// https://syzkaller.appspot.com/bug?id=7b7a239a2c5d9a817aa392e15cb4526df0e67437 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_pidfd_open #define __NR_pidfd_open 434 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static long syz_pidfd_open(volatile long pid, volatile long flags) { if (pid == 1) { pid = 0; } return syscall(__NR_pidfd_open, pid, flags); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[6] = {0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } res = syscall(__NR_getpid); if (res != -1) r[0] = res; res = -1; res = syz_pidfd_open(/*pid=*/r[0], /*flags=*/0); if (res != -1) r[1] = res; syscall(__NR_setns, /*fd=*/r[1], /*type=CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS*/ 0x24020000ul); res = syscall(__NR_pipe2, /*pipefd=*/0x400000001900ul, /*flags=*/0ul); if (res != -1) { r[2] = *(uint32_t*)0x400000001900; r[3] = *(uint32_t*)0x400000001904; } memcpy((void*)0x400000000500, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30" "\x30\x30", 19); syscall(__NR_write, /*fd=*/r[3], /*data=*/0x400000000500ul, /*size=*/0x15ul); res = syscall(__NR_dup, /*oldfd=*/r[3]); if (res != -1) r[4] = res; *(uint32_t*)0x400000000100 = 0x18; *(uint32_t*)0x400000000104 = 0; *(uint64_t*)0x400000000108 = 0; *(uint64_t*)0x400000000110 = 0; syscall(__NR_write, /*fd=*/r[4], /*arg=*/0x400000000100ul, /*len=*/0x18ul); *(uint32_t*)0x4000000000c0 = 0x14c; *(uint32_t*)0x4000000000c4 = 5; *(uint64_t*)0x4000000000c8 = 0; *(uint64_t*)0x4000000000d0 = 0; *(uint64_t*)0x4000000000d8 = 0; *(uint64_t*)0x4000000000e0 = 0; *(uint32_t*)0x4000000000e8 = 0; *(uint32_t*)0x4000000000ec = 0; syscall(__NR_write, /*fd=*/r[4], /*arg=*/0x4000000000c0ul, /*len=*/0x137ul); memcpy((void*)0x400000000000, "./file0\000", 8); memcpy((void*)0x400000000040, "9p\000", 3); memcpy((void*)0x400000000280, "trans=fd,", 9); memcpy((void*)0x400000000289, "rfdno", 5); *(uint8_t*)0x40000000028e = 0x3d; sprintf((char*)0x40000000028f, "0x%016llx", (long long)r[2]); *(uint8_t*)0x4000000002a1 = 0x2c; memcpy((void*)0x4000000002a2, "wfdno", 5); *(uint8_t*)0x4000000002a7 = 0x3d; sprintf((char*)0x4000000002a8, "0x%016llx", (long long)r[4]); *(uint8_t*)0x4000000002ba = 0x2c; *(uint8_t*)0x4000000002bb = 0x6b; syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x400000000000ul, /*type=*/0x400000000040ul, /*flags=*/0ul, /*opts=*/0x400000000280ul); memcpy((void*)0x400000000140, "./file0\000", 8); syscall(__NR_chmod, /*file=*/0x400000000140ul, /*mode=*/0ul); memcpy((void*)0x400000000300, "./file0\000", 8); res = syscall(__NR_creat, /*file=*/0x400000000300ul, /*mode=*/0ul); if (res != -1) r[5] = res; *(uint32_t*)0x400000000540 = 8; memcpy( (void*)0x400000000544, "\x1a\x17\x92\x4a\xb2\x18\xea\xcb\x15\xa3\xfc\xcf\x92\x9e\x2d\xd2\x49\x79" "\x03\xc1\xf8\x53\xd9\x5b\x99\x5c\x65\xe9\x94\x49\xff\x95\x3f\xa1\x1c\x77" "\x23\xb2\x14\x9e\xcd\xaa\x7f\x83\x3f\x60\xe1\x3b\x19\xa6\x6e\x96\x3f\x7e" "\x8d\xa4\x29\x7e\xbb\xfd\xda\x5b\x36\xfb\x4d\x01\xbd\x02\xe6\xc6\x52\xdc" "\x4d\x99\xe2\xcb\x82\xc2\xa1\xd4\xa4\x5e\x4c\x89\xba\x99\x94\xe8\x2f\x85" "\x4b\xbc\x34\xa4\x0b\x3a\x58\xaa\x25\x6c\x9b\x45\x12\xfb\xf9\x1b\x98\x46" "\x44\x6c\x49\x09\xe4\xec\x53\x98\x2e\x7d\x7f\xd1\x1e\xe0\xbd\xea\xb0\xbb" "\x4c\x46\x9c\x96\x65\xdd\xe8\xcb\x58\xf0\xca\x14\x82\x23\xb6\xcc\x4e\x2f" "\x30\x6c\xfb\xec\xce\xde\xc8\xdb\x52\x12\xf2\xfc\x4e\x14\xf8\x36\xc6\x8b" "\xda\xce\x4d\xb1\xaf\xbd\xe9\xd4\x63\xe5\xac\x24\x56\x79\x25\xb5\xfd\xf0" "\xe3\xaf\x1a\x52\xdb\xd7\x66\x9f\xe9\x22\x73\x02\xc8\xf6\x35\xbc\x2d\xdb" "\xf5\xbd\x7d\xcc\xd7\xb9\x2a\x9b\xd5\xc7\x36\x33\x75\xa5\x78\x51\xc2\xbc" "\x72\x50\x9f\x20\x05\xf1\x38\xf5\xa5\x9c\xf8\x5e\x9d\xdb\x1c\x97\x2c\x89" "\xd5\x08\x06\xe8\x94\x1b\x70\x59\xcd\x3e\xca\x77\x52\x7a\x7f\x20\xaf\x70" "\x84\x1b\x4d\x6f\x02\x66\x14\xbd\xbb\x27\x6a\x68\x14\xcc\x74\xd9\x18\x56" "\xb9\x68\xc5\xfd\xb5\x26\x74\xd8\x92\xa9\x0d\x01\xab\x91\x84\x1b\x68\x11" "\xde\xf7\x8b\xda\xc9\xbc\x6f\x9d\xf2\x59\x85\x69\xfb\xdf\xef\x75\x07\x98" "\x32\xb2\x75\x08\x01\xdc\x83\xfd\x19\x87\x71\x3c\x61\x13\x6a\xc9\xe5\xf2" "\xf7\xe6\x7f\x30\x21\x09\xbb\x9a\x7f\xea\x75\x29\x0b\x50\x6a\x89\xa1\x9d" "\x7e\x0e\x47\x29\x37\xa8\xc9\xec\xfe\x16\xef\x6e\xb8\x8c\x7a\x88\xa0\x60" "\x75\x61\x96\xd5\x5d\x6a\x3d\x3f\x7c\xdf\x99\x15\xd2\x2b\x6b\x3a\xf6\x9e" "\xc5\x50\x17\xb8\x21\xec\x06\x21\xe8\xa5\x94\x14\xef\xc2\xb4\x69\x77\xa8" "\x58\x46\xb5\x3a\xe7\x5a\x35\x09\x47\xaf\xca\xfb\xde\xf7\x23\x3c\xc3\x71" "\xbc\x2a\x6f\x29\xc0\x31\x5b\x35\x2a\xc2\x74\x1c\x81\xdf\x53\x43\x03\xdd" "\xb3\x0a\x44\x08\xdb\x56\x79\xd0\x5d\x24\x52\x59\xc2\x45\xc9\xd7\xf8\x61" "\x71\x1c\xc2\x87\xcf\xd0\x46\x2b\x94\x85\x12\x62\x3b\x92\x10\x60\x38\x6c" "\x58\x7f\xd1\x66\xdf\x29\xe7\x1e\xcf\xc8\xed\x90\x03\x1e\x95\xb2\xaf\x14" "\x06\xb5\xae\x73\xf6\x08\x4e\x39\xe8\x81\x94\xe3\xd3\x7d\xc8\x01\x98\x26" "\x56\xb5\xb6\x63\x42\xd7\x41\x00\xf9\xf5\xb8\xc9\x4c\x1e\x91\xb6\x26\xbb" "\xf4\x26\xa0\x7b\x4b\xe9\x1d\xbd\xb7\x6a\x6e\x40\xd0\xb7\x88\xf8\x93\x59" "\xe4\x62\xe6\x9b\xc4\x49\x9f\xd4\xf9\xaa\x1e\x7f\x0c\x3f\x73\xa9\x96\xb6" "\xec\xef\x60\x6c\x76\x51\x28\x6e\x1f\x18\xa6\x82\x3e\xed\x71\x91\xcd\x54" "\x20\x57\xea\xaf\x09\xaa\x32\xe8\xce\x37\x0c\x09\x05\x02\x78\xb8\x5f\xd3" "\x59\xb8\xca\x23\xe6\x6e\x9d\x29\x4e\xc5\x7b\x3d\xdd\x90\x40\x9d\x9b\x1c" "\xa2\x8c\x69\x93\xb2\x44\xf8\xca\x46\xf6\xbf\x47\x8f\xf2\x2f\xb1\xdf\x53" "\xe3\x3a\xbd\xda\x4b\x2b\x1e\x5c\xff\x7d\xe1\x99\x57\xbd\xc8\xe7\xca\x39" "\xe4\x76\x22\x04\xb1\xf9\xf3\x3b\x93\x75\xb7\x28\x24\x22\xb9\x18\x41\x70" "\x67\x51\x03\x8e\x42\x02\x3b\xa4\x5c\x1c\xd0\x99\x8c\x17\x94\xc1\xc2\xa5" "\xff\x65\x46\x61\x89\xbb\xb2\x7b\xcb\xf0\x1e\x5a\x48\xbf\xd8\xb6\x84\x5f" "\x7d\x5c\x87\xd9\x77\xdf\x4d\xed\x52\x73\xeb\xf5\x6b\x96\xc5\x0b\x4e\xad" "\xc4\x4b\xfa\xa0\x99\x42\x59\xee\xb1\x03\x16\x44\x41\x5f\xa9\xd7\x29\x75" "\x3d\x21\x38\xb0\x6f\x9b\x7b\x62\x4d\x9e\xeb\x1e\xf7\x1d\xfd\xff\x0b\x63" "\x90\x78\xf0\x58\xc7\xa0\x70\x45\x1c\x46\x70\xaf\x0c\x6e\xb1\x20\x2f\x77" "\xbe\x82\xfa\xba\x9b\x62\x87\x99\x50\x66\xb5\xf7\xe5\x9b\x79\x67\x70\x6d" "\x8d\x8c\x5b\xde\x48\x13\x7e\x13\xdf\x53\x7a\xe5\x46\x64\xfe\x4e\x84\x60" "\xb1\xbd\xf5\xb9\x2a\x1d\xcf\x39\xee\x17\x26\xbc\x66\x90\xd0\xac\x5f\x79" "\x9b\xcf\xab\x91\x8c\x59\xcb\x13\x2c\x45\x05\x4b\xa1\x7b\x8a\x44\xd5\x05" "\xad\x3e\xae\xee\x95\xb4\x27\x5b\x25\xb2\x08\x7d\xa8\x90\x25\x52\x72\x7a" "\x1e\x73\x90\x14\xdf\x34\x8c\xfa\x3a\x11\x02\x66\x1c\x35\xa6\xa3\x8d\xf6" "\xc4\x10\xf5\x34\x35\x77\x95\x5d\xd5\x7d\xe5\xaf\x08\x9e\x3f\x1b\xcd\xf9" "\x6d\x4e\xf1\xd5\x94\x42\x43\x47\x0b\x0e\xd1\x06\x16\x14\x4c\xcc\xc5\xca" "\xc4\x4e\x36\xfe\xfd\x94\x41\x12\x0c\x5d\x04\x78\x67\xaf\x0e\xa3\x53\xda" "\x21\xfc\x0a\xe7\x3b\x78\xb8\x4d\x53\xa6\x2e\xfe\xb9\x4e\xa8\xd4\x41\xcc" "\x69\x8c\x92\xfd\x7b\x36\xcf\x41\x47\x2d\x03\x6c\x50\x93\xbb\xdf\x94\x36" "\x20\xc2\x9f\xfa\x3b\x21\xef\x4a\x0b\xb9\x27\x49\x12\xb0\x46\x83\x4e\xe6" "\xf8\x55\xce\xad\xf1\x8f\xb4\x88\x04\x0d\x58\x29\xab\x6e\x8b\xf6\x9a\x90" "\x31\x5f\x7f\x84\xd0\x02\xac\x4e\x92\x9e\x9f\x10\x10\xa8\x48\x67\x46\xbd" "\x31\x67\x99\xba\x3a\x65\x74\x49\x80\xc3\x88\x20\x23\x24\xba\x50\x76\x8c" "\x77\xa8\x48\x1b\xa7\x4d\x13\x5d\xa7\x50\x70\x48\xc8\x27\x14\xa8\x23\x48" "\x37\xb6\x99\x22\x12\x6e\x40\x84\xa6\x8f\x74\x18\xbf\xd2\x64\x17\xca\xde" "\x78\x6c\x7f\x81\x85\xe2\x49\x2e\x3b\x64\xeb\x9d\x2c\x2c\x72\x15\x04\xc7" "\xb4\xae\xb3\x83\x50\x3f\x74\x5f\xd6\x93\x15\xc5\x6b\x5b\x01\x58\xde\xcd" "\x1b\x16\x06\xa6\x33\x66\xb7\xe2\xd2\xb9\x12\x4b\x6e\xfc\xa4\x48\x0c\x70" "\x3c\x8f\x37\xd6\xdd\xff\x55\xb0\xec\x15\xf2\xce\x6b\xe6\xc9\x02\xd0\x6a" "\xec\x2c\xca\xbe\xba\x13\xb4\x42\xb6\x08\x07\x6c\x33\xd1\x9e\x69\x0a\xb6" "\x6c\xf6\x67\x8d\x67\x97\x58\xd2\x2f\xb5\xd8\xd9\x63\xf2\x5d\x00\xc4\x55" "\x76\xf8\xb2\x93\x85\x43\x08\x02\x97\xb9\xcb\x6c\x30\x5e\x31\x31\xd2\xf4" "\x12\xf0\x03\x70\xc2\x85\x25\x19\x09\xf8\xeb\xef\xc3\xd1\x8a\x23\xe2\x5a" "\x18\x39\x97\xb0\x82\x51\x45\x0b\x29\xff\xf3\x27\x81\xe6\xa7\x0e\x6e\x07" "\x0a\xb3\x92\x1f\x3f\x80\x93\x92\xde\xb7\x32\xd6\xf3\x0c\xc0\x34\xb5\xf7" "\x7d\x41\x21\x8b\xca\x86\xd5\x15\xb1\x6d\xa0\x45\x7d\xbf\x7a\xae\xfd\xce" "\xf9\xd5\x35\x8e\x7b\x4f\x1e\x5d\x1a\x41\x0f\x55\x44\x9e\x76\x56\x09\xd1" "\x22\xf9\x38\xfd\x57\xb7\x14\x82\x24\x4d\xff\x05\x23\x06\x7c\xab\xfd\x32" "\x2f\xc4\x7a\xca\x1c\x33\x11\x12\xe3\xd9\x69\xf5\xfe\x35\x94\xc3\xc7\xad" "\xea\x7c\x36\xe9\xb9\xaf\x67\x54\xcd\xea\x5c\xcf\x05\xb1\x39\xf7\x83\xd4" "\xb2\x45\x40\xc5\x0a\x6a\x9f\x7d\xff\x47\x2d\x47\xc8\x7c\x15\x1d\x84\x39" "\xb5\x74\x0c\xd1\xf4\x23\x33\x5d\xae\x26\x80\x05\x0b\xd4\x47\x66\x15\x9c" "\xba\x66\x66\x6b\x7d\xbc\x9e\x19\x01\x30\x49\x43\x27\xa0\xd8\xc9\xdb\xed" "\x5c\x8b\x83\x1c\xe2\xb2\xbb\x23\x63\x53\xff\x71\x75\xa4\x8b\x61\xa0\xf3" "\x20\x9f\xa3\xdb\x44\xf0\x7a\x21\xa4\x85\xef\x16\x82\xa3\x3c\xdf\x63\x2a" "\xc2\xd6\xca\x99\x3b\x6c\xd9\x09\x13\xe3\x17\x04\xbb\x85\x17\x11\xe1\xf2" "\xb5\xeb\xb1\x9b\xaa\xba\x10\x2d\xd4\x2d\x55\x09\x33\xe9\xdf\xc1\x73\x11" "\x66\x5f\xef\x4d\x02\x06\xd7\xde\xbb\xcb\xbd\x97\xef\xaf\xff\xb9\x05\xbf" "\x9a\x77\xb8\xee\xb6\x7d\x5f\x8b\xef\x85\x26\xf6\xf8\x60\x76\x72\xbb\x3c" "\x50\xb1\x4e\x16\xc2\x64\x26\x55\x94\xe0\x5f\xa4\x81\xf7\x24\x29\x0a\xbd" "\xc9\xf6\x0a\x89\x9f\x26\x03\x32\x36\xe3\xb9\x05\x48\xc2\x42\x88\xa7\xb6" "\x27\xb5\x1c\x4d\x7c\x63\x8c\x35\x9e\xc6\x32\x5b\x0d\x79\xe1\xd6\x9c\xf1" "\x8c\xd9\x13\x6a\x26\x3b\x6a\xa8\x4a\xd0\x62\xb9\x83\x1f\xc7\xc2\x01\xb7" "\xcc\xec\x7d\x3b\x7e\xa2\x13\x2e\xe4\x57\x96\x32\xbf\x61\x4b\xcd\xe2\x85" "\x52\x7c\x36\xef\x8a\x8e\x12\x65\x1e\xf3\x4a\x67\x7a\x8d\x2f\x84\x36\x0a" "\xfa\x2f\x22\x45\xe4\xe0\xd6\x1a\x12\xe8\xe4\x46\x04\x5f\xae\x61\x37\x50" "\x82\xf9\x83\x36\x37\x95\xf1\x18\x48\xed\xad\x24\xb3\xf7\xae\x53\xf0\xee" "\xb3\x29\xfa\x62\xb6\xd7\xb4\x46\xe3\xb2\xc1\x25\x79\x81\xf9\xc0\xc3\xea" "\x37\x1c\x71\x02\x1a\xf8\x34\xa2\x85\x20\x3b\x2e\x31\x77\xdd\xf5\x25\x10" "\x44\xea\x21\x5c\x04\x8f\x78\x70\x1d\xec\x36\xa9\x4c\xa3\xc4\x35\x27\x8d" "\x1f\xd8\x89\x99\x6a\xdf\x5e\xa7\xc8\xdb\x62\xf2\xb1\x33\x1b\xc2\x2c\x4b" "\x77\x98\xd5\x87\xa5\xc4\xe6\x19\xb7\xb5\x76\xe1\x9d\x92\x99\x6b\xc0\xbd" "\xc0\xc8\xc1\x53\x74\xe1\x1b\x6e\xed\xa0\xe1\x8b\x35\xaa\xc4\xb9\x6d\xb9" "\xcd\xba\x02\x50\x80\xbf\x5b\xea\x4f\xfd\xf4\xfa\x3c\x93\xec\x5f\xee\xde" "\x0a\x14\x0f\x7f\x67\x27\xef\x25\x57\x83\x56\x59\x35\xd5\x9d\x34\x8a\xaa" "\x6d\x12\xc0\x60\xaf\xd5\xf6\xd0\x84\x34\x63\x09\xd8\xcb\xf5\x4b\x33\x05" "\x0e\xcc\xcf\x30\xae\x08\x3c\x40\x34\x16\x58\x80\x21\x4a\x94\xa5\x29\x64" "\x27\xe2\xfc\xb6\xd9\x06\x92\xa8\x22\x12\xb6\xb8\xd8\x6c\x6d\x16\x3f\x06" "\x43\x94\x4a\xab\xa4\xaf\x11\x71\xae\xd4\x63\x99\x4f\x13\x74\xe1\xec\x16" "\x54\xb8\x9b\x04\xe9\xd6\x35\x07\x4e\x8d\x13\x1b\xc2\x44\x3d\xaf\x1c\xaa" "\xd4\x55\x67\x14\x70\x32\x9a\x28\x7f\x4c\x71\x1c\xb9\x07\x40\x3d\x5c\x05" "\x18\x4c\xd3\xa6\x47\x82\x3b\x5b\x9c\x6d\xc4\x45\x1f\xdd\xe9\x2d\xc1\xcb" "\x87\x01\x01\x97\x02\x64\x58\xb4\x0d\x48\x09\xab\x60\xac\xa1\xaf\x6b\xb3" "\x70\x2a\x3e\x05\x06\xcd\xd2\x1f\xaa\x6d\x99\x09\xf4\xed\x74\x72\x3d\xe7" "\x5f\xc4\x8d\x44\x31\x4f\xa3\xcc\x0c\x8e\x8e\xa2\x26\xec\x1d\x58\x75\xb9" "\x59\x5a\xea\xcd\xff\x0a\x9f\x75\xb4\xa6\x0d\xde\x78\x1c\x58\x17\x9f\x99" "\x7e\xcb\x64\x79\xc9\x1e\xca\xcc\x65\xbf\xe2\x93\xa2\xd2\x6c\x21\xae\x7c" "\x1d\x7b\xe1\x24\x1c\xc1\xc4\xea\x86\xa6\xcf\x8d\x93\x01\x2b\xd9\x85\x08" "\xaa\xe8\xdb\x72\x3f\xf1\x67\x02\x62\x98\xca\xb2\x27\xb7\xd0\x06\x2c\x27" "\xcc\xc8\xe8\x1d\xf7\x26\x84\x23\xad\x06\x36\x38\x76\x0b\x44\xe7\x71\x47" "\xee\x9b\xd8\x41\x40\x16\x6a\xe2\xbf\xd5\x92\xf8\x45\xca\x68\xc7\x19\xf7" "\x52\x0a\xe3\xc9\x98\x8c\xc8\x9d\xb7\x3b\xf9\x3a\xd6\xf2\xf7\xd9\x39\x4b" "\x22\x88\xf0\x17\x67\x23\xac\xd1\x67\x08\x1a\xde\x4e\x06\x6a\x26\x83\x2f" "\x7b\x65\x5c\xd8\x74\xaa\x50\x26\xa7\x36\x9b\xb9\x91\x2c\x90\x59\x9d\x14" "\x07\xf0\x48\x8a\x9c\x54\x0a\x31\x99\x78\x90\xf5\x43\x3b\xd1\xdf\x91\xba" "\x13\xa9\xe0\x72\x1c\x9a\x70\x7e\xac\x7c\xff\x1c\x3e\xfe\xf6\xcd\x71\x67" "\x79\xc7\xad\x63\x1c\x35\x60\xca\xa2\x03\x1d\x9d\x25\x91\x32\x9c\x18\x67" "\xd0\xd5\xf9\x6b\x58\x97\xca\xc2\xc6\xa3\x81\xf0\xce\x5c\x27\x96\x9c\x2b" "\x3e\x7d\x18\x8e\x1e\x89\x6d\x81\x5b\x01\xa3\xe1\x77\x93\x38\x17\x32\x59" "\x53\x14\x02\x72\xad\x71\x8a\x36\xae\x52\x2d\x43\xde\x10\x9b\xa9\x22\x55" "\xee\x66\xd2\xa1\x48\x97\xf2\xb2\x01\x4d\xc9\xa4\x95\xc1\x08\x72\x7e\x0e" "\xef\x54\xdf\x61\x7e\x26\x9e\x43\xa0\xc4\x8d\x28\xa9\x1a\xaf\x14\xd5\x87" "\x19\xe2\x1e\xa3\x9c\x1c\x53\x4e\x39\xa1\xdf\xab\xb6\x13\x77\xb5\x5d\x2f" "\x69\xfe\x79\xc7\xd5\x11\x1b\x8b\x95\x2c\x38\x89\x25\xea\x8a\xb1\x50\x3a" "\xe6\x8b\xce\x95\xa3\x4a\x10\xa8\x5a\xa0\xe5\xda\x52\xad\xd1\x4b\x93\xea" "\xac\x58\x61\xa6\x50\x4e\x23\xdd\xa8\x03\x4e\x80\x92\x53\xc1\x07\x1d\xdd" "\xa9\x34\x66\x3f\xaa\xc4\x54\xcd\x37\x8c\x57\x25\xf5\xc6\xf4\xd9\x43\x77" "\x99\x94\x35\x71\x85\xe5\x12\xa4\xb6\x99\x31\x56\xe6\x24\xf2\x5d\x86\xd2" "\x4e\x72\x54\xd3\xe9\xb2\x31\xaa\x80\xed\x5a\x32\xe1\x08\xcb\x52\x8d\x40" "\x2f\x93\xe5\x8c\x25\xac\x93\x74\x20\xff\x7d\xcd\x7d\x9e\xc2\x12\x6c\x7f" "\xe7\xce\xfa\x47\xc0\x38\xf2\x3d\xe4\x05\x23\xd5\xe0\x26\xfe\x3b\xb4\xcf" "\xd3\x04\x0f\x9b\xd9\x63\x1c\xf5\xa2\xcd\xe1\xe2\x0a\x60\x32\x70\x3c\xd6" "\x4c\x2a\xd9\x7e\xa9\x5d\x05\xa7\xaa\x3e\xa3\xb3\xb9\xd5\xa8\x69\x61\x11" "\x6d\xd1\x33\x8c\x0a\x2c\xaa\xe0\xce\xab\x31\x78\xac\x77\x36\xdf\xa8\xa9" "\x49\xcd\x81\xd2\x61\x74\x8e\x66\x78\xcb\x73\x0b\x57\x46\x8f\xb2\xb7\xe2" "\x2c\x5e\xb0\x8a\xd4\x96\xe7\x67\x75\xdc\xe0\xc3\x19\x50\xa5\x96\x58\x0a" "\xd7\xd6\xc3\xfd\x9c\xe9\x0d\xde\xd3\x40\xf2\x0b\x77\xfe\x53\xe8\x1f\xb6" "\xe2\xa7\xa6\xc4\x50\xb8\xac\x90\x09\xc7\xc0\x77\x89\x3f\x70\x44\x57\xa9" "\x04\x01\xfb\x75\x8c\x07\x69\xfb\xfd\x38\xe4\x0a\xe6\x92\xe4\x10\xb8\x89" "\xbb\xf0\xb0\x9a\x32\xdc\x73\x1b\x67\x68\xc0\xfa\x39\x63\xa5\xb6\x27\x9b" "\x6a\x5d\xb6\x11\x17\x43\x39\xf3\x21\x8f\xff\x56\x7f\x6c\xfb\x73\x77\xdd" "\xc8\xe2\xc7\x30\xda\x35\xcc\x3e\xc6\x80\xa6\xbc\x95\x01\x0d\xd0\x38\x34" "\xca\xab\x7a\xfb\x2c\x00\x23\xad\x9c\xe3\xaa\xe3\xc0\xfd\x1e\xce\x42\xea" "\x84\x0b\xf5\xfc\x79\x8a\x0b\x5f\xbe\x76\x92\xf1\x35\x49\xcd\xba\x4a\x0b" "\x68\xf7\x22\xef\x68\x77\x85\x6a\x76\xfc\x3c\x39\xf7\xcf\xd7\x60\x67\x5a" "\x9f\x34\x1d\x9f\x09\xf3\x81\x97\x2b\xe9\x17\x1e\x50\x45\x5e\xd1\x3e\x66" "\x5e\x61\xa0\x3b\x0c\x2a\x79\x27\x6a\x87\x1c\x25\xfc\x5c\x48\x66\x39\xa7" "\x1a\x8d\xfd\xf3\x61\x74\x37\x3b\x89\x95\x01\x47\x52\xab\xa3\x02\x60\x45" "\xbe\x6b\x43\x07\x4a\xc3\x82\x4d\x68\x7b\xbf\x5f\x65\x44\x22\x8c\xea\x52" "\x79\x18\x28\xf5\x49\x80\xee\x9f\x72\x85\x34\xea\x32\xed\xd2\x05\xaa\xac" "\xe7\x17\xad\xcf\x61\xce\x28\xf9\x27\x19\x04\x8d\x44\xb0\x98\x12\xbc\xfd" "\x2d\x22\xcc\x9d\x7a\x45\xed\x6b\x46\x34\x75\x6f\x6b\x31\x89\x90\x8c\x71" "\x72\x8c\x37\x3e\xa9\x4a\xa5\xc7\x4c\xe4\xa7\x3c\x20\x13\x8b\x8c\xb2\x1d" "\xb6\xe2\xdf\xb3\x53\x29\xb8\x6b\x18\x05\xa5\x20\x8d\xd3\x70\xb8\x34\x2c" "\xa8\xaa\x3c\xbd\x3e\x7a\x3e\xc7\x9d\x7b\x8e\xe6\x77\xb0\x4e\x19\xc5\x24" "\xdd\xc6\xde\x0b\x22\x44\x3a\xc1\x5d\xe9\x08\xf6\x17\x19\x39\x9d\x0f\x98" "\x90\xca\x2b\x02\x83\xa7\xdb\x91\x49\x44\xf4\x24\xaf\x10\xba\x0e\xc9\xe3" "\xe2\x53\xc0\x60\xd7\xb2\x85\x52\xea\xae\x5e\xed\x1e\x90\x6f\x8f\x93\xc2" "\x19\x52\x93\xde\xab\xda\xd6\xcb\x38\xdd\xab\x51\x60\x3e\x4a\x96\xef\x1e" "\x08\x6d\xe9\x11\xfb\x71\x6f\xfb\xca\x46\x72\x94\xd9\xe6\x6e\x5d\x0f\x82" "\x25\xbc\x28\xd6\xc0\x74\xc4\xff\xba\x76\x70\x6f\x61\xb0\xb3\x86\xb7\xe4" "\xb6\x50\x0a\x15\xfa\xd2\x91\xf3\x4f\x6c\x84\xf1\x59\x6a\x97\x51\x2f\x31" "\x19\x6a\x52\x9a\x7a\x57\x25\x43\x7c\x03\x8e\x17\xd5\x31\xda\x38\x38\xc8" "\xae\xf3\xba\xde\x6b\xc1\xd4\xc7\x62\x45\x60\xd4\xfb\xa7\x2e\x5f\x8b\xe2" "\xc5\xdc\x90\x5e\x1e\x4b\xcb\x2a\xa7\xed\xdb\x27\x54\x08\xef\x42\x88\xac" "\x69\xc7\xa1\x8a\xe5\x8f\xb2\x6c\x2f\x5a\x69\x64\xf0\x51\xb8\x1d\x2e\x42" "\x6f\xc2\xa5\xd8\x61\x70\x50\x34\x1b\x96\xd5\xa7\x46\xe3\x41\x9f\xbe\x94" "\xbd\x37\x52\x40\x38\x68\xb6\x55\xc2\xdb\xa6\xf4\x8e\xf1\x09\xa2\xe6\xec" "\x00\x41\x84\x2f\xae\x52\xbf\xab\x70\x48\x1e\xcf\xe8\xd2\x7f\x3d\x5e\x44" "\x4f\x1b\x94\x1d\x87\x1c\x80\x57\xcb\xe3\x5d\xf6\x86\x65\xbc\x3a\xad\xea" "\x02\xd2\x03\xb1\x06\xd1\x17\x9a\x42\x8d\xaa\x7d\x9f\xea\x9d\xbd\xdd\x89" "\x55\xbb\x28\x9a\x92\xec\x79\x0d\xe7\x4c\xd6\xa1\xed\xf9\x25\xab\x85\x47" "\x16\x33\xde\xdf\x8b\xa4\x6a\xbe\x45\x69\x63\xa2\x38\x1a\xdd\xce\x2a\xa1" "\x6c\x06\xdd\x80\xbb\x54\xd8\xe5\x3d\x7c\x82\x60\x79\x16\xaf\x17\x50\x61" "\xda\x29\x12\x2a\xfd\xe8\x68\x7a\xdd\x6b\x6f\x42\x23\x3b\x76\xa1\x16\x48" "\x93\xdc\xc1\xec\x3d\xcf\x93\x55\x76\xd2\xd0\xf3\xab\x3b\x1a\xdb\xac\xe0" "\x86\xda\x91\x52\x34\xb4\xf9\xba\xd0\xaf\xc2\x91\x56\x08\xfc\x4f\x66\x11" "\xdc\x3b\x91\xd7\xe0\xe4\x8c\xb0\xa0\xf3\xfd\xc7\x0e\xf7\x0e\xf8\x20\x43" "\xaf\xbd\x33\x25\xf0\xf6\x18\x63\x90\xab\x28\xca\x9f\x00\x09\x18\x46\x37" "\x53\x0d\x79\xf0\xc5\xa7\x7c\x6e\x91\x2a\xfb\xe6\x53\x39\x88\xf5\x43\xfc" "\x6c\x02\xd3\xd4\x4f\xbd\xb0\xe2\xeb\xfa\xd2\x68\x01\x84\xf1\xed\x45\x19" "\x91\x66\x7d\xf9\x58\xa7\x1f\xb4\x1c\xf4\x36\x7b\xdb\x93\x13\x89\xea\x8b" "\x63\x40\xe2\x25\xb3\x12\xa0\x9d\xad\xd8\xe2\xac\x2d\x20\x0d\xb6\xe7\x53" "\x23\xd4\x8c\x73\xc6\xb8\x19\xe1\x3f\x92\xb0\x1b\xf4\x05\xe7\x96\xa2\xe1" "\x0b\x86\x3e\x77\x35\x98\xab\xcb\xcc\x19\x69\x87\xe1\x8b\x19\x53\x03\x37" "\x80\x9b\x56\x48\x07\x78\x20\x71\x03\xa1\x2a\xcf\xff\x1c\x0a\xd6\x28\x46" "\x08\x82\x51\xa1\xa0\xd0\xd6\xb3\x00\x05\x9a\x99\x69\x8c\x84\xcc\xac\x78" "\xd5\x3e\xb3\x2e\x39\x84\x00\x19\x78\xdb\x76\x79\x96\x0b\x4d\x75\xd7\x1b" "\x49\x69\x69\x09\x82\x6c\x66\x32\x05\x26\xfe\x02\xa0\x60\x26\x58\x21\xd1" "\x5b\x8b\x23\x37\x12\x1a\x20\x14\x02\xa1\x18\xec\x03\xff\x0d\x4f\x3d\xfa" "\x48\xf2\xda\xdd\x20\xb5\x10\xec\xdf\x4e\x64\x40\xb5\xb2\x46\x6b\x9b\xf2" "\x8e\x32\x32\x71\x89\xf0\x40\x52\x45\x69\x4a\x63\x71\xdb\xe4\xea\xe7\xa8" "\x29\x3c\xdc\x15\x19\x3c\x28\x41\x23\xd6\x46\x90\x12\x06\x34\xf8\x08\x09" "\x6a\x8f\x3f\x7a\x04\xa5\xba\xc9\xdd\x86\xc0\x9f\x2e\x4e\x87\xc7\xd7\xc9" "\x8d\x0b\x37\x0e\x84\xea\x5f\x26\x57\x30\xf5\x48\x0e\xb1\x37\x5d\x4f\x82" "\xc7\xd4\xef\xbb\x6e\x58\xc5\xa9\x28\x48\x33\x1b\x2b\xec\xd2\x53\x1f\x6c" "\x45\x6b\x5d\x0e\x69\x0b\x10\x2d\xd8\xfa\xec\x55\xbd\xe5\x6f\x95\x72\x7f" "\x4a\xbf\x52\xc5\x85\x43\xfa\xae\xb9\xce\xfd\x39\xbb\xa7\x88\xbd\x7e\x2b" "\x02\xb2\x7e\xcb\xc1\x67\x9a\x1a\xc0\x08\x23\xc8\x3e\x1a\xe2\x96\x90\xcd" "\x25\x54\x4d\x3a\xe0\xa8\xdb\x25\xe9\x63\xe9\xfb\x5b\xd9\x49\x87\x63\x7a" "\xc3\x54\x6b\x9b\x31\x2b\xf0\x4d\x5c\x62\x11\xc1\x35\xe8\x06\x52\x5d\x42" "\x3f\xde\x9c\xcb\x5e\xf7\x96\x2e\xc1\xe0\x56\xe6\xf2\x9a\xda\xee\xbb\x33" "\x1f\x6c\x23\x45\x86\xd1\xfe\x21\x57\x7f\x56\xd6\x20\xc6\x94\x2a\x29\xd4" "\x91\x57\x72\x14\x4c\xc6\x00\x08\xd1\x23\x6d\xb2\x11\x00\xd5\xa3\x11\x2c" "\x29\x39\x6b\x9e\x18\xcd\xb5\xb1\x04\xbe\xd2\xdf\x2b\x6e\xa7\x2c\x9a\xa0" "\x3b\xb6\x08\x2f\x3e\xb0\x7f\x0e\xae\x35\x98\x64\x96\x7a\x74\x94\x92\xd2" "\x10\x05\xb0\xd3\x9c\x96\x13\xc2\x0b\x1e\x21\x70\x0a\xb6\x6a\x4f\x5c\xa0" "\x3e\xc0\x8d\x67\xb9\x5f\x75\x92\x52\xd7\x58\x74\x38\x20\xba\x24\x30\x32" "\xe1\x70\x84\x47\xfb\xae\xbc\x27\xe1\x31\x6a\xf4\xcf\x54\x7c\xef\x3a\xc4" "\x96\x6a\x1f\x04\xdd\x07\x01\x2f\x25\x7a\x02\x04\x10\x7c\x23\xa0\x04\x6b" "\x12\x49\x3d\x97\x84\xb2\x4d\xc5\x61\xc1\xf8\x8e\x59\x10\x56\xbc\xc3\xb3" "\x38\xab\x1d\xe6\x5e\x5a\xd5\x78\x02\x1f\x26\xf9\x3e\x9b\x12\xf0\x0b\x5f" "\x8c\x8a\xe2\xdb\x6b\x7b\x8f\x25\x43\x03\xc7\xff\x06\x51\x47\x35\x97\x4e" "\x65\xfb\x9a\x93\xdc\x79\xb1\x15\xa1\x23\x10\x04\x04\x90\xca\x11\xef\x31" "\x53\x40\xaf\x10\x4e\x20\xa2\xe2\x2d\xcd\x13\x2f\x7d\x7a\x61\xd9\xd3\xa1" "\x2e\x83\x2e\xe0\x48\xa2\x17\x0d\xbe\x03\xd7\x47\xed\x74\x02\x18\x0e\xb9" "\x64\xfd\xe0\xec\xb7\x7e\x77\x8b\x18\xa4\xe5\xa8\x34\x79\xbb\x7e\x0e\xa0" "\xa7\xd5\x14\x5f\xfe\xd4\x60\x7b\xd7\xe6\xb8\xf9\x61\x62\x5d\x5e\x3d\xca" "\xc2\xd4\xa0\x5e\x71\xdc\x9c\x2e\x52\x19\x5b\xd5\x5a\xed\x4e\x67\x49\xdc" "\x1c\x32\x9e\x2c\xda\x96\x6d\x18\xe9\xbf\x88\x2c\x05\xdb\x62\x7c\x10\x47" "\xfc\x71\x53\x3b\xbb\xa2\xc8\xa8\x3d\x04\xdb\x5b\xad\x6d\xa3\x49\xa9\xad" "\x19\x92\xeb\x88\xe0\x27\x4d\x32\xa1\x61\x37\xe2\x39\x6a\xd9\x73\xc0\xec" "\xbb\xc2\xd2\x43\xe6\x8b\x69\x59\xbf\x9b", 4096); *(uint16_t*)0x400000001544 = 0x1000; syscall(__NR_write, /*fd=*/r[5], /*data=*/0x400000000540ul, /*len=*/0x7fecul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x3ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x400000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x400001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; }