute_syscall(__NR_setsockopt, r[1], 0x1ul, 0x1aul, 0x20846ff0ul, 0x10ul, 0, 0, 0, 0); NONFAILING(*(uint16_t*)0x20019000 = (uint16_t)0x2); NONFAILING(*(uint16_t*)0x20019002 = (uint16_t)0x234e); NONFAILING(*(uint32_t*)0x20019004 = (uint32_t)0x0); NONFAILING(*(uint8_t*)0x20019008 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20019009 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001900a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001900b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001900c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001900d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001900e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x2001900f = (uint8_t)0x0); r[34] = execute_syscall(__NR_connect, r[1], 0x20019000ul, 0x10ul, 0, 0, 0, 0, 0, 0); NONFAILING(memcpy( (void*)0x20f09f47, "\x57\xbc\xcd\xa2\x95\x42\x68\xfc\x69\x41\x2a\x82\x44\xbd\x49\x16" "\x17\xf5\x8a\x7c\x67\x66\x29\x85\xb3\x79\xc0\x60\xe2\x28\x17\x37" "\xb6\xa3\x90\xf6\xd8\x37\x66\x49\x40\x7b\x34\xcb\x48\x58\x38\x47" "\xcd\x4d\x78\x45\x5c\x02\x34\xaf\x33\x16\x01\x3a\x6e\xb6\x14\x1e" "\x4b\xa3\xb0\xdb\xdd\xf9\x27\xc0\x92\xa8\x09\x7c\xbe\x0f\x6c\x0e" "\x36\x51\x6d\x1c\x7a\xac\x21\xa1\x0c\x84\x2b\x5e\x37\xfa\xbc\xfa" "\xa0\x6b\xd8\xa1\x21\x25\xdc\xa4\xbd\x62\xe2\x2c\x4d\x7c\x90\x78" "\x26\x57\x54\x3c\x00\x6e\x00\xed\xef\x7d\x99\x6a\x28\x54\x7f\xde" "\xdf\x08\xde\x97\xe6\x32\xe1\x4f\xa8\x4e\x46\x73\xd2\xab\x65\x77" "\x70\x32\x61\xa7\x72\x61\xb8\xa6\x2e\xb6\x5e\x49\xe6\xf8\xfa\xb5" "\x5b\x34\x6f\xa9\xc5\xf0\x31\x9a\xb9\x72\x07\xd9\x80\x75\xcb\x14" "\x5e\xf4\x4e\x75\xc5\x2e\xaa\xa8\x52", 185)); r[36] = execute_syscall(__NR_write, r[1], 0x20f09f47ul, 0xb9ul, 0, 0, 0, 0, 0, 0); NONFAILING(memcpy( (void*)0x20a91000, "\x4d\x68\x6a\x22\xce\x2f\xa6\xba\x97\x1f\x57\xdb\x54\xcc\x84\x79" "\x68\x86\x31\xc4\xbb\x9a\xe2\xb3\x1c\x0a\xcf\xe2\xd5\x63\xc8\x89" "\x3a\x3a\x84\x5f\xbe\x17\xbf\xea\xf6\x79\x59\x14\x74\x28\x7b\x04" "\xc1\xc7\x7d\xd9\x93\x04\xf8\xf4\xf3\xed\x72\xa3\x89\x4d\x05\xab" "\xef\xbf\x57\x3a\xc5\x98\x28\xe8\x71\xc4\x50\x3e\x46\x50\xcc\xe6" "\xc6\x7c\x9f\x05\x34\x00\x1f\x1c\x37\x63\xbc\xb0\xb3\x97\x29\x69" "\x77\x65\x4e\x49\x16\x12\x24\xd2\x79\xc3\x40\xed\x66\xa5\x1b\xa4" "\x7d\x16\x49\xb6\xf9\x11\xaa\x9c\xf0\xb1\x99\x1c\x40\xce\x38\xd6" "\x7b\xe5\xb0\xe6\x1a\xe0\x8e\xde\xcb\xe1\xb5\x33\x92\xe7\xdd\xed" "\xd3\xe7\xa4\x7b\x9e\x0a\x2c\xc5\xb6\xe2\x95\xcb\xfa\x87\x02\xfb" "\x94\x9e\x8f\xa0\x66\xe7\x4e\x03\x00\x7c\x29\xae\x20\x9a\xd5\x0e" "\xda\x31\xb9\x06\x62\x58\x24\x1b\x8b\x74\xb5\xeb\x40\x74\xe8\x6b" "\x9d\x4c\x5d\x62\xff\x89\xd1\xaa\x26\xd1\x47\x05\x3f\x78\xe6\x22" "\xaa\xc4\xd9\x4f\xda\x06\xad\x67\x60\xd0\x2a\xa9\x7b\x7d\xc2\x80" "\xea\xf3\x86\x59\x0a\x71\x6a\xa4\x9a\x5a\xa5\x2f\x00\xc3\xa4\x9b" "\x36\x5b\x1d\x9e\xf5\xfc\xae\x9d\x22\x22\xea\x86\x76\x9f\xe7\x3e" "\x2c\xa6\xd2\x05\x42\x14\x42\x66\x61\xf2\x1b\x19\xd4\xab\xe2\x26" "\xc7\x1f\xf6\xbb\x9c\x35\xff\x58\x56\x24\xb9\xdd\x5d\xdc\x77\xe7" "\x15\xb4\x71\xd6\x9f\xe8\xbc\x6f\xde\xa1\x55\xd7\xc5\x48\x75\xaa" "\xff\x56\x36\x51\xeb\xc7\x13\x42\x18\xb9\x40\x8d\x9a\x1a\xd2\xf7" "\xb2\xad\x4d\x14\x39\xc5\x4d\xe6\x03\x90\xd2\xb6\xcd\x6b\xd1\x08" "\x7a\xb2\x49\x9d\xed\xde\x8d\xf6\x9f\xa7\x18\x35\x20\xc3\x23\x35" "\xad\x4d\xa3\xd8\x8f\x90\x78\x0d\xc3\x94\x8f\x6c\x53\x11\x76\xc3" "\xa8\x64\x6b\x25\x43\xf1\x91\xf0\x7f\xce\x67\x4a\x12\xd2\x45\x31" "\xcf\x44\x94\x0b\xf1\x0c\xc1\xfe\xd5\xf6\x46\xd1\xe2\x9e\xa6\x3c" "\x5d\x60\x69\xfd\xfc\xa8\x1a\x0c\x76\x6b\xc0\x5d\x67\x9e\xeb\x0e" "\x4c\xf2\x91\x36\x40\x2a\x4e\x86\x67\x8e\x94\x2e\xe0\xc7\x38\x5c" "\x78\xd6\x37\xb0\xd0\x65\xe2\x2d\x59\x77\x89\x44\x6f\xa9\x49\xf5" "\x6d\x5a\xde\xf9\x80\xbc\x7c\x6f\xad\xf7\x4e\x63\x3d\xe8\x10\x0b" "\x4f\xbe\x31\xfa\xa3\x7b\xeb\x69\x70\x6c\xb9\xf9\x0a\x5c\x3b\x13" "\x31\x65\x74\x49\x34\x44\xe7\xef\xa1\xc5\xd7\x1a\xc1\x8b\x68\x59" "\x40\x30\xe7\x36\x6d\xcb\x8c\xde\x5c\x82\x4d\xfe\x91\x04\xfa\x9f" "\x72\xa4\x58\x85\x47\x93\x14\x89\x0b\xc4\x49\xac\x1f\x02\xa5\xf1" "\xd1\xbd\x81\xc5\x2f\x44\xdb\x4a\x31\x52\xdf\xb4\xcb\xe6\x2a\x93" "\xe9\x24\x7e\xa2\x55\xc7\x1d\x5f\xc9\x71\xe3\x2b\x46\x47\x08\xd0" "\xff\x16\x14\x1a\x58\x37\x62\xd8\x84\xd4\xfa\x6b\x18\x3c\x28\x01" "\xb9\x75\x31\x77\x17\xb8\x40\xb6\x4b\xf2\xc5\x08\x1d\xd3\xa8\x16" "\x58\x26\x07\x76\xc7\xef\x47\x1c\x9e\xc5\x19\x29\x61\xe4\x9c\x1e" "\x71\xe5\xd5\x17\xcc\x94\x98\x25\x15\xf7\x83\x6d\x02\xa5\x3d\x8b" "\xbb\xdf\x11\x5e\x73\x72\x43\x94\x17\x92\x77\x64\xcf\x1c\x9b\xb0" "\xfe\x2c\xc4\x29\x3d\x02\xdb\x88\x6a\xd8\xe3\xdc\x00\x00\x00\xe3" "\xf9\x4d\x1e\x28\x10\xea\x01\xb4\xeb\x47\x9a\xcf\x1e\xe8\x49\x96" "\xfb\xb4\x9a\x2f\x96\x25\x91\x8c\xd1\xc7\xa9\x07\xae\x33\x84\xb2" "\x8a\xec\xf7\xc6\x36\x5f\x46\x85\xea\x24\x3e\x48\xc5\x09\x31\xaf" "\xc1\xc7\x1f\x4e\xc2\xf5\x38\x5c\xf0\x9a\x64\xef\xea\x8b\x4d\xc6" "\x0c\xb6\x10\xd8\x0a\x2a\x59\x6c\x21\x47\x13\x8f\x31\x76\xbf\x8c" "\xf1\x00\xa4\x4b\xda\x31\x5a\xb7\x4a\x26\x9f\x4c\xe0\xe8\x4a\x0e" "\xfb\xd6\xe1\x13\x54\x61\x09\x9d\xd1\x37\x90\xd2\xa1\xc3\x87\xfc" "\xf7\xcf\xd1\x4d\x1d\xbc\xce\x8d\x5b\x86\x30\x6e\x98\x08\x13\xd4" "\xd0\x2c\xaa\xba\xde\x6b\xae\x9f\xfd\xc0\xaf\x89\x21\x07\x6e\x43" "\x3e\x2e\x1f\x81\x4f\x00\xef\x01\x1c\x79\x57\x1e\x2d\xb2\x08\xd4" "\x57\xc3\x74\x58\xa9\x03\x2f\x7d\x2f\xf3\x1b\x5f\xa9\x08\xc7\xf2" "\xc3\x85\x70\x1e\x8c\xc3\xdb\xfc\x32\x29\x03\xfa\x2e\xbc\xd8\x5f" "\x5d\xd7\x13\x27\x73\xc6\x55\x63\xd8\x36\x79\x3c\xa8\x04\x11\xd5" "\xbd\x2a\x2c\x4a\x8b\x09\x56\xa9\x0f\xb9\xdf\xed\xd4\x43\x0a\x64" "\x3e\x67\xa0\x71\x4d\xcc\xed\xef\x49\xcf\xd4\xe1\x4a\x7a\x8d\x52" "\x40\x2d\xb6\xb1\x47\x2f\xe2\x22\x36\x6d\x69\x3c\xad\x44\xc6\x9a" "\x07\x35\x7e\xb0\xf1\x50\x45\xf4\x42\xaa\x66\x7d\xf6\x45\x85\x89" "\xb4\x46\x61\x57\xee\x5d\xd0\x04\x45\xbd\xfe\x67\x3b\xf0\xf0\xc4" "\x48\x44\x52\x88\x0d\x24\x1b\x31\x34\xea\xfc\xc9\xca\xd1\x68\x32" "\xff\x2d\xc4\x87\x56\xae\x6c\x09\x1a\x79\x90\x92\x5a\x3c\xcd\xd9" "\x14\x2c\xed\x63\x3f\x54\xe5\xb7\x2a\x58\xe5\x76\xc2\x2f\xbc\x1d" "\x0b\xa0\xc2\x02\xe4\xcb\x28\x2e\x63\x67\x18\xf6\x2d\xd8\xb2\x1c" "\xed\x5b\xfe\xa0\xf4\xf5\x3d\xd0\x22\x0a\x84\x07\xea\xcc\xf7\x96" "\x01\x8c\x0c\x21\x3d\xa2\xe7\x70\x2b\x66\x65\x71\x99\xda\x1f\x00" "\xd3\x2f\x80\xa1\xb3\x00\xea\x28\x04\xe4\xcb\xa0\x17\xe1\x5b\x80" "\x2f\xaf\x25\x2a\x77\x5a\xdb\x5b\x96\x4b\x23\xec\x72\x32\x13\xbe" "\x01\x6f\x29\xc2\xfc\x3a\x69\x60\x6e\xd5\x72\x61\x7b\x68\xc5\x3a" "\x3a\xcb\x0c\xa8\x9c\x90\xf2\xd0\x42\x07\x0e\xdc\xea\x12\x61\x08" "\x22\xab\xbc\xdd\xea\x18\xa1\x38\x7f\x80\x28\x95\xff\x28\x5c\x4a" "\x03\xb5\x5d\x5a\xba\x88\x4f\x60\x28\x21\xe3\x99\x3e\x4e\xf6\xe3" "\x92\x3f\xf0\x5b\x8f\x66\x54\x88\xfb\xee\x6e\xaa\xd4\xff\xd6\xf3" "\x89\xbc\x0a\xf6\x39\x6b\x2b\xb6\x61\x2c\xfb\x1a\x28\x52\x4a\x8c" "\x69\x55\x48\x0f\xe8\xaa\x07\x67\xf6\x30\xd8\x82\x78\xd5\x46\x80" "\x10\x39\xac\x96\x69\x32\x06\x91\xe7\x07\xb3\x84\x50\x9f\x5c\xdd" "\xb0\xbc\xbd\x29\x47\x35\x7a\x6e\xca\x5e\xe7\x5f\x4c\xd8\x0e\x62" "\xaa\x1d\x5c\x1e\x1d\xa6\x49\x31\x28\xb7\x58\xff\x6e\x08\x5d\x24" "\x12\x11\x8c\x38\xfa\x9a\x43\x84\x9c\x91\xde\x5f\xae\xf5\xec\xcc" "\x06\xd9\x56\x2a\x66\x1b\xdc\x4f\x90\x0e\x34\x58\x04\x99\x37\xb5" "\x6a\x29\xc8\xd2\xec\xe5\x7f\x14\x75\xfe\x37\x37\xde\x77\x6e\xae" "\xd1\x87\x8a\x95\xc6\x86\x81\x0f\x98\xcc\x12\x32\x3a\x6e\x7f\x81" "\x82\xf9\x52\x42\x81\x84\x28\xd1\x94\x6a\xaf\x2a\x7a\xcb\x8a\xe0" "\xc8\xf3\x7d\x42\x96\xec\x5c\xda\xc2\x68\xd4\xb5\x2b\x65\xa8\x67" "\x36\x3f\x87\x2f\x55\xd0\xc7\xfc\xa3\xaa\xda\x55\x63\x31\xbe\x05" "\xbe\xa6\xbb\x04\xf3\x57\xf1\xb3\x86\x0e\x22\x53\x4a\xc5\x77\xc1" "\x10\x1c\xdf\x60\x09\xa6\x2e\xc4\x07\xd3\xd9\xb0\x9f\x72\x0f\x59" "\xd7\xf3\xf9\xda\x99\xb9\xa6\xfd\xbe\xaf\xee\xc0\xfb\x12\xfd\x2c" "\x77\xae\x70\x3b\xc6\x68\x27\x4d\x21\xd7\xab\x04\xa1\xad\x91\x35" "\x12\xb2\xc0\x3f\x5b\x7e\x68\x70\x01\x52\x0d\x9b\x5d\xdc\xd4\x2d" "\xb6\xfd\x15\xb3\xf9\x68\xe9\x5b\xaa\x7c\x8b\xa4\x23\xf0\x44\x0d" "\x12\xd9\x73\xd4\xd2\xc3\xa6\x3a\x90\xfa\x2b\x06\x3e\x51\x35\xa3" "\x58\x23\x60\x20\x5c\xbe\x95\xdf\xc8\x61\x43\x5c\x89\x62\x74\x19" "\x08\xdc\x06\x48\x33\x9d\xde\x89\x28\xaa\x4c\xbb\xa2\x56\x3c\x4d" "\xc9\x4a\x8f\xaa\xea\x0a\x95\x93\x00\xfd\x98\xa2\x79\xfc\x5b\x9e" "\x51\xc8\xc3\xd4\x67\xdc\xbc\x79\xf1\x06\xcd\x8b\xa4\x75\x90\xf4" "\x01\x84\x89\x48\x7b\xab\x0f\x1e\xfa\xf7\x8b\x2b\x9e\x89\x22\xeb" "\xfc\xcc\x80\xb6\x30\xbd\xea\xc5\xd2\x74\x66\x73\x27\xcf\x3c\xb7" "\xf3\x23\x10\x98\xb9\xe1\xb7\xb6\xf9\x95\x95\xdd\x04\xa3\xa0\x7f" "\xaf\x47\x80\xa8\xf1\xed\x8e\x42\x4b\x67\xfc\x09\x66\x48\xa4\x9e" "\x0d\xb5\x56\xbd\x96\x7c\xa4\x87\x33\xa7\xdf\x97\xe4\xe8\x83\xb3" "\x08\xf8\x42\x6c\xfa\x7e\xfe\x2a\x64\xbb\xa0\x08\x2d\x15\x4e\xdc" "\x60\xbd\x47\xb0\xf9\x31\x27\x14\xbe\x0a\x15\x0c\x20\x41\x5b\x78" "\x4d\x1c\x3e\x1c\x03\xf1\x17\x5a\x2b\x6c\x44\x73\x8a\xbe\x73\xe2" "\x89\x58\x95\xad\xda\x83\xe1\xab\xe2\x89\x50\x06\xa2\x57\x93\x2c" "\xdc\x9c\xd9\xe7\x95\xa2\xc4\xbd\x99\x44\xc4\x1d\x36\xb5\x6b\x92" "\xa5\x3b\x74\xbd\x7a\xc5\xde\xd6\x46\x74\xb4\x88\x03\x23\x16\x0f" "\xf9\xc3\xa6\xb1\x44\xec\x39\x2c\x63\xb8\x58\x76\xb7\x85\xf8\x67" "\xb8\xce\xb7\x5e\xed\x74\xfb\x25\xbb\xb9\x8f\x2b\x2f\x9a\x9c\x39" "\x59\xaf\x7e\x1b\xa8\xac\x1f\xbe\x00\xab\xfa\x82\xaa\x7f\x45\x07" "\x59\xf8\x37\x96\xaf\x87\x25\xda\x77\x96\x55\x21\xbb\x79\x4a\xc5" "\x09\xd4\x41\xc9\x15\x16\x00\x00\x00\x00\x00\x00\x00\x05\x88\xc4" "\xf3\x99\xd8\xab\x7e\x6f\x43\xb2\xaa\xc9\x88\x46\x61\xea\xf5\xa0" "\x2d\xae\x1a\xf2\x7a\x82\x3d\xf7\x26\xad\x7b\xdc\xca\xfa\x67\xd2" "\xa8\xb9\xf5\xc8\xec\xaa\x2b\xb5\x23\xb9\xd3\xb2\x4b\x36\x31\xe6" "\xd5\x50\x42\x2d\x3e\x03\x13\xe0\x6d\x51\x94\x04\xe5\x62\xc7\xb2" "\x91\x3c\x7f\x7b\x42\x35\x72\x2a\xd4\x29\x85\xaa\xfe\x53\x14\xab" "\x77\x64\xdf\xbc\xd8\x73\xcb\x35\x95\x68\xff\xe4\x30\x1c\x9e\xed" "\xdc\xd0\xcb\x2e\x51\x7a\x92\x74\x29\x9c\xf2\x7f\x80\x9b\xc4\x1f" "\x33\xeb\x52\x0d\x36\x7b\x40\xc0\xe0\xd1\x3d\x50\x7b\x9f\xc3\xde" "\x71\xa0\x5f\xbf\xa0\x2b\xc3\xac\xc4\xda\x97\xbf\x3e\x14\x9f\x3b" "\xd5\x06\x9b\x2b\x99\x37\x5e\xa3\x14\xb7\x3e\x7c\x6b\x4a\xbf\xca" "\x6c\x63\xcc\x2e\xb7\x5d\x9f\x67\x68\x74\x9a\x28\x4e\xf5\xba\x2a" "\x39\x60\x3f\x68\x14\x6c\x79\x65\xe5\x68\xc8\xfe\x4d\x7a\xe4\x26" "\x2b\xd8\x24\xaf\x58\x73\xb1\x40\x00\x3c\x68\xf8\xe9\xc7\xdf\xd0" "\x5b\xb1\xa8\x51\x17\x93\x71\xba\xd5\xa9\x79\x8a\x3d\x2c\xc7\x13" "\xe7\xc9\xf0\x45\x84\xd0\xfa\x40\x96\xac\xb0\x9b\x30\x3b\xb5\x58" "\xb9\x19\x38\x93\x14\x17\xf8\x27\x2c\x84\x32\xb2\xfd\x8f\xa6\x01" "\xc3\x1e\x87\x3b\x31\xff\x72\x6b\x73\x4b\xa0\x3c\xb1\x39\xd0\x9b" "\x9e\x67\x6e\xaa\x6f\x25\xaa\xd4\xac\xd6\xcf\xc6\x97\x01\x8e\x4e" "\xc4\x8e\xcf\x77\xb1\x10\x61\x05\x58\x6a\x09\x05\x3e\x3e\x14\x6f" "\xaf\xaf\x02\x29\x65\xca\x33\x54\x5f\x70\x75\x76\x08\x88\x83\xfb" "\x31\x64\xfa\x2d\x37\xd4\x96\x14\xdd\x06\xf4\x0d\x00\x40\x00\x7b" "\x54\x11\xe7\x57\xff\xaf\x63\x30\xa2\xb5\x29\x20\x8e\x47\x16\x30" "\x01\xac\x5b\x68\xe8\x92\xc6\x2c\x21\x93\x9e\x6e\x52\x07\x9a\xba" "\x5d\x87\xfb\xec\x3c\x3f\x65\xe9\x8f\x10\x19\x4e\xbc\x67\xb7\x43" "\x44\x83\x0b\xee\xed\x31\x3a\x55\x76\xae\x41\xf3\x1b\x1e\x72\x25" "\xf2\x48\x51\xad\x2e\x6e\x0e\xd1\xc0\xe3\xfe\x08\xe3\xb2\xac\xf0" "\x2c\xc4\x31\xa7\x3e\xbe\x92\x4b\xf3\x4e\x23\x64\xef\xfe\xc7\xc3" "\xaf\xd0\xc7\xac\xb6\x88\x03\x23\x09\x7d\xc7\x3d\x9c\xa1\x1b\xe7" "\x80\x10\x39\x9a\x3c\x80\x38\x6f\xfb\x75\xe9\x40\xa9\xf3\x31\x43" "\x69", 2241)); r[38] = execute_syscall(__NR_sendto, r[1], 0x20a91000ul, 0x8c1ul, 0x4004ul, 0x0ul, 0x0ul, 0, 0, 0); } int main() { setup_main_process(); int pid = do_sandbox_none(0, false); int status = 0; while (waitpid(pid, &status, __WALL) != pid) { } return 0; }