// https://syzkaller.appspot.com/bug?id=426a727262bcd7a4f516dd2ff8e7dff540bd1dc6 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_io_uring_enter #define __NR_io_uring_enter 426 #endif #ifndef __NR_io_uring_setup #define __NR_io_uring_setup 425 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } #define SIZEOF_IO_URING_SQE 64 #define SIZEOF_IO_URING_CQE 16 #define SQ_HEAD_OFFSET 0 #define SQ_TAIL_OFFSET 64 #define SQ_RING_MASK_OFFSET 256 #define SQ_RING_ENTRIES_OFFSET 264 #define SQ_FLAGS_OFFSET 276 #define SQ_DROPPED_OFFSET 272 #define CQ_HEAD_OFFSET 128 #define CQ_TAIL_OFFSET 192 #define CQ_RING_MASK_OFFSET 260 #define CQ_RING_ENTRIES_OFFSET 268 #define CQ_RING_OVERFLOW_OFFSET 284 #define CQ_FLAGS_OFFSET 280 #define CQ_CQES_OFFSET 320 struct io_sqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t flags; uint32_t dropped; uint32_t array; uint32_t resv1; uint64_t resv2; }; struct io_cqring_offsets { uint32_t head; uint32_t tail; uint32_t ring_mask; uint32_t ring_entries; uint32_t overflow; uint32_t cqes; uint64_t resv[2]; }; struct io_uring_params { uint32_t sq_entries; uint32_t cq_entries; uint32_t flags; uint32_t sq_thread_cpu; uint32_t sq_thread_idle; uint32_t features; uint32_t resv[4]; struct io_sqring_offsets sq_off; struct io_cqring_offsets cq_off; }; #define IORING_OFF_SQ_RING 0 #define IORING_OFF_SQES 0x10000000ULL static long syz_io_uring_setup(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5) { uint32_t entries = (uint32_t)a0; struct io_uring_params* setup_params = (struct io_uring_params*)a1; void* vma1 = (void*)a2; void* vma2 = (void*)a3; void** ring_ptr_out = (void**)a4; void** sqes_ptr_out = (void**)a5; uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params); uint32_t sq_ring_sz = setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t); uint32_t cq_ring_sz = setup_params->cq_off.cqes + setup_params->cq_entries * SIZEOF_IO_URING_CQE; uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz; *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); return fd_io_uring; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 15000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; *(uint32_t*)0x20000104 = 0; *(uint32_t*)0x20000108 = 0; *(uint32_t*)0x2000010c = 0; *(uint32_t*)0x20000110 = 0; *(uint32_t*)0x20000118 = -1; memset((void*)0x2000011c, 0, 12); res = -1; res = syz_io_uring_setup(0x17c, 0x20000100, 0x20001000, 0x20ffe000, 0x20000180, 0x200002c0); if (res != -1) r[0] = res; *(uint64_t*)0x20000300 = 0; *(uint64_t*)0x20000308 = 0; memcpy( (void*)0x20000310, "\x48\x43\xb2\x6a\x6f\x53\x78\x67\x94\x6d\x60\xf3\x03\x22\x2e\x3b\xc9\x5a" "\x98\x50\xb2\x25\x8b\x60\xbe\xb7\x2f\x8e\xcb\xaf\x30\xca\xb4\xc3\x45\x33" "\xad\x15\x25\xe2\x3d\xa6\x52\x0c\xe9\x0c\x6e\x05\x02\xd7\xd2\xca\x34\xa2" "\x84\xdd\xa6\xc2\xb6\x95\x67\x4f\xae\x88\x27\x78\x5d\x22\x05\x1d\xab\x3d" "\x15\xd9\x26\x2e\x72\x64\xe5\xaa\x11\x9a\x6b\xb1\x53\x27\x75\x7c\x4d\x78" "\x1a\x25\xa9\xef\x98\x3d\x39\x62\x63\x12\x87\xcf\x8e\x4d\xb9\x4e\xba\x34" "\xcf\x25\xf7\x5a\x19\x0d\x3b\x6d\x2f\x62\x62\x6f\xe5\x85\x9f\x6d\xa9\xbb" "\xc0\xa3\x1c\x3e\x17\x37\xc5\x11\x5b\x4c\xe0\xe3\xa1\x07\x37\xe9\x0f\x9a" "\x1a\x55\xe4\xd4\x41\xe5\x8a\x6d\x14\xf1\x0f\x8f\xf0\x7e\x56\x11\xfe\x42" "\xff\x0e\x73\xb5\x67\x7b\x79\xa6\xf4\x92\x03\x19\x25\x78\x12\x0f\xc6\x2b" "\xe6\x44\x9d\x4b\x78\xb4\xe1\xcd\x04\xaa\xc5\x79\x9c\x92\xf5\x40\xc4\xaf" "\xe5\x00\x7c\x3e\xa9\x25\x4b\x42\xa7\xf8\x0b\x91\x10\x7b\x4e\xd4\x84\x2c" "\x32\x8b\x1b\xb6\x26\x2d\x61\xe0\x3c\x2e\x4d\x99\x33\xb2\x03\x56\xda\x07" "\x3e\xcc\x44\x84\x93\xa1\x69\x15\x2f\xf3\x81\xa7\x29\x41\x31\x29\xd2\x12" "\xb7\x3a\x82\xbb", 256); memcpy( (void*)0x20000410, "\xab\x4c\x7b\xd3\xa1\x80\x64\x84\xd6\xd2\x2a\x65\x57\x48\xaf\x4c\xbf\x1a" "\xe4\x8e\xd5\x8e\x7b\xb2\x34\x3a\x64\x57\x1e\xb9\xcb\xe3\x84\x88\xef\x24" "\x64\x63\x57\x02\x77\xcc\xa8\x7c\x68\x37\x3b\xc1\x6c\x89\xf2\xb5\xb4\x4e" "\x43\x2c\xea\xd2\xab\xeb\x29\x87\x51\xbd\xc9\xae\x9f\x6c\x35\xae\x90\x22" "\xf0\xcd\x3a\x23\x82\x7e\x45\xd8\xae\x5e\xe7\x4a\x3f\x3c\x3d\x33\x87\x52" "\xd6\x58\xa6\xd9\x0c\x69\xb3\x2e\xd1\xb1\xec\x8e\x0b\xda\x35\xbf\x19\x73" "\x10\x24\x4d\x3d\x18\x36\x3a\xc9\x79\x73\xf4\x85\x3d\xd2\x75\x46\xbd\xb1" "\x57\x7e\x0f\x4f\xf5\xaa\xed\x63\x6e\xed\x56\x74\x60\x31\x90\xc4\x8b\xc9" "\xc1\xb0\x2a\xe0\xb9\x49\xb8\x72\xcd\xb8\x07\x58\xbd\x63\x83\x2a\x55\x24" "\x86\x8a\x75\x6a\x71\x8e\xea\xb4\xbf\x8f\x93\xb9\xd6\x55\x21\x9e\x84\xfd" "\x3a\xaf\x02\x38\x5e\xab\xed\x65\x9c\x67\x7e\x29\xba\x5a\x54\xc1\x74\x31" "\x95\xe5\x34\xf7\x81\xf3\xad\x8a\xd3\x53\xbe\xf1\xcb\x34\x8c\xf9\x3a\xec" "\xaf\x89\x64\xd0\x59\xb0\x4a\x20\xde\x71\x0b\x39\x7c\x3f\xb9\xeb\x43\x55" "\x44\x4a\x7d\x05\x55\x94\x08\x59\x79\xb5\xdb\x13\x4e\x87\xd4\x54\xba\xc4" "\xcc\x15\x83\xa3\x21\x0a\xf1\x98\x56\x1c\x1d\xb4\xbf\x96\x90\xa4\x9c\x21" "\xc7\x57\xdf\x1c\x2f\x78\x07\xd7\x08\x0d\x07\x5a\x00\x89\xe8\xe8\xe2\x23" "\xeb\x6a\xd5\xe6\xc2\x2b\xb0\x64\x63\xf9\xf0\x00\xab\x11\xc2\xae\x98\x61" "\x68\x98\x48\xb3\x38\x91\x7f\x60\x09\x8b\x8e\x1b\xaf\x11\x95\xaa\x70\x54" "\x84\x07\xf6\x2f\x4a\x87\x84\x7c\xb5\x09\x4f\x2b\x64\xf5\xeb\xd2\x67\x17" "\xd0\x0b\x62\xd1\xe1\xaa\x6c\xc6\x31\xb0\x48\x01\xd7\x4e\xdf\xad\x9c\x30" "\x37\xaa\x80\x12\x21\x00\x72\x5c\x1c\xd8\xb9\x31\x6f\xa3\xbd\x9a\xa5\xe4" "\xef\xe4\x27\xd4\x6a\x80\xeb\x2d\x5c\x1d\x06\x1f\xc5\x01\x6e\x4a\x40\x7b" "\x48\x95\x84\x21\xb2\xb1\xd3\xd2\x51\xb0\x1a\x03\x54\xa6\x23\xe9\x58\x08" "\x22\xae\xcf\xdf\x5c\x68\xf5\x93\x6f\xe7\xe5\x31\x9e\xb2\x6a\x57\xce\x34" "\x7e\x7c\x99\x02\xd7\xed\x85\x97\x38\xda\x4c\xfd\xc8\xf6\x1d\xe9\xdd\xf1" "\x2c\xd2\xb6\x88\x69\x37\x08\x83\xa2\x47\x7f\xaa\xa2\xec\x58\x1c\xbd\xc3" "\xa7\xf9\xd0\x02\x8e\xef\xb7\x24\x10\xeb\xa1\x0a\x19\xcf\x4c\x17\x15\x70" "\x9a\x42\x24\x99\x98\xfe\xea\xaf\x94\x1f\x61\xc4\xfb\x79\x4e\x6e\x4e\x48" "\xdb\xc1\xac\x56\x48\xbf\x04\x64\x08\xbe\xc1\xf5\x2f\x81\x08\xe1\x8a\xed" "\x79\x32\xd6\xdb\xdb\xaf\x89\x66\xa7\x3c\x11\x0b\xfd\xeb\xb9\x6a\x5b\x0a" "\x40\x2f\x17\x08\x1b\x8e\x02\x2f\xf5\x45\x81\x2d\x58\x49\x02\xf8\x94\x7a" "\xf8\x5d\x72\xc0\xee\x01\x18\x4d\x47\x66\x8a\x90\x5b\xd0\x3c\xd9\x5e\x5c" "\xe1\x4a\x64\xbf\x72\x4f\xf1\x05\xd5\x03\xf4\xaa\xf5\xa4\x4a\xa2\x93\x3c" "\xd3\xb1\x85\xae\xda\x09\xe7\x85\x0a\x40\x6e\xf7\x78\xfb\x77\xdf\xc8\x8d" "\x53\xcb\x9c\xa6\xde\x8d\x36\x38\xf3\x1c\x13\xf0\xca\x2c\x90\xad\xdc\x5a" "\x5f\xd0\x6a\x9c\x01\x9e\xcc\xed\xe4\xf6\xe5\x0b\xfd\x1e\x94\xc7\xa6\x35" "\x67\x4e\x61\x58\x1b\x63\x95\xd7\x09\xde\xe3\x10\x6b\x4a\x4c\xb0\xd3\x19" "\x36\x69\x02\x9a\x52\x4d\xcf\x51\x1e\x09\x81\xe2\xd2\x0a\xd1\x8f\xc9\xa6" "\x68\x9e\xe1\xd0\x0d\xb6\x2a\x9b\xa4\x32\xc7\xf7\x39\xbb\x89\x44\x8b\x77" "\xc1\x82\x63\x4f\x2d\x86\x91\xe3\xc8\xba\x56\x51\x4d\x5d\x22\x15\x33\x35" "\x1f\x17\xba\xa6\x45\xaa\x0e\xa7\x09\x7e\xca\x60\xf9\xd7\x28\xb2\x3b\x4e" "\xc7\xaa\x27\x15\xe7\x26\x77\xef\x21\x47\xe9\x9c\xb5\x63\xbb\x44\xb0\x06" "\x61\xcd\xe2\x67\xfa\x2c\xf2\x56\x61\x6e\xda\xe9\x44\xe7\x4f\x70\xe4\xc0" "\xfc\x39\xfc\x9a\x50\x3f\x0f\x1f\x15\x26\x03\x8c\xbb\xfb\xa4\x31\xba\x66" "\x8c\x77\x53\x16\x9a\x55\x05\x96\x09\xde\x27\x1c\x6e\xa6\xf0\x31\xe3\x3a" "\x5e\x09\x94\x14\x83\xd5\xf9\xe6\xc3\x8e\x29\x2f\x32\x31\xb7\xbc\x1a\x5c" "\xa9\xdf\x9b\xd7\xce\x7e\xfa\x6b\x41\xd2\x39\x8a\xbc\xcf\xdb\xd8\xd5\x92" "\x6e\x66\xb6\x5b\x00\x40\xd3\xc1\xd7\xc5\x59\x90\xc7\xc0\xbf\x78\x48\x6c" "\xac\x84\xd5\x2a\xcd\xa3\x62\x9a\x9f\x77\x29\xa7\x62\x36\x4e\x57\x18\xa6" "\x58\xd0\x64\x5b\xd8\xa3\x01\xde\x16\x1f\x21\xd5\x40\xfe\x5b\x9f\x12\x53" "\xd9\x8d\xbf\xc2\xc9\x5b\x9c\xac\xaf\x8f\x9c\x7c\x58\x4e\xa4\x45\xd1\xcd" "\x59\x25\x95\x70\xd9\xef\x73\xca\x75\x2a\x82\x79\x32\x67\x18\x62\x7a\x96" "\x37\x58\x95\xeb\x73\x52\xc5\xb7\x42\xbb\x24\x85\x21\x51\xee\x34\xdb\xb2" "\x39\x36\x6c\x99\x4e\x29\xd2\xe5\x05\x09\x48\x40\x63\xfe\xa1\xb9\xce\xab" "\x44\xfd\xd4\xdd\x5a\x1c\x81\x9d\x2a\x4e\x7e\x6d\x9f\x46\x35\x75\x31\x8c" "\x96\x1e\x63\x7b\x35\xc1\xc6\x0b\xab\x7c\xf1\x4a\xf9\x12\xf5\x7d\xf8\xda" "\x64\x0f\x21\x18\x5b\x41\x18\x3b\xcd\x9a\xd8\x79\x50\x0b\x4b\x85\x43\x17" "\xac\xa5\x9a\xd0\xb5\xc8\x99\x99\xde\x5c\xad\x30\xa3\x58\x66\xde\xea\x26" "\x5e\x69\x57\x34\x13\x49\x98\x18\x35\x2d\x08\xf2\x17\x2f\x5e\x72\x84\x0e" "\x69\xc2\xea\x2f\xbf\xd3\xc0\x3d\x41\x5e\xb3\xc6\xa1\xce\x15\x3e\xa8\x7e" "\x21\x9a\x5f\x6f\xf5\x36\x1e\x9c\xa5\x46\xfe\xd8\xfe\xc4\x72\x56\xca\x4f" "\xba\x05\x0b\x3e\xfe\xfc\x9c\xca\xf7\x48\xd9\x8f\x1b\x14\x4b\x68\x25\x24" "\x98\xda\xf6\x76\x25\x77\x50\x2f\xc2\xdc\xa3\x62\xb3\xd2\xc3\x9e\x9c\x9b" "\x27\xd2\xd2\x54\xc1\xe6\x35\xcb\x8e\x1b\x05\xfb\x82\x6a\xd6\x79\x3e\x69" "\xe5\x1a\xd6\x4d\x15\xe6\x89\x31\xed\x03\xd7\xaa\x99\x1a\x33\xb2\xbe\x4a" "\xa1\x2b\xa1\x20\xf4\x4a\x53\x25\x2b\xd8\x86\x0e\xeb\x7d\xc6\xbd\x0e\x16" "\x95\xc3\xd2\x2f\x29\x89\x1b\xcf\x94\xbe\x6d\x09\x66\x55\x2b\xb7\x15\xf2" "\x6b\x61\x1b\x42\x98\x04\xe3\xeb\x4e\x3d\x96\x0b\x48\x77\x51\xbd\xf7\xcc" "\xc1\x11\xeb\x2d\x52\x80\x8a\x19\x56\x63\x92\xe2\x64\xa8\x10\xce\x9a\xa3" "\x58\x9a\x99\x28\xf4\xb9\xe8\x57\x3b\x16\x65\xd1\x83\xe5\xbc\x00\x9e\x51" "\xd9\xc6\x64\x9f\xfd\x46\x8b\xa0\x0c\x12\xbb\x7f\x96\x27\xb4\xfc\xad\x48" "\xcb\xc8\x2c\x82\x18\xa2\xfa\x2d\x4c\xea\xcb\x97\x40\x41\x18\x31\xdb\x58" "\x3b\x6d\xb3\x51\xd8\x61\xc8\xee\x83\x22\xdd\x6a\xd4\x6e\xb2\x06\xa8\x94" "\x65\x7b\x0a\x26\x23\xad\x86\x61\xa7\xba\x2e\x69\x63\x27\x0a\xd1\xd6\xa4" "\x1d\x92\xb5\x73\x41\xb4\x8f\xb9\xaa\xe8\xef\x7d\xac\x7a\x71\xc9\xe4\xfc" "\x65\x20\x6e\x42\xe2\x48\x0c\xaa\x99\xda\xe1\x55\x4d\x60\xa6\xe1\x2b\x6d" "\x83\xbc\xa5\x1c\x74\xe6\x28\x43\xe4\xeb\x3a\xdc\x08\xd6\xc9\x18\xaf\x9c" "\xa8\x35\x43\xad\x00\xf9\x03\xe1\x73\xf5\x61\x7c\x43\x30\xda\x07\xe8\x5e" "\xf3\xa1\x31\x31\xb0\xfa\x71\x2f\x8c\x25\xfc\x71\x56\x63\x04\x16\x7e\x59" "\x4e\x37\x50\xa9\xa9\x00\x7d\x47\x17\x40\xed\x08\x5f\x80\x89\x34\xf1\x02" "\x31\xb8\xb5\xe2\xfd\xda\xab\xb0\x19\x2f\xfd\x01\x6a\xf5\x75\xa1\xd8\xc7" "\xfd\xe2\xd8\x6c\x89\x2c\xc0\xf1\x4a\xda\x47\xdc\x2a\x1a\x8d\x3c\x7f\xf9" "\x5a\x78\x8d\x0b\xd9\x44\xe9\xfa\x3a\x32\x43\x66\xe4\xef\xdb\xad\xd3\x29" "\x60\xf9\xab\xd7\x30\x0c\x02\x92\x7e\xe6\xb8\x68\xb6\x6b\x6f\x23\x6b\xda" "\x29\x36\x50\x08\x29\x35\xa4\x4c\x07\x8d\x9d\x0d\xe3\xbe\xf6\x19\x56\x96" "\xf0\x11\x1c\x4f\xf1\xe6\x19\x2f\xae\xa4\x02\x86\xa8\xf3\xd7\x2c\x13\x27" "\x4f\x73\xff\x0e\x84\x50\x07\x39\xf3\xe9\x62\x28\x9c\x04\xcd\xad\xda\x66" "\x5a\xae\x3d\x41\x76\xfb\x91\x3c\x60\x69\xa8\x52\xce\x22\x68\xa8\x4c\x0d" "\x23\x29\x32\x90\xca\x88\x94\xc3\xf3\xbc\xd7\xd8\x46\xc4\x88\xc6\xa2\x3f" "\x93\x9c\xaf\xc9\x0f\xa6\xbd\x3a\xc7\x85\x36\xa3\xc3\x53\x8d\xcd\x93\xcc" "\x0b\xfd\x38\x32\xba\x47\xbb\x32\x53\x57\x2f\xdd\xf1\x8e\xfb\xe8\x30\x5b" "\xa9\xc4\x06\x62\x19\x53\x4d\x17\x3e\x8e\x22\xce\x12\x98\x45\x60\x0b\xdd" "\x61\x47\xb5\xde\x62\x4b\xa0\x18\x29\x62\x53\xf8\x03\xcb\x3f\x2d\x5f\x99" "\xda\xa9\x9b\x35\xff\xe4\xf8\x52\xc9\x86\x6e\x35\xa4\x1d\x0c\xb5\xd3\xfa" "\x4c\x9c\xf6\xf4\x7e\x4f\x81\xa8\xc4\xef\x9e\xe1\x90\xa8\x0d\x6b\xbe\x88" "\x31\x8e\xcc\x29\x01\x8e\x72\x18\xee\xf7\x19\x3f\x53\x96\xdc\x61\x6b\x9a" "\x19\x29\xf7\xbf\xbe\x7b\xce\x3d\xfe\x84\x8f\xe6\x75\x6f\xae\xfd\x6f\x4f" "\x22\xb5\xc4\xe9\x94\x92\x06\x5b\xae\xbf\x74\x78\x9c\x29\x81\xbb\x3d\xf1" "\x93\x5d\x5a\x4e\xfc\x82\x82\xca\x26\x35\x45\x3d\x30\x59\x94\x57\x8c\x64" "\x6e\xbf\xff\x55\x0f\xd7\x16\x15\xb2\x6b\x09\x15\xa3\x32\xd0\xb6\xee\x20" "\xa3\x71\x65\x84\xd0\x8a\x58\x58\x3c\x45\xe7\xc4\x97\x6d\xe8\xc4\x35\x6f" "\x30\xf7\x13\x9d\xb1\x96\x1a\xcc\xc8\x58\xf7\xeb\xb5\x24\x39\x88\x31\x1f" "\x2d\x65\x7f\xb0\x11\xd0\x23\xda\xa3\xa2\x0a\xfa\x0c\x00\xec\x67\x4b\x5c" "\x61\x34\x65\x5e\x3f\x97\x61\x4e\x6e\x50\xc3\x91\x0e\xb1\x9f\xab\x64\x85" "\x0d\x2e\xdf\x9f\xaf\x6a\x48\xa6\xce\x71\x37\x75\xcd\x02\x6c\xef\xd5\xa5" "\x70\x8e\xfa\x57\xe7\x03\xca\xfa\x88\xd4\x63\x2f\xaf\x6b\x4a\xa5\xdf\xd3" "\x49\xf8\x49\x2d\xe7\xe3\xcc\xed\xc1\x00\x1e\xe6\x23\x87\x4a\x1d\xbe\x69" "\x0d\x91\x3f\x08\x02\xe3\x47\xc5\x73\xaa\xe9\xff\x06\x70\x8b\xb8\x3e\x80" "\xe2\xef\x52\x85\x91\x8b\xb3\xac\x5f\x6a\x1b\xad\x83\xd3\x55\x12\x5f\xee" "\xfe\xdf\xa4\xe6\x77\xd7\x49\xcc\xaf\x27\x89\xef\x5c\x21\x9e\x36\xc5\x81" "\x51\xe6\xcc\x16\x7a\x06\x05\x0a\x65\x3b\x30\x9e\x93\xc2\x74\x96\x44\xdd" "\x5b\x6f\x7b\x8d\x1e\x58\x3c\x01\xab\xa8\x44\xe7\xe2\x83\x88\xa7\xa1\x5f" "\xf7\xe0\x7e\xaf\xda\xc1\x5b\xeb\xf6\x0b\x72\x2d\x18\xc3\xb0\xed\xd2\x2a" "\xbb\xbb\x38\xab\x9d\x48\x56\x5b\x03\x0c\xff\x18\x38\x76\xf6\xe5\x3c\x91" "\x31\x37\x14\x87\xee\xfd\x56\x7a\xcc\x8b\xb7\x8b\x33\x06\xf7\x7c\x9f\x5a" "\xe2\xae\x11\xed\x4b\xad\x61\xfa\xa4\xe6\x94\xbb\x3f\x41\x3d\x24\x78\xc2" "\x09\x1e\x6a\x6b\x29\x56\x03\x95\x85\xf5\x7a\x9c\x82\x58\xe4\x60\xfc\x6a" "\x94\x34\xb2\xac\x4b\x38\x19\xc8\x3b\x93\xfe\x0f\x7d\x34\x31\x5c\x09\x16" "\x9c\xf0\xa8\x69\xc2\x02\x6c\x22\x56\x58\x67\xc4\xe7\xb3\xa3\x2a\x00\x90" "\x91\x7e\xb5\xbc\xd3\xe2\x26\x58\x5d\x1f\xd3\xe1\x98\x86\xe8\xcc\x11\xf0" "\x3f\xdd\xdf\x63\x77\x5c\x7f\x84\x08\x97\xa7\x62\x3a\xbe\xde\xec\xad\xc1" "\xa0\x70\x0f\xa9\x62\xf2\x80\xb5\x06\x35\x95\x0d\x0e\x41\x0f\x55\x17\x15" "\xa6\x52\x2c\x01\x4e\x16\xe1\x49\xa8\xcf\x8c\x16\xea\x7d\x9c\xb5\x3a\x9b" "\x5f\xfc\xbb\xaa\x74\x89\x28\x55\xde\x40\x7a\xf2\x36\x26\xaa\xbb\x06\x10" "\x59\x1b\x20\x52\x36\xd4\xc3\x69\x65\x44\xb4\xe0\x82\x33\xb4\x62\x83\xb7" "\x89\x13\x99\x8f\x75\xee\xe5\x8d\x9f\x4a\x6a\x70\x18\x92\xe6\x48\xa0\xd6" "\xe2\xe4\xf5\x84\xd1\xcf\x86\x21\x23\x7c\x2f\x0b\x42\x1f\x90\x7e\xb9\x87" "\x8b\x99\xb1\xc0\x66\xec\xe5\x7e\xde\x67\xa1\xc9\x05\xbf\xca\x0f\xb7\x2f" "\x3c\x54\xd2\x7f\xaa\xd6\x8d\x2d\xf0\x64\xc6\xc2\x94\x31\xa7\x04\x9f\xf7" "\x74\xae\xaa\x20\x2e\x2e\xc6\x41\x94\x33\xdb\x38\x26\xd1\xb4\x2a\xc6\xb6" "\xf8\x6d\x97\xe1\x32\xa0\xd3\xc1\x1d\x10\xf8\x14\x35\xb6\x70\x04\x2b\xd2" "\xb7\x7f\x1e\xb8\xdd\xdf\xe3\xc6\x7f\x85\x50\xc3\xe7\x0d\xf9\xdd\xa6\xe0" "\xe3\x7e\x35\xbb\x6a\xf7\xe9\x7b\x92\xad\x1f\xc8\xf7\x6c\xce\x7d\x89\x40" "\x34\x1f\x2c\x4f\x5c\xb2\x7f\x65\x35\x3d\xd9\x45\x78\x0a\x35\x4d\x38\x74" "\xb4\x59\xe9\xcd\xc3\x9c\x80\x6a\x4f\x0e\x1c\x92\x8f\x04\xd8\xab\x23\x99" "\x62\x2b\xbc\x08\x36\xd6\x4e\x2c\x80\xb9\x0c\x3a\xb7\xd5\xc7\xba\x6e\xf0" "\xbd\xd0\x9c\x44\x13\x1a\xa4\x6f\xf2\x6c\x1d\x51\x91\xf7\x42\x74\xa0\x4f" "\xed\x79\x63\x14\xa3\xf0\x93\x5c\xc8\x80\xf4\x0c\x55\x9a\x45\xca\x1c\x4c" "\x20\x82\x41\x2d\x6d\xf2\x1f\x41\x8b\x94\x44\xb4\xe6\xea\x80\x31\x7e\x92" "\xbf\xd0\x0a\xe1\xef\x84\x82\xe5\x40\x0e\x0e\x45\x17\xfe\xd9\xcc\x61\x9c" "\x46\x50\xa5\x4b\x13\xb7\x76\x99\x75\x2f\xab\x5e\xb4\x78\x02\x57\x9b\xe8" "\x2c\xe7\x9c\x56\x8f\xdf\x84\xd7\x40\x11\xd9\x62\xfc\x12\xfa\x94\xa4\x22" "\x09\x6c\x34\xea\x04\xcc\x6d\xea\xc0\x3b\x91\x3e\x56\x9f\xa8\xaa\xa5\x41" "\xe6\x00\xfb\xec\x7c\x5c\x6f\x07\xf8\x2b\x63\xb6\xe6\x17\xa9\x60\x47\x21" "\x0b\xa5\x02\xd9\xea\xdb\xbe\xc2\xf0\x3b\xd8\xd8\x10\x36\xa7\xa2\x5f\xd2" "\x82\x03\xb8\xa4\x16\xdc\xc9\x15\x24\x5b\x68\xbe\x6f\xef\xf4\xb4\x66\x4b" "\xc5\x86\xbd\xad\x8b\x90\xe5\xf6\xa2\x94\xb3\x52\xaf\x0b\x7e\x1f\xb9\x96" "\x25\xfc\x3c\xe6\x8a\x35\xd3\xa2\x6d\xdf\x61\xce\x3f\x51\xff\x0c\xf4\xbc" "\x7a\xe0\xbb\x00\xaa\xe3\xdb\x8f\xb8\x77\xe2\xd4\x97\xbb\xf4\x89\xf7\x81" "\xfa\x9a\x6e\x59\x40\x7d\x89\x02\xdd\xbe\x8f\xc8\xd1\x25\xb1\xf9\x6f\x02" "\x02\x27\x2f\xe7\x21\x36\xa4\xb8\x2e\x33\x8c\x7c\x24\xa1\x6e\x69\x81\x12" "\xf3\x88\xb8\xf8\x64\x9a\x53\x90\x4e\xd6\xcc\xfb\x83\xb9\x42\x3a\x60\x04" "\x77\x0c\x71\x44\xd2\xca\xd8\x8a\xa4\x37\x86\xc9\x11\x85\x8a\x0a\x56\x18" "\xac\x42\xa4\x7d\xa1\x14\x0e\x06\x78\x08\x0d\x9d\x84\x84\x92\xc5\x4d\xf7" "\x8d\xfd\x16\xc7\x68\xb2\x44\x2a\x42\x60\xd2\xed\xcf\xaf\xb5\x27\xa8\x3b" "\xbe\xe1\x52\x4c\x85\x3b\x59\x21\xf9\x86\xef\x8d\x44\x51\xb0\xe0\x79\x50" "\x6e\x7c\x31\xd4\xb6\x28\x6c\x79\x5c\x20\x8d\x7a\xac\x39\x5e\xb8\xbd\x6f" "\x1e\xcd\x77\xe8\xad\xae\xdd\x3b\xf3\x18\xa6\xc7\x4b\xea\x59\x77\xf1\xde" "\x7f\x69\xaa\x4c\x45\xaf\xcc\xfe\x90\x24\x6a\x7c\xe3\xed\xc9\x7f\xa7\x1f" "\x4f\x2c\xaf\xaa\xf0\x6c\x49\x02\x6d\xa5\x0a\x90\x11\xbb\xbd\x05\xbb\x78" "\x71\xe5\xf4\xa6\x7f\xe8\xaf\x59\xfb\x59\x93\xdd\xe3\xf4\x58\x20\xaf\x5b" "\xa1\x4b\xca\xa3\xee\x5e\x77\x90\x4f\xaf\x05\x5a\xc3\xef\xa6\x81\x8b\x29" "\xf6\x46\xc4\x15\x60\x03\xa9\x1f\x66\x7b\xa7\x0d\xd7\xd5\x7c\xe9\x71\x2e" "\x3a\xbb\xfe\x0f\x13\x96\x38\xd1\xb4\x8f\xb9\x7f\x2d\xda\x42\x2f\x9d\x26" "\x2a\xcb\x43\x18\xaa\x66\x6d\x75\x34\xfa\x06\x08\x90\x46\x48\xef\xdd\x8f" "\xd9\x53\xc8\x82\xac\x80\xab\x08\x44\x9e\x95\xd4\x14\x70\xfb\x5a\x5c\xd8" "\x60\x6b\x8e\x85\x35\xd7\xc1\x5b\x07\x22\x0d\xd8\x16\x00\x1b\xaf\x09\x9e" "\xec\xe0\x6a\xac\x49\x4a\x89\x4a\xd5\x0e\xd7\xdc\xab\x3b\x22\xfa\x53\x4e" "\xa6\xd7\x82\xfc\x51\xc0\x10\x31\x18\xe7\xb2\x9c\xa2\x6f\xc8\x41\x8c\xc8" "\x9b\x9c\x23\x0e\xb7\x23\x01\x1f\x87\x0c\xe5\xb1\x50\x8f\xbe\x6b\xf3\xc9" "\x41\x4c\xaa\xb1\x4e\x6f\x9e\x17\x32\x9c\x95\x9a\xd5\xdc\x07\xa8\x65\x54" "\xd0\x0c\xac\x36\xfd\x26\xe0\x0c\xc3\xb2\x43\x78\x6c\xad\xfc\xee\x66\xcb" "\xaa\xdc\xb0\xaa\x62\xbb\x9c\x93\x98\x5d\x6c\x71\xab\x65\x98\x56\xcc\x49" "\xfb\x73\xc4\xc0\x77\xb9\x91\x5d\xad\xa5\xcb\xf1\xc0\xb1\xcc\x88\x38\xdc" "\x36\x1d\xb8\xc4\x5c\x5a\x08\xa4\xe5\x4b\x5a\x08\x8d\x37\x78\xae\x11\x4c" "\xe5\x3f\x50\xb2\xf6\xce\x08\x7c\xfb\xaa\xee\xa0\x7c\x9c\x4a\x18\xdf\x5c" "\xed\x1d\x45\x62\x86\x5b\xe2\x44\xfd\x1f\x3b\xf5\xf0\xec\x5b\xbf\xdc\x22" "\xde\xfa\x31\xef\x71\x28\xcc\x47\x1b\x52\x80\xad\x9d\xb2\xb3\xd9\xaf\x66" "\xc4\x30\xf0\x2b\xf6\xd6\xe7\x24\xcd\xdf\x73\x14\x62\x3c\x82\xe6\x7e\x59" "\x0b\x66\x3b\x4e\x27\xac\xd7\x1a\x56\x62\x2a\x9a\x45\xcc\x8f\x4d\xf3\xd3" "\x7f\xc2\x86\x7c\xe7\x7b\xd4\x5c\x8c\x2a\x28\xfe\x34\xbb\xd1\x50\x56\x85" "\x8f\x30\x7b\xce\x4b\xef\x54\x75\x29\xc0\x68\xfb\xde\x88\xb8\xd1\x00\xc6" "\x93\xe4\x2d\xa5\x57\x4c\x80\xe1\x06\x7d\xd4\xcc\x90\xd2\x77\x1a\x95\x62" "\x78\xdc\x50\x84\x96\x11\xc4\x22\xe6\xc1\x2b\x88\xea\xb4\xc4\xd2\x57\xe9" "\x78\x31\x81\xc9\xcf\xb0\x8a\xdb\xc4\x70\x88\x09\x1f\xd8\x39\x08\x88\x23" "\x05\x47\x59\x90\x22\x76\xad\xd2\x29\xe0\x52\x93\xa1\x0c\xa6\x47\x21\xd9" "\x72\x3d\xdf\x74\x43\x33\x00\x0f\xab\x6b\x16\x1a\xca\xf0\xbb\x11\x2b\x9e" "\x03\x74\xd2\x23\xe5\xbe\x47\xe7\x40\x2f\x58\xe6\x54\xf9\x6e\xc2\x2d\x00" "\x08\x10\x73\x3e\xd4\x97\xae\x46\x68\x47\x84\x55\xe1\x8a\xd3\x13\xfd\x52" "\xc4\x92\xfe\x30\xa4\xa7\x52\xa1\xab\xb9\x84\x5e\x9b\xc9\x85\xbf\x0b\x2e" "\xd7\x7e\xc6\x41\x60\xdd\x2c\xa3\x07\x67\x34\xb8\x19\x0c\x6d\xf4\x84\xf7" "\xc6\xbc\x97\xe0\x36\xeb\x29\xd2\x45\x3c\xbb\xef\xfe\xbb\x5e\x9b\x39\xa0" "\x6e\xa8\x21\x6e\x1f\x9b\x6b\x55\x16\x95\xc6\xc2\x71\xcf\xda\x4c\x5d\xa3" "\x46\xf8\x69\x32\xd5\xfb\xbc\x08\x92\xa4\x29\x88\x57\xe5\xf9\x56\xe3\x02" "\xce\x2d\xb2\x07\xc0\xce\x2c\x0a\xa1\x2f\x3b\x06\xbd\xcb\xe6\x0f\x70\x7d" "\xac\x6a\x64\xcf\x72\x8b\xd7\xab\x6b\x7b\xde\x17\x54\x1e\x44\xf9\xd1\x32" "\x53\xff\xa4\xf5\xab\x22\xdc\x23\xc4\xd1\x5f\x9a\xef\xa3\xb6\xdc\x97\xcb" "\x68\x38\x97\x48\x74\xe7\x25\x85\x27\xc3\x10\xa3\xa4\xfe\x98\xd4\xea\x22" "\x81\x03\xd8\xac\xd7\x57\x8d\x26\x58\x0d\x11\xc3\x51\x04\xdb\xb2\x36\x71" "\x52\x03\xf2\xbd\xcf\x17\x9e\xe3\x20\x85\x35\x21\x49\xe9\x75\xad\x5e\x6f" "\xe0\x49\x7f\x0d\x6a\x67\x68\x39\x77\xc9\x81\x33\x7e\x3f\x73\x0c\xb9\xf0" "\x92\xab\x23\x48\x4c\xb7\x51\xee\x6e\x22\x09\xff\xb9\xbd\xf2\x4d\xec\x0d" "\xd1\x3b\xcf\x1b\x5c\x84\xbf\x88\x2d\x10\x28\xcc\xf7\xf3\x83\x78\x08\x26" "\xe5\x2f\x20\x90\x1d\x59\xef\x25\x26\x6d\xb2\x5c\x10\xc6\xa2\x8c\x3c\x22" "\x82\x9c\x69\xf6\x2e\x94\xca\x79\x84\x59\x49\x10\x0e\x55\x6a\x48\x00\x82" "\xe5\xec\x3b\x9a\x30\x0a\xba\xcd\x8a\x29\x91\x6d\x33\xde\x95\xc9\xb7\xcf" "\xb0\x21\x8a\x5f\x1a\x04\x52\xe1\x51\xc2\x28\x12\x85\xb7\x63\xc2\x7b\xd6" "\x54\xca\xfd\x1c\x4e\xed\x60\xdf\x4d\x38\xde\x4f\x72\xfd\xe0\x2a\x93\x36" "\xa7\x66\x47\x2b\x44\xc4\x3b\x63\x32\x34\xb6\xa3\xf1\x0e\xc8\xa7\x97\xf0" "\x25\xec\x7e\xc9\xd7\xa1\xa7\x3c\x6b\x76\x22\x81\x8c\x28\x24\x03\x2d\x6d" "\x6b\x52\xc1\xaa\x8a\xa0\xc4\x62\x78\x32\x6a\x47\x9e\xbc\x12\x85\x0d\xb6" "\x22\x9d\x79\x6e\x52\x25\xa3\x48\xd5\x8f\xfc\x73\x37\x23\xcb\xdf\xce\xad" "\xb3\x7e\xef\x36\x18\x0b\x5c\xd6", 3824); syscall(__NR_ioctl, -1, 0xd000943e, 0x20000300ul); syscall(__NR_io_uring_enter, r[0], 0x5fe7, 0, 0ul, 0ul, 0ul); } int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); loop(); return 0; }